I have seen many apps that take instrument classes and take -javaagent
as a param when loading also put a -noverify
to the command line.
The Java doc says that -noverify
turns off class verification.
However why would anyone want to turn off verification even if they are instrumenting classes?
The JRE is the runtime portion of Java software, which is all you need to run Java WebStart applications from a supported web browser. It doesn't come with development tools, though – these tools are part of the Java Development Kit (JDK).
Java Web Start is an application-deployment technology that gives you the power to launch full-featured applications with a single click from your Web browser.
Start-up time, I'd say. Verification that classes are correct takes some time when the class is loaded. Since classes might be loaded in a lazy fashion (not on app start, but when being used for the first time), this might cause unexpected and undesired runtime delays.
Actually the class does not need to be checked in general. The compiler will not emit any invalid bytecode or class construct. The reason for verification is that the class may be build on one system, get hosted online and is transmitted to you through the unprotected internet. On this path, a malicious attacker might modify the bytecode and create something the compiler might never create; something that can crash the JVM or possibly circumvents security restrictions. Thus the class is verified before it is used. If this is a local application, there is usually no need to check the bytecode again.
When it is used in conjunction with -javaagent
, it is most likely not for performance reasons, but because the agent intentionally creates "invalid" bytecode.
It should be noted that invalid bytecode might still execute fine, because some of the verification rules are quite strict. For instance, this
must not be accessed in a constructor before the super-constructor was called, because the variables are not initialized at this point. But there still might be other things you want to do (see the JRebel example). Then, you use -noverify
to circumvent that rule.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With