This document discusses reading Java bytecode and provides examples of how to interpret bytecode instructions and method signatures. It introduces key concepts of the Java Virtual Machine (JVM) like frames, stacks, local variables, and bytecode instructions. It also demonstrates how to decompile classes and interpret example bytecode snippets using the javap tool. The document is intended to help readers understand how Java code is executed at the bytecode level.
Mixing Source and Bytecode: A Case for Compilation By Normalization (OOPSLA 2...lennartkats
Language extensions increase programmer productivity by providing concise, often domain-specific syntax, and support for static verification of correctness, security, and style constraints. Language extensions can often be realized through translation to the base language, supported by preprocessors and extensible compilers. However, various kinds of extensions require further adaptation of a base compiler's internal stages and components, for example to support separate compilation or to make use of low-level primitives of the platform (e.g., jump instructions or unbalanced synchronization). To allow for a more loosely coupled approach, we propose an open compiler model based on normalization steps from a high-level language to a subset of it, the core language. We developed such a compiler for a mixed Java and (core) bytecode language, and evaluate its effectiveness for composition mechanisms such as traits, as well as statement-level and expression-level language extensions.
So you've reversed you're first Android APK; now what? Java pseduocode is nice, but how do we modify the app? This is a crash course in reading and understanding Davlik opcodes. It will go through some basics then we will jump into a couple case studies to demonstrate some of the concepts. This talk should help testers who are interested in or do Android application assessments to better understand how to mess with the underlying code.
Mixing Source and Bytecode: A Case for Compilation By Normalization (OOPSLA 2...lennartkats
Language extensions increase programmer productivity by providing concise, often domain-specific syntax, and support for static verification of correctness, security, and style constraints. Language extensions can often be realized through translation to the base language, supported by preprocessors and extensible compilers. However, various kinds of extensions require further adaptation of a base compiler's internal stages and components, for example to support separate compilation or to make use of low-level primitives of the platform (e.g., jump instructions or unbalanced synchronization). To allow for a more loosely coupled approach, we propose an open compiler model based on normalization steps from a high-level language to a subset of it, the core language. We developed such a compiler for a mixed Java and (core) bytecode language, and evaluate its effectiveness for composition mechanisms such as traits, as well as statement-level and expression-level language extensions.
So you've reversed you're first Android APK; now what? Java pseduocode is nice, but how do we modify the app? This is a crash course in reading and understanding Davlik opcodes. It will go through some basics then we will jump into a couple case studies to demonstrate some of the concepts. This talk should help testers who are interested in or do Android application assessments to better understand how to mess with the underlying code.
My session in Wearable DevCon 2014, Burlingame, CA
[Note: now the conference is called "Wearable Tech Con" ]
The session gives an introduction to using the Java Native Interface (JNI) in Java, and in particular in the Android Platform. The session then covers the use of the Native Development Kit (NDK) for developing Android applications.
A quick introduction to the object-oriented programming language Ruby, part of a full lecture on Programming Paradigms at UCL university in Belgium, focussing on the programming languages Smalltalk, Ruby and Java, with reflection and meta programming as underlying theme.
My session at AnDevCon, April 2014, Boston, MA
The session gives an introduction to using the Java Native Interface (JNI) in Java, and in particular in the Android Platform. The session then covers the use of the Native Development Kit (NDK) for developing Android applications.
@todo update description
Что делает JVM? Компилирует код и выполняет сборку мусора, — скажете вы и будете совершенно правы. Тем не менее, Java приложения могут работать даже при полном отсутсвии JIT и GC.
Виртуальная машина состоит из большого числа компонентов, благодаря которым исполнение Java программ становится возможным. Из доклада вы узнаете, что представляет собой байткод, где лежат переменные, что содержится в class-файлах, кто ловит исключения, насколько дороги JNI методы, как работает синхронизация и многое другое.
My session in Wearable DevCon 2014, Burlingame, CA
[Note: now the conference is called "Wearable Tech Con" ]
The session gives an introduction to using the Java Native Interface (JNI) in Java, and in particular in the Android Platform. The session then covers the use of the Native Development Kit (NDK) for developing Android applications.
A quick introduction to the object-oriented programming language Ruby, part of a full lecture on Programming Paradigms at UCL university in Belgium, focussing on the programming languages Smalltalk, Ruby and Java, with reflection and meta programming as underlying theme.
My session at AnDevCon, April 2014, Boston, MA
The session gives an introduction to using the Java Native Interface (JNI) in Java, and in particular in the Android Platform. The session then covers the use of the Native Development Kit (NDK) for developing Android applications.
@todo update description
Что делает JVM? Компилирует код и выполняет сборку мусора, — скажете вы и будете совершенно правы. Тем не менее, Java приложения могут работать даже при полном отсутсвии JIT и GC.
Виртуальная машина состоит из большого числа компонентов, благодаря которым исполнение Java программ становится возможным. Из доклада вы узнаете, что представляет собой байткод, где лежат переменные, что содержится в class-файлах, кто ловит исключения, насколько дороги JNI методы, как работает синхронизация и многое другое.
While coding in Java is (pretty) straight forward, some tasks require going beyond the borders of standard JVM coding practices in order to interface with low-level hardware & software programmatic APIs.
This slide will introduce the concept and basics of JNA, as well as discuss the probable caveats one might encounter when working with JNA, based on real production use-cases.
How to transform Java code so that is still compiles. IDEs do not handle hundreds of modules well. This is large scale refactoring, analysis and transformation. We use the Spoon library for this
Knots - the Lazy Data Transfer Objects for Dealing with the Microservices CrazeAlexander Shopov
Microservices architectures are distributed ones, thus using them has perils. 'Knots' are a trivial, almost mechanical way to represent the flow of data in them that is composable, extendable and relatively easy to reason about. It simplifies refactors and maintenance and makes roundtrips easy to account. They are compatible with caching, different architectures. Just get an ID and promise to give what it corresponds to when you ask for it.
Microservices make database joins either redundant application level job or very difficult application level job depending on whether you are designing the microservice or are using it. Even though joins may be impossible you need to tie data together - that's why you use knots. A knot may tie several things together, it may even tie one knot to another.
In design patterns parlance knot is just your run of the mill lazily instantiated facade proxy for data transfer that you can observe when you have to. Except it is not! It is a knot.
Just have an id and you will get it.
And once you get it - keep it knotted together.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
2. Alexander Shopov
By day: Software Engineer at Cisco
By night: OSS contributor
Coordinator of Bulgarian Gnome TP
Contacts:
E-mail: ash@kambanaria.org
Jabber: al_shopov@jabber.minus273.org
LinkedIn: http://www.linkedin.com/in/alshopov
Google: Just search “al_shopov“
5. Contents
● Why read?
● How to read?
● JVM Internals;
● JVM Data Types;
● JVM Opcodes.
● Let's read some code.
● What next?
6. Why Read Byte code?
● Understand your platform
● It is interesting and not too hard
● How does Java function? How does X function?
● Job interviews
● Catch compiler bugs/optimizations
● Learn to read before you write
● Source may not correspond to binary
● C/C++ people know their assembler
● Java language evolution vs. Java platform evolution
7. Bad News And Good News
Bad: Good:
We will be Easiest
reading assembler
assembler in world
8. What Is The JVM?
● Stack based, byte oriented virtual machine
without registers easily implementable on 32 bit
hardware.
● 206 (<256) instructions that are easy to group
and there is no need to remember them all
● Some leeway in implementations (even with
Oracle)
9. Dramatis Personæ
● The JVM
● The threads
● The frames
● The stacks – LIFO
● The local variables – array of slots
● The runtime constant pool – array of values
● The bytecode – the instructions
● Class files – serialized form of constants and byte
code
17. Enter Stack
0 1 2 3 4 5 6 …
Local variables
F0
Stack
18. Enter Pool Of Constants
0 1 2 3 4 5 6 …
Local variables
F0
Pool of
constants
Stack
19. Where Is The Code?
0 1 2 3 4 5 6 …
Local variables
F0
Pool of
constants
Stack
20. Where Is The Code?
JVM (heap)
0 1 2 3 4 5 6 …
Local variables
F0
Pool of
constants
Stack
21. Where Is The Code?
JVM (heap)
0 1 2 3 4 5 6 … Class
PC
Local variables Method code
F0
Class
Pool of
constants
Stack
22. Where is the code?
JVM (heap)
0 1 2 3 4 5 6 … Class
6
PC
Local variables Method code
F0
Class
Pool of
constants
Stack
23. Load
JVM (heap)
0 1 2 3 4 5 6 … Class
6
PC
Local variables Method code
F0
Class
Pool of
constants
6
Stack
24. And…
JVM (heap)
0 1 2 3 4 5 6 … Class
6
PC
Local variables Method code
F0
Class
Pool of
8 constants
6
Stack
25. Store
JVM (heap)
0 1 2 3 4 5 6 … Class
6 8
Local variables PC Method code
F0
Class
Pool of
8 constants
6
Stack
26. JVM Datatypes
● Primitive types
● Java { numeric – integral: byte (±8), short (±16),
int (±32), long (±64), char (+16), floating point:
float (±32), double (±64); boolean (int or byte) }
● returnAddress – pointers to the opcodes of JVM
(jumps - loops)
● Reference types
● class, array, interface
● null
27. JVM Datatypes Descriptors
Java type Type descriptor
boolean Z
char C
byte B
short S
int I
float F
long J
double D
Object Ljava/lang/Object;
byte[] [B
String[][] [[Ljava/lang/String;
void V
45. Example 1
public static int whatIsThis(int, int, int);
Signature: (III)I
Code:
0: iload_0
1: iload_1
2: iadd
3: istore_3
4: iload_3
5: iload_2
public static int whatIsThis
6: iadd (int a, int b, int c) {
7: istore_3 int result = a + b;
8: iload_3 result += c;
9: ireturn return result;
}
46. Example 2
public static int whatIsThis(int, int, int);
Signature: (III)I
Code:
0: iload_0
1: iload_1
2: iadd
3: iload_2
4: iadd
5: ireturn
47. Example 2
public static int whatIsThis(int, int, int);
Signature: (III)I
Code:
0: iload_0
1: iload_1
2: iadd
3: iload_2
4: iadd
5: ireturn
public static int whatIsThis
(int a, int b, int c) {
result a + b + c;
}
48. Example 3
public static int whatIsThis(int, float, double);
Signature: (IFD)I
Code:
0: iload_0
1: i2f
2: fload_1
3: fadd
4: f2d
5: dload_2
6: dadd
7: d2i
8: ireturn
LineNumberTable:
line 6: 0
LocalVariableTable:
Start Length Slot Name Signature
0 9 0 a I
0 9 1 b F
0 9 2 c D
49. Example 3
public static int whatIsThis(int, float, double);
Signature: (IFD)I
Code:
0: iload_0
1: i2f
2: fload_1
3: fadd
4: f2d
5: dload_2
6: dadd
7: d2i
8: ireturn
LineNumberTable:
line 6: 0
public static int whatIsThis
LocalVariableTable: (int a, float b, double c) {
Start Length Slot Name return (int) (a + b + c);
Signature
0 9 0 } I
a
0 9 1 b F
0 9 2 c D
50. Example 4
public static void main(java.lang.String[]);
Signature: ([Ljava/lang/String;)V
Code:
0: getstatic #16 // Field
java/lang/System.out:Ljava/io/PrintStream;
3: ldc #22 // String BGOUG
5: invokevirtual #24 // Method
java/io/PrintStream.println:(Ljava/lang/String;)V
8: return
66. Further resources
● Oracle:
The JVM Specification, Java SE 7 Edition
● A. Arhipov:
Java Bytecode For Discriminating Developers
● Wikipedia: Java Bytecode Instruction Listings
● S. H. Park Understanding JVM Internals
● C. McGlone:
Looking "Under the Hood" with javap
● P. Haggar: Java bytecode