DOCSLIB.ORG

An Executable Formal Semantics of PHP with Applications to Program Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
An Executable Formal Semantics of PHP with Applications to Program Analysis Imperial College London Department of Computing An Executable Formal Semantics of PHP with Applications to Program Analysis Daniele Filaretti Submitted in part fulfilment of the requirements for the degree of Doctor of Philosophy in Computing of the Imperial College London and the Diploma of the Imperial College, 2015 Abstract Nowadays, many important activities in our lives involve the web. However, the software and protocols on which web applications are based were not designed with the appropriate level of security in mind. Many web applications have reached a level of complexity for which testing, code reviews and human inspection are no longer sufficient quality-assurance guarantees. Tools that employ static analysis techniques are needed in order to explore all possible execution paths through an application and guarantee the absence of undesirable behaviours. To make sure that an analysis captures the properties of interest, and to navigate the trade-offs between efficiency and precision, it is necessary to base the design and the development of static analysis tools on a firm understanding of the language to be analysed. When this underlying knowledge is missing or erroneous, tools can’t be trusted no matter what advanced techniques they use to perform their task. In this Thesis, we introduce KPHP, the first executable formal semantics of PHP, one of the most popular languages for server-side web programming. Then, we demonstrate its practical relevance by developing two verification tools, of increasing complexity, on top of it - a simple verifier based on symbolic execution and LTL model checking and a general purpose, fully configurable and extensible static analyser based on Abstract Interpretation. Our LTL-based tool leverages the existing symbolic execution and model checking support offered by K, our semantics framework of choice, and constitutes a first proof-of-concept of the usefulness of our semantics. Our abstract interpreter, on the other hand, represents a more significant and novel contribution to the field of static analysis of dynamic scripting languages (PHP in particular). Although our tool is still a prototype and therefore not well suited for handling large real-world codebases, we demonstrate how our semantics-based, principled approach to the development of verification tools has lead to the design of static analyses that outperform existing tools and approaches, both in terms of supported language features, precision, and breadth of possible applications. i ii © The copyright of this thesis rests with the author and is made available under a Creative Commons Attribution Non-Commercial No Derivatives licence. Researchers are free to copy, dis- tribute or transmit the thesis on the condition that they attribute it, that they do not use it for commercial purposes and that they do not alter, transform or build upon it. For any reuse or redistribution, researchers must make clear to others the licence terms of this work iii iv Statement of Originality The work contained in this thesis has not been previously submitted for a degree or diploma at any other higher education institution. To the best of my knowledge and belief, the thesis contains no material previously published or written by another person except where due references are made. v vi Acknowledgements I would like to thank my supervisor Sergio Maffeis for offering me this great opportunity and for guiding and supporting me during all the stages of my PhD; my examiners Sophia Drossopoulou and Marco Carbone for their time, feedback and help in improving my work. I also would like to thank my parents for their patience, understanding and support, and the friends I met here in London for all the fun and the good times. Finally, I would like to thank EPSRC for their financial support. vii ‘For if one’s starting point is something unkonwn, and one’s conclusion and intermediate steps are made up of unknowns also, how can the resulting consistency ever by any manner of means become knowldege?’ Plato, The Republic, Book VII viii Contents Abstract i Acknowledgements vii I Introduction 1 1 Problem description and motivations 2 1.1 The (in)security of web applications . .2 1.2 The role of formal methods . .3 1.3 Contributions and thesis outline . .5 II Background 7 2 Semantics engineering 8 2.1 Introduction to the formal semantics of programming languages . .8 2.2 Tools for semantics engineering . 14 2.2.1 Overview . 14 2.2.2 The K Framework . 15 2.3 Mechanised specifications or real-world programming languages . 31 2.3.1 λJS ......................................... 33 2.3.2 λπ ......................................... 34 2.3.3 The semantics of C in K ............................. 34 2.3.4 JSCert . 35 ix x CONTENTS 2.3.5 K Java....................................... 36 2.3.6 K JS........................................ 37 2.3.7 Conclusion . 38 3 Web Applications 41 3.1 Basics . 41 3.1.1 The HTTP protocol . 41 3.1.2 Client and server-side technologies . 44 3.1.3 State: cookies and sessions . 45 3.2 PHP . 46 3.2.1 Hello World Wide Web . 48 3.2.2 A Closer Look . 49 3.2.3 Facebook’s PHP specification . 54 3.3 Web security . 55 3.3.1 Overview . 55 3.3.2 Taint style vulnerabilities . 58 4 Static analysis and security 64 4.1 The nature of static analysis . 66 4.2 Design tradeoffs . 68 4.2.1 Soundness vs completeness . 68 4.2.2 Precision vs scalability . 70 4.3 Approximating all possible runtime behaviours . 70 4.4 Static analysis vocabulary . 73 4.4.1 Exploring all paths . 74 4.4.2 Abstraction . 76 4.4.3 Increasing precision with sensitivities . 79 4.5 A primer on Abstract Interpretation . 84 4.5.1 A bird’s eye view . 84 4.5.2 Case study: abstract interpretation of arithmetic expressions . 86 4.5.3 Fixpoint abstraction . 101 CONTENTS xi 4.6 Related techniques: symbolic and concolic execution . 102 4.7 Static analysis tools for PHP . 105 III Contributions 114 5 KPHP: an executable formal semantics of PHP 115 5.1 Syntax . 118 5.2 Semantics . 119 5.2.1 Memory Layout . 119 5.2.2 Configuration . 126 5.2.3 Copy-on-write in the Zend engine . 129 5.2.4 Semantic rules . 130 5.3 Putting it all together: KPHP . 162 5.4 Testing and Validation . 163 5.4.1 Test-driven semantics development . 164 5.4.2 Comparison with Facebook’s PHP specification . 164 5.4.3 Validation . 165 5.4.4 Coverage . 166 5.5 Limitations, Perspective and Future Work . 167 6 Verification via LTL model checking 170 6.1 Model checking and symbolic execution in K ...................... 170 6.2 Temporal verification of PHP programs . 171 6.2.1 Symbolic values in PHP programs . 171 6.2.2 State transitions . 172 6.2.3 LTL . 172 6.2.4 A temporal logic for PHP . 176 6.2.5 Example . 178 6.3 Case studies . 180 6.3.1 Input Validation . 180 6.3.2 Cryptographic Key Generation . 183 xii CONTENTS 6.4 Discussion and Limitations . 184 7 A general purpose static analyser for PHP 186 7.1 Methodology and overview . 187 7.2 Parametrising the domain of computation . 189 7.2.1 Abstract domains . 190 7.2.2 Abstraction . 196 7.2.3 Putting the domain into action . 197 7.2.4 Partitioning the semantics by isolating domain operations . 199 7.2.5 Concrete domain . 202 7.2.6 Example . 203 7.3 Lifting the semantics . 204 7.3.1 Conditionals . 206 7.3.2 While loop . 212 7.3.3 Functions and recursion . 219 7.4 Merging configurations . 231 7.4.1 Challenges . 232 7.4.2 Updates to the memory model . 236 7.4.3 Overview of the merging procedure . 238 7.4.4 Merging return values . 238 7.4.5 Merging status codes . 240 7.4.6 Merging arrays and memories . 241 7.5 Array and object access, revisited . 259 7.5.1 Strong vs Weak updates . 261 7.5.2 Overlapping keys . ..
Load more

Recommended publications
  • An Execution Model for Serverless Functions at the Edge
    An Execution Model for Serverless Functions at the Edge Adam Hall Umakishore Ramachandran Georgia Institute of Technology Georgia Institute of Technology Atlanta, Georgia Atlanta, Georgia ach@gatech:edu rama@gatech:edu ABSTRACT 1 INTRODUCTION Serverless computing platforms allow developers to host single- Enabling next generation technologies such as self-driving cars or purpose applications that automatically scale with demand. In con- smart cities via edge computing requires us to reconsider the way trast to traditional long-running applications on dedicated, virtu- we characterize and deploy the services supporting those technolo- alized, or container-based platforms, serverless applications are gies. Edge/fog environments consist of many micro data centers intended to be instantiated when called, execute a single function, spread throughout the edge of the network. This is in stark contrast and shut down when finished. State-of-the-art serverless platforms to the cloud, where we assume the notion of unlimited resources achieve these goals by creating a new container instance to host available in a few centralized data centers. These micro data center a function when it is called and destroying the container when it environments must support large numbers of Internet of Things completes. This design allows for cost and resource savings when (IoT) devices on limited hardware resources, processing the mas- hosting simple applications, such as those supporting IoT devices sive amounts of data those devices generate while providing quick at the edge of the network. However, the use of containers intro- decisions to inform their actions [44]. One solution to supporting duces some overhead which may be unsuitable for applications emerging technologies at the edge lies in serverless computing.
    [Show full text]
  • Toward IFVM Virtual Machine: a Model Driven IFML Interpretation
    Toward IFVM Virtual Machine: A Model Driven IFML Interpretation Sara Gotti and Samir Mbarki MISC Laboratory, Faculty of Sciences, Ibn Tofail University, BP 133, Kenitra, Morocco Keywords: Interaction Flow Modelling Language IFML, Model Execution, Unified Modeling Language (UML), IFML Execution, Model Driven Architecture MDA, Bytecode, Virtual Machine, Model Interpretation, Model Compilation, Platform Independent Model PIM, User Interfaces, Front End. Abstract: UML is the first international modeling language standardized since 1997. It aims at providing a standard way to visualize the design of a system, but it can't model the complex design of user interfaces and interactions. However, according to MDA approach, it is necessary to apply the concept of abstract models to user interfaces too. IFML is the OMG adopted (in March 2013) standard Interaction Flow Modeling Language designed for abstractly expressing the content, user interaction and control behaviour of the software applications front-end. IFML is a platform independent language, it has been designed with an executable semantic and it can be mapped easily into executable applications for various platforms and devices. In this article we present an approach to execute the IFML. We introduce a IFVM virtual machine which translate the IFML models into bytecode that will be interpreted by the java virtual machine. 1 INTRODUCTION a fundamental standard fUML (OMG, 2011), which is a subset of UML that contains the most relevant The software development has been affected by the part of class diagrams for modeling the data apparition of the MDA (OMG, 2015) approach. The structure and activity diagrams to specify system trend of the 21st century (BRAMBILLA et al., behavior; it contains all UML elements that are 2014) which has allowed developers to build their helpful for the execution of the models.
    [Show full text]
  • A Brief History of Just-In-Time Compilation
    A Brief History of Just-In-Time JOHN AYCOCK University of Calgary Software systems have been using “just-in-time” compilation (JIT) techniques since the 1960s. Broadly, JIT compilation includes any translation performed dynamically, after a program has started execution. We examine the motivation behind JIT compilation and constraints imposed on JIT compilation systems, and present a classification scheme for such systems. This classification emerges as we survey forty years of JIT work, from 1960–2000. Categories and Subject Descriptors: D.3.4 [Programming Languages]: Processors; K.2 [History of Computing]: Software General Terms: Languages, Performance Additional Key Words and Phrases: Just-in-time compilation, dynamic compilation 1. INTRODUCTION into a form that is executable on a target platform. Those who cannot remember the past are con- What is translated? The scope and na- demned to repeat it. ture of programming languages that re- George Santayana, 1863–1952 [Bartlett 1992] quire translation into executable form covers a wide spectrum. Traditional pro- This oft-quoted line is all too applicable gramming languages like Ada, C, and in computer science. Ideas are generated, Java are included, as well as little lan- explored, set aside—only to be reinvented guages [Bentley 1988] such as regular years later. Such is the case with what expressions. is now called “just-in-time” (JIT) or dy- Traditionally, there are two approaches namic compilation, which refers to trans- to translation: compilation and interpreta- lation that occurs after a program begins tion. Compilation translates one language execution. into another—C to assembly language, for Strictly speaking, JIT compilation sys- example—with the implication that the tems (“JIT systems” for short) are com- translated form will be more amenable pletely unnecessary.
    [Show full text]
  • A Parallel Program Execution Model Supporting Modular Software Construction
    A Parallel Program Execution Model Supporting Modular Software Construction Jack B. Dennis Laboratory for Computer Science Massachusetts Institute of Technology Cambridge, MA 02139 U.S.A. [email protected] Abstract as a guide for computer system design—follows from basic requirements for supporting modular software construction. A watershed is near in the architecture of computer sys- The fundamental theme of this paper is: tems. There is overwhelming demand for systems that sup- port a universal format for computer programs and software The architecture of computer systems should components so users may benefit from their use on a wide reflect the requirements of the structure of pro- variety of computing platforms. At present this demand is grams. The programming interface provided being met by commodity microprocessors together with stan- should address software engineering issues, in dard operating system interfaces. However, current systems particular, the ability to practice the modular do not offer a standard API (application program interface) construction of software. for parallel programming, and the popular interfaces for parallel computing violate essential principles of modular The positions taken in this presentation are contrary to or component-based software construction. Moreover, mi- much conventional wisdom, so I have included a ques- croprocessor architecture is reaching the limit of what can tion/answer dialog at appropriate places to highlight points be done usefully within the framework of superscalar and of debate. We start with a discussion of the nature and VLIW processor models. The next step is to put several purpose of a program execution model. Our Parallelism processors (or the equivalent) on a single chip.
    [Show full text]
  • CNT6008 Network Programming Module - 11 Objectives
    CNT6008 Network Programming Module - 11 Objectives Skills/Concepts/Assignments Objectives ASP.NET Overview • Learn the Framework • Understand the different platforms • Compare to Java Platform Final Project Define your final project requirements Section 21 – Web App Read Sections 21 and 27, pages 649 to 694 and 854 Development and ASP.NET to 878. Section 27 – Web App Development with ASP.NET Overview of ASP.NET Section Goals Goal Course Presentation Understanding Windows Understanding .NET Framework Foundation Project Concepts Creating a ASP.NET Client and Server Application Understanding the Visual Creating a ASP Project Studio Development Environment .NET – What Is It? • Software platform • Language neutral • In other words: • .NET is not a language (Runtime and a library for writing and executing written programs in any compliant language) What Is .NET • .Net is a new framework for developing web-based and windows-based applications within the Microsoft environment. • The framework offers a fundamental shift in Microsoft strategy: it moves application development from client-centric to server- centric. .NET – What Is It? .NET Application .NET Framework Operating System + Hardware Framework, Languages, And Tools VB VC++ VC# JScript … Common Language Specification Visual Studio.NET Visual ASP.NET: Web Services Windows and Web Forms Forms ADO.NET: Data and XML Base Class Library Common Language Runtime The .NET Framework .NET Framework Services • Common Language Runtime • Windows Communication Framework (WCF) • Windows® Forms • ASP.NET (Active Server Pages) • Web Forms • Web Services • ADO.NET, evolution of ADO • Visual Studio.NET Common Language Runtime (CLR) • CLR works like a virtual machine in executing all languages. • All .NET languages must obey the rules and standards imposed by CLR.
    [Show full text]
  • PHP 7 Y Laravel
    PHP 7 y Laravel © All rights reserved. www.keepcoding.io 1. Introducción Nada suele ser tan malo como lo pintan © All rights reserved. www.keepcoding.io When people tell me PHP is not a real programming language http://thecodinglove.com/post/114654680296 © All rights reserved. www.keepcoding.io Quién soy • Alicia Rodríguez • Ingeniera industrial ICAI • Backend developer • @buzkall • buzkall.com http://buzkall.com © All rights reserved. www.keepcoding.io ¿Qué vamos a ver? • Instalación y desarrollo en local • PHP 7 • Laravel • Test unitarios • Cómo utilizar una API externa © All rights reserved. www.keepcoding.io ¿Qué sabremos al terminar? • PHP mola • Crear un proyecto de cero • Depurar y hacer test a nuestro código • Un poco de análisis técnico y bolsa © All rights reserved. www.keepcoding.io Seguridad Security is not a characteristic of a language as much as it is a characteristic of a developer Essential PHP Security. Chris Shiflett. O’Reilly © All rights reserved. www.keepcoding.io Popularidad en Stackoverflow http://stackoverflow.com/research/developer-survey-2016 © All rights reserved. www.keepcoding.io Popularidad en Github http://redmonk.com/sogrady/2016/07/20/language-rankings-6-16/ © All rights reserved. www.keepcoding.io Frameworks por lenguaje https://hotframeworks.com/ © All rights reserved. www.keepcoding.io Su propia descripción • PHP is a popular general-purpose scripting language that is especially suited to web development. • Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world. https://secure.php.net/ © All rights reserved. www.keepcoding.io Historia de PHP • Creado por Rasmus Lerdorf en 1995 como el conjunto de scripts "Personal Home Page Tools", referenciado como "PHP Tools”.
    [Show full text]
  • The CLR's Execution Model
    C01621632.fm Page 3 Thursday, January 12, 2006 3:49 PM Chapter 1 The CLR’s Execution Model In this chapter: Compiling Source Code into Managed Modules . 3 Combining Managed Modules into Assemblies . 6 Loading the Common Language Runtime. 8 Executing Your Assembly’s Code. 11 The Native Code Generator Tool: NGen.exe . 19 Introducing the Framework Class Library . 22 The Common Type System. 24 The Common Language Specification . 26 Interoperability with Unmanaged Code. 30 The Microsoft .NET Framework introduces many new concepts, technologies, and terms. My goal in this chapter is to give you an overview of how the .NET Framework is designed, intro- duce you to some of the new technologies the framework includes, and define many of the terms you’ll be seeing when you start using it. I’ll also take you through the process of build- ing your source code into an application or a set of redistributable components (files) that contain types (classes, structures, etc.) and then explain how your application will execute. Compiling Source Code into Managed Modules OK, so you’ve decided to use the .NET Framework as your development platform. Great! Your first step is to determine what type of application or component you intend to build. Let’s just assume that you’ve completed this minor detail; everything is designed, the specifications are written, and you’re ready to start development. Now you must decide which programming language to use. This task is usually difficult because different languages offer different capabilities. For example, in unmanaged C/C++, you have pretty low-level control of the system.
    [Show full text]
  • Executing UML Models
    Executing UML Models Miguel Pinto Luz1, Alberto Rodrigues da Silva1 1Instituto Superior Técnico Av. Rovisco Pais 1049-001 Lisboa – Portugal {miguelluz, alberto.silva}@acm.org Abstract. Software development evolution is a history of permanent seeks for raising the abstraction level to new limits overcoming new frontiers. Executable UML (xUML) comes this way as the expectation to achieve the next level in abstraction, offering the capability of deploying a xUML model in a variety of software environments and platforms without any changes. This paper comes as a first expedition inside xUML, exploring the main aspects of its specification including the action languages support and the fundamental MDA compliance. In this paper is presented a future new xUML tool called XIS-xModels that gives Microsoft Visio new capabilities of running and debugging xUML models. This paper is an outline of the capabilities and main features of the future application. Keywords: UML, executable UML, Model Debugging, Action Language. 1. Introduction In a dictionary we find that an engineer is a person who uses scientific knowledge to solve practical problems, planning and directing, but an information technology engineer is someone that spends is time on implementing lines of code, instead of being focus on planning and projecting. Processes, meetings, models, documents, or even code are superfluous artifacts for organizations: all they need is well design and fast implemented working system, that moves them towards a new software development paradigm, based on high level executable models. According this new paradigm it should be possible to reduce development time and costs, and to bring new product quality warranties, only reachable by executing, debugging and testing early design stages (models).
    [Show full text]
  • Performance Analyses and Code Transformations for MATLAB Applications Patryk Kiepas
    Performance analyses and code transformations for MATLAB applications Patryk Kiepas To cite this version: Patryk Kiepas. Performance analyses and code transformations for MATLAB applications. Computa- tion and Language [cs.CL]. Université Paris sciences et lettres, 2019. English. NNT : 2019PSLEM063. tel-02516727 HAL Id: tel-02516727 https://pastel.archives-ouvertes.fr/tel-02516727 Submitted on 24 Mar 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Préparée à MINES ParisTech Analyses de performances et transformations de code pour les applications MATLAB Performance analyses and code transformations for MATLAB applications Soutenue par Composition du jury : Patryk KIEPAS Christine EISENBEIS Le 19 decembre 2019 Directrice de recherche, Inria / Paris 11 Présidente du jury João Manuel Paiva CARDOSO Professeur, University of Porto Rapporteur Ecole doctorale n° 621 Erven ROHOU Ingénierie des Systèmes, Directeur de recherche, Inria Rennes Rapporteur Matériaux, Mécanique, Michel BARRETEAU Ingénieur de recherche, THALES Examinateur Énergétique Francois GIERSCH Ingénieur de recherche, THALES Invité Spécialité Claude TADONKI Informatique temps-réel, Chargé de recherche, MINES ParisTech Directeur de thèse robotique et automatique Corinne ANCOURT Maître de recherche, MINES ParisTech Co-directrice de thèse Jarosław KOŹLAK Professeur, AGH UST Co-directeur de thèse 2 Abstract MATLAB is an interactive computing environment with an easy programming language and a vast library of built-in functions.
    [Show full text]
  • CUDA C++ Programming Guide
    CUDA C++ Programming Guide Design Guide PG-02829-001_v11.4 | September 2021 Changes from Version 11.3 ‣ Added Graph Memory Nodes. ‣ Formalized Asynchronous SIMT Programming Model. CUDA C++ Programming Guide PG-02829-001_v11.4 | ii Table of Contents Chapter 1. Introduction........................................................................................................ 1 1.1. The Benefits of Using GPUs.....................................................................................................1 1.2. CUDA®: A General-Purpose Parallel Computing Platform and Programming Model....... 2 1.3. A Scalable Programming Model.............................................................................................. 3 1.4. Document Structure................................................................................................................. 5 Chapter 2. Programming Model.......................................................................................... 7 2.1. Kernels.......................................................................................................................................7 2.2. Thread Hierarchy...................................................................................................................... 8 2.3. Memory Hierarchy...................................................................................................................10 2.4. Heterogeneous Programming................................................................................................11 2.5. Asynchronous
    [Show full text]
  • Programming Languages: Classification, Execution Model, and Errors
    Programming Fundamentals Dr. Raaid Alubady –4th Lecture Programming Languages: Classification, Execution Model, and Errors 4th Lecture 1. Introduction As the involvement of computer, automation and robotics growing in our daily life, programming becomes highly required to control all of them. To control all of these systems and machines and take desired output by them skilled programming languages is necessary. However, the area of programming language becomes how much wide but it will be under one of the two categories of programming languages (i.e., Low-level language and High-level language). In the early days of computing, language design was heavily influenced by the decision to use compiling or interpreting as a mode of execution. Depending on tools such as compilation and interpretation in order to get our written code into a form that the computer can execute. Code can either be executed natively through the operating system after it is converted to machine code (via compilation) or can be evaluated line by line through another program which handles executing the code instead of the operating system itself (via interpretation). 2. Classification of Programming Languages Programming languages are basically classified into two main categories – Low- level language and High-level language. Every programming language belongs to one of these categories and sub-category. 2.1. Low level languages Low-level languages are used to write programs that relate to the specific architecture and hardware of a particular type of computer. They are closer to the native language of a computer (binary), making them harder for programmers to understand. Programs written in low-level languages are fast and memory efficient.
    [Show full text]
  • The Design and Implementation of a Bytecode for Optimization On
    Trinity University Digital Commons @ Trinity Computer Science Honors Theses Computer Science Department 4-20-2012 The esiD gn and Implementation of a Bytecode for Optimization on Heterogeneous Systems Kerry A. Seitz Trinity University, [email protected] Follow this and additional works at: http://digitalcommons.trinity.edu/compsci_honors Part of the Computer Sciences Commons Recommended Citation Seitz, Kerry A., "The eD sign and Implementation of a Bytecode for Optimization on Heterogeneous Systems" (2012). Computer Science Honors Theses. 28. http://digitalcommons.trinity.edu/compsci_honors/28 This Thesis open access is brought to you for free and open access by the Computer Science Department at Digital Commons @ Trinity. It has been accepted for inclusion in Computer Science Honors Theses by an authorized administrator of Digital Commons @ Trinity. For more information, please contact [email protected]. The Design and Implementation of a Bytecode for Optimization on Heterogeneous Systems Kerry Allen Seitz, Jr. Abstract As hardware architectures shift towards more heterogeneous platforms with different vari- eties of multi- and many-core processors and graphics processing units (GPUs) by various manufacturers, programmers need a way to write simple and highly optimized code without worrying about the specifics of the underlying hardware. To meet this need, I have designed a virtual machine and bytecode around the goal of optimized execution on highly variable, heterogeneous hardware, instead of having goals such as small bytecodes as was the ob- jective of the JavaR Virtual Machine. The approach used here is to combine elements of the DalvikR virtual machine with concepts from the OpenCLR heterogeneous computing platform, along with an annotation system so that the results of complex compile time analysis can be available to the Just-In-Time compiler.
    [Show full text]