Verifier (was Re: Zlib in kaffe?)
Jim Pick
jim at kaffe.org
Sun Mar 31 15:51:57 PST 2002
I'm not studied up on Java security / verifier theory yet, so I really don't
know where we are at with that.
I did see a patch posted last year for "full bytecode verification":
http://rpmfind.net/tools/Kaffe/messages/1372.html
Has anyone looked at that?
I also noticed that Tom Tromey has been doing work on the gcj verifier, so
that's probably worth looking at. I think he also did some work on some
verifier tests for Mauve.
It's a bit early to talk about release goals for the next stable series
(which I think I want to number 1.2.x, after a 1.1.x development series),
but I think I definitely want to see complete 1.1.x security, so kaffe could
be used as a plugin to web browsers to run applets.
Cheers,
- Jim
----- Original Message -----
From: "Erik Corry" <erik at arbat.com>
To: <kaffe at rufus.w3.org>
Sent: Sunday, March 31, 2002 6:46 AM
Subject: Re: Zlib in kaffe?
>
> On Mon, Mar 18, 2002 at 07:59:28AM -0800, Jim Pick wrote:
> >
> > Of course, from what I understand, we do not have a complete bytecode
> > verifier yet
>
> Is anyone working on that?
>
> What I think I can see is:
>
> * We don't zero the stack when checking error handlers.
> * We don't merge object types where several basic blocks
> merge into one
> * We don't handle jsr/rts right
>
> --
> Erik Corry
>
More information about the kaffe
mailing list