Alessandro Coglio

Learn More
SUMMARY In the course of our work in developing formal specifications for components of the Java Virtual Machine (JVM), we have uncovered subtle bugs in the bytecode verifier of Sun's Java 2 SDK 1.2. These bugs, which lead to type safety violations, relate to the naming of reference types. Under certain circumstances, these names can be spoofed through(More)
SUMMARY Java is normally compiled to bytecode, which is verified and then executed by the Java Virtual Machine. Bytecode produced via compilation must pass verification. The main cause of complexity for bytecode verification is subroutines, used by compilers to generate more compact code. The techniques to verify subroutines proposed in the literature(More)
This roadmap describes ways that researchers in four areas---specification languages, program generation, correctness by construction, and programming languages---might help further the goal of verified software. It also describes what advances the "verified software" grand challenge might anticipate or demand from work in these areas. That is, the roadmap(More)
This paper reports on our ongoing efforts to realize a provably-correct implementation of the Java Virtual Machine bytecode verifier. We take the perspective that byte-code verification is a data flow analysis problem, or more generally, a constraint-solving problem on lattices. We employ SPECWARE, a system available from Kestrel Institute that supports the(More)
This report has been submitted for publication outside of ITC and will probably be copyrighted if accepted for publication. It has been issued as a Technical Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of ITC prior to publication should be limited to peer(More)
// A practical design and runtime solution incorporates modern software development practices and technologies along with novel approaches to address the challenges of effectively managing constrained resources and isolating applications without adverse performance effects. // MOBILE CLOUD COMPUTING in-frastructures supporting the vision of the Internet of(More)
SUMMARY Bytecode verification is the main mechanism to ensure type safety in the Java Virtual Machine. Inadequacies in its official specification may lead to incorrect implementations where security can be broken and/or certain legal programs are rejected. This paper provides a comprehensive analysis of the specification, along with concrete suggestions for(More)
This paper reports on our ongoing eeorts to realize a provably-correct implementation of the Java Virtual Machine bytecode veriier. We take the perspective that bytecode veriication is a dataaow analysis problem, or more generally, a constraint solving problem on lattices. We employ Specware, a system available from Kestrel Institute that supports the(More)