Download The Java Virtual Machine (JVM) - U

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
Document related concepts
no text concepts found
Transcript 
The Java Virtual
Machine (JVM)
Alexandre Bergel
[email protected]
02/06/2011
Sources
Memory Management in
the Java HotSpot Virtual Machine
April 2006
http://java.sun.com/j2se/reference/whitepapers/
memorymanagement_whitepaper.pdf
The JavaTM Virtual Machine
Specification
Tim Lindholm & Frank Yellin
Java Security Overiew, April 2005
http://java.sun.com/developer/technicalArticles/Security/
whitepaper/JS_White_Paper.pdf
Outline
1.The Java virtual machine
2.Memory management
3.Security
Outline
1.The Java virtual machine
2.Memory management
3.Security
The Java Programming Environment
Compile time environment
Your program’s source files
TicTacToe.
java
Game.
java
Player.
java
Run-time environment
Your program’s class files
TicTacToe.
class
class
Game.
class
Player.
java
Virtual
machine
Compiler
TicTacToe.
Game.
class
Player.
class
Your program’s class files
Object.
class
String.
class
...
Java API’s class files
Bytecode
.class files contains JVM instructions,
called bytecode instructions
TicTacToe.
class
Game.
class
Player.
class
Platform independent
The same .class files will “work”
on different machines
Compact
Linux
JVM
OSX
JVM
...
Linux
OSX
...
Intermediate form
The role of the virtual machine
TicTacToe.
class
Game.
class
Player.
class
The Java Virtual Machine
Class loader
bytecode
Execution
engine
Host operating system
Object.
class
String.
class
The Java
API’s
class files
Class loader
The JVM contains one default class loader
New loaders may be defined
obtain .class files from a particular locations (e.g., remote location,
database)
additional verification or transformation (bytecode manipulation)
...
A class loader is a namespace for classes
Dynamic class loading
You don’t have to know at compile-time all the
classes that may ultimately take part in a running Java
application
user-defined class loader enable you to dynamically
extend a Java app at runtime
As it runs, you app can determine what extra classes
it needs to load them
The execution engine
Simple JVM
byte code interpretation
Just-in-time compiler
Method bytecode instructions are compiled into machine code the
first time they are invoked
The machine code is cached for subsequent invocation
It requires more memory
Adaptive optimization
The interpreter monitors the activity of the program, compiling the
heavily used part of the program into machine code
It is much faster than simple interpretation, a little more memory
The memory requirement is only slightly larger due to the 20%/
80% rule of program execution (20% of the code is responsible for
80% of the execution)
The Java virtual machine
Class loader
runtime data areas
method
area
Execution
engine
heap
Java
stacks
pc
registers
native method
interface
native
methods
stacks
native method
libraries
Shared Data Areas
Each JVM has one of each
Method area: byte code and class (static) data storage
Heap: object storage
method area
class
data
class
data
class
data
heap
object
object
Java
stacks
object
frame
frame
object
frame
The heap
Class instances (objects) and arrays are stored in a
single, shared heap
Each Java application has its own heap
JVM heaps offer a garbage collection to reduce
programmer responsibility on memory management
Outline
1.The Java virtual machine
2.Memory management
3.Security
Memory Management
Memory management is the process of
recognizing when allocated objects are not longer needed
deallocating (freeing) the memory used by such objects
making it available for subsequent allocations
In some programming languages, memory
management is the programmer responsibility
The programmer has to explicitly deallocate memory
e.g., C, Assembly, C++
Explicit memory management
The complexity of that task leads to many common
errors
dangling reference: result of deallocating the space used by an
object
space leaks: memory is allocated but never released
A commonly used solution to these errors is
automatic management by a program called garbage
collector
Automatic memory management
More reliable code
avoid the dangling reference problem
an object is that is still referenced will never be garbage collected
Solve the space leak problem since it automatically
frees all memory no longer referenced
Garbage collection concept
A garbage collector is responsible for
allocating memory
ensuring that any referenced objects remain in memory
recovering memory used by objects that are no longer reachable
from referenced in executing code
Objects that are referenced are said to be live
Object that are no longer referenced are considered
dead (or garbage)
Silver bullet?
Garbage collection solves many, but not all, memory
allocation problems
One could create objects indefinitely and continue
referencing them until there is no more memory
available
Garbage collection is also a complex task taking time
and resources or its own
Complex because it has to deal with memory
fragmentation and compaction without introducing
long pause
Generational Collection
Generational collection relies on dividing the memory
into generations
Separate young objects from the old ones
Generational collection is based on the weak
generational hypothesis
Most allocated objects are not living for long (objects die young)
Few references from older to younger objects exist
Young generation collections occur frequently
Generational Collection
Objects that survive a number of young generations
are promoted (also called tenured) to the old
generation
Garbage collection algorithm chosen for a young
generation is fast
J2SE HotSpot JVM
Three generations: young, old, and permanent
The permanent generation holds classes and
methods
J2SE HotSpot JVM
4 available garbage collectors
serial: both young and old are scanned, in a stop-the-world
fashion. Only one CPU is used
parallel: use several CPUs to do the scanning. Shorted stop-theworld pause
parallel compacting: Improved version of the parallel collector
concurrent mark and sweep: parallel collector + concurrent
collection on the old objects with the program execution
Useful code snippet
MemoryUsage usage =
ManagementFactory.getMemoryMXBean().getHeapMemoryUsage();
System.out.println("Free memory: " + usage.getUsed());
Outline
1.The Java virtual machine
2.Memory management
3.Security
Java Security Overview
The Java platform was designed with a strong
emphasis on security
The initial version of Java offered a safe environment
for running potential untrusted code, such as applets
Today it includes a large set of APIs, tools, algorithms
Language security and bytecode
verification
Four distinct access levels (private protected, public
and package)
The compiler translates Java programs into byte code
representation
A bytecode verifier is invoked to ensure that only
legitimate bytecodes are executed in the Java runtime
The verifier checks that the bytecodes is conform to
the language specification and do not violate rules and
namespace restriction
Language security and bytecode
verification
The bytecode verifier also checks for memory
management violations, stack underflows or overflows
and illegal data typecasts
These situations do not occur when programming directly in Java
by directly manipulating bytecode
Once bytecodes have been verified, the runtime
prepares for execution
Java security API
Span a wide range of areas
Cryptographic and public key infrastructure (PKI)
interfaces provide the underlying basis for developing
secure applications
Interfaces for performing authentication and access
control enable applications to guard against
unauthorized access to protected resources
Java security API
It allows for multiple interoperable implementations of
algorithms and other security services
Focus on integrating security into applications, rather
than on how to implement complex security
mechanisms
Without security
import java.security.*;
class GetProps {
public static void main(String[] args) {
String s;
try {
System.out.println("About to get os.name property value");
s = System.getProperty("os.name", "not specified");
System.out.println(" The name of your operating system is: " + s);
System.out.println("About to get java.version property value");
s = System.getProperty("java.version", "not specified");
System.out.println(" The version of the JVM you are running is: " + s);
System.out.println("About to get user.home property value");
s = System.getProperty("user.home", "not specified");
System.out.println(" Your user home directory is: " + s);
System.out.println("About to get java.home property value");
s = System.getProperty("java.home", "not specified");
System.out.println(" Your JRE installation directory is: " + s);
} catch (Exception e) {
System.err.println("Caught exception " + e.toString());
}
}
}
Without security
About to get os.name property value
The name of your operating system is: Mac OS X
About to get java.version property value
The version of the JVM you are running is: 1.6.0_24
About to get user.home property value
Your user home directory is: /Users/alexandrebergel
About to get java.home property value
Your JRE installation directory is: /System/Library/Java/
JavaVirtualMachines/1.6.0.jdk/Contents/Home
How to restrict applications
The Java runtime does not automatically install a
security manager with it runs an application
To apply the same security policy found on the local
file system as to unsigned applets, use a JVM option
java -Djava.security.manager GetProps
How to restrict applications
About to get os.name property value
The name of your operating system is: Mac OS X
About to get java.version property value
The version of the JVM you are running is: 1.6.0_24
About to get user.home property value
Caught exception java.security.AccessControlException:
access denied (java.util.PropertyPermission user.home read)
Security policy
We have loaded the default policy file
It allows to access some commonly useful properties
such as “os.name” and “java.version”
These properties are not security-sensitive, so
granting these permissions does not normally pose a
security risk
Other properties tries to access “user.home” and
“java.home”, which may pose a security risk
The default security policy may be found in
java.home/lib/security/java.policy
Particularized security policy
We will now add a new policy entry granting
permission for “user.home” and “java.home”
Actually, we will grant the code stored in the directory
where GetProps.class is stored
PolicyTool
The JDK contains a tool to edit security policy files
policytool
Editing java.security file
Add to the java.security file the following line:
policy.url.3=file:/Users/alexandrebergel/Documents/workspace/
SecurityExample/mypolicy
Note that you may need a sudo access to edit the file
/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/
Home/lib/security> sudo emacs java.security
You should be able to successfully run the following
java -Djava.security.manager GetProps
What you should know!
What a class loader is for?
What are the bytecodes instructions?
What are the different memory areas in the JVM?
What is a security manager?
Can you answer to these questions?
Why does source code needs to be translated into
bytecode?
Why the virtual machine does not directly interpret
source code?
What is the benefit to have the class loader
accessible within the execution of a program?
Why generations are necessary to efficiently manage
the memory?
Why stack overflow and underflow are security
treats?
License
http://creativecommons.org/licenses/by-sa/2.5
Attribution-ShareAlike 2.5
You are free:
• to copy, distribute, display, and perform the work
• to make derivative works
• to make commercial use of the work
Under the following conditions:
Attribution. You must attribute the work in the manner specified by the author or licensor.
!
Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting
work only under a license identical to this one.
• For any reuse or distribution, you must make clear to others the license terms of this work.
• Any of these conditions can be waived if you get permission from the copyright holder.
Your fair use and other rights are in no way affected by the above.
Related documents
Introduction to Java - Brookwood High School
Introduction to Java - Brookwood High School
Chapter 1 questions
Chapter 1 questions
Java
Java
Designing Web Applications
Designing Web Applications
Public Tests - University of Maryland
Public Tests - University of Maryland
COMS S1007 Object-Oriented Programming and Design in Java August 12, 2008
COMS S1007 Object-Oriented Programming and Design in Java August 12, 2008
Lab 3 - Console Output and Arithmetic Expressions
Lab 3 - Console Output and Arithmetic Expressions
File - LSESU Applicable Maths Society
File - LSESU Applicable Maths Society
Streams, File I/O, Standard Streams and Scanner class
Streams, File I/O, Standard Streams and Scanner class
Table of Contents - Baton Rouge Community College
Table of Contents - Baton Rouge Community College
Chapter Eight - Object-Oriented Application Frameworks
Chapter Eight - Object-Oriented Application Frameworks
Object and Class in Java
Object and Class in Java