Information flow analysis for mobile code in dynamic security environments

stack: as ∈ Exp∗ Table 5.1 on the preceding page defines the function BC2IRinstr which takes a bytecode address, a bytecode instruction and an abstract input stack, and produces an IR instruction and an abstract output stack. The function reconstructs the high-level expressions from operand-stack manipulating bytecode instructions. The bytecode instructions store x, putf f , newC , and callm are translated to assignments blocks, where the result of the operation is immediately written to a temporary variable. There is a one-to-one correspondence between the BC instructions and the IR instructions. The function assumes for each method m and for each instruction address i the existence of arbitrarily many temporary variables t 0 i , t 1 i , t 2 i , . . . that are available for the instruction IR[m, i ]. This way, each temporary variable t k i is assigned at exactly one point in the IR program, namely at address i . The side conditions require that an assigned temporary variable t k i must not have occurred in the input stack of the instruction at address i . Special care has to be taken for instructions that possibly invalidate the contents of the abstract stack. For store x operations, the contents of the variable x is first stored in a temporary variable t 0 i before x is overwritten. In the output stack, all occurrences of x are replaced by t 0 i , which holds the saved old value of x. For putf f and callm, the entire abstract input stack as is saved in a sequence of temporary variables ti , and this sequence is then the output stack. Transformation of multiple instructions Ranges of bytecode instructions are transformed with BC2IRrng(BC ,m, I ), shown as Algorithm 1 on the previous page. The function traverses a set of instruction addresses I sorted in ascending order, and writes the compiled instructions into the array IR[m, i ]. At the same time, it defines the arrays ASin[m, i ] (input stack for instruction i ) and ASout[m, i ] (output stack for instruction i ). The function BC2IRrng(BC ,m, I ) relies on BC2IRinstr, and chains the abstract stacks, such that the output stack of an instruction becomes the input stack of its immediate successor. Additionally, it ensures that the abstract input stacks at jump targets are empty, and fails if a jump instruction produces an output stack that is not empty. Note that it cannot happen that a side condition of BC2IRinstr fails when used within BC2IRrng. This would only be possible if any of the variables t k i occurs in the input stack ASin[m, i ], but no instruction preceding the one at address i generates the variable t k i . Transformation of method bodies The function BC2IRmtd(BC ,m), shown as Algorithm 2 on the preceding page, transforms methods by setting the input stack of the entry point to 2, and then using BC2IRrng for the method body.