[kaffe] verifyMode, obsolete flags, a man page patch, and trusted code

Rob Gonzalez rgonzale at wso.williams.edu
Wed Jun 18 12:52:01 PDT 2003


hi everyone,

I'm currently redoing a few sections of my verifier and adding support for
subroutine verification (the one major thing that has been lacking from my
verifier implementation this whole time...so my verifier has never been
able to check any classes with try-finally clauses), but have a couple
questions that'll help me get it be ready for sharing.


In the method verify3() in kaffe/kaffevm/verify.c, a quick check is made
to see whether verifyMode = 0 and, if so, no verification is performed.

In kaffe/kaffe/main.c, flags are processed.  According to the kaffe man
page, -noverify (which sets verifyMode to 0) is the only option that can
change the way verification is done.  However, main.c also accepts -verify
(setting verifyMode to 3) and -verifyremote (setting it to 2).  In
kaffe/kaffevm/jni.c, verifyMode is set to 0 (no verification) by default.

I cannot find documentation anywhere as to what -verifyremote really
means.  If this option is obsolete, it should probably be removed from
main.c's option() method.  Otherwise, I need to know what -verifyremote is
supposed to do.

Also, documentation for -verify should probably be included in kaffe's man
page.  It doesn't make sense to remove this option because, currently, not
verifying anything is the default, so there should be a way to turn it on
:)  I've included a patch that adds documentation for -verify to the man
page.


I also have a question regarding the verification of trusted libraries.  
I know that kaffe now has support for -bootclasspath.  Should the
verifier, to save time, not verify any classes that are found in the
-bootclasspath?  Or should it ignore standard library classes to save time
and, if so, how would it determine which classes are standard library and
which are not?  At the moment my verifier checks that the first few
characters of the class being verified are "kaffe/" or "java/" and that
its loader is the default loader, but I'm not convinced this is 100% safe.  
Any thoughts would be appreciated.


Thanks,
Rob


ps - Just started playing with 1.1.0 the last few days, and I'm pretty
impressed.  Many kudos to all you who have been putting a ton of time into
this project since 1.0.7!
-------------- next part --------------
--- kaffe/man/kaffe.1.in	2002-04-16 16:52:51.000000000 -0500
+++ ../kaffe/kaffe/man/kaffe.1.in	2003-06-18 15:09:32.000000000 -0500
@@ -13,7 +13,7 @@
 .BI "[\-mx" " size" "]"
 .BI "[\-classpath" " path" "]"
 .BI "[\-addclasspath" " path" "]"
-.BI "[\-noverify]"
+.BI "[\-verify | \-noverify]"
 .BI "[\-D" "property" "=" "value" "]"
 .BI "[\-v]"
 .BI "[\-verbosegc]"
@@ -57,6 +57,9 @@
 Appends the given path to the current classpath setting. Multiple
 instances of this flag may be given.
 .TP
+.B "\-verify"
+Verify all bytecode that is not trusted.
+.TP
 .B "\-noverify"
 Do not verify any bytecode.
 .TP


More information about the kaffe mailing list