I'm not studied up on Java security / verifier theory yet, so I really don't know where we are at with that.
I did see a patch posted last year for "full bytecode verification": http://rpmfind.net/tools/Kaffe/messages/1372.html Has anyone looked at that? I also noticed that Tom Tromey has been doing work on the gcj verifier, so that's probably worth looking at. I think he also did some work on some verifier tests for Mauve. It's a bit early to talk about release goals for the next stable series (which I think I want to number 1.2.x, after a 1.1.x development series), but I think I definitely want to see complete 1.1.x security, so kaffe could be used as a plugin to web browsers to run applets. Cheers, - Jim ----- Original Message ----- From: "Erik Corry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, March 31, 2002 6:46 AM Subject: Re: Zlib in kaffe? > > On Mon, Mar 18, 2002 at 07:59:28AM -0800, Jim Pick wrote: > > > > Of course, from what I understand, we do not have a complete bytecode > > verifier yet > > Is anyone working on that? > > What I think I can see is: > > * We don't zero the stack when checking error handlers. > * We don't merge object types where several basic blocks > merge into one > * We don't handle jsr/rts right > > -- > Erik Corry >