A Comprehensive Context for Mobile-Code Deployment

 Introduction

Given the acknowledged importance of existing and emerging mobile code technologies, remarkably little attention has so far been devoted to the management of mobile programs. The by far predominant model, which for example underlies the distribution of Java “applets” over the Internet, identifies dynamically linkable parts of mobile programs by a URL string. The model further assumes that the constituent parts that make up a mobile program will all be downloaded to a single location, and then verified, linked, possibly dynamically compiled, and finally executed at that very location.

It is immediately obvious that this model is far too primitive to capture the whole spectrum of meaningful distribution schemes for mobile code. There are many modes of mobile-code dissemination and deployment that are likely to be highly useful, but that are badly or not at all supported by current distribution models and architectures. What is needed is an overarching architecture that can describe not only current modes of mobile-code deployment, but also all meaningful future ones such as the physical separation of the machines performing verification, dynamic compilation, and execution, and support for the existence of multiple levels of security along the code distribution pipeline.

We are conducting methodical research to implement a prototype mobile-code distribution architecture. First, we are developing a comprehensive model that can capture all meaningful modes of mobile-code deployment, including issues of code versioning, code migration, and the differentiation between code validation, dynamic code translation between instruction formats, and code execution, which potentially could occur at multiple physically disjoint sites. This model provides a taxonomy of mobile-code distribution modes. Simultaneously, we are casting this model into an actual extensible distributed safe and secure code management architecture. As a practical application of this architecture, we are currently implementing a prototype system in which native code is generated at a firewall from a mobile-code distribution format and then downloaded to computationally restricted devices deployed in the theater via a secure high-bandwidth short-range wireless link.

A significant issue when compiling mobile code to native code is the sheer size of the Java API. If a compiler does not apply any optimizations, it would have to compile all methods of all classes a program references, and the resulting code size would be too large for mobile devices. To avoid this class explosion problem, our compiler performs Rapid Type Analysis, a powerful technique that determines callable methods based on the classes instantiated in a program. By compiling only the callable methods, it dramatically reduces code size. Without Rapid Type Analysis, the native codestream of a typical HelloWorld graphical application is nearly a megabyte. Rapid Type Analysis reduces the code size to around 100 kilobytes, as shown below.

Additionally, the control flow graph constructed after uncallable methods have been deleted is more precise than its original counterpart. Thus, dataflow analysis on the revised control flow graph is faster and more accurate, allowing better optimizations of the generated code. To facilitate fast and efficient recompilation for diverse platforms, our compiler caches intermediate results. Hence, it can use the same, highly optimized intermediate representation across platforms.

Our final focus is on making a greater range of security policies amenable to automatic verification, by creating source-language constructs and accompanying type systems for representing these properties directly at the source-language level. Any such policy that can be cast into a language construct not only enables mechanical checking at the code receiver’s side, but also directly exposes these policies to the programmer rather than hiding them behind an API. It thereby raises the semantic level on which mobile code can be reasoned about and enhances the programmer’s understanding of the process.

ProxyVM Infrastructure Overview

The ProxyVM framework increases the utility of resource constrained mobile devices through software techniques. The framework positions a powerful server infrastructure, the proxy, between mobile devices and the internet. The proxy includes a Just-In-Time compiler and bytecode translator. A high bandwidth, low latency secure wireless connection mediates communication between the proxy and mobile devices in the vicinity. Users can request internet applications as they normally would through a web browser. The proxy intercepts these requests and reissues them to a remote internet server. The server sends the proxy the application in mobile code format. The proxy verifies the application, compiles it to native code, and sends part of the generated code to the target. The remainder of the code executes on the proxy itself to significantly reduce execution time and resource consumption. This partitioning decision is adapted during application execution in response to feedback from the target.

ProxyVM Status

We currently have an infrastructure that enables resource-efficient mobile code execution on the Sharp Zaurus, a PDA with 64MB of RAM,16MB of ROM, and a 206 MHz StrongARM CPU. Our architecture consists of a Proxy bytecode compiler on a desktop PC and a runtime system on the Zaurus. In a typical transaction, the user requests a class file from the internet. The proxy intercepts the request, downloads required classes, compiles the classes to native code and sends the binary to the PDA. The runtime system executes the code after mapping it into memory. Thereafter, the code executes without using *any* Java support on the handheld.

Over the past year we have added support for several essential Java constructs including floating point instructions, exceptions, threads, garbage collection, strings, interfaces, math libraries, networking and I/O libraries, and the Abstract Window Toolkit. We have also implemented algorithms to identify callable methods in Java programs. The selective compilation of these methods reduces compilation time, code size and memory consumption on the target. These novel features enable remote execution of graphical programs on the Zaurus. We presented them at the 2001 UCI Mobile Code Symposium and discussed them in detail in a recent technical report.

We are augmenting our compiler to generate an intermediate representation and register-based code. For portability and debugging purposes, the code-generator will output ELF binaries. We are also reducing the trusted codebase on the handheld to the bare minimum for loading and executing programs. Two postdoctoral fellows and five senior undergraduates are assisting our efforts.

We are also developing an experimental platform to study application partitioning driven by resource constraints. The platform will allow us to evaluate partitioning choices for diverse architectures and at different granularity levels, including the source level, bytecode level, class level and object level. Its cost function will characterize application behavior statically and dynamically by incorporating essential runtime information such as communication overhead, memory requirements and battery consumption.

Our partitioning algorithm first performs static global program analysis to compute resource requirements and determine the least costly partition of the object dependence graph. It then dynamically adapts partitioning decisions with respect to profiling data. This approach differs sharply from traditional approaches that use dynamic strategies alone. While these prior approaches might be effective for very specific optimization criteria, they significantly increase application runtime. Moreover, none of the traditional approaches consider all the optimization criteria our approach considers. This approach is being integrated into the existing ProxyVM compilation and execution platform.