gcjik
Tom Tromey
tromey@redhat.com
Fri Sep 20 13:20:00 GMT 2002
>>>>> "Adam" == Adam Megacz <gcj@lists.megacz.com> writes:
Adam> Is there some way to get gcc to emit a "if null throw
Adam> NullPointerException" before each object reference?
Yes. It is a configure-time option only, called -fcheck-references.
Some ports already use it. You'll probably also want
-fuse-divide-subroutine, another configure-time option.
You have to hack configure.host to get these set correctly for your
port.
Adam> Also, other than having to tweak the GC, is there anything
Adam> greviously wrong with CNI code constructing a jvbytearray whose
Adam> data pointer points at arbitrary places in memory?
To make this work you'd have to change a lot of things, not just the
GC. Right now the `data' field of an array isn't a pointer -- it is
an array. The array header must come before the data; the data field
can't point to some other place.
If you can arrange for the array header to show up just before the
data you care about, and you deal with the alignment issues correctly,
then that would work.
Changing the `data' field to point to arbitrary memory would need
changes in gcj's code generation and in various spots in the library
(I don't have a list). It would be fairly pervasive. Also it seems
like it would carry a performance and size cost.
Adam> Are there any other issues I should be aware of?
Not that I can think of offhand.
Adam> I thought it would be interesting to write a patch for the Linux
Adam> kernel that allows a setuid-root utility ('gcjik') to take a
Adam> .jar from an untrusted user, pass it to a (trusted) copy of gcj,
Adam> and load the resulting binary image directly into the running
Adam> kernel.
This is a neat idea.
Adam> Since gcj-compiled code is 'safe', there's (theoretically) no
Adam> danger in running the code in ring zero, even if you don't trust
Adam> the user who wrote the code.
One problem is that we don't currently implement SecurityManager or
protection domains. So, while we do verify the bytecode in the
compiler, and while it still shouldn't be possible to trash memory, it
is still possible to write unsafe code.
Tom
More information about the Java
mailing list