Verifier (was Re: Zlib in kaffe?)
jim at kaffe.org
Sun Mar 31 15:51:57 PST 2002
I'm not studied up on Java security / verifier theory yet, so I really don't
know where we are at with that.
I did see a patch posted last year for "full bytecode verification":
Has anyone looked at that?
I also noticed that Tom Tromey has been doing work on the gcj verifier, so
that's probably worth looking at. I think he also did some work on some
verifier tests for Mauve.
It's a bit early to talk about release goals for the next stable series
(which I think I want to number 1.2.x, after a 1.1.x development series),
but I think I definitely want to see complete 1.1.x security, so kaffe could
be used as a plugin to web browsers to run applets.
----- Original Message -----
From: "Erik Corry" <erik at arbat.com>
To: <kaffe at rufus.w3.org>
Sent: Sunday, March 31, 2002 6:46 AM
Subject: Re: Zlib in kaffe?
> On Mon, Mar 18, 2002 at 07:59:28AM -0800, Jim Pick wrote:
> > Of course, from what I understand, we do not have a complete bytecode
> > verifier yet
> Is anyone working on that?
> What I think I can see is:
> * We don't zero the stack when checking error handlers.
> * We don't merge object types where several basic blocks
> merge into one
> * We don't handle jsr/rts right
> Erik Corry
More information about the kaffe