Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m new to Java, and was told to use the Java Native Interface to run some code I wrote in C.
Now, this might be a stupid question, but what’s the point of the JNI ? Can’t I simply execute my process from a Java UI program and get its stdout to parse ?
Also, I’ve read that the use of JNI might cause security issues. Do these issues directly depend on the quality of the invoked code ? Or is this something deeper ?
Thanks.
It enables you to mix C and Java code within the same process.
A lot of things that can be achieved by using JNI can also be achieved by using inter-process communication (IPC). However, you’d have to ship all the input data to the other process, and then ship all the results back. This can be pretty expensive, which makes IPC impractical for many situations where JNI can be used (e.g. wrapping existing C libraries).
The point here is that the JVM does a lot of work to ensure that whatever Java code is thrown at it, things like buffer overruns, stack smashing attacks etc can’t occur. For example, it performs bounds checking on all array accesses (which C doesn’t).
On the other hand, JNI code is a black box to the JVM. If there’s a problem with the C code (e.g. a buffer overrun), all bets are off.