DOCSLIB.ORG

Formalising, Improving, and Reusing the Java Module System

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Formalising, improving, and reusing the Java Module System Rok Strnisaˇ St. John’s College This dissertation is submitted for the degree of Doctor of Philosophy Abstract Java has no module system. Its packages only subdivide the class namespace, allowing only a very limited form of component-level information hiding. A Java Community Process has started designing the Java Module System, a module system for Java 7, the next version of Java. The extensive draft of the design is written only in natural language documents, which inevitably contain many ambiguities. We design and formalise LJAM, a core of the module system. Where the informal documents are complete, we follow them closely; elsewhere, we make reasonable choices. We define the syntax, the type system, and the operational semantics of this core, defining these rigorously in the Isabelle/HOL automated proof assistant. We highlight the underly- ing design decisions, and discuss several alternatives and their benefits. Through analysis of our formalisation, we identify two major deficiencies of the module system: (a) its class resolution is unintuitive, insufficiently expressive, and fragile against incremental interface evolution; and (b) only a single instance of each module is permitted, which forces sharing of data and types, and so makes it difficult to reason about module invariants. We propose modest changes to the module language, and to the semantics of the class resolution, which together allow the module system to handle more scenarios in a clean and predictable manner. To develop confidence, both theoretical and practical, in our proposals, we (a) formalise in Ott the improved module system, iJAM, (b) prove in Isabelle/HOL mechanised type soundness results, and (c) give a proof-of-concept implementation in Java that closely follows the formalisation. Both of the formalisations, LJAM and iJAM, are based on Lightweight Java (LJ), our minimal imperative fragment of Java. LJ has been a good base language, allowing a high reuse of the definitions and proof scripts, which made it possible to carry out this development relatively quickly, on the timescale of the language evolution process. Finally, we develop a module system for Thorn, an emerging, Java-like language aimed at distributed environments. We find that local aliasing and module-prefixed type references remove the need for boundary renaming, and that in the presence of multiple module instances, care is required to avoid ambiguities at de-serialisation. We conclude with a high-level overview of the interactions between the desired properties and the language features considered, and discuss possible future directions. Declaration This thesis: • is the result of my own work and includes nothing which is the outcome of work done in collaboration except where specifically indicated in the text; • is not substantially the same as any that I have submitted for a degree or diploma or other qualification at any other university; and • does not exceed the prescribed limit of 60,000 words. Rok Strnisaˇ May 2010 Acknowledgements First, I would like to thank my family for all their moral and financial support throughout my studies. Without them, achieving a Ph.D. at University of Cambridge would have been much harder, if not impossible. Peter Sewell and Matthew Parkinson, my Ph.D. supervisors, have provided me with all the attention, knowledge and advice a Ph.D. student could ask for. They helped me craft the big picture, while often also giving key insights and ideas for solving specific problems I faced. I thank Jan Vitek, Doug Lea, Alex Buckley and Stanley Ho for introducing me to the topic of module systems for Java, for providing me with many documents related to the topic, and for extensive discussion. The Thorn team, whom I have had the pleasure of collaborating with, has been most helpful with the design of the draft module system for the language. At the time, the team included John Field, Jan Vitek, Tobias Wrigstad, Johan Ostlund,¨ Bard Bloom, Nate Nystrom, and Gregor Richards. I also thank Sriram Srinivasan, Silvia Breu, Tom Ridge, Alisdair Wren, Viktor Vafei- adis, Nobuko Yoshida, Simon Peyton Jones, John Billings, Sam Staton, and Jat Singh for useful comments on this work. I would like to thank my examiners, Gavin Bierman and Sophia Drossopoulou, for thorough analysis of my work, and for many valuable comments and suggestions. Finally, I acknowledge funding from two EPSRC grants: GR/T11715/01 and DTA- RG44132. Contents Abstract3 Declaration5 Acknowledgements7 Contents9 List of figures 13 List of symbols 15 1 Introduction 23 1.1 The Java Module System.......................... 25 1.1.1 The WebCalendar example..................... 26 1.1.2 Component-level information hiding................ 26 1.1.3 Dealing with JAR hell....................... 27 1.1.4 Using the module system...................... 29 1.1.5 A short summary of JMS’s features................ 30 1.2 Desirable properties of a module system.................. 31 1.3 Thesis.................................... 34 1.4 Contribution................................. 35 1.5 Collaboration................................ 37 1.6 Preliminaries................................ 37 1.6.1 A brief introduction to Ott..................... 38 1.6.2 A brief introduction to Isabelle/HOL................ 39 2 Related work 41 2.1 Verified language formalisms........................ 41 2.2 Module systems............................... 42 2.2.1 A short overview of JMS...................... 42 9 2.2.2 OSGi................................ 42 2.2.3 .NET................................ 47 2.2.4 OCaml............................... 49 2.2.5 Jiazzi................................ 50 2.2.6 General overview.......................... 53 3 Lightweight Java (LJ) 57 3.1 Example program.............................. 58 3.2 Syntax.................................... 59 3.3 Operational semantics............................ 60 3.3.1 Configuration (config)....................... 60 3.3.2 Lookup functions.......................... 61 3.3.3 Statement reduction (config −! config 0)............. 66 0 3.3.4 Variable translation (θ ` s s )................. 67 3.4 Type system................................. 67 3.4.1 Type (τ)............................... 67 3.4.2 Type environment (Γ)....................... 68 3.4.3 Subtyping (P ` τ ≺ τ 0)...................... 69 3.4.4 Valid type (P ` τ)......................... 69 3.4.5 Type reflexivity........................... 71 3.4.6 Type transitivity.......................... 71 3.5 Type checking................................ 71 3.5.1 Lookup functions.......................... 71 3.5.2 Well-formedness rules....................... 73 3.6 Proof of type soundness........................... 76 3.6.1 Configuration well-formedness (Γ ` config)........... 77 3.6.2 Helper lemmas........................... 78 3.6.3 Progress............................... 79 3.6.4 Type preservation.......................... 81 3.7 Conclusion................................. 84 4 Lightweight Java Module System (LJAM) 85 4.1 An informal description........................... 87 4.2 Syntax.................................... 88 4.2.1 Compile-time code vs. runtime code................ 88 4.2.2 LJAM’s context (ctx)........................ 89 4.2.3 User syntax............................. 90 4.2.4 Inner syntax............................. 91 4.3 Operational semantics............................ 91 10 4.3.1 Lookup functions.......................... 92 4.3.2 Administrator actions........................ 98 4.3.3 Context insertion.......................... 100 4.4 Type system................................. 101 4.4.1 Type (τ)............................... 101 4.4.2 Subtyping (P ` τ ≺ τ 0)...................... 101 4.4.3 Type reflexivity........................... 102 4.4.4 Type transitivity.......................... 102 4.5 Type checking................................ 103 4.6 Proof of type soundness........................... 106 4.6.1 Progress............................... 106 4.6.2 Type preservation.......................... 107 4.7 Recent changes to the Java Module System................ 109 4.8 Conclusion................................. 109 5 Problems with the Java Module System 111 5.1 Class resolution............................... 111 5.1.1 Unintuitive class resolution..................... 112 5.1.2 Inexpressive class resolution.................... 113 5.2 Inflexible module instantiation....................... 115 5.3 Shallow validation............................. 118 5.4 A stronger form of information hiding................... 118 5.5 Conclusion................................. 119 6 Improved Java Module System (iJAM) 121 6.1 Syntax.................................... 121 6.1.1 User syntax............................. 121 6.1.2 Inner syntax............................. 122 6.2 Operational semantics............................ 123 6.2.1 Adapted class resolution...................... 123 6.2.2 Replication policies......................... 125 6.3 Type system................................. 127 6.4 Type checking................................ 127 6.5 Proof of type soundness........................... 128 6.5.1 Well-formedness for boundary renaming............. 129 6.6 Reuse within the definitions and proof scripts............... 130 7 Implementation 131 7.1 Overview.................................. 131 11 7.2 Creation of module instances........................ 132 7.3 Class resolution............................... 132 7.4 Making the JVM use our code....................... 134 7.5 Example
Recommended publications
  • Jpype Documentation Release 0.7.0

    Jpype Documentation Release 0.7.0

    JPype Documentation Release 0.7.0 Steve Menard, Luis Nell and others Jul 22, 2019 Contents 1 Parts of the documentation 3 1.1 Installation................................................3 1.2 User Guide................................................6 1.3 QuickStart Guide............................................. 17 1.4 API Reference.............................................. 27 1.5 JImport.................................................. 34 1.6 Changelog................................................ 36 1.7 Developer Guide............................................. 40 2 Indices and tables 53 Python Module Index 55 Index 57 i ii JPype Documentation, Release 0.7.0 JPype is a Python module to provide full access to Java from within Python. It allows Python to make use of Java only libraries, exploring and visualization of Java structures, development and testing of Java libraries, scientific computing, and much more. By gaining the best of both worlds using Python for rapid prototyping and Java for strong typed production code, JPype provides a powerful environment for engineering and code development. This is achieved not through re-implementing Python, as Jython/JPython has done, but rather through interfacing at the native level in both virtual machines. This shared memory based approach achieves decent computing preformance, while providing the access to the entirety of CPython and Java libraries. Contents 1 JPype Documentation, Release 0.7.0 2 Contents CHAPTER 1 Parts of the documentation 1.1 Installation JPype is available either as a pre-compiled binary for Anaconda, or may be build from source though several methods. 1.1.1 Binary Install JPype can be installed as pre-compiled binary if you are using the Anaconda Python stack. Binaries are available for Linux, OSX, ad windows are available on conda-forge.
  • Chargeurs De Classes Java (Classloader)

    Chargeurs De Classes Java (Classloader)

    http://membres-liglab.imag.fr/donsez/cours Chargeurs de classes Java (ClassLoader) Didier Donsez Université Joseph Fourier - Grenoble 1 PolyTech’Grenoble - LIG/ADELE [email protected] [email protected] 06/06/2009 Licence Cette présentation est couverte par le contrat Creative Commons By NC ND http://creativecommons.org/licenses/by-nc-nd/2.0/fr/ Didier Donsez, 2002-2009, ClassLoaders Donsez,2002-2009, Didier 2 06/06/2009 Kequoi ca un chargeur de classes ? Son rôle est 1) de charger le bytecode d’une classe depuis un artéfact (archive Java, répertoire distant …) 2) communiquer le bytecode à la machine virtuelle Didier Donsez, 2002-2009, ClassLoaders Donsez,2002-2009, Didier 4 06/06/2009 Pourquoi utiliser les chargeurs de classes Classes non présentes dans le CLASSPATH URLClassLoader, AppletClassLoader, … ex: WEB-INF/classes et WEB-INF/lib d’une WebApp ex: CODEBASE d’une applet, … Déchargement et Mise à jour du bytecode lors de l’exécution de la VM (runtime) Chargeurs de OSGi Modification du ByteCode à la volée au chargement Instrumentation AOP (Aspect Oriented Programming) BCEL, ASM Protection Chargement de ressources associées à la classe properties, images, … Recherche de Service Providers ou de Drivers META-INF/services (java.util.ServiceLoader de 6.0) Didier Donsez, 2002-2009, ClassLoaders Donsez,2002-2009, Didier 5 06/06/2009 Principe de la délégation (Java 2) Tout chargeur a un chargeur parent sauf le chargeur primordial Tout chargeur vérifie si la classe à charger n’a pas déjà été chargée par un chargeur
  • How Java Works JIT, Just in Time Compiler Loading .Class Files The

    How Java Works JIT, Just in Time Compiler Loading .Class Files The

    How Java works JIT, Just In Time Compiler ● The java compiler takes a .java file and generates a .class file ● JVM ultimately translates bytecode into native code, each time ➤ The .class file contains Java bytecodes, the assembler the same bytecodes are processed, the translation into native language for Java programs code must be made ➤ Bytecodes are executed in a JVM (java virtual machine), ➤ If we can cache translated code we can avoid re-translating the valid bytecodes are specified by Sun the same bytecode sequence • What if third parties create platform/OS specific codes? ➤ Why not just translate the entire .java program into native code? ● The JVM interprets the bytecodes ➤ JVM is platform/OS specific, must ultimately run the code ● Still need the JVM, the JIT works in conjunction with the JVM, not in place of it ➤ Different JVMs will have different performance, JITs are part of the overall JDK/Java performance ● How are classes loaded into the JVM? Can this be thwarted? Duke CPS 108 14.1 Duke CPS 108 14.2 Loading .class files The ClassLoader ● The bytecode verifier “proves theorems” about the bytecodes ● The “Primordial” loader is built-in to the JVM being loaded into the JVM ➤ Sometimes called the “default” loader, but it’s not ➤ These bytecodes may come from a non-Java source, e.g., extensible or customizable the way other loaders are compile Ada into bytecodes (why?) ➤ Loads classes from the platform on which the JVM runs ● This verification is a static analysis of properties such as: (what are loader and JVM written in?) ➤
  • An Empirical Evaluation of Osgi Dependencies Best Practices in the Eclipse IDE Lina Ochoa, Thomas Degueule, Jurgen Vinju

    An Empirical Evaluation of Osgi Dependencies Best Practices in the Eclipse IDE Lina Ochoa, Thomas Degueule, Jurgen Vinju

    An Empirical Evaluation of OSGi Dependencies Best Practices in the Eclipse IDE Lina Ochoa, Thomas Degueule, Jurgen Vinju To cite this version: Lina Ochoa, Thomas Degueule, Jurgen Vinju. An Empirical Evaluation of OSGi Dependencies Best Practices in the Eclipse IDE. 15th International Conference on Mining Software Repositories, May 2018, Gothenburg, Sweden. 10.1145/3196398.3196416. hal-01740131 HAL Id: hal-01740131 https://hal.archives-ouvertes.fr/hal-01740131 Submitted on 27 Mar 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. An Empirical Evaluation of OSGi Dependencies Best Practices in the Eclipse IDE Lina Ochoa Thomas Degueule Jurgen Vinju Centrum Wiskunde & Informatica Centrum Wiskunde & Informatica Centrum Wiskunde & Informatica Amsterdam, Netherlands Amsterdam, Netherlands Amsterdam, Netherlands [email protected] [email protected] Eindhoven University of Technology Eindhoven, Netherlands [email protected] ABSTRACT that can be implemented and tested independently. This also fos- OSGi is a module system and service framework that aims to fill ters reuse by allowing software components to be reused from one Java’s lack of support for modular development. Using OSGi, devel- system to the other, or even to be substituted by one another pro- opers divide software into multiple bundles that declare constrained vided that they satisfy the appropriate interface expected by a client.
  • Kawa - Compiling Dynamic Languages to the Java VM

    Kawa - Compiling Dynamic Languages to the Java VM

    Kawa - Compiling Dynamic Languages to the Java VM Per Bothner Cygnus Solutions 1325 Chesapeake Terrace Sunnyvale CA 94089, USA <[email protected]> Abstract: in a project in conjunction with Java. A language im- plemented on top of Java gives programmers many of Many are interested in Java for its portable bytecodes the extra-linguistic benefits of Java, including libraries, and extensive libraries, but prefer a different language, portable bytecodes, web applets, and the existing efforts especially for scripting. People have implemented other to improve Java implementations and tools. languages using an interpreter (which is slow), or by translating into Java source (with poor responsiveness The Kawa toolkit supports compiling and running vari- for eval). Kawa uses an interpreter only for “simple” ous languages on the Java Virtual Machine. Currently, expressions; all non-trivial expressions (such as function Scheme is fully supported (except for a few difficult fea- definitions) are compiled into Java bytecodes, which are tures discussed later). An implementation of ECMA- emitted into an in-memory byte array. This can be saved Script is coming along, but at the time of writing it is for later, or quickly loaded using the Java ClassLoader. not usable. Kawa is intended to be a framework that supports mul- Scheme [R RS] is a simple yet powerful language. It tiple source languages. Currently, it only supports is a non-pure functional language (i.e. it has first-class Scheme, which is a lexically-scoped language in the Lisp functions, lexical scoping, non-lazy evaluation, and side family. The Kawa dialect of Scheme implements almost effects).
  • Components: Concepts and Techniques

    Components: Concepts and Techniques

    Software Engineering 2005 Components: Concepts and Techniques Martin Bravenboer Department of Information and Computing Sciences Universiteit Utrecht [email protected] October 19, 2005 1 Concepts 2 Component-based Software Engineering Developing a software system from prefabricated parts • From custom-made to standard software • Required in all industries • No replication: different configurations • Cross-cuts the software engineering: – Requirements, deployment, versioning, configuration, building, maintenance, architecture, design • Aspects: both technical and market-related – Time to market, competitiveness. – Stimulation of marketplace 3 Dreaming in Components • Maturity of software engineering • Components of different vendors working together – Requires protocols between components • Marketplace – Sell components – Provide services – Infrastructure – Service provider • Reduce need for skilled system programmers – Component architects, assemblers Has taken almost 40 years to take off! 4 Components according to Czarnecki “Building blocks from which different software systems can be composed.” • Component is a natural concept – Not constructed, artificial – Definition is futile. • Component is part of a production process • What a component is, depends on the production process. – e.g. not necessarily binary Economic pressure towards standardized solutions 5 Components according to Szyperski Very strict definition of software component 1. Unit of composition 2. Unit of independent deployment 3. Contractually specified interfaces • Deployment,
  • Towards Integrating Modeling and Programming Languages: the Case of UML and Java⋆

    Towards Integrating Modeling and Programming Languages: the Case of UML and Java⋆

    Towards Integrating Modeling and Programming Languages: The Case of UML and Java? Patrick Neubauer, Tanja Mayerhofer, and Gerti Kappel Business Informatics Group, Vienna University of Technology, Austria {neubauer, mayerhofer, gerti}@big.tuwien.ac.at Abstract. Today, modeling and programming constitute separate activities car- ried out using modeling respectively programming languages, which are neither well integrated with each other nor have a one-to-one correspondence. As a con- sequence, platform and implementation details, such as the usage of existing software components and libraries, are usually introduced on code level only. This impedes accurate model-level analyses that take platform-specific decisions into account as well as the direct deployment of executable models on the target platform. In this work we present an approach for integrating existing software libraries with fUML models—an executable variant of UML models for which a standardized virtual machine exists—not only at design time but also at runtime. As a result of that, the modeler is empowered with the capabilities provided by existing software libraries on model level. Our approach is evaluated based on unit tests and initial case studies available in the ReMoDD repository that assess the correctness, performance, and completeness of our implementation. 1 Introduction Back in 1966, the first object-oriented programming language was born. Its name is SIMULA and it combined modeling and programming in a unified approach, that is one of the strengths provided by object-orientation [4]. Carrying this idea further, the language BETA, which was developed based on SIMULA and DELTA, was designed for supporting both designing and programming systems.
  • Analysing Class Loading Conflicts on Weblogic

    Analysing Class Loading Conflicts on Weblogic

    Class Loading Conflicts in JVM This guide shows how to analyze and avoid potential problems caused by class loading conflicts. The content is structured in the following sections, the first one gives a little introduction to the Classloader model in Weblogic [1], following the installation of Classloader Analysis Tool (CAT) [1] is shown and then two examples that shows the use of CAT on a real application is presented. Class loading in Weblogic Summarizing the class loading process in just some lines is hard so in this guide the focus is talking about hierarchies and the delegation model. Concept Definition Hierarchies The classloader in an application server such as Weblogic is based on the model defined by the JVM, which means a hierarchical model that on Weblogic is organized as a tree with these levels: bootstrap class loader, extension class loader, system classpath classloader, application specific classloaders (this includes Weblogic server) [1]. In the previous tree, bootstrap class loader is the root and application specific classloaders are the leaves [1]. Delegation model A common question that arises when Java application servers are used is why is my application using the wrong class? This is because the delegation model, which states “The classloader implementation first checks its cache to see if the requested class has already been loaded. This class verification improves performance in that its cached memory copy is used instead of repeated loading of a class from disk. If the class is not found in its cache, the current classloader asks its parent for the class. Only if the parent cannot load the class does the classloader attempt to load the class.
  • Understanding the Java Classloader Skill Level: Introductory

    Understanding the Java Classloader Skill Level: Introductory

    Understanding the Java ClassLoader Skill Level: Introductory Greg Travis ([email protected]) Programmer 24 Apr 2001 This tutorial provides an overview of the Java ClassLoader and takes you through the construction of an example ClassLoader that automatically compiles your code before loading it. You'll learn exactly what a ClassLoader does, and what you need to do to create your own. Section 1. Tutorial tips Should I take this tutorial? The Java ClassLoader is a crucial, but often overlooked, component of the Java run-time system. It is the class responsible for finding and loading class files at run time. Creating your own ClassLoader lets you customize the JVM in useful and interesting ways, allowing you to completely redefine how class files are brought into the system. This tutorial provides an overview of the Java ClassLoader and takes you through the construction of an example ClassLoader that automatically compiles your code before loading it. You'll learn exactly what a ClassLoader does and what you need to do to create your own. A basic understanding of Java programming, including the ability to create, compile, and execute simple command-line Java programs, as well as an understanding of the class file paradigm is sufficient background to take this tutorial. Upon completion of this tutorial, you will know how to: Understanding the Java ClassLoader © Copyright IBM Corporation 1994, 2005. All rights reserved. Page 1 of 19 developerWorks® ibm.com/developerWorks • Expand the functionality of the JVM • Create a custom ClassLoader • Learn how to integrate a custom ClassLoader into your Java application • Modify your ClassLoader to accommodate the Java 2 release Section 2.
  • Supporting Resource Awareness in Managed Runtime Environment Inti Yulien Gonzalez Herrera

    Supporting Resource Awareness in Managed Runtime Environment Inti Yulien Gonzalez Herrera

    Supporting resource awareness in managed runtime environment Inti Yulien Gonzalez Herrera To cite this version: Inti Yulien Gonzalez Herrera. Supporting resource awareness in managed runtime environment. Soft- ware Engineering [cs.SE]. Université Rennes 1, 2015. English. NNT : 2015REN1S090. tel-01308660 HAL Id: tel-01308660 https://tel.archives-ouvertes.fr/tel-01308660 Submitted on 28 Apr 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. ANNÉE 2015 THÈSE / UNIVERSITÉ DE RENNES 1 sous le sceau de l’Université Européenne de Bretagne pour le grade de DOCTEUR DE L’UNIVERSITÉ DE RENNES 1 Mention : Informatique École doctorale Matisse présentée par Inti Yulien GONZALEZ HERRERA préparée à l’unité de recherche INRIA Rennes Bretagne Atlantique Thèse soutenue à Rennes Supporting le 14 Décembre 2015 devant le jury composé de : Vivien QUÉMA resource awareness LIG laboratory – Grenoble INP/ENSIMAG / Rapporteur Gilles MULLER in managed runtime Whisper team – LIP6 / Rapporteur Gaël THOMAS environments. Samovar Laboratory – Telecom SudParis / Examinateur Laurent RÉVEILLÈRE LaBRI – Université de Bordeaux / Examinateur Isabelle PUAUT IRISA – Université de Rennes 1 / Examinatrice Olivier BARAIS Professor, IRISA – Université de Rennes 1 / Directeur de thèse Johann BOURCIER Maître de conférences, IRISA – Université de Rennes 1 / Co-directeur de thèse Hay una historia familiar que me impactó muchísimo.
  • CICS JVM Server Application Isolation

    CICS JVM Server Application Isolation

    CICS JVM Server Application Isolation Masterarbeit Lehrstuhl für Technische Informatik Wilhelm-Schickard-Institut für Informatik Mathematisch-Naturwissenschaftliche Fakultät Universität Tübingen Dipl.-Ing. (FH) Robert Harbach Betreuer: Prof. Dr.-Ing. Wilhelm G. Spruth Tag der Anmeldung: 1. Oktober 2011 Tag der Abgabe: 30. März 2012 Executive Summary The Java Virtual Machine (JVM) is able to host multiple simultaneously execut- ing transaction programs. Since a JVM is not capable to provide full application isolation however, the common practice found in most Java application servers implies to run one JVM per program. Due to the fact, that this implies an overhead of computational resources, several, most often proprietary, solutions for application isolation in JVMs have been proposed in the past. This paper outlines isolation properties of a new Java Virtual Machine (JVM) type, called a JVM Server, which implements the OSGi framework, and is in- tegrated into the System z architecture Customer Control Information System (CICS). It is shown that this approach resolves two application isolation issues: The CICS environment enables transaction safe execution of tasks. In addition, inclusion of the OSGi Framework provides namespace isolation based on class loading. However, several issues remain unsolved. They arise from the use of Java system classes, OSGi specific functions, resource exhaustion, and the use of the Java Native Interface (JNI). This paper proposes solutions to these isolation exposures. Some employ func- tions of the OSGi security layer. Others utilise existing CICS services for pro- gram control which would have to be implemented differently on other Java Transaction Servers. 1 Erklärung Hiermit bestätige ich, dass ich diese Masterarbeit selbstständig und nur mit Hilfe der angegebenen Quellen und Hilfsmittel verfasst habe.
  • How Java Works

    How Java Works

    How Java works ● The java compiler takes a .java file and generates a .class file ➤ The .class file contains Java bytecodes, the assembler language for Java programs ➤ Bytecodes are executed in a JVM (java virtual machine), the valid bytecodes are specified by Sun • What if third parties create platform/OS specific codes? ● The JVM interprets the bytecodes ➤ JVM is platform/OS specific, must ultimately run the code ➤ Different JVMs will have different performance, JITs are part of the overall JDK/Java performance Duke CPS 108 14.1 JIT, Just In Time Compiler ● JVM ultimately translates bytecode into native code, each time the same bytecodes are processed, the translation into native code must be made ➤ If we can cache translated code we can avoid re-translating the same bytecode sequence ➤ Why not just translate the entire .java program into native code? ● Still need the JVM, the JIT works in conjunction with the JVM, not in place of it ● How are classes loaded into the JVM? Can this be thwarted? Duke CPS 108 14.2 Loading .class files ● The bytecode verifier “proves theorems” about the bytecodes being loaded into the JVM ➤ These bytecodes may come from a non-Java source, e.g., compile Ada into bytecodes (why?) ● This verification is a static analysis of properties such as: ➤ .class file format (including magic number 0xCAFEBABE) ➤ Methods/instances used properly, parameters correct ➤ Stack doesn’t underflow/overflow ➤ … ● Verification is done by the JVM, not changeable as is, for example, the ClassLoader http://securingjava.com http://java.sun.com/sfaq/verifier.html