Data processing: software development – installation – and managem – Software program development tool – Translation of code
Reexamination Certificate
1999-09-01
2003-05-06
Morse, Gregory (Department: 2122)
Data processing: software development, installation, and managem
Software program development tool
Translation of code
C717S114000
Reexamination Certificate
active
06560774
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to intermediate languages, such as intermediate languages compilable from multiple language sources, and more particularly a verifier for such intermediate language.
BACKGROUND OF THE INVENTION
Intermediate language-type models for programming languages have become increasingly popular. In an intermediate language model, a source code is generally compiled into a desirably substantially platform independent intermediate language. When the code is desired to be run on a particular platform, an execution engine on that platform then just-in-time compiles, interprets, or compiles the intermediate language to native code understandable by the platform. Examples of intermediate language-type computer programming languages include Component Object Model Plus (COM+), and the Java programming language.
A difficulty arises in intermediate language-type models in that, in some circumstances, the execution engine needs to run untrusted code. Untrusted code is code having an author that cannot be authenticated, and thus may cause problems with the host machine running the code. For example, untrusted code could attack the execution engine. This could be accomplished by, for example, casting between integers and object references, accessing fields that are intended to be private, failing to initialize objects correctly, overflowing the stack, or referring to arguments or local variables that do not exist.
One solution to this problem is to construct a defensive execution engine that performs a variety of run-time checks to prevent all such attacks. However, this can cause a substantial reduction in execution speed for untrusted code, rendering the execution engine an inefficient platform.
For these and other reasons, there is a need for the invention.
SUMMARY OF THE INVENTION
The invention relates to a verifier to check intermediate language code. In one embodiment, a computer-implemented method first verifies metadata of an intermediate language code for consistency and accuracy, and then verifying the intermediate language code for consistency and accuracy. This latter part in one embodiment is accomplished by performing first a syntactic check of the intermediate language code, and then a semantic check of the intermediate language code.
Embodiments of the invention thus provide for advantages not found in the prior art. Static type-checking can be performed on untrusted intermediate language code, such that only well-typed untrusted code is executed. Type-checking is performed by a verifier in one embodiment. The type system implemented by the verifier can be designed to prevent attacks on the execution engine by untrusted execution. The type system can check and verify byrefs, value classes, refany's, and native-size primitive types, among other aspects.
The invention includes computer-implemented methods, machine-readable media, computerized systems, and computers of varying scopes. Other aspects, embodiments and advantages of the invention, beyond those described here, will become apparent by reading the detailed description and with reference to the drawings.
REFERENCES:
patent: RE33706 (1991-10-01), Mohri
patent: 5280617 (1994-01-01), Brender et al.
patent: 5659753 (1997-08-01), Murphy
patent: 5668999 (1997-09-01), Gosling
patent: 5740441 (1998-04-01), Yellin et al.
patent: 5748964 (1998-05-01), Gosling
patent: 5836014 (1998-11-01), Faiman, Jr.
patent: 5999731 (1999-12-01), Yellin et al.
patent: 6075940 (2000-06-01), Gosling
patent: 6092147 (2000-07-01), Levy et al.
patent: 6247174 (2001-06-01), Santhanam et al.
G. McGraw, E. Felten, Securing Java, Section 10, Type Safety, ISBN 047131952X (John Wiley & Sons), Feb. 1, 1999.
E. Felten, Java Security and Type Safety, Byte Magazine, Jan. 1, 1997.
Thorn, “Programming Languages for Mobile Code,” ACM Computing Surveys, vol. 29, No. 3, Sep. 1997.
Rémy et al., “Objective Caml—A general purpose high-level programming language,”ERCIM NewsNo. 36, available at http://caml.inria.fr/ercim.html [accessed Jun. 1, 1999].
Rouaix, “A Web Navigator with applets in Caml,”Computer Networks and ISDN Systems,vol. 28, Nos. 7-11, Proceedings of the Fifth International World Wide Web Conference, Paris, France, May 6-10, 1996.
“Cmm and Java Compared: A comparison of modern languages for the internet and WorldWide Web,” published Apr. 1997, available at http://www.nombas.com/us/otherdoc/javavcmm.htm [accessed Jul. 12, 1999].
Howard, “Eiffel A Quick Overview,” Journal of Object-Oriented Programming, vol. 5, No. 8, Jan. 1993.
Schoenefeld, “Object-oriented Design and Programming: An Eiffel, C++, and Java Course for C Programmers,” University of Tulsa, Tulsa, OK, Proceedings of the twenty-eighth SIGCSE Technical Symposium on Computer Science Education, vol. 29, No. 1, Mar. 1997.
“Web Programming Languages,” available at http://www.objs.com/survey/lang.htm [accessed Jul. 12, 1999].
Leroy et al., “Security properties of typed applets,” Proceedings of the 25thACM SIGPLAN-SIGACT Symposium on Principles and Programming Languages, San Diego, CA, Jan. 19-21, 1998.
Necula et al., “Safe Kernel Extensions Without Run-Time Checking,” Carnegie Mellon University, Pittsburgh, PA, Proceedings of the Second Symposium on Operating Systems Design and Implementation, Seattle, WA, Oct. 28-31, 1996.
Wahbe et al., “Efficient Software-Based Fault Isolation,” University of California, Berkeley, CA, Proceedings of the 14thACM Symposium on Operating Systems Principles, 1993.
Necula et al., “Safe, Untrusted Agents using Proof-Carrying Code,” Carnegie Mellon University, Pittsburgh, PA, submitted to Lecture Notes inComputer ScienceSpecial Issue on Mobile Agents, Oct. 1997.
Necula et al., “Proof-Carrying Code,” Carnegie Mellon University, Pittsburgh, PA, Proceedings of the 24thAnnual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Paris, France, Jan. 15-17, 1997.
Dorwand et al., “Inferno,” Proceedings IEEE COMPCON, San Jose, CA, Feb. 23-26, 1997.
“A comparison of Inferno and Java,” Computing Sciences Research Center of Bell Labs, Murray, JN White Paper available at http://www.lucent-inferno.com [accessed Jul. 12, 1999].
“Inferno User's Guide.” pp. 1-1 through 1-14.
Thorn, “Programming Languages for Mobile Code,”ACM Computing Surveys,vol. 29, No. 3, Sep. 1997.
Gostling et al., “The Java™ Language Environment,” White Paper, Sun Microsystems, Mountain View, CA, May 1996.
Franz et al., “Does Java Have Alternatives,” University of California, Irvine, CA, Proceedings of the Third California Software Symposium (CCS 1997).
Youmans, “Java: Cornerstone of the Global Network Enterprise,” Virginia Tech, Spring 1997.
Ortiz, Jr., “The Battle over Real-Time Java,”Computer,Jun. 1999.
“Elements of comparison Java/Hotjava vs. Caml/MMM,” available at http://pauillac.inria.fr/~rouaix/mmm/current/javacomp.html [accessed May 28, 099].
Kramer et al., “The Java™ Platform,” Sun Microsystems, 1997 available at http://www.javasoft.com/docs/white/platform/javaplatformTOC.doc.html [accessed Jul. 22, 1999].
Liang et al., “Dynamic Class Loading in the Java™ Virtual Machine,” Sun Microsystems, Palo Alto, CA, ACM Sigplan Notices, vol. 33, No. 10, Oct. 1998.
Yelland, “A Compositional Account of the Java™ Virtual Machine,” Sun Microsystems, Palo Alto, CA, Proceedings of the 26thACM SIGPLAN-SIGACT on Principles of Programming Languages, 1999.
Goldberg, “A Specification of Java Loading and Bytecode Verification,” Kestrell Institute, Palo Alto, CA, Proceedings of the 5thACM Conference on Computer and Communications Security, 1998.
Franz et al., “Introducing Juice,” University of California, Irvine, CA, Oct. 30, 1966, available at http://caesar.ics.uci.edu/intro.html [accessed Jul. 7, 1999].
Waddington et al., “Java: Virtual Machine for Virtually Any Platform,” Embedded Systems Programming, vol. 9, No. 6, Jun. 1966.
Gosling et al., “Java Intermediate Bytecodes,” Proceedings ACM Sigplan Workshop on Intermediate Representations, San Francisco, CA, Jan. 22, 1995,
Forbes Jonathon
Gordon Andrew
Morrison Vance P.
Syme Donald
Leydig , Voit & Mayer, Ltd.
Microsoft Corporation
Morse Gregory
Nguyen-Ba Hoang-Vu Anthony
LandOfFree
Verifier to check intermediate language does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Verifier to check intermediate language, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Verifier to check intermediate language will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3081471