The Java® Virtual Machine Specification Java SE 11 Edition

Total Page:16

File Type:pdf, Size:1020Kb

The Java® Virtual Machine Specification Java SE 11 Edition The Java® Virtual Machine Specification Java SE 11 Edition Tim Lindholm Frank Yellin Gilad Bracha Alex Buckley Daniel Smith 2018-08-21 Specification: JSR-384 Java SE 11 (18.9) ("Specification") Version: 11 Status: Final Release Specification Lead: Oracle America, Inc. ("Specification Lead") Release: September 2018 Copyright © 1997, 2018, Oracle America, Inc. All rights reserved. The Specification provided herein is provided to you only under the Limited License Grant included herein as Appendix A. Please see Appendix A, Limited License Grant. Table of Contents 1 Introduction 1 1.1 A Bit of History 1 1.2 The Java Virtual Machine 2 1.3 Organization of the Specification 3 1.4 Notation 4 1.5 Feedback 4 2 The Structure of the Java Virtual Machine 5 2.1 The class File Format 5 2.2 Data Types 6 2.3 Primitive Types and Values 6 2.3.1 Integral Types and Values 7 2.3.2 Floating-Point Types, Value Sets, and Values 8 2.3.3 The returnAddress Type and Values 10 2.3.4 The boolean Type 10 2.4 Reference Types and Values 11 2.5 Run-Time Data Areas 11 2.5.1 The pc Register 12 2.5.2 Java Virtual Machine Stacks 12 2.5.3 Heap 13 2.5.4 Method Area 13 2.5.5 Run-Time Constant Pool 14 2.5.6 Native Method Stacks 14 2.6 Frames 15 2.6.1 Local Variables 16 2.6.2 Operand Stacks 17 2.6.3 Dynamic Linking 18 2.6.4 Normal Method Invocation Completion 18 2.6.5 Abrupt Method Invocation Completion 18 2.7 Representation of Objects 19 2.8 Floating-Point Arithmetic 19 2.8.1 Java Virtual Machine Floating-Point Arithmetic and IEEE 754 19 2.8.2 Floating-Point Modes 20 2.8.3 Value Set Conversion 20 2.9 Special Methods 22 2.9.1 Instance Initialization Methods 22 2.9.2 Class Initialization Methods 22 2.9.3 Signature Polymorphic Methods 23 2.10 Exceptions 23 iii The Java® Virtual Machine Specification 2.11 Instruction Set Summary 26 2.11.1 Types and the Java Virtual Machine 26 2.11.2 Load and Store Instructions 29 2.11.3 Arithmetic Instructions 30 2.11.4 Type Conversion Instructions 32 2.11.5 Object Creation and Manipulation 34 2.11.6 Operand Stack Management Instructions 34 2.11.7 Control Transfer Instructions 34 2.11.8 Method Invocation and Return Instructions 35 2.11.9 Throwing Exceptions 36 2.11.10 Synchronization 36 2.12 Class Libraries 37 2.13 Public Design, Private Implementation 37 3 Compiling for the Java Virtual Machine 39 3.1 Format of Examples 39 3.2 Use of Constants, Local Variables, and Control Constructs 40 3.3 Arithmetic 45 3.4 Accessing the Run-Time Constant Pool 46 3.5 More Control Examples 47 3.6 Receiving Arguments 50 3.7 Invoking Methods 51 3.8 Working with Class Instances 53 3.9 Arrays 55 3.10 Compiling Switches 57 3.11 Operations on the Operand Stack 59 3.12 Throwing and Handling Exceptions 59 3.13 Compiling finally 63 3.14 Synchronization 66 3.15 Annotations 67 3.16 Modules 68 4 The class File Format 71 4.1 The ClassFile Structure 72 4.2 Names 77 4.2.1 Binary Class and Interface Names 77 4.2.2 Unqualified Names 78 4.2.3 Module and Package Names 78 4.3 Descriptors 79 4.3.1 Grammar Notation 79 4.3.2 Field Descriptors 79 4.3.3 Method Descriptors 81 4.4 The Constant Pool 82 4.4.1 The CONSTANT_Class_info Structure 85 4.4.2 The CONSTANT_Fieldref_info, CONSTANT_Methodref_info, and CONSTANT_InterfaceMethodref_info Structures 86 4.4.3 The CONSTANT_String_info Structure 87 iv The Java® Virtual Machine Specification 4.4.4 The CONSTANT_Integer_info and CONSTANT_Float_info Structures 87 4.4.5 The CONSTANT_Long_info and CONSTANT_Double_info Structures 89 4.4.6 The CONSTANT_NameAndType_info Structure 90 4.4.7 The CONSTANT_Utf8_info Structure 91 4.4.8 The CONSTANT_MethodHandle_info Structure 93 4.4.9 The CONSTANT_MethodType_info Structure 95 4.4.10 The CONSTANT_Dynamic_info and CONSTANT_InvokeDynamic_info Structures 95 4.4.11 The CONSTANT_Module_info Structure 96 4.4.12 The CONSTANT_Package_info Structure 97 4.5 Fields 98 4.6 Methods 100 4.7 Attributes 103 4.7.1 Defining and Naming New Attributes 110 4.7.2 The ConstantValue Attribute 110 4.7.3 The Code Attribute 111 4.7.4 The StackMapTable Attribute 115 4.7.5 The Exceptions Attribute 122 4.7.6 The InnerClasses Attribute 123 4.7.7 The EnclosingMethod Attribute 126 4.7.8 The Synthetic Attribute 127 4.7.9 The Signature Attribute 128 4.7.9.1 Signatures 129 4.7.10 The SourceFile Attribute 133 4.7.11 The SourceDebugExtension Attribute 133 4.7.12 The LineNumberTable Attribute 134 4.7.13 The LocalVariableTable Attribute 135 4.7.14 The LocalVariableTypeTable Attribute 137 4.7.15 The Deprecated Attribute 139 4.7.16 The RuntimeVisibleAnnotations Attribute 140 4.7.16.1 The element_value structure 142 4.7.17 The RuntimeInvisibleAnnotations Attribute 145 4.7.18 The RuntimeVisibleParameterAnnotations Attribute 146 4.7.19 The RuntimeInvisibleParameterAnnotations Attribute 147 4.7.20 The RuntimeVisibleTypeAnnotations Attribute 149 4.7.20.1 The target_info union 155 4.7.20.2 The type_path structure 159 4.7.21 The RuntimeInvisibleTypeAnnotations Attribute 163 4.7.22 The AnnotationDefault Attribute 164 4.7.23 The BootstrapMethods Attribute 165 4.7.24 The MethodParameters Attribute 167 4.7.25 The Module Attribute 169 4.7.26 The ModulePackages Attribute 176 4.7.27 The ModuleMainClass Attribute 177 4.7.28 The NestHost Attribute 178 4.7.29 The NestMembers Attribute 178 v The Java® Virtual Machine Specification 4.8 Format Checking 180 4.9 Constraints on Java Virtual Machine Code 180 4.9.1 Static Constraints 181 4.9.2 Structural Constraints 184 4.10 Verification of class Files 188 4.10.1 Verification by Type Checking 189 4.10.1.1 Accessors for Java Virtual Machine Artifacts 192 4.10.1.2 Verification Type System 196 4.10.1.3 Instruction Representation 200 4.10.1.4 Stack Map Frames and Type Transitions 202 4.10.1.5 Type Checking Abstract and Native Methods 207 4.10.1.6 Type Checking Methods with Code 210 4.10.1.7 Type Checking Load and Store Instructions 219 4.10.1.8 Type Checking for protected Members 221 4.10.1.9 Type Checking Instructions 224 4.10.2 Verification by Type Inference 343 4.10.2.1 The Process of Verification by Type Inference 343 4.10.2.2 The Bytecode Verifier 343 4.10.2.3 Values of Types long and double 347 4.10.2.4 Instance Initialization Methods and Newly Created Objects 347 4.10.2.5 Exceptions and finally 349 4.11 Limitations of the Java Virtual Machine 351 5 Loading, Linking, and Initializing 353 5.1 The Run-Time Constant Pool 353 5.2 Java Virtual Machine Startup 356 5.3 Creation and Loading 357 5.3.1 Loading Using the Bootstrap Class Loader 359 5.3.2 Loading Using a User-defined Class Loader 359 5.3.3 Creating Array Classes 360 5.3.4 Loading Constraints 361 5.3.5 Deriving a Class from a class File Representation 362 5.3.6 Modules and Layers 364 5.4 Linking 366 5.4.1 Verification 367 5.4.2 Preparation 367 5.4.3 Resolution 368 5.4.3.1 Class and Interface Resolution 370 5.4.3.2 Field Resolution 371 5.4.3.3 Method Resolution 372 5.4.3.4 Interface Method Resolution 374 5.4.3.5 Method Type and Method Handle Resolution 375 5.4.3.6 Dynamically-Computed Constant and Call Site Resolution 379 5.4.4 Access Control 384 5.4.5 Method Overriding 386 vi The Java® Virtual Machine Specification 5.4.6 Method Selection 387 5.5 Initialization 387 5.6 Binding Native Method Implementations 390 5.7 Java Virtual Machine Exit 391 6 The Java Virtual Machine Instruction Set 393 6.1 Assumptions: The Meaning of "Must" 393 6.2 Reserved Opcodes 394 6.3 Virtual Machine Errors 394 6.4 Format of Instruction Descriptions 395 mnemonic 396 6.5 Instructions 398 aaload 399 aastore 400 aconst_null 402 aload 403 aload_<n> 404 anewarray 405 areturn 406 arraylength 407 astore 408 astore_<n> 409 athrow 410 baload 412 bastore 413 bipush 414 caload 415 castore 416 checkcast 417 d2f 419 d2i 420 d2l 421 dadd 422 daload 424 dastore 425 dcmp<op> 426 dconst_<d> 428 ddiv 429 dload 431 dload_<n> 432 dmul 433 dneg 435 drem 436 dreturn 438 dstore 439 dstore_<n> 440 dsub 441 vii The Java® Virtual Machine Specification dup 442 dup_x1 443 dup_x2 444 dup2 445 dup2_x1 446 dup2_x2 447 f2d 449 f2i 450 f2l 451 fadd 452 faload 454 fastore 455 fcmp<op> 456 fconst_<f> 458 fdiv 459 fload 461 fload_<n> 462 fmul 463 fneg 465 frem 466 freturn 468 fstore 469 fstore_<n> 470 fsub 471 getfield 472 getstatic 473 goto 475 goto_w 476 i2b 477 i2c 478 i2d 479 i2f 480 i2l 481 i2s 482 iadd 483 iaload 484 iand 485 iastore 486 iconst_<i> 487 idiv 488 if_acmp<cond> 489 if_icmp<cond> 490 if<cond> 492 ifnonnull 494 ifnull 495 iinc 496 iload 497 iload_<n> 498 viii The Java® Virtual Machine Specification imul 499 ineg 500 instanceof 501 invokedynamic 503 invokeinterface 505 invokespecial 509 invokestatic 513 invokevirtual 516 ior 523 irem 524 ireturn 525 ishl 527 ishr 528 istore 529 istore_<n> 530 isub 531 iushr 532 ixor 533 jsr 534 jsr_w 535 l2d 536 l2f 537 l2i 538 ladd 539 laload 540 land 541 lastore 542 lcmp 543 lconst_<l> 544 ldc 545 ldc_w 547 ldc2_w 549 ldiv 551 lload 552 lload_<n> 553 lmul 554 lneg 555 lookupswitch 556 lor 558 lrem 559 lreturn 560 lshl 561 lshr 562 lstore 563 lstore_<n> 564 lsub 565 lushr 566 lxor 567 ix The Java® Virtual Machine Specification monitorenter 568 monitorexit 570 multianewarray 572 new 574 newarray 576 nop 578 pop 579 pop2 580 putfield 581 putstatic 583 ret 585 return 586 saload 587 sastore 588 sipush 589 swap 590 tableswitch 591 wide 593 7 Opcode Mnemonics by Opcode 595 A Limited License Grant 599 x CHAPTER 1 Introduction 1.1 A Bit of History The Java® programming language is a general-purpose, concurrent, object-oriented language.
Recommended publications
  • A Java Security Scanner for Eclipse
    Colby College Digital Commons @ Colby Honors Theses Student Research 2005 JeSS – a Java Security Scanner for Eclipse Russell Spitler Colby College Follow this and additional works at: https://digitalcommons.colby.edu/honorstheses Part of the Databases and Information Systems Commons, Other Computer Engineering Commons, Programming Languages and Compilers Commons, and the Systems Architecture Commons Colby College theses are protected by copyright. They may be viewed or downloaded from this site for the purposes of research and scholarship. Reproduction or distribution for commercial purposes is prohibited without written permission of the author. Recommended Citation Spitler, Russell, "JeSS – a Java Security Scanner for Eclipse" (2005). Honors Theses. Paper 567. https://digitalcommons.colby.edu/honorstheses/567 This Honors Thesis (Open Access) is brought to you for free and open access by the Student Research at Digital Commons @ Colby. It has been accepted for inclusion in Honors Theses by an authorized administrator of Digital Commons @ Colby. JeSS – a Java Security Scanner for Eclipse Russell Spitler Senior Honors Thesis Spring 2005 Colby College Department of Computer Science Advisor: Dale Skrien Contents Chapter 1 Introduction 1 Chapter 2 Secure Coding and Java Security 2.1 – Secure Coding 3 2.2 – Java Security 7 Chapter 3 Java Security Holes 3.1 – Don’t depend on initialization 13 3.2 – Make everything final 14 3.3 – Make your code unserializable and undeserializable 16 3.4 – Make your class non-Cloneable 19 3.5 – Don’t rely on
    [Show full text]
  • Eu-19-Zhang-New-Exploit-Technique
    New Exploit Technique In Java Deserialization Attack • Yang Zhang • Yongtao Wang Keyi Li “在此键⼊引⽂。• ” • Kunzhe Chai –Johnny Appleseed New Exploit Technique In Java Deserialization Attack Back2Zero Team BCM Social Corp. BCM Social Group Who are we? Yang Zhang(Lucas) • Founder of Back2Zero Team & Leader of Security Research Department in BCM Social Corp. • Focus on Application Security, Cloud Security, Penetration Testing. • Spoke at various security conferences such as CanSecWest, POC, ZeroNights. Keyi Li(Kevin) • Master degree majoring in Cyber Security at Syracuse University. • Co-founder of Back2Zero team and core member of n0tr00t security team. • Internationally renowned security conference speaker. –Johnny Appleseed Who are we? Yongtao Wang • Co-founder of PegasusTeam and Leader of Red Team in BCM Social Corp. • Specializes in penetration testing and wireless security. • Blackhat, Codeblue, POC, Kcon, etc. Conference speaker. Kunzhe Chai(Anthony) • Founder of PegasusTeam and Chief Information Security Officer in BCM Social Corp. • Author of the well-known security tool MDK4. • Maker of China's first Wireless Security Defense Product Standard and he also is the world's first inventor of Fake Base Stations defense technology–Johnny Appleseed Agenda • Introduction to Java Deserialization • Well-Known Defense Solutions • Critical vulnerabilities in Java • URLConnection • JDBC • New exploit for Java Deserialization • Takeaways 2015: Chris Frohoff and Gabriel Lawrence presented their research into Java object deserialization vulnerabilities ultimately resulting in what can be readily described as the biggest wave of RCE bugs in Java history. Introduction to Java Deserialization Java Deserialization Serialization • The process of converting a Java object into stream of bytes. Databases Deserialization Serialization • A reverse process of creating a Java object from stream of bytes.
    [Show full text]
  • Apache Harmony Project Tim Ellison Geir Magnusson Jr
    The Apache Harmony Project Tim Ellison Geir Magnusson Jr. Apache Harmony Project http://harmony.apache.org TS-7820 2007 JavaOneSM Conference | Session TS-7820 | Goal of This Talk In the next 45 minutes you will... Learn about the motivations, current status, and future plans of the Apache Harmony project 2007 JavaOneSM Conference | Session TS-7820 | 2 Agenda Project History Development Model Modularity VM Interface How Are We Doing? Relevance in the Age of OpenJDK Summary 2007 JavaOneSM Conference | Session TS-7820 | 3 Agenda Project History Development Model Modularity VM Interface How Are We Doing? Relevance in the Age of OpenJDK Summary 2007 JavaOneSM Conference | Session TS-7820 | 4 Apache Harmony In the Beginning May 2005—founded in the Apache Incubator Primary Goals 1. Compatible, independent implementation of Java™ Platform, Standard Edition (Java SE platform) under the Apache License 2. Community-developed, modular architecture allowing sharing and independent innovation 3. Protect IP rights of ecosystem 2007 JavaOneSM Conference | Session TS-7820 | 5 Apache Harmony Early history: 2005 Broad community discussion • Technical issues • Legal and IP issues • Project governance issues Goal: Consolidation and Consensus 2007 JavaOneSM Conference | Session TS-7820 | 6 Early History Early history: 2005/2006 Initial Code Contributions • Three Virtual machines ● JCHEVM, BootVM, DRLVM • Class Libraries ● Core classes, VM interface, test cases ● Security, beans, regex, Swing, AWT ● RMI and math 2007 JavaOneSM Conference | Session TS-7820 |
    [Show full text]
  • Java Security, 2Nd Edition
    Table of Contents Preface..................................................................................................................................................................1 Who Should Read This Book?.................................................................................................................1 Versions Used in This Book....................................................................................................................2 Conventions Used in This Book..............................................................................................................2 Organization of This Book.......................................................................................................................3 What's New in This Edition.....................................................................................................................5 How to Contact Us...................................................................................................................................5 Acknowledgments....................................................................................................................................6 Feedback for the Author..........................................................................................................................6 Chapter 1. Java Application Security...............................................................................................................7 1.1 What Is Security?...............................................................................................................................7
    [Show full text]
  • Java(8$ Andrew$Binstock,$Editor$In$Chief,$Dr.Dobbs$
    Java$Update$and$Roadmap$ November(2014( Tomas$Nilsson$ Senior$Principal$Product$Manager$ Java$SE$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ Safe$Harbor$Statement$ The$following$is$intended$to$outline$our$general$product$direcNon.$It$is$intended$for$ informaNon$purposes$only,$and$may$not$be$incorporated$into$any$contract.$It$is$not$a$ commitment$to$deliver$any$material,$code,$or$funcNonality,$and$should$not$be$relied$upon$ in$making$purchasing$decisions.$The$development,$release,$and$Nming$of$any$features$or$ funcNonality$described$for$Oracle’s$products$remains$at$the$sole$discreNon$of$Oracle.$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ Agenda$ 1( Oracle$and$Java$ 2( Java$SE$8$Overview$ 3( Java$SE$9$and$Beyond$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ 1( Oracle$and$Java$ 2( Java$SE$8$Overview$ 3( Roadmap$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ Oracle$and$Java$ • Oracle$has$used$Java$since$the$beginning$of$Nme$(eg$1990s)$ • Acquired$JAVA$(Sun$Microsystems)$in$2010,$including$Java$IP,$trademarks$ • Embraced$OpenJDK,$open$community,$open$JCP$ – Welcomed$IBM,$Apple,$SAP,$ARM,$AMD,$Intel,$Twi\er,$Goldman$Sachs,$Microso^$and$many$others$ – Made$OpenJDK$official$Java$SE$reference$implementaNon$ – Ongoing$move$towards$open$development,$governance,$transparency$ • JDK$development:$Oracle$and$community$ – Oracle$focus$on$modernizaNon,$security,$big$Ncket$R&D$and$commercial$value$to$Oracle$ – Community$contributes$based$on$interest$and$ability,$examples:$
    [Show full text]
  • Evaluating the Flexibility of the Java Sandbox
    Evaluating the Flexibility of the Java Sandbox Zack Coker, Michael Maass, Tianyuan Ding, Claire Le Goues, and Joshua Sunshine Carnegie Mellon University {zfc,mmaass}@cs.cmu.edu, [email protected], {clegoues,sunshine}@cs.cmu.edu ABSTRACT should protect both the host application and machine from The ubiquitously-installed Java Runtime Environment (JRE) malicious behavior. In practice, these security mechanisms provides a complex, flexible set of mechanisms that support are problematically buggy such that Java malware is often the execution of untrusted code inside a secure sandbox. able to alter the sandbox's settings [4] to override security However, many recent exploits have successfully escaped the mechanisms. Such exploits take advantage of defects in either sandbox, allowing attackers to infect numerous Java hosts. the JRE itself or the application's sandbox configuration to We hypothesize that the Java security model affords devel- disable the security manager, the component of the sandbox opers more flexibility than they need or use in practice, and responsible for enforcing the security policy [5, 6, 7, 8]. thus its complexity compromises security without improving In this paper, we investigate this disconnect between theory practical functionality. We describe an empirical study of the and practice. We hypothesize that it results primarily from ways benign open-source Java applications use and interact unnecessary complexity and flexibility in the design and with the Java security manager. We found that developers engineering of Java's security mechanisms. For example, regularly misunderstand or misuse Java security mechanisms, applications are allowed to change the security manager at that benign programs do not use all of the vast flexibility runtime, whereas static-only configuration of the manager afforded by the Java security model, and that there are clear would be more secure.
    [Show full text]
  • 6.4.0 Release Notes
    Red Hat JBoss Enterprise Application Platform 6.4 6.4.0 Release Notes For Use with Red Hat JBoss Enterprise Application Platform 6 Last Updated: 2017-12-12 Red Hat JBoss Enterprise Application Platform 6.4 6.4.0 Release Notes For Use with Red Hat JBoss Enterprise Application Platform 6 Legal Notice Copyright © 2017 Red Hat, Inc.. This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Migration-Guide.Pdf
    Java Platform, Standard Edition Oracle JDK Migration Guide Release 12 F13815-02 March 2019 Getting Started The purpose of this guide is to help you identify potential issues and give you suggestions on how to proceed as you migrate your existing Java application to the JDK 12 release. The guide also highlights the significant changes and enhancements done to the JDK 12 release. This guide contains the following sections: • Significant Changes in the JDK • Preparing For Migration • Migrating From JDK 8 to Later JDK Releases • Next Steps Significant Changes in the JDK Before migrating your application to the latest JDK release, you must understand what the updates and changes are between it and the previous JDK release. If you are migrating from JDK 8, you should also be familiar with the differences between JDK 8 and later releases that are described in Migrating From JDK 8 to Later JDK Releases. See the following sections to know some of the significant changes in latest JDK releases. Significant Changes in JDK 12 Release The following are some of the important additions and updates in Java SE 12 and JDK 12: • JVM Constants API is introduced to model nominal descriptions of key class-file and run-time artifacts, in particular constants that are loadable from the constant pool. See JVM Constant API. • The switch statement is extended so that it can be used either as a statement or an expression. This is a preview language feature. See JEP 325: Switch Expressions (Preview) and JEP 12: Preview Language and VM Features. 1 • Support for Unicode 11.0.
    [Show full text]
  • Java (Software Platform) from Wikipedia, the Free Encyclopedia Not to Be Confused with Javascript
    Java (software platform) From Wikipedia, the free encyclopedia Not to be confused with JavaScript. This article may require copy editing for grammar, style, cohesion, tone , or spelling. You can assist by editing it. (February 2016) Java (software platform) Dukesource125.gif The Java technology logo Original author(s) James Gosling, Sun Microsystems Developer(s) Oracle Corporation Initial release 23 January 1996; 20 years ago[1][2] Stable release 8 Update 73 (1.8.0_73) (February 5, 2016; 34 days ago) [±][3] Preview release 9 Build b90 (November 2, 2015; 4 months ago) [±][4] Written in Java, C++[5] Operating system Windows, Solaris, Linux, OS X[6] Platform Cross-platform Available in 30+ languages List of languages [show] Type Software platform License Freeware, mostly open-source,[8] with a few proprietary[9] compo nents[10] Website www.java.com Java is a set of computer software and specifications developed by Sun Microsyst ems, later acquired by Oracle Corporation, that provides a system for developing application software and deploying it in a cross-platform computing environment . Java is used in a wide variety of computing platforms from embedded devices an d mobile phones to enterprise servers and supercomputers. While less common, Jav a applets run in secure, sandboxed environments to provide many features of nati ve applications and can be embedded in HTML pages. Writing in the Java programming language is the primary way to produce code that will be deployed as byte code in a Java Virtual Machine (JVM); byte code compil ers are also available for other languages, including Ada, JavaScript, Python, a nd Ruby.
    [Show full text]
  • A Security Policy Oracle: Detecting Security Holes Using Multiple API Implementations
    A Security Policy Oracle: Detecting Security Holes Using Multiple API Implementations Varun Srivastava Michael D. Bond Kathryn S. McKinley Vitaly Shmatikov Yahoo! The Ohio State University The University of Texas at Austin varun [email protected] [email protected] fmckinley,[email protected] Abstract 1. Introduction Even experienced developers struggle to implement security poli- Demand for secure software is increasing, but ensuring that soft- cies correctly. For example, despite 15 years of development, stan- ware is secure remains a challenge. Developers are choosing dard Java libraries still suffer from missing and incorrectly applied memory-safe systems [9, 39] and languages such as Java and permission checks, which enable untrusted applications to execute C# in part because they improve security by reducing memory- native calls or modify private class variables without authorization. corruption attacks. Even memory-safe systems, however, rely on Previous techniques for static verification of authorization enforce- the access-rights model to ensure that the program has the appro- ment rely on manually specified policies or attempt to infer the pol- priate permissions before performing sensitive actions. Unfortu- icy by code-mining. Neither approach guarantees that the policy nately, even experienced developers find it difficult to specify and used for verification is correct. implement access-rights policies correctly. Consequently, semantic In this paper, we exploit the fact that many modern APIs have mistakes—such as missing permission checks which enable mali- multiple, independent implementations. Our flow- and context- cious code to bypass protection—have become a significant cause sensitive analysis takes as input an API, multiple implementations of security vulnerabilities [26].
    [Show full text]
  • Security Issue with JRE 1.7.0 51
    Security Issue with JRE 1.7.0_51 Issue With recent version of Java release 1.7.0_51 users encounter security warning messages, when signed applets are run within Internet Explorer. In such environments, customers using ISD 11.2 and earlier versions might see the following Warnings or error messages. 1. This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute. Please contact the Publisher for more information. 2. java.lang.SecurityException: Missing required Permissions manifest attribute in main jar: http://demo.com/ISD/websignsunjvm.jar Fix The security warning issue can be solved by following any one of the following two fixes. First one is a work around solution and the second one involves updating the websignsunjvm.jar (which has all the required entries to overcome security warning). Fix 1 Adding the domain name of the web site hosting ISD WebSign Java applet to trusted list of Java Plug-in will resolve this issue. Follow the steps below to 1. Open Java Control Panel Applet (Start->Programs->Control Panel-> Java). 2. Go to Security Tab and click on Edit Site List... Button under Exception Site List section. 3. Click on Add button to enter the location e.g. http://demo.com/ (is the domain or server name where the applet is hosted or published) and click on OK button. Adding non HTTPS sites might show some warning messages, ignore them. 4. Next step is to clean the Plug-in cache. Go To General tab, click on Setting button under Temporary Internet Files and click on delete files.
    [Show full text]
  • Websphere Application Server V7: Administration with Scripting
    Chapter 8 of WebSphere Application Server V7 Administration and Configuration Guide, SG24-7615 WebSphere Application Server V7: Administration with Scripting The administrative console is sufficient for tasks that are non-repetitive, have a minimal number of administrative steps, and are relatively simple. For administration that requires many steps, which can be repetitive, and time consuming to configure, wsadmin combined with scripts is an ideal tool. In this chapter we introduce the wsadmin scripting solution and describe how you can use it to perform basic tasks. This chapter contains the following topics: “Overview of WebSphere scripting” on page 2 “Launching wsadmin” on page 3 “Command and script invocation” on page 7 “wsadmin management objects” on page 9 “Managing WebSphere using script libraries” on page 14 “Assistance with scripting” on page 33 “Example: Using scripts with the job manager” on page 38 “Online resources” on page 47 © Copyright IBM Corp. 2009. All rights reserved. 1 Overview of WebSphere scripting WebSphere Application Server provides a scripting interface based on the Bean Scripting Framework (BSF) called wsadmin. BSF is an open source project to implement an architecture for incorporating scripting into Java™ applications and applets. The BSF architecture works as an interface between Java applications and scripting languages. Using BSF allows scripting languages to do the following tasks: Look up a pre-registered bean and access a pre-declared bean Register a newly created bean Perform all bean operations Bind events to scripts in the scripting language Because wsadmin uses BSF, it can make various Java objects available through language-specific interfaces to scripts.
    [Show full text]