Java Reference
In-Depth Information
10.2.1
Introduction and Design Principles
The JVM interprets class files, which are binary encodings of the data and
instructions needed to execute a Java program. To simplify exposition, the
contents of a class file are typically discussed in printable form. For example,
the instruction that specifies integer addition has the numerical value of 96,
but we typically refer to it as iadd.
Notation for describing various aspects of the JVM class files is borrowed
from the JVM reference [JVM] and the Jasmin user manual [Mey]. The JVM is
designed with the following principles in mind:
Compactness
Because JVMs are deployed in browsers and mobile devices,
Java class files are designed to be relatively compact. In particular, the JVM's
instructions are in
nearly
zero-address form
so that most instructions manip-
ulate data at the top of Java's
runtime stack
. We refer to the topmost location
as
top-of-stack
(TOS).
For example, the iadd instruction pops two items o
the stack and pushes
their sum onto the TOS. Only a single byte is needed to represent such an
operation because the instruction's operands are
implicit
. Generally, such
compaction is achieved with a loss of runtime performance: stack manipula-
tion is generally slower than processing operands in a register file.
The goal of compactness drives the design of JVM instructions to include
multiple instructions that accomplish the same e
ff
ect. For example, there are
many ways to push 0 on TOS. The shortest instruction, iconst 0,takesonly
a single byte. The most general instruction, ldc w0, takes 3 bytes for the in-
struction and consumes a constant-pool entry. While the iconst 0 instruction
is not strictly necessary, its inclusion allows greater code compaction, because
pushing 0 on TOS is a frequent operation.
ff
Safety
Because the JVM may be deployed in an environment that cannot
tolerate badly behaved programs, the JVM's instructions are designed to exe-
cute safely: an instruction can reference storage only if said storage is of the
type allowed by the instruction and only if the storage is located in an area
appropriate for access. Moreover, the instructions are designed so that most
safety errors can be caught prior to executing code.
In a pure zero-address form (which the JVM is
not
), a register load is
accomplished by computing a register number that is pushed on TOS. A load
instruction then pops the register number from the stack, accesses the register's
contents, and pushes the contents on TOS.
From a security point of view, the purely zero-address form is problematic
because the registers that could be accessed by a load instruction may not be
known until runtime. For example, the zero-address form allows a method
