Java Bytecode For Discriminating Developers - GeeCON 2011

Java Bytecode for Discriminating Developers
Anton Arhipov

whoami
Anton Arhipov
Java dev. / Product Lead
JRebel
http://arhipov.blogspot.com
@antonarhipov
@javarebel

Who-are-you?

The Master Plan
80%: Bytecode 101
20%: Examples

THE INTRO

+
1 + 2
1
2

+
1 + 2
1
2
1 2 +

+
1 + 2
1
2
1 2 +
1
PUSH 1

+
1 + 2
1
2
1 2 +
2
PUSH 1
PUSH 2
1

+
1 + 2
1
2
1 2 +
3
PUSH 1
PUSH 2
ADD

+
1 + 2
1
2
1 2 +
3
ICONST_1
ICONST_2
IADD

? = 1 + 2

TAXONOMY

Bytecode
One-byte instructions
256 possible opcodes
200+ in use

TYPE
OPERATION

TYPE
OPERATION
<TYPE> ::= b, s, c, i, l, f, d, a

TYPE
OPERATION
<TYPE> ::= b, s, c, i, l, f, d, a
Operations with constant values (ldc, iconst_1)

TYPE
OPERATION
<TYPE> ::= b, s, c, i, l, f, d, a
Operations with constant values (ldc, iconst_1)
Local variables and stack interaction (load/store)
Array operations (aload, astore)
Math (add, sub, mul, div)
Boolean/bitwise operations (iand, ixor)
Comparisons (cmpg, cmpl, ifne, ifeq)
Conversions (l2d, i2l)

Bytecode Taxonomy
Stack
Manipulation

Bytecode Taxonomy
Stack
Manipulation
Flow
Control

Bytecode Taxonomy
Stack
Manipulation
Flow
Control
Object
Model

Bytecode Taxonomy
Stack
Manipulation
Flow
Control
Object
Model
Arithmetics

Bytecode Taxonomy
Stack
Manipulation
Flow
Control
Object
Model
Arithmetics
monitorenter
monitorexit

TOOLING

javap
Java class file disassembler
Used with no options shows class structure only
Methods, superclass, interfaces, etc
-c shows the bytecode
-private shows all methods and members
-s prints internal signatures
-l prints line numbers and local variable tables

HELLO WORLD!

C:workgeeconclasses>javap Hello -c

Compiled from "Hello.java"
public class Hello extends java.lang.Object{
public Hello();
Code:
0: aload_0
1: invokespecial #1; //Method java/lang/Object."<init>":()V
4: return

public Hello();
Code:
0: aload_0
4: return
the default constructor

public Hello();
Code:
0: aload_0
4: return
push this to stack

public Hello();
Code:
0: aload_0
4: return
invoke <init> on this

public Hello();
Code:
0: aload_0
4: return

public Hello();
Code:
0: aload_0
4: return
public static void main(java.lang.String[]);
Code:
0: getstatic #2; //Field java/lang/System.out:Ljava/io/PrintStream;
3: ldc #3; //String Hello, World!
5: invokevirtual #4; //Method java/io/PrintStream.println:(Ljava/lang/String;)V

public Hello();
Code:
0: aload_0
4: return
Code:
get static field

public Hello();
Code:
0: aload_0
4: return
Code:
load string to the stack

public Hello();
Code:
0: aload_0
4: return
Code:
invoke method with parameter

public Hello();
Code:
0: aload_0
4: return
Code:

What’s #1,#2, etc ?
public Hello();
Code:
0: aload_0
4: return
Code:

C:workgeeconclasses>javap Hello -c -verbose

Compiled from "Hello.java“
public class Hello extends java.lang.Object
SourceFile: "Hello.java"
minor version: 0
major version: 50
Constant pool:
const #1 = Method#6.#20; // java/lang/Object."<init>":()V
const #2 = Field#21.#22; // java/lang/System.out:Ljava/io/PrintStream;
const #3 = String#23; // Hello, World!
const #4 = Method#24.#25; // java/io/PrintStream.println:(Ljava/lang/String;)V
const #5 = class#26; // Hello
const #6 = class#27; // java/lang/Object
const #7 = Asciz<init>;
const #8 = Asciz()V;

…
public Hello();
Code:
Stack=1, Locals=1, Args_size=1
0: aload_0
4: return
LineNumberTable:
line 1: 0
LocalVariableTable:
Start Length Slot Name Signature
0 5 0 this LHello;

…
Code:
8: return
LineNumberTable:
line 4: 0
line 5: 8
LocalVariableTable:
0 9 0 args [Ljava/lang/String;

STACK MACHINE

Stack Machine

Stack Machine
JVM is a stack-based machine

Stack Machine
Each thread has a stack

Stack Machine
Stack stores frames

Stack Machine
Stack stores frames
Frame is created on method invocation

Stack Machine
Stack stores frames
Frame is created on method invocation
Frame consists of:
Operand stack
Array of local variables

The Frame
Local variables
N
1
2
3
…
Operand stack
#1
Constant
Pool

public java.lang.String getName();
Code:
0: aload_0
1: getfield #2; //Field name:Ljava/lang/String;
4: areturn
LocalVariableTable:
0 5 0 this LGet;

0 1 2 3 4
areturn
aload_0
00
02
getfield
Code:
0: aload_0
4: areturn
LocalVariableTable:
0 5 0 this LGet;

0 1 2 3 4
B0
2A
00
02
B4
Code:
0: aload_0
4: areturn
LocalVariableTable:
0 5 0 this LGet;

Code:
0: aload_0
4: areturn
LocalVariableTable:
0 5 0 this LGet;

STACK CRUNCHING

A
dup
pop
swap
dup_x1
dup2_x2
B

A
dup
pop
swap
dup_x1
dup2_x2
A
B

A
dup
pop
swap
dup_x1
dup2_x2
B

B
dup
pop
swap
dup_x1
dup2_x2
A

B
dup
pop
swap
dup_x1
dup2_x2
A
B

B
dup
pop
swap
dup_x1
dup2_x2
A
B
B
A

dup2_x2
How do you
swap doubles?

dup2_x2

dup2_x2
dconst_0
0.0

dup2_x2
dconst_0
dconst_1
1.0
0.0

dup2_x2
dconst_0
dconst_1
swap
1.0
0.0

dup2_x2
dconst_0
dconst_1
swap
1.0
not allowed!
0.0

dup2_x2
dconst_0
dconst_1
swap2
1.0
0.0

dup2_x2
dconst_0
dconst_1
swap2
1.0
doesn’t
exist
0.0

dup2_x2
dconst_0
dconst_1
dup2_x2
1.0
0.0
1.0

dup2_x2
dconst_0
dconst_1
dup2_x2
pop2
0.0
1.0

dup2_x2
dconst_0
dconst_1
dup2_x2
pop2
0.0
1.0
profit!

LOCAL VARIABLES

Local Variables

public int calculate(int);
Code:
…
LocalVariableTable:
0 5 0 this LLocalVariables;
0 5 1 value I
Local Variables

Code:
…
LocalVariableTable:
0 5 1 value I
numbered from 0
Local Variables

Code:
…
LocalVariableTable:
0 5 1 value I
Local Variables
instance methods
have this at 0

The table maps numbers to names
Code:
…
LocalVariableTable:
0 5 1 value I
Local Variables

Sized explicitly
Code:
…
LocalVariableTable:
0 5 1 value I
Local Variables

Stack
Local Variables
value
var
value
depth
ldc"Hello"
astore_0
iconst_1
astore_1
aload_0
0
0
1
1
2
2
3
3
4
4

Stack
Local Variables
value
var
value
depth
ldc"Hello"
astore_0
iconst_1
astore_1
aload_0
0
0
"Hello"
1
1
2
2
3
3
4
4

Stack
Local Variables
value
var
value
depth
ldc"Hello"
astore_0
iconst_1
astore_1
aload_0
"Hello"
0
0
1
1
2
2
3
3
4
4

Stack
Local Variables
value
var
value
depth
ldc"Hello"
astore_0
iconst_1
astore_1
aload_0
"Hello"
0
0
1
1
1
2
2
3
3
4
4

Stack
Local Variables
value
var
value
depth
ldc"Hello"
astore_0
iconst_1
astore_1
aload_0
"Hello"
0
0
"Hello"
1
1
1
2
2
3
3
4
4

load
Stack
Local Variables Table
store

OBJECTS

new
<init>
<clinit>
0xBB
Instance initialization method
Class and interface initialization method
Object Initialization

Object Initialization: static {}
static {};
Code:
0: iconst_1
1: putstatic #2; //Field a:I
4: iconst_2
5: putstatic #3; //Field b:I
8: return

Object Initialization: static {}
<clinit>
static {};
Code:
0: iconst_1
1: putstatic #2; //Field a:I
4: iconst_2
5: putstatic #3; //Field b:I
8: return

Object Initialization: new

public Initializer();
Code:

Code:
0: aload_0

Code:
0: aload_0
4: aload_0

Code:
0: aload_0
4: aload_0
5: new#2; //class java/lang/Object
8: dup

Code:
0: aload_0
4: aload_0
8: dup
12: putfield #3; //Field o:Ljava/lang/Object;

Code:
0: aload_0
4: aload_0
8: dup
12: putfield #3; //Field o:Ljava/lang/Object;
15: return

Object Initialization: {}

?

public Initializer(int);
Code:
0:aload_0
1:invokespecial #1; // ..<init>
4:aload_0
5:iconst_1
6:putfield #2; //Field a:I
9:aload_0
10:iconst_2
11:putfield #3; //Field c:I
14:aload_0
15:iload_1
16:putfield #4; //Field b:I
19:return

There’s no initializer

METHOD INVOCATION&PARAMETER PASSING

Methods & Parameters
invokestatic
invokespecial
invokevirtual
invokeinterface
invokedynamic
Efficient Implementation of Java Interfaces: Invokeinterface Considered Harmless, Bowen Alpern, Anthony Cocchi, Stephen Fink, David Grove, and Derek Lieber, OOPSLA’01

invokestatic
invokespecial
invokevirtual
invokeinterface
invokedynamic
Integer.valueOf(“42”)

invokestatic
invokespecial
invokevirtual
invokeinterface
invokedynamic
<init>
private void foo();
super.method();

invokestatic
invokespecial
invokevirtual
invokeinterface
invokedynamic
class A
A/method1
A/method2

invokestatic
invokespecial
invokevirtual
invokeinterface
invokedynamic
class A
A/method1
A/method2
class B

invokestatic
invokespecial
invokevirtual
invokeinterface
invokedynamic
class A
A/method1
A/method2
class B
A/method1
B/method2
B/method3

invokestatic
invokespecial
invokevirtual
invokeinterface
invokedynamic
class A
A/method1
A/method2
class B impl X
A/method1
B/method2
B/method3
X/methodX

invokestatic
invokespecial
invokevirtual
invokeinterface
invokedynamic
class A
A/method1
A/method2
class B impl X
A/method1
B/method2
B/method3
X/methodX
class D impl X
D/method1
X/methodX

invokestatic
invokespecial
invokevirtual
invokeinterface
invokedynamic

Method Invocation
obj.method(param1, param2);

Method Invocation
push obj
push param1
push param2
call method

Method Invocation
obj
push obj
push param1
push param2
call method

Method Invocation
param1
push obj
push param1
push param2
call method
obj

Method Invocation
param2
push obj
push param1
push param2
call method
param1
obj

Method Invocation
obj?
push obj
push param1
push param2
call method

Method Invocation
this.add(1, 2);
0: aload_0
1: iconst_1
2: iconst_2
3: invokevirtual #2; //Method add:(II)I

INNER CLASSES

Inner Classes

Inner Classes
class Car$Engine extends j.l.Object{
final Car this$0;
Car$Engine(Car);
public void start();
Code:
0: aload_0
1: getfield #1; //Field this$0:LCar;
4: invokestatic #3; //Car.access$000:(LCar;)V
7: return
}

Inner Classes
public class Car extends j.l.Object{
public Car();
private void move();
static void access$000(Car);
Code:
0: aload_0
1: invokespecial #1; // move: ()V;
4: return
}
class Car$Engine extends j.l.Object{
final Car this$0;
Car$Engine(Car);
public void start();
Code:
0: aload_0
1: getfield #1; //Field this$0:LCar;
4: invokestatic #3; //Car.access$000:(LCar;)V
7: return
}

“HOW DO THEY DO THAT?”

object Singleton {
def test={}
}

object Singleton {
def test={}
}
$> scalacSingleton.scala
Singleton.class
Singleton$.class

public final class Singleton extends java.lang.Object{
public static final void test();
Code:
0: getstatic #11; //Field Singleton$.MODULE$:LSingleton$;
3: invokevirtual #13; //Method Singleton$.test:()V
6: return
}

Code:
6: return
}
public final class Singleton$ extends java.lang.Object implements scala.ScalaObject{
public static final Singleton$ MODULE$;
public static {};
Code:
0: new #9; //class Singleton$
3: invokespecial #12; //Method "<init>":()V
6: return
public void test();
private Singleton$();
}

Code:
6: return
}
public final class Singleton$ extends java.lang.Object implements scala.ScalaObject{
public static {};
public void test();
private Singleton$();
Code:
0: aload_0
1: invokespecial#17; //Method java/lang/Object."<init>":()V
4: aload_0
5: putstatic#19; //Field MODULE$:LSingleton$;
8: return

object Singleton {
def test={}
}

publicclassSingleton {
publicvoid test(){
Singleton$.MODULE$.test();
}
}
object Singleton {
def test={}
}

publicclassSingleton {
publicvoid test(){
Singleton$.MODULE$.test();
}
}
public final class Singleton$
implements scala.ScalaObject{
static { newSingleton$(); }
private Singleton$(){
MODULE$ = this;
}
public void test() {
}
}
object Singleton {
def test={}
}

classGroovy {}

classGroovy {}
$> groovycGroovy.groovy
$> javap –c –p Groovy

classGroovy {}
$> groovycGroovy.groovy
$> javap –c –p Groovy
public class Test extends java.lang.Object implements groovy.lang.GroovyObject{
private static org.codehaus.groovy.reflection.ClassInfo $staticClassInfo;
private transient groovy.lang.MetaClass metaClass;
public static java.lang.Long __timeStamp;
public static java.lang.Long __timeStamp__239_neverHappen1304807931117;
private static java.lang.ref.SoftReference $callSiteArray;
private static java.lang.Class $class$groovy$lang$MetaClass;
private static java.lang.Class $class$Test;
private static java.lang.Class $class$java$lang$String;
public java.lang.Object this$dist$invoke$2(java.lang.String, java.lang.Object);
public void this$dist$set$2(java.lang.String, java.lang.Object);
public java.lang.Object this$dist$get$2(java.lang.String);
protected groovy.lang.MetaClass $getStaticMetaClass();
public groovy.lang.MetaClass getMetaClass();
public void setMetaClass(groovy.lang.MetaClass);
public java.lang.Object invokeMethod(java.lang.String, java.lang.Object);
public java.lang.Object getProperty(java.lang.String);
public void setProperty(java.lang.String, java.lang.Object);

CRASH! BOOM! BANG!

Javassist
Bytecode manipulation made easy
Source-level and bytecode-level API
Uses the vocabulary of Java language
On-the-fly compilation of the injected code
http://www.jboss.org/javassist

for(inti = 0; i < 100; i++){
inta = 0;
try {
while (true) {
a++;
foo(a);
if(a > 1) break;
}
} catch (Exception e) {
}
}

for(inti = 0; i < 100; i++){
inta = 0;
try{
while (true) {
a++;
foo(a);
if(a > 1) break;
}
}
}

for(inti = 0; i < 100; i++){
inta = 0;
try{
while(true) {
a++;
foo(a);
if(a > 1) break;
}
}
}

Javassist
CtMethod method = …
method.setBody(“
for(inti = 0; i < 100; i++){
inta = 0;
try {
while (true) {
a++;
foo(a);
if(a > 1) break;
}
}
}”);

-noverify

#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at
# pc=0x01adff06, pid=7732, tid=868
#
# JRE version: 6.0_21-b07
# Java VM: Java HotSpot(TM) Client VM (17.0-b17 mixed mode,
# sharing windows-x86 )
# Problematic frame:
# j zt.javassist.My.test()V+20
#
# An error report file with more information is saved as:
# C:workpuzzlershs_err_pid7732.log
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
#
-noverify

Exception in thread "main" java.lang.VerifyError: (class: zt/javassist/My, method: test signature: ()V) Inconsistent stack height 0 != 1
-Xverify:all

public void test();
Code:
0: iconst_0
1: istore_1
2: iload_1
3: bipush 100
5: if_icmpge 42
8: iconst_0
9: istore_2
10: goto 29
13: iinc 2, 1
16: aload_0
17: iload_2
18: invokevirtual #23; //Method zt/javassist/My.foo:(I)V
21: iload_2
22: iconst_1
23: if_icmple 29
26: goto 32
29: goto 13
32: astore_3
33: goto 36
36: iinc 1, 1
39: goto 2
42: return
Exception table:
from to target type
10 32 32 Class java/lang/Exception

public void test();
Code:
0: iconst_0
1: istore_1
2: iload_1
3: bipush 100
5: if_icmpge 42
8: iconst_0
9: istore_2
10: goto 29
13: iinc 2, 1
16: aload_0
17: iload_2
18: invokevirtual #23; //Method zt/javassist/My.foo:(I)V
21: iload_2
22: iconst_1
23: if_icmple 29
26: goto 32
29: goto 13
32: astore_3
33: goto 36
36: iinc 1, 1
39: goto 2
42: return
Exception table:
from to target type
10 32 32 Class java/lang/Exception
No local
variables table

http://arhipov.blogspot.com	2769
http://java.dzone.com	928
http://lj-toys.com	134
http://arhipov.blogspot.in	57
http://feeds.feedburner.com	42
http://minhyungko.blogspot.com	23
url_unknown	21
http://arhipov.blogspot.de	18
http://arhipov.blogspot.fr	15
http://arhipov.blogspot.co.uk	13
http://lanyrd.com	11
http://arhipov.blogspot.com.au	9
http://arhipov.blogspot.se	4
http://www.slideshare.net	4
http://twitter.com	4
http://webcache.googleusercontent.com	4
http://arhipov.blogspot.com.es	3
http://arhipov.blogspot.com.br	3
http://paper.li	3
http://www.arhipov.blogspot.com	2
http://www.techgig.com	2
http://arhipov.blogspot.ca	2
http://translate.googleusercontent.com	2
http://www.dzone.com	1
http://www.hanrss.com	1
http://arhipov.blogspot.co.nz	1
http://arhipov.blogspot.pt	1
http://www.renren.it	1
http://www.javaoracleblog.com	1

Java Bytecode For Discriminating Developers - GeeCON 2011

by Anton Arhipov on May 12, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

29 Embeds 4,079

Statistics

Java Bytecode For Discriminating Developers - GeeCON 2011 — Presentation Transcript