Verifier (was Re: Zlib in kaffe?)

Jim Pick jim at
Sun Mar 31 15:51:57 PST 2002

I'm not studied up on Java security / verifier theory yet, so I really don't
know where we are at with that.

I did see a patch posted last year for "full bytecode verification":

Has anyone looked at that?

I also noticed that Tom Tromey has been doing work on the gcj verifier, so
that's probably worth looking at.  I think he also did some work on some
verifier tests for Mauve.

It's a bit early to talk about release goals for the next stable series
(which I think I want to number 1.2.x, after a 1.1.x development series),
but I think I definitely want to see complete 1.1.x security, so kaffe could
be used as a plugin to web browsers to run applets.


 - Jim

----- Original Message -----
From: "Erik Corry" <erik at>
To: <kaffe at>
Sent: Sunday, March 31, 2002 6:46 AM
Subject: Re: Zlib in kaffe?

> On Mon, Mar 18, 2002 at 07:59:28AM -0800, Jim Pick wrote:
> >
> > Of course, from what I understand, we do not have a complete bytecode
> > verifier yet
> Is anyone working on that?
> What I think I can see is:
> * We don't zero the stack when checking error handlers.
> * We don't merge object types where several basic blocks
>   merge into one
> * We don't handle jsr/rts right
> --
> Erik Corry

More information about the kaffe mailing list