Data processing: software development – installation – and managem – Software program development tool – Translation of code
Reexamination Certificate
2000-06-12
2004-01-27
Ingberg, Todd (Department: 2124)
Data processing: software development, installation, and managem
Software program development tool
Translation of code
C717S143000
Reexamination Certificate
active
06684391
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention is directed to a method for operating a computer system, to a byte code verifier and to a computer system.
2. Description of the Related Art
U.S. Pat. No. 5,668,999 discloses a method for operating a computer system that, following the loading of a computer program and before the execution of the computer program, checks this to see that it executes no disallowed data processing procedures. What is referred to as a byte code verifier, which checks the byte code of the loaded computer program, is provided for this purpose. The verifier contains a virtual stack for the temporary storage of type information that specify the data that lie on the stack in the execution of the program. The verifier further comprises a stack snapshot memory with a snapshot list and a snapshot memory area for storing the status of the virtual stack at different points of the program run.
The checking of the computer program ensues in two phases, whereby all destination addresses to which conditional or unconditional branches point are determined in the first phase. The program is simulated in the second phase. What are referred to as snapshots of the virtual stack are thereby produced for every destination address of the branch and are stored in the snapshot list. By comparing the information stored in the snapshot list, a determination is made as to whether the stack is manipulated in a way that could lead to an overflow or underflow. An error message is output if such an inadmissible change were to be caused.
The employment of such a byte code verifier allows a considerable speed-up of the execution of the program. Traditional interpreters for the execution of a computer program contain routines for monitoring the stack and for avoiding an overflow or, respectively, underflow. These routines were executed at every command accessing the stack. Monitoring the stack could therefore take up to 80% of the execution time of a computer program. The employment of the byte code verifier is advantageous particularly given loops, since only the commands of one loop run are checked a single time with the byte code verifier, in contrast whereto the individual commands have been rechecked in each loop run given a traditional interpreter.
The virtual stack is constructed like a regular stack, except that, instead of the actual data and constants, indicators are stored in the virtual stack that represent the respective data type such as, for example, whole number (I), long whole number (L), singly-exact floating decimal point number (F), doubly-exact floating decimal point number (D), byte (B), etc.
A virtual field of the local variables is also established in this known method. This virtual field is constructed similar to the virtual stack, i.e. only the indicators of the data types of the data to be stored in the actual memory field are contained in the virtual field.
Given branches in the program execution, however, only snapshots of the virtual stack are compared to one another. Changes in the virtual field remain unconsidered, so that errors produced on the basis of branches cannot be detected given access to the field of the local variables. This can lead to errors in the program execution that deteriorate the operation of the computer system and can even lead to a crash of the computer system.
U.S. Patent No. 5,668,999 discloses the byte code verifier with reference to the computer language OAK. The computer language Java™ has been developed from OAK. Due to its independence from platform, Java™ is often employed in Internet applications that are loaded from a server onto an arbitrary client, whereby the client can be a computer system with an arbitrary, standard operating system.
The reference Java™ Virtual Machine Specification, Tim Lindholm and Frank Yellin, Addison-Wesley, 1997 (ISBN 0-201-63452-X), pp. 128 ff., describes a byte code verifier that essentially corresponds to that of U.S. Pat. No. 5,668,999 but differs therefrom in that it is not only copies of the virtual stack but also copies of the virtual field of the local variables that are produced with the snapshots. Given a conditional or unconditional branch in the program execution, it is not only the snapshots of the stacks but also those of the virtual fields of the local variables that are compared, so that an error produced by an access to the variable field implemented after a branch can also be detected.
Producing a complete copy of the virtual field of the local variables for the destination address given a branch produces a considerable dataset that uses a correspondingly large memory space. Since OAK and Java were developed not only for Internet applications but, in particular, for embedded applications with small processor systems, this substantial memory requirement opposes the original objective. There is a considerable need for a reduction of the memory requirements particularly for specific developments of Java such as, for example, JAVACARD, which is a programming language specifically designed for chip cards.
SUMMARY OF THE INVENTION
The present invention is therefore based on the object of developing a method of the species disclosed by U.S. Pat. No. 5,668,999, a byte code verifier and a computer system such that a dependable execution of a computer program loaded on a computer system is nonetheless assured given low memory requirements.
This object and others are achieved by a method having for operating a computer system, including the following steps: storing a computer program in a memory of the computer system, whereby the computer program comprises a sequence of byte codes that represent program commands, whereby the program commands can access variables; testing the computer program loaded into the computer system before the execution of the computer program to see whether the program commands contained therein would produce an inadmissible data processing event upon execution; allowing execution of the program when the test of the computer system has yielded no inadmissible data processing event, otherwise a corresponding error message is output; and testing the individual program commands in the sequence of the program execution in the test of the computer program to see whether they access a variable upon execution before this variable has been initialized.
Advantageous developments of the invention are provided by a method for operating a computer system, in that, when testing the computer program, a virtual stack is checked to see whether an overflow or an underflow of the virtual stack is produced due to an illegal data processing event. In the method, a virtual field of local variables is generated wherein indicators that represent the respective data type are stored instead of the data and constants that are entered into a corresponding, actual field of local variables upon execution of the computer program. Preferably, whether each local variable of the field has been initialized before the accesses is successively checked for each local variable of the field when testing the computer program. When testing the computer program, the program commands are interrogated in the sequence of the program execution to see whether a specific variable is initialized by the respective program command, and, if this interrogation yields that the variable is not initialized by this program command, an interrogation is carried to see whether this variable is accessed by this program command, and, if this interrogation yields that this variable is accessed, an error message is output and the execution of the computer program is not allowed. When it is found in the interrogation about the access onto the variable that the variable is not accessed, all program commands that can follow the program command just tested in the program execution are identified, and a determination is made as to whether one or more of these program commands have already been tested, and, if one or more untested program commands thereby derive, these are tested according to the me
Ingberg Todd
Siemens Aktiengesellschaft
LandOfFree
Method for operating a computer system, byte code verifier... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for operating a computer system, byte code verifier..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for operating a computer system, byte code verifier... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3259356