Preverifying Class Files

Previous page
Table of content
Next page
Team-Fly

Now comes an entirely new step in building your program, preverifying. Because the memory on small devices is so scarce, the MIDP (actually, the CLDC) specifies that bytecode verification be split into two pieces. Somewhere off the device, a preverify step is performed. The device itself is only required to do a lightweight second verification step before loading classes.

As you may recall, bytecode verification is one of the foundation stones of Java's runtime security model. Before a classloader dynamically loads a class, the bytecode verifier checks the class file to make sure it behaves well and won't do nasty things to the JVM. Unfortunately, the code that implements the bytecode verifier is bulky, too large to fit on a small device like a mobile phone. The two-step bytecode verification dictated by the CLDC works like this:

  1. Off the device, class files are preverified. Certain checks are performed, and the class file is massaged into a format that the lightweight second-step verifier can easily handle.

  2. On the device, the second step of verification is performed as classes are loaded. If a class file has not been preverified, it is rejected.

The MIDP software contains a tool called preverify that performs the first step. On Windows, using Sun's reference implementation, this tool is buried in the build\win32\tools directory in the MIDP installation directory. You may wish to add it to your path.

The preverify tools takes, as input, a class file. It produces a preverified class file. You need to specify a classpath, so the tool can find the class you want to preverify as well as any referenced classes. Finally, you can specify an output directory using the -d option. To overwrite an existing class file with a preverified version, you could do something like this:

 preverify -classpath .;\midp\classes -d . Jargoneer

Don't forget that Jargoneer has an inner class, Poster, which must also be preverified:

 preverify -classpath .;\midp\classes -d . Jargoneer$Poster

In these examples, the -d option tells preverify to write the preverified class file to the current directory.

If you're using the J2MEWTK instead of the command-line tools, you don't have to worry about explicitly preverifying your class files. The J2MEWTK preverifies class files automatically.

Note 

Splitting bytecode verification into two pieces like this has important security ramifications. Devices should only download code from trusted sources, using a secure method, because some bytecode verification is performed off the device. An attacker could supply malicious code that appeared to be preverified, even if it violated the rules of the full J2SE bytecode verifier. To the MIDP second-step verifier, the code would look okay.

Team-Fly

Previous page
Table of content
Next page
Wireless Java. Developing with J2ME
ColdFusion MX Professional Projects
ISBN: 1590590775
EAN: 2147483647
Year: 2000
Pages: 129
Authors: Rohit Kochar, Parag Rastogi
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Agile Project Management: Creating Innovative Products (2nd Edition)
Lotus Notes and Domino 6 Development (2nd Edition)
Mapping Hacks: Tips & Tools for Electronic Cartography
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy