How does bytecode get verified in the JVM?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Oracle themselves have a little snippet page on how it works here.
Basically, the JRE doesn’t trust the JDK. That’s because it has no knowledge of which JDK compiler created the class file. It treats the class file as hostile until verified.
Expanding on that, the bytecode verification is a necessary step to protect from what Sun call a ‘hostile compiler’. Sun’s own Java compiler ensures that Java source code doesn’t violate the safety rules but, when an application imports a code fragment, it doesn’t actually know if the code fragment follows Java language rules for safety. In other words, the code may not have been produced by a trustworthy Java compiler.
In that case, the Java run time system on your machine has to assume the fragment is bad and subjects it to bytecode verification.
The Java virtual machine does not even see the bytecode until it’s been through this verification process. Doing this as the bytecode is loaded also has the advantage that a whole lot of run time checks don’t need to be performed every time the code is executed. Because it’s been verified as correct, it can, once it starts running, run faster than would otherwise be possible.
A rendition of the linked diagram is below: