Re: Java Mustang - new type verifer
- From: Thomas Hawtin <usenet@xxxxxxxxxxxxxxxxx>
- Date: Wed, 30 Nov 2005 00:22:23 +0000
Yamin wrote:
This is just out of curiosity having read up a bit on the upcoming new type verifier for Java Mustang.
It's an improved version of what already happens on Java ME/J2ME.
Basically some of the verification will be done at compile time and the information saved in the class file. Thus, when the program is run, some of the verification is already done and the application can now run faster.
I'm not looking for any great detail, but in general, does anyone know what prevents someone from 'adjusting' the verification information saved in the class file to bypass some of java security features?
It does check that the stack map/table agrees with the code. This is much faster than inferring what it should be, apparently. For instance, I don't believe it has to track backward jumps or deal figure out situations involving multiple routes to an instruction.
Don't worry, I trust the JVM guys to have taken care of this :) I'm just wondering how it works.
You can check it yourself. There is an exceptionally modest reward if you find a hole.
If I wanted to know how thoroughly something has been checked for holes, I'd put some in deliberately and see if they get spotted. So there might well be some fame there for the taking. Or not.
Tom Hawtin -- Unemployed English Java programmer http://jroller.com/page/tackline/ .
- References:
- Java Mustang - new type verifer
- From: Yamin
- Java Mustang - new type verifer
- Prev by Date: Re: Using PHP language in Java/JSP files.
- Next by Date: Re: hashCode() ?
- Previous by thread: Java Mustang - new type verifer
- Next by thread: Question about Stateless Session Beans and creation
- Index(es):
Relevant Pages
|
|
