DOCSLIB.ORG

The ACM Java Libraries

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The ACM Java Libraries The ACM Java Libraries Andrew Mertz William Slough Nancy Van Cleave Mathematics and Computer Science Department Eastern Illinois University October 10, 2009 CCSC:MW 2009, Saint Xavier University Introduction NetBeans and Java The ACM Java Task Force (JTF) Libraries Placing applets on web pages How to learn about the ACM libraries: This workshop Textbooks ACM Java Task Force Tutorial Javadoc documentation CCSC:MW 2009, Saint Xavier University Textbook support for ACM libraries CCSC:MW 2009, Saint Xavier University ACM library galleries EIU student work: http://www.eiu.edu/~mathcs/http JTF demo gallery: http://jtf.acm.org/demos/index.html CCSC:MW 2009, Saint Xavier University Installing the necessary software: NetBeans www.netbeans.org/downloads/ Click on the Download NetBeans IDE Button Run install CCSC:MW 2009, Saint Xavier University Installating the necessary software: ACM Java libraries jtf.acm.org | obtain acm.zip Create acmLibrary project in NetBeans File ! New Project Within the Categories panel, select Java Within the Projects, select Java Class Library Click Next to proceed For the project name, enter acmLibrary Click on the Finish button Move the acm.zip file to the acmLibrary/src directory Unpack the zip file (into the acmLibrary/src directory) Right{click on the acmLibrary project in NetBeans, and select close (don't shut down NetBeans) CCSC:MW 2009, Saint Xavier University The Program class diagram JApplet Program GraphicsProgram ConsoleProgram DialogProgram CCSC:MW 2009, Saint Xavier University A \Hello, world!" program Create HelloProgram project File ! New Project Within the Categories panel, select Java Within the Projects, select Java Class Library Click Next to proceed For the project name, enter HelloProgram Click on the Finish button Make the acmLibrary available to this project Right{click on Libraries, select Add Project In the Add Project window choose acmLibrary Click on Add Project / Jar files CCSC:MW 2009, Saint Xavier University Create a new Java program Right{click on Source Packages, then select New ! Other Select Java from the categories The file type to select is Empty Java File Click Next, then replace the suggested class name NewEmpty with HelloProgram Click the Finish button CCSC:MW 2009, Saint Xavier University A \Hello, world!" program: in a console window import acm.graphics.*; import acm.program.*; public class HelloProgram extends ConsoleProgram { public void run() { println("Hello, world!"); } } Modifications: Add a second line below the first with your name Add a third line with your organization CCSC:MW 2009, Saint Xavier University A \Hello, world!" program: with dialog boxes import acm.graphics.*; import acm.program.*; public class HelloProgram extends DialogProgram { public void run() { println("Hello, world!"); println("Name here"); println("Organization here"); } } Modifications: Change ConsoleProgram to DialogProgram Change first two println statements to print statements with \n to produce a single dialog window CCSC:MW 2009, Saint Xavier University A \Hello, world!" program: in a graphics window import acm.graphics.*; import acm.program.*; public class HelloProgram extends GraphicsProgram { public void run() { add(new GLabel("Hello, world!", 100, 75)); } } Modifications: Move the output line down Add lines for your name and organization CCSC:MW 2009, Saint Xavier University Placing applets on a web site index.html HelloProgram.html CCSC:MW 2009, Saint Xavier University Add2Quantities import acm.program.*; public class Add2Quantities extends ConsoleProgram { public void run() { println("This program adds two values:"); int a = readInt("Enter a: "); int b = readInt("Enter b: "); int sum = a + b; println("The sum is " + sum + "."); } } Modifications: Convert to a DialogProgram Different data types: int ! double, readInt ! readDouble int ! String, readInt ! readLine CCSC:MW 2009, Saint Xavier University The acm.graphics model The acm.graphics package uses a collage model in which you create an image by adding various objects to a canvas. This is similar to a felt board that serves as a backdrop for colored shapes that stick to the felt surface. Note that newer objects can obscure those added earlier. This layering arrangement is called the stacking order or z-order. CCSC:MW 2009, Saint Xavier University The Java coordinate system All distances and coordinates in the graphics library are measured in pixels. Coordinates in the graphics model are specified relative to the origin in the upper left corner of the screen. Coordinate values are specified as a pair of floating-point values (x; y) where the values for x increase as you move rightward across the screen and the values for y increase as you move downward. CCSC:MW 2009, Saint Xavier University Partial class diagram for acm.graphics GRect GOval GLabel GLine java.awt.Container GObject GCompound GPolygon GCanvas GTurtle GImage GArc CCSC:MW 2009, Saint Xavier University The GCanvas class The GCanvas class represents the background canvas, a virtual felt board. When you use the acm.graphics package, you create pictures by adding various GObjects to a GCanvas. For simple applications, you will not need to work with an explicit GCanvas object. Programs that extend GraphicsProgram, automatically creates a GCanvas and resizes it so that it fills the program window. Most of the methods defined for the GCanvas class are also available in a GraphicsProgram, thanks to delegation. CCSC:MW 2009, Saint Xavier University Methods in the GCanvas class add(object) Adds the object to the canvas at the front of the stack add(object, x, y) Moves the object to (x, y) and then adds it to the canvas remove(object) Removes the object from the canvas removeAll() Removes all objects from the canvas getElementAt(x, y) Returns the front most object at (x, y), or null if none getWidth() Returns the width in pixels of the canvas getHeight() Returns the height in pixels of the canvas setBackground(c) Sets the background color of the canvas CCSC:MW 2009, Saint Xavier University Methods in the GCanvas class The following methods are available in GraphicsProgram only: pause(milliseconds) Pauses the program for the specified time waitForClick() Suspends the program until the user clicks the mouse CCSC:MW 2009, Saint Xavier University Two forms of the add method The add method comes in two forms. add(object); adds the object at the location currently stored in its internal structure. You use this form when you have already set the coordinates of the object, usually done when it was created. The second form: add(object, x, y); which moves the object to the point (x; y) and then adds it there. This form is useful when you need to determine some property of the object before you know where to put it. If, for example, you want to center a GLabel, you must first create it and then use its size to determine its location. CCSC:MW 2009, Saint Xavier University Centering text import acm.graphics.*; import acm.program.*; public class CenteredLabel extends GraphicsProgram { public void run() { GLabel label = new GLabel("I am centered"); add(label, (getWidth() - label.getWidth()) / 2, (getHeight() - label.getHeight()) / 2); } } CCSC:MW 2009, Saint Xavier University Methods common to GObjects setLocation(x, y) Resets the location of the object to the specified point move(dx, dy) Moves the object dx and dy pixels movePolar(r, theta) Moves the object r pixels in the direction theta getX() Returns the x coordinate of the object getY() Returns the y coordinate of the object getWidth() Returns the horizontal width of the object in pixels getHeight() Returns the vertical height of the object in pixels contains(x, y) Returns true if the object contains the specified point CCSC:MW 2009, Saint Xavier University Methods common to GObjects (continued) setColor(c) Sets the color of the object getColor() Returns the color currently assigned to the object setVisible(flag) Sets visibility (false = invisible, true = visible) isVisible() Returns true if the object is visible sendToFront() Sends the object to the front of the stacking order sendToBack() Sends the object to the back of the stacking order sendForward() Sends the object forward one position in the stack- ing order sendBackward() Sends the object backward one position in the stack- ing order CCSC:MW 2009, Saint Xavier University Sharing behavior through interfaces There are some methods that apply to some GObject subclasses, but not others. For example, you can call setFilled on GOvals or GRects. However, it does not make sense to call setFilled on a GLine. In the acm.graphics package, there are three interfaces that define methods for certain GObject subclasses: GFillable GResizable GScalable CCSC:MW 2009, Saint Xavier University acm.graphics interfaces GFillable (GArc, GOval, GPolygon, GRect) setFilled(flag) Sets the fill state (false = outlined, true = filled) isFilled() Returns the fill state setFillColor(c) Sets the color used to fill the interior getFillColor() Returns the fill color GResizable (GImage, GOval, GRect) setSize(width, height) Sets the dimensions of the object setBounds(x, y, width, height) Sets the location and dimensions GScalable (GArc, GCompound, GLine, GImage, GOval, GPolygon, GRect) scale(sf) Scales both dimensions of the object by sf scale(sx, sy) Scales the object by sx horizontally and sy vertically CCSC:MW 2009, Saint Xavier University Making a face CCSC:MW 2009, Saint Xavier University Exercise: Drawing a house CCSC:MW 2009, Saint Xavier University Encapsulated coordinates The acm.graphics package defines three classes: GPoint
Load more

Recommended publications
  • CDC Runtime Guide
    CDC Runtime Guide for the Sun Java Connected Device Configuration Application Management System Version 1.0 Sun Microsystems, Inc. www.sun.com November 2005 Copyright © 2005 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries. THIS PRODUCT CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF SUN MICROSYSTEMS, INC. USE, DISCLOSURE OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF SUN MICROSYSTEMS, INC. U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and in other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, Java, J2ME, Java ME, Sun Corporate Logo and Java Logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Products covered by and information contained in this service manual are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries.
    [Show full text]
  • The Java Hotspot VM Under the Hood
    The Java HotSpot VM Under the Hood Tobias Hartmann Principal Member of Technical Staff Compiler Group – Java HotSpot Virtual Machine Oracle Corporation August 2017 Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | About me • Joined Oracle in 2014 • Software engineer in the Java HotSpot VM Compiler Team – Based in Baden, Switzerland • German citizen • Master’s degree in Computer Science from ETH Zurich • Worked on various compiler-related projects – Currently working on future Value Type support for Java Copyright © 2017, Oracle and/or its affiliates. All rights reserved. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3 Outline • Intro: Why virtual machines? • Part 1: The Java HotSpot VM – JIT compilation in HotSpot – Tiered Compilation • Part 2: Projects – Segmented Code Cache – Compact Strings – Ahead-of-time Compilation – Minimal Value Types Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 4 A typical computing platform User Applications Application Software Java SE Java EE Java Virtual Machine System Software Operating system Hardware Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 5 A typical computing platform User Applications Application Software Java SE Java EE Java Virtual Machine System Software Operating system Hardware Copyright © 2017, Oracle and/or its affiliates.
    [Show full text]
  • Technique: HTTP the Java Way
    Technique: HTTP the Java way An article from Android in Practice EARLY ACCESS EDITION Charlie Collins, Michael D. Galpin, and Matthias Kaeppler MEAP Release: July 2010 Softbound print: Spring 2011 | 500 pages ISBN: 9781935182924 This article is taken from the book Android in Practice. The authors demonstrate how to send simple HTTP requests to a Web server using Java’s standard HTTP networking facilities. Tweet this button! (instructions here) Get 35% off any version of Android in Practice with the checkout code fcc35. Offer is only valid through www.manning.com. The standard Java class library already has a solution for HTTP messaging. An open-source implementation of these classes is bundled with Android’s class library, which is based on Apache Harmony. It’s simple and bare- bones in its structure and, while it supports features like proxy servers, cookies (to some degree), and SSL, the one thing that it lacks more than anything else is a class interface and component structure that doesn’t leave you bathed in tears. Still, more elaborate HTTP solutions are often wrappers around the standard Java interfaces and, if you don’t need all the abstraction provided, for example, by Apache HttpClient interfaces, the stock Java classes may not only be sufficient, they also perform much better thanks to a much slimmer, more low-level implementation. Problem You must perform simple networking tasks via HTTP (such as downloading a file) and you want to avoid the performance penalty imposed by the higher-level, much larger, and more complex Apache HttpClient implementation. Solution If you ever find yourself in this situation, you probably want to do HTTP conversations through a java.net.HttpURLConnection.
    [Show full text]
  • Exploiting SAS Software Using Java Technology
    Exploiting SAS® Software Using Java™ Technology Barbara Walters, SAS Institute Inc., Cary, NC Java programs are often delivered via the Internet. In order to protect the local machine from malicious programs, the Java language and the JVM Abstract provide a secure environment for application execution. The secure This paper describes how to use Java™ technology with SAS software. environment ensures that the client machine (the machine where the SAS Institute currently offers several Java development tools that allow browser is running) is not corrupted by the downloaded program and that applications to access SAS data and take advantage of SAS no information is stolen from the client machine. computational capabilities. This paper describes how to use these class libraries and address client/server configuration and performance Java security is based upon the “sandbox” model. The sandbox is the issues. set of resources (threads, socket connections, local files, etc.) that the downloaded Java code is allowed to access. The code is restricted from accessing resources outside of its sandbox. In executing Java applets, Introduction each Web browser defines the limits of the sandbox. Since its introduction in mid-1995, Java have become an integral part of The Security Manager enforces the limits of the sandbox. For applets, the World Wide Web. Java is a rich programming language that enables the Web browser controls the Security Manager. Each browser may put Web programmers to create sophisticated and responsive client/server different restrictions on applet behavior. The default limits imposed by applications. Because Java is portable and secure, users of Web the Security Manager are: applications can be confident that those applications will execute • Classes cannot access the local file system properly and not corrupt their computers.
    [Show full text]
  • CDC Runtime Guide
    CDC Runtime Guide Java™ Platform, Micro Edition Connected Device Configuration, Version 1.1.2 Foundation Profile, Version 1.1.2 Optimized Implementation Sun Microsystems, Inc. www.sun.com December 2008 Copyright © 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and in other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, Java, Solaris and HotSpot are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the United States and other countries. The Adobe logo is a registered trademark of Adobe Systems, Incorporated. Products covered by and information contained in this service manual are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited.
    [Show full text]
  • CDC Build System Guide
    CDC Build System Guide Java™ Platform, Micro Edition Connected Device Configuration, Version 1.1.2 Foundation Profile, Version 1.1.2 Optimized Implementation Sun Microsystems, Inc. www.sun.com December 2008 Copyright © 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and in other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, Java, Solaris and HotSpot are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the United States and other countries. The Adobe logo is a registered trademark of Adobe Systems, Incorporated. Products covered by and information contained in this service manual are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited.
    [Show full text]
  • CDC: Java Platform Technology for Connected Devices
    CDC: JAVA™ PLATFORM TECHNOLOGY FOR CONNECTED DEVICES Java™ Platform, Micro Edition White Paper June 2005 2 Table of Contents Sun Microsystems, Inc. Table of Contents Introduction . 3 Enterprise Mobility . 4 Connected Devices in Transition . 5 Connected Devices Today . 5 What Users Want . 5 What Developers Want . 6 What Service Providers Want . 6 What Enterprises Want . 6 Java Technology Leads the Way . 7 From Java Specification Requests… . 7 …to Reference Implementations . 8 …to Technology Compatibility Kits . 8 Java Platform, Micro Edition Technologies . 9 Configurations . 9 CDC . 10 CLDC . 10 Profiles . 11 Optional Packages . 11 A CDC Java Runtime Environment . 12 CDC Technical Overview . 13 CDC Class Library . 13 CDC HotSpot™ Implementation . 13 CDC API Overview . 13 Application Models . 15 Standalone Applications . 16 Managed Applications: Applets . 16 Managed Applications: Xlets . 17 CLDC Compatibility . 18 GUI Options and Tradeoffs . 19 AWT . 19 Lightweight Components . 20 Alternate GUI Interfaces . 20 AGUI Optional Package . 20 Security . 21 Developer Tool Support . 22 3 Introduction Sun Microsystems, Inc. Chapter 1 Introduction From a developer’s perspective, the APIs for desktop PCs and enterprise systems have been a daunting combination of complexity and confusion. Over the last 10 years, Java™ technology has helped simplify and tame this world for the benefit of everyone. Developers have benefited by seeing their skills become applicable to more systems. Users have benefited from consistent interfaces across different platforms. And systems vendors have benefited by reducing and focusing their R&D investments while attracting more developers. For desktop and enterprise systems, “Write Once, Run Anywhere”™ has been a success. But if the complexities of the desktop and enterprise world seem, well, complex, then the connected device world is even scarier.
    [Show full text]
  • 100% Pure Java Cookbook Use of Native Code
    100% Pure Java Cookbook Guidelines for achieving the 100% Pure Java Standard Revision 4.0 Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, California 94303 USA Copyrights 2000 Sun Microsystems, Inc. All rights reserved. 901 San Antonio Road, Palo Alto, California 94043, U.S.A. This product and related documentation are protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Restricted Rights Legend Use, duplication, or disclosure by the United States Government is subject to the restrictions set forth in DFARS 252.227-7013 (c)(1)(ii) and FAR 52.227-19. The product described in this manual may be protected by one or more U.S. patents, foreign patents, or pending applications. Trademarks Sun, the Sun logo, Sun Microsystems, Java, Java Compatible, 100% Pure Java, JavaStar, JavaPureCheck, JavaBeans, Java 2D, Solaris,Write Once, Run Anywhere, JDK, Java Development Kit Standard Edition, JDBC, JavaSpin, HotJava, The Network Is The Computer, and JavaStation are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and certain other countries. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. All other product names mentioned herein are the trademarks of their respective owners. Netscape and Netscape Navigator are trademarks of Netscape Communications Corporation in the United States and other countries. THIS PUBLICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
    [Show full text]
  • Java (Software Platform) from Wikipedia, the Free Encyclopedia Not to Be Confused with Javascript
    Java (software platform) From Wikipedia, the free encyclopedia Not to be confused with JavaScript. This article may require copy editing for grammar, style, cohesion, tone , or spelling. You can assist by editing it. (February 2016) Java (software platform) Dukesource125.gif The Java technology logo Original author(s) James Gosling, Sun Microsystems Developer(s) Oracle Corporation Initial release 23 January 1996; 20 years ago[1][2] Stable release 8 Update 73 (1.8.0_73) (February 5, 2016; 34 days ago) [±][3] Preview release 9 Build b90 (November 2, 2015; 4 months ago) [±][4] Written in Java, C++[5] Operating system Windows, Solaris, Linux, OS X[6] Platform Cross-platform Available in 30+ languages List of languages [show] Type Software platform License Freeware, mostly open-source,[8] with a few proprietary[9] compo nents[10] Website www.java.com Java is a set of computer software and specifications developed by Sun Microsyst ems, later acquired by Oracle Corporation, that provides a system for developing application software and deploying it in a cross-platform computing environment . Java is used in a wide variety of computing platforms from embedded devices an d mobile phones to enterprise servers and supercomputers. While less common, Jav a applets run in secure, sandboxed environments to provide many features of nati ve applications and can be embedded in HTML pages. Writing in the Java programming language is the primary way to produce code that will be deployed as byte code in a Java Virtual Machine (JVM); byte code compil ers are also available for other languages, including Ada, JavaScript, Python, a nd Ruby.
    [Show full text]
  • Kawa - Compiling Dynamic Languages to the Java VM
    Kawa - Compiling Dynamic Languages to the Java VM Per Bothner Cygnus Solutions 1325 Chesapeake Terrace Sunnyvale CA 94089, USA <[email protected]> Abstract: in a project in conjunction with Java. A language im- plemented on top of Java gives programmers many of Many are interested in Java for its portable bytecodes the extra-linguistic benefits of Java, including libraries, and extensive libraries, but prefer a different language, portable bytecodes, web applets, and the existing efforts especially for scripting. People have implemented other to improve Java implementations and tools. languages using an interpreter (which is slow), or by translating into Java source (with poor responsiveness The Kawa toolkit supports compiling and running vari- for eval). Kawa uses an interpreter only for “simple” ous languages on the Java Virtual Machine. Currently, expressions; all non-trivial expressions (such as function Scheme is fully supported (except for a few difficult fea- definitions) are compiled into Java bytecodes, which are tures discussed later). An implementation of ECMA- emitted into an in-memory byte array. This can be saved Script is coming along, but at the time of writing it is for later, or quickly loaded using the Java ClassLoader. not usable. Kawa is intended to be a framework that supports mul- Scheme [R RS] is a simple yet powerful language. It tiple source languages. Currently, it only supports is a non-pure functional language (i.e. it has first-class Scheme, which is a lexically-scoped language in the Lisp functions, lexical scoping, non-lazy evaluation, and side family. The Kawa dialect of Scheme implements almost effects).
    [Show full text]
  • A Security Policy Oracle: Detecting Security Holes Using Multiple API Implementations
    A Security Policy Oracle: Detecting Security Holes Using Multiple API Implementations Varun Srivastava Michael D. Bond Kathryn S. McKinley Vitaly Shmatikov Yahoo! The Ohio State University The University of Texas at Austin varun [email protected] [email protected] fmckinley,[email protected] Abstract 1. Introduction Even experienced developers struggle to implement security poli- Demand for secure software is increasing, but ensuring that soft- cies correctly. For example, despite 15 years of development, stan- ware is secure remains a challenge. Developers are choosing dard Java libraries still suffer from missing and incorrectly applied memory-safe systems [9, 39] and languages such as Java and permission checks, which enable untrusted applications to execute C# in part because they improve security by reducing memory- native calls or modify private class variables without authorization. corruption attacks. Even memory-safe systems, however, rely on Previous techniques for static verification of authorization enforce- the access-rights model to ensure that the program has the appro- ment rely on manually specified policies or attempt to infer the pol- priate permissions before performing sensitive actions. Unfortu- icy by code-mining. Neither approach guarantees that the policy nately, even experienced developers find it difficult to specify and used for verification is correct. implement access-rights policies correctly. Consequently, semantic In this paper, we exploit the fact that many modern APIs have mistakes—such as missing permission checks which enable mali- multiple, independent implementations. Our flow- and context- cious code to bypass protection—have become a significant cause sensitive analysis takes as input an API, multiple implementations of security vulnerabilities [26].
    [Show full text]
  • The Java Object Model
    Java Object Model The Java Object Model Topics in this section include: • Java classes, including the use of access rights, inheritance, method definitions, constructors, and instance versus class members • Java packages. • Java interfaces, and why are they are so important • Java dynamic loading, and how application classes are loaded on demand Introduction A Java program consists of a set of class definitions, optionally grouped into packages. Each class encapsulates state and behavior appropriate to whatever the class models in the real world and may dictate access privileges of its members. In this chapter, you will learn how Java supports the primary features of an object- oriented programming system: encapsulation, data hiding, polymorphism, and inheritance. We assume a knowledge of the object-oriented paradigm. Classes Minimally, a class defines a collection of state variables, as well as the functionality for working with these variables. Classes are like C struct or Pascal record definitions that allow function definitions within them. The syntax for defining a class is straightforward: class ClassName { variables methods } For example, an Employee class might resemble: class Employee { String name; ... } Typically, Java classes are defined one per .java file so Employee would be in Employee.java and compiled to Employee.class. When a class references another class, the Java compiler finds the associated class definition to perform type checking and so on. For example, Employee references String, which the © 1996-2003 jGuru.com. All Rights Reserved. Java Object Model -1 Java Object Model compiler finds in file String.class stored in the standard Java class library. Variable Definitions Variable definitions are of the form: modifiers TypeName name; where modifiers include access specifiers (discussed in a section below) and static if the variable is a class variable.
    [Show full text]