1 / 17

JETT 2003

JETT 2003. Java.compareTo(C++). JAVA. Java Platform consists of 4 parts: Java Language Java API Java class format Java Virtual Machine. Java - the Language. Java minimizes debugging and maximizes productivity Features that are build-in into Java: OO, Reflection & multithreading

albina
Télécharger la présentation

JETT 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. JETT 2003 Java.compareTo(C++)

  2. JAVA • Java Platform consists of 4 parts: • Java Language • Java API • Java class format • Java Virtual Machine

  3. Java - the Language • Java minimizes debugging and maximizes productivity • Features that are build-in into Java: • OO, Reflection & multithreading • Multiple Interface Inheritance • Distributed, portable & secure • Architecture neutral (utilizing bytecode) • JIT, Garbage Collected & well-understood

  4. Programming Constructs Tradeoffs • Java Language syntax is simpler • C/C++ Constructs that are NOT present in Java: • Destructors, Operator overloading • Multiple class inheritance • Header files & preprocessor • Pointers, goto, enumerations, structures & unions • Global functions • HelloUniverse & HelloWorld DEMO

  5. Bytecode vs Shellcode • Bytecode Method float add(float, int) 0 fload_1 1 iload_2 2 i2f 3 fadd 4 freturn • Assembly push %ebp mov %esp,%ebp fildl 0x10(%ebp) fadds 0xc(%ebp) pop %ebp ret

  6. Java Platform Stacks Thread Stack Local Variables Table Exec Envirmt Method Operand Stack Stack frame Global Heap

  7. C/C++ Family Stacks System Stack (Linux) Kernel Virtual Memory (code, data, heap, stack) User Stack … Shared Libraries region … malloc heap Segments Loaded from Exec file . Void foo(int k, int m) { int buffer[15]; } Method Invocation Stack Segment . . . . . . . . . . . . . buffer FP SP k m

  8. Memory Scan DEMO BOF Attack DEMO Both DEMO’s will NOT work in Java Cannot use NULL reference in Java methods have individual operand stacks Java API dynamically linked C++ vs. Java Stack Security

  9. Java API • Java 2 Platform API Editions: • Enterprise Edition (J2EE) • Standard Edition (J2SE) • Micro Edition (J2ME) • Java code no longer runs everywhere, only where appropriate JVM & API are installed (still better than recompiling for every host)

  10. 0xCAFEBABE • magic 0xCAFEBABE 4 bytes • version ... 4 bytes • constant pool ... 9th byte (starts with it's own length) • Access flags … 2 bytes (directly after the constant pool are the access flags) • this class … • super class … • and so on... …

  11. C-Family API & Executables • C-Family executables are virtually monolithic, which requires to compile a version for each host type • As in Java, all libraries must be installed on the host beforehand • This is much harder than in Java, since virtually every company has its own libraries to use

  12. Java Virtual Machine (VM) Java API Your Code Class Loader bytecode Class Bytecode Verifier Bytecode Execution Engine Native shellcode

  13. Java Language DEMOs • String DEMO • String Object • Performance • Structured Exception Handling • Reference DEMO • Synchronization • Passing by reference • Inner classes

  14. Java GC - Generational • Young (collected by Copying) • Eden, 2 survivor spaces & Virtual • Old (collected by Mark-Compact) • Permanent, Standard & Virtual Perm Standard Virtual Eden Survivor Spaces Virtual Old Generation Young Generation

  15. C Malloc / C++ New . . . . . . . . . . . . . . . . . . . . Does NOT belong to malloc Malloc list pointer SIZE User Space Address returned to the user Low address High address

  16. Java does provide relatively mobile code MadeInWindows DEMO MadeInSolaris DEMO C++ provides no illusions on its hardware architecture dependence – C++ counts on it Java Bytecode Portability

  17. Pros Distributed, Network Oriented Fast Development and Easy Reuse GC, multithreaded, buld-in synchronization Stack, heap, array & string security Cons Easily Decompiled Cannot be used in real-time systems Java Pros & Cons

More Related