The whole process of the Java virtual machine loads classes include: loading, validation, preparation, resolution, initialization . Validation, preparation, called to resolve the connection process. Today we talk about verification.
The first step is to verify the connection phase, the purpose of this stage is to ensure that the information byte stream file included in Class meet the requirements of the current virtual machine, the virtual machine will not jeopardize their own safety.
java language relatively safe (with respect to the C / C ++), using pure java code can not do some of the acts, such as accessing data outside array bounds, a type of transition to type it does not achieve the jump to the code that does not exist line sort of thing, if you do this, the compiler will refuse to compile (is this is usually said compiler error?). But I said before, Class document does not necessarily require a java compiled from the source code, you can use any way to produce, even including the preparation of Class files directly in hexadecimal compiler. Therefore, the above java code can not do the things you can do to generate Class file through other means. If the virtual machine does not check the incoming byte stream, probably because the byte stream loaded with harmful and cause the system to crash. Therefore, the validation is a virtual machine for their own protection is an important work.
Whether rigorous validation phase, directly determines the java virtual machine can withstand malicious code attacks, speaking from the perspective of execution performance, workload validation phase in the class virtual machine load subsystem has accounted for a large part of it.
As a whole, the validation phase substantially completes several tasks: validation file format, metadata validation, bytecode verification, verification of symbolic references.
- File format validation . The main Verify that starts with the Magic 0xCAFEBABE, master \ minor version number is in the current virtual machine processing range, if there is a constant type is not supported by the constant constant pool, the various parts and documents Class file itself if there is to be deleted or other additional information. In short, the stage main purpose is to ensure that the input byte stream can be parsed and stored in the correct area method, described in line with the requirements of a type of information on the java format . Verify this stage is performed based on a binary byte stream, and only after the verification by this stage of the method of the byte stream will enter the region of memory for storage, the three phases of verification are all based method rear region storage structure, and will not directly operate the byte stream.
- Metadata validation . Byte code description information is present semantic analysis phase, to ensure compliance with the information which describes the java language specifications, this stage may include: whether the class has a parent class (except java.lang.Object, all other classes should be there are parent); whether the parent of this class inherits does not allow inherited class (modified final class); If the class is not an abstract class, whether to implement all the methods of its parent class or interface implementation requirements; class fields, methods conflict with whether the parent class. The main purpose of this phase is to obtain metadata information such semantic verification, to ensure that metadata information does not meet the java language specification does not exist .
- Bytecode verification . This is the entire validation process is the most complex stage, the main purpose is the data flow and control flow analysis to determine the semantics of the program is legitimate, logical. In the second stage after the data type metadata information check done at this stage will verify the method body analysis to ensure the method validation class at runtime will not make harm virtual machine security event. For example: to ensure that the data type of the operand stack with the code sequence of instructions can work together, not appear similar in operation to put a stack int, long used Shique be loaded by the local variable table; jump instruction does not ensure that the jump to the bytecode instructions other than the method body; assurance method body type conversion is effective, for example, to assign to a child class object data type is a parent class of security, but the data of the parent class assigned to the subclass, even Object data types assignment given him no contact, it is dangerous and illegal.
- Verification of symbolic references . Final stage check occurs in the virtual machine when the symbol references into direct reference, the conversion operation in the third phase of the connection - Analytical phase occurs. Reference symbol verification information can be seen as a class other than itself (the constant pool reference symbols) of the matching check , need to check: whether the fully qualified name of the symbol strings described by reference to find corresponding class; in whether there is a compliance method of field descriptors and fields and methods described simple name specified class; accessible symbolic reference classes, fields, methods (private, protected, public, default ) whether the current class can be accessed. The purpose is to ensure the verification of symbolic references analysis operation can be executed properly.