Skip to main content

The Java Bytecode Verifier [Info Blog]

Even though the Java compiler ensures that Java source code does not violate any safety rule, how can we be sure that the bytecode running in our JVM was not created by malicious compiler?


If the code we run was compiled by us or trusted third parties, then we can be sure, but that is not the case with Applets. When we run an Applet, we run untrusted code. We have no way of knowing if it was created using a malicious compiler. Such code could potentially snoop into our computer's memory, or cause programs to fail by corruppting data structures in memory. This is why the JVM looks at every class with suspicion. The class is subjected to a bytecode verification process before it is loaded.

The bytecode is verified by the Bytecode Verifier. It checks the code for the following violations:

* forging of pointers
* violation of access restrictions
* usage of objects in ways that they were not meant to be used (eg: calling a method on an object, which is not a part of that object)

Through the Bytecode verifier, Java adds security checks at runtime to ensure that safety rules are not violated.

Comments

Post a Comment

Popular posts from this blog

Running your own one person company

Recently there was a post on PuneTech on mom's re-entering the IT work force after a break. Two of the biggest concerns mentioned were : Coping with vast advances (changes) in the IT landscape Balancing work and family responsibilities Since I have been running a one person company for a good amount of time, I suggested that as an option. In this post I will discuss various aspects of running a one person company. Advantages: You have full control of your time. You can choose to spend as much or as little time as you would like. There is also a good chance that you will be able to decide when you want to spend that time. You get to work on something that you enjoy doing. Tremendous work satisfaction. You have the option of working from home. Disadvantages: It can take a little while for the work to get set, so you may not be able to see revenues for some time. It takes a huge amount of discipline to work without a boss, and without deadlines. You will not get the benefits (insuranc...
10 comments
Read more

Testing Groovy domain classes

If you are trying to test Grails domain class constraints by putting your unit test cases in the 'test/unit' directory, then your tests will fail because the domain objects will not have the 'valdate' method. This can be resolved in two ways: Place the test cases inside test/integration (which will slow things down) Use the method 'mockForConstraintsTests(Trail)' to create mock method in your domain class and continue writing your test cases in 'test/unit' What follows is some example code around this finding. I am working on a Groovy on Grails project for a website to help programmers keep up and refresh their skills. I started with some domain classes and then moved on to write some unit tests. When we create a Grails project using grails create-app , it creates several directories, one of which is a directory called 'test' for holding unit tests. This directory contains two directories, 'unit', and 'integration' for unit and ...
11 comments
Read more

Planning a User Guide - Part 4/5 - Get Your Toolbox Together

Photo by  Fleur Treurniet  on  Unsplash In the previous post , I had discussed how to organize the team for creating your software's user manual. With the team ready, the next step is to select the tools. Working with the right technical writing tools is as important in technical writing as it is in building software. The right tools will help you be more organized, productive, and accurate in your work.  In software, we use an IDEs, testing tools, and version control tools to manage our work. In technical writing, at a bare minimum, we use a content authoring tool, an automated grammar checker, and visual tools to assist us in our work.  I'll discuss various tools that are available in the market, link to comparisons, and share my opinion to help you make the right choice. Help Authoring Tools A Help Authoring Tool (HAT) offers several features that go beyond simple word processing software for writing technical documents. HATs s...
Post a Comment
Read more