Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is bytecode verification performed in Java?

From my understanding so far from this article the authors write the main purpose is to check if someone changed the bytecode. Because "a class file generated by a compiler for the Java programming language always passes verification". Is this the only reason we have a bytecode verifier, to prevent others from maliciously changing our bytecode?

like image 751
Catherine Avatar asked May 23 '18 09:05

Catherine


1 Answers

One of the other reasons is that checking bytecode ensures that this is actually valid bytecode which jvm can run, it prevents jvm from running invalid code which will may lead to some unpredictable results. By disabling bytecode verification, you say that you trust all classes you load to be bug-free at the bytecode level.

Useful article.

When you have a big project with lots of dependencies you usually cannot say certainly if somewhere in this project or its dependencies you generate some classes, and even if you certainly now these places, you couldn't be certain that there are no bugs there. This code generating these classes can have bugs and you can end up with invalid bytecode.

Also even javac can have some bugs in it, so even it can produce invalid classes as output.

like image 157
Ruslan Akhundov Avatar answered Sep 30 '22 03:09

Ruslan Akhundov