Type-safe Implementation of Java Reflection

Download Report

Transcript Type-safe Implementation of Java Reflection 

Type-safe Implementation of
Java Reflection
™
(Work in progress)
Nadeem Abdul Hamid
February 27, 2001 • Yale University
Advisor: Prof. Zhong Shao
Outline
Introduction
Java Reflection
Implementing Java Reflection
Implementing Java Reflection Safely
Java Reflection Using ITA
(Intensional Type Analysis)
Conclusions and Further Work
2
Introduction
Java Mobile Code Platform
Java Bytecode:
Platform independent
mobile code
Verifiable for
safety/security
properties
Problem:
Large Trusted
Computing Base
(TCB)
Verifier
Interpreter
Runtime System
3
Introduction
A More Principled, Flexible Platform
FLINT IL
Low-level Code
Sophisticated Type
System = Safety/Security
Java
Class
Library
Fast Type Checking
Precise Semantics
Multiple Source Languages
Small
TCB
4
Introduction
Java-FLINT Current Results
Support for large
subset of Java:
classes, inheritance,
interfaces, privacy,
mutual recursion,
dynamic cast,
constructors, super,
static, ...
[League, Shao, Trifonov ’99, ’01]
5
Introduction
... Reflection?
Constraints
Adhere to Java Specification
Straightforward, efficient (?) encoding
Similar to current implementations,
but, ...
Entirely type checked
6
Introduction
Java Warm-up
class Pt extends Object {
public int x;
Pt(int newx)
{ this.x = newx; }
public void bump(Pt y) { this.x = y.x; }
}
main() {
Pt p1 = new Pt(1), p2 = new Pt(2);
p1.bump(p2);
p2.x = p1.x * 2;
}
7
Outline
Introduction
Java Reflection
Implementing Java Reflection
Implementing Java Reflection Safely
Java Reflection Using ITA
(Intensional Type Analysis)
Conclusions and Further Work
8
Java Reflection
What is Reflection?
“Reflection is the ability of a program to
manipulate as data something representing
the state of the program during its own
execution.” [Demers and Malenfant]
Reification = “Encoding execution state as data”
Reflective Power
Introspection
2. Behavioral Reflection
3. Structural Reflection
1.
Java Reflection
Mostly (1)
9
Java Reflection
Who Uses Java Reflection?
JavaBeans (component architectures)
Database applications
Serialization
Mobile objects
Scripting applications
Runtime Debugging/Inspection Tools
Jalapeno (IBM) – remote VM debugging tool
Frappé (Antony)
10
Java Reflection
Why Use Reflection?
Dynamically loaded classes
Convenience
Efficiency
11
Java Reflection
How To Use Java Reflection
class Pt extends Object {
int x;
Pt(int newx)
{ this.x = newx; }
void bump(Pt y) { this.x = y.x; }
}
main() {
Class c = getClass(“Pt”);
Field f = c.getField(“x”);
Method m = c.getMethod(“bump”);
Object p = c.newInstance( [3] );// p = new Pt(3);
f.get( p );
// p.x;
m.invoke( p, [ p ] );
// p.bump(p);
}
12
Java Reflection
Another Example
main() {
Class c = getClass(“Pt”);
Field f = c.getField(0);
Object obj = <Network.ReceiveObject>;
if (c.isInstanceOf( obj ) {
print “It’s a point!”;
print “Value: “ + f.get(obj);
}
}
13
Java Reflection
Reflection API Interface
class Class extends AccessibleObject {
static Class forName(String name);
Object newInstance();
Field getField(String name);
Method getMethod(String name);
boolean isInstance(Object obj);
getName(), getInterfaces(), getSuperclass(),
getModifiers(), getFields(), getMethods()
}
class Field extends AccessibleObject {
Object get(Object obj);
void
set(Object obj, Object val);
getType(), getDeclaringClass(), ...
}
14
Java Reflection
Reflection API Interface
(cont.)
class Method extends AccessibleObject {
Object invoke(Object obj, Object[] args);
getReturnType(), getParameterTypes(),
getExceptionTypes(), getDeclaringClass(),...
}
class Constructor;
class AccessibleObject;
class Array;
class Proxy;
...
15
Java Reflection
Subtleties
Security
Access Control
Overriding
Inheritance
Arrays
Primitive Types
Class Initialization
Inner & Anonymous
Classes
16
Java Reflection
Reflection API Summary
Representations for Class, Field,
Method
check class of an object
construct new class instances
access and modify field values of an
object
access and invoke methods of a class
17
Outline
Introduction
Java Reflection
Implementing Java Reflection
Implementing Java Reflection Safely
Java Reflection Using ITA
(Intensional Type Analysis)
Conclusions and Further Work
18
Implementing Java Reflection
Java VM/Compiler Survey
Sun J2SE (Java 1.3)
Kaffe VM
Jalapeno (IBM)
OpenJIT (Japan)
JavaInJava (Sun 1998)
BulletTrain
Rivet (MIT)
Marmot (Microsoft)
Classpath (GNU)
19
Implementing Java Reflection
Object
At Runtime
vtab
class
field1
class Pt {Object x;
Pt bump(Pt); }
Libraries: Object,
Class, Field, ...
...
JVM
Class
Class
Class
Class
“Object”
“Class”
“Field”
“Pt”
fields = /
...
...
fields
...
new Pt(3) 
...
Pt
Field
x = ...
“x”
clazz
type
offset = 16
20
Implementing Java Reflection
Object
At Runtime: Methods
vtab
class
field1
class Pt {Object x;
Pt bump(Pt); }
Libraries: Object,
Class, Field, ...
...
JVM
Class
...
new Pt(3) 
...
“Pt”
Pt
vtab
fields
class
Method
x = ...
“bump”
methods
...
clazz
bump
args/rettype
...
code ptr
21
Implementing Java Reflection
Class and Field Implementation
class Field {
String name;
Class type;
Class clazz;
int offset;
class Class {
String
Field[]
Method[]
boolean
name;
fields;
methods;
primitive;
bool isInstance...
Object newInstance..
}
Object get(Object obj) {
if (clazz.isInstance(obj))
f = ((char*)obj) + offset;
return (Object)f;
}
}
22
Implementing Java Reflection
Method Implementation
class Method {
String name;
Class clazz;
CodePtr* code;
Class[] argtypes;
Class rettype;
Object invoke(Object obj, Object args[]) {
if (clazz.isInstance(obj))
foreach args[i]
CHECK argtypes[i].isInstance(args[i])
<unroll arguments into stack frame>
<and “jump” to code
>
return (Object)retvalue;
}
23
Implementing Java Reflection
Primitive Types
class Field {
String name;
Class type;
Class clazz;
int offset;
int class Integer;
boolean  class Boolean;
double  class Double;
...
class Class {
...
boolean
primitive;
}
Object get(Object obj) {
if (clazz.isInstance(obj))
f = ((char*)obj) + offset;
return (type.primitive = TRUE ?
wrap(f) : (Object)f);
}
}
new Integer( *(int*)f)
24
Implementing Java Reflection
Why Native Code is Needed
isInstance
Implemented using some form of tags
Separate topic: Dynamic loading
Selecting arbitrary offset
Not really arbitrary – checked to make sure
object is valid
Unrolling arguments and applying to
method code
25
Implementing Java Reflection
The Problem(s)
Implementation is platform-specific
passing arguments
object layout
Logic is straightforward but code is
not type checked
compiler is part of the TCB- what happens if
it makes a mistake
26
Outline
Introduction
Java Reflection
Implementing Java Reflection
Implementing Java Reflection Safely
Java Reflection Using ITA
(Intensional Type Analysis)
Conclusions and Further Work
27
Implementing Java Reflection Safely
First try: Pure Java Solution
Class, Field, Method are abstract
JVM loads a class file:
Generates an instance of Class, and instances of Field
First generates subclass of Class, subclasses of Field and
then instances of those
Subclasses generated by filling in
templates
Hard code checks/selection/invocation
One subclass for each class, field, method
28
Implementing Java Reflection Safely
Subclassing Field
Template:
class Field_<CLASSNAME>_<FIELDNAME> extends Field
{
String name = “<FIELDNAME>”;
Class type = <class of field type>;
Class clazz = <class of CLASSNAME>;
Object get(Object obj) {
return ( (<CLASSNAME>) obj ).<FIELDNAME>;
}
}
if (clazz.isInstance(obj))
f = *((char*)obj) + offset;
return (Object)f;
29
Implementing Java Reflection Safely
Filling in the template
class Point { public Integer x; }
class Field_Point_x extends Field
{
String name = “x”;
Object get(Object obj) {
return ( (Point) obj ).x;
}
}
Point.getClass().getField(“x”) 
(Field) new Field_Point_x();
30
Implementing Java Reflection Safely
Nice try,
No native code
Semantics of Java automatically
enforced
Independent of object-layout
Not part of the TCB!
31
Implementing Java Reflection Safely
but...
No overriding privacy
Consider, if x were a private field:
( (Point) obj ).x would not compile
Maybe in FLINT?
Slight specification revisions needed
Too much overhead?
Explosion in number of classes generated,
not just class instances
32
-
Enter Intensional Type Analysis...
[HM, CWM, SST]
33
Implementing Java Reflection Using ITA
Java Encoding (Intuitively)
JAVA
Objects
miniFLINT
Records
new Point (x=3)
Field Selection
Field Selection
p.x (also for methods)
Methods
Lambda terms
class Pt { void m(int x1) {...} }
Method Invocation
Self-application
p.m( x1 )
34
Implementing Java Reflection Using ITA
Claim
Java + Reflection
 miniFLINT + ITA
Field selection:
(p.x) : ?
where x unknown at compile time
Method selection & invocation:
p.m( p, x1 ) : ?
where m : ?, p : ?, x1 : ?
35
Implementing Java Reflection Using ITA
FLINT Framework
Object
representation:
New[Pt] 
vtab  {meth1  ...},


class  COBJ[Pt], 
x  3,...



  ... | Typerec ( ,     ,  _ )
e  ... | typecase ( , e   , e_ )
36
Implementing Java Reflection Using ITA
Class Objects in FLINT
castC : ObjTy[Object]  ObjTy[C ]
,
NewC : CTOR[C ]

vtab  ...,
class  ...,

COBJ[C ]  nam e: String " C" ,
ctr :  .(  Castlist )


 CTOR[C ], NewC , castD1 ,...

Castlist   .Typecase of  1   2

1   2  ...   C










 (ObjTy[Object]   1 )  Castlist 2
| __  unit
37
Implementing Java Reflection Using ITA
newInstance
Object newInstance(Object[] args);
newInstance  self .args. open self.ctr as   , ctor, cargs  in
applycur[  ] ctor cargs args
end
Rettype  .Typecase of  1   2  Rettype 2 | __  
applycur:  .  Castlist  Object[]  Rettype
  .f .cargs.args. typecase  of
 1   2  case args of
a :: as  applycur[ 2 ] f (#1(cargs)) a 
#2(cargs) as
| __  ERROR
|__  case args of [] f | __  ERROR
38
Implementing Java Reflection Using ITA
Field Selection
Powerful record select
based on first-class labels or offset where
the record type maps offsets to types
vtab  ..., class  ..., nam e: String " x" , 


FOBJ[C , x]  offset : n.i  n.Cn .(ObjTy[Object]  Cn )





(
1
,
0
,
ObjTy
[
C
]),
cast
C


get  self .obj. open self.offset as  (n, i, Cn ), cast in
select (cast obj) i
end
39
Implementing Java Reflection Using ITA
Recursive Types
Complication:
ObjTy[C] is a recursive type
Representation of recursive
types for ITA ?
40
Implementing Java Reflection Using ITA
Summary: ITA Approach
Dynamic cast
Name equivalence
Field/Method Selection
Unrolling arguments and applying to
code
Using FLINT-based IL ( F )
extended with ITA
41
Outline
Introduction
Java Reflection
Implementing Java Reflection
Implementing Java Reflection Safely
Java Reflection Using ITA
(Intensional Type Analysis)
Conclusions and Further Work
42
Further work
Formalize reflection in Java
Extend target language with ITA
Representing recursive types
Interaction with privacy/security
Especially overriding access control
TWELF encoding
FLINT VM implementation
43
Conclusion
Type-safe implementation of Java
Reflection in FLINT-based IL
Conforms to Java specification
Straightforward, efficient*
Captures logic of existing native
implementations
44