The bytecode verifier is an internal component of the Java Virtual Machine (JVM) and is responsible for detecting non-confirming Java codebytecode. It ensures that the class file is in the proper format, that illegal type casts are not performed, and it prevents operand stack overflows or underflows. Users sometime assume that their code obtained from a trustworthy source is safe and disable bytecode verification. This practice conforming and consequently safe for execution. Bytecode verification may be perceived as a superfluous activity in such cases. This notion is extremely dangerous.
Noncompliant Code Example
The verification process is automatically initiated unless the -Xverify:none flag is specified on the command line. This noncompliant example uses this flag to disable bytecode verification.
| Code Block | ||
|---|---|---|
| ||
java -Xverify:none application.java |
...
Bytecode verification happens by default in most implementations. If it does not, the -Xverify:all flag can be specified on the java command line.
On Java 2 systems, classes loaded by the primordial class loader (that loads classes from the boot class path) are not required to perform bytecode verification. The verification is automatically performed when a class loader loads a class dynamically.
...