Recent Features
| |||||||||||||
Surprisingly enough...Surprisingly enough...Posted Oct 31, 2010 16:45 UTC (Sun) by mjw (subscriber, #16740)In reply to: Surprisingly enough... by mikov Parent article: A Firefox zero-day vulnerability
Some free software java runtime implementations, like gij and ikvm, have always had java byte code verifiers. There is even a free software GPL testsuite Mauve http://www.sourceware.org/mauve/ that includes various tests to make sure it works correctly. And of course icedtea/openjdk as reference java implementation includes one.
(Log in to post comments)
Surprisingly enough... Posted Oct 31, 2010 20:17 UTC (Sun) by mikov (subscriber, #33179) [Link]
That is not true, as far as I know. The verifier is always added late in the game, for completely understandable reasons I should say - the verifier itself is more complex that the entire bytecode interpreter.
Surprisingly enough... Posted Oct 31, 2010 20:42 UTC (Sun) by mjw (subscriber, #16740) [Link]
Seems all the free byte code verifiers out there are actually pretty old.
Here is the ikvm byte code verifier written in c#:
Here is the gij one written in c++:
The mauve verify testsuite is here:
There are even a couple of (stand alone) byte code verifiers written in java. bcel and asm contain one for example.
And of course icedtea/openjdk contained one from the start also.
|
|||||||||||||