可以阻止JIT优化方法吗？ [英] can JIT be prevented from optimising method?

问题描述

我有一个代码，我想知道JIT可以阻止优化方法 clearArraySafely ？
是否可以选择性地禁用某些部分代码的JIT？

I have a code and i wonder can JIT be prevented from optimising method clearArraySafely? Is it possible to selectively disabling the JIT for some part of code?

或者，如何确定此代码不会被优化？

Or how can I be sure that this code will not be optimized?

private static char[] password;

public static void clearArraySafely() {
    // Overwritting array
    for (int i = 0 ; i <= password.length; i++) {
       password[i] = 0;
       //System.out.print(i); // <- I don't want to do this trick to be sure
    }
    password = null;
}

有没有好的类来存储char数组的密码？

Is there any good class to store password insted of char array?

推荐答案

这个问题有两个答案：

<

AFAIK，没有办法关闭某个方法的优化。 可能会阻止您担心当前代Java编译器的特定优化。例如：

You can do things that are likely to inhibit the particular optimization you are worried about for current generation Java compilers. For instance:

    private static char[] password;
    public static String dummy;

    public static void clearArraySafely() {
        // Overwritting array
        for (int i = 0 ; i <= password.length; i++) {
           password[i] = 0;
        }
        dummy = new String(password);
        password = null;
    }

JIT编译器无法优化零赋值。如果是，则将创建具有错误内容的虚拟字符串。由于 dummy 可以通过反射访问，而不会破坏任何JLS规则，因此JIT不能应用转义分析来避免创建它。

The JIT compiler cannot optimize away the zero assignments. If it did, then the dummy String would be created with the "wrong" contents. And since dummy can be accessed by reflection without breaking any JLS rules, the JIT can't apply escape analysis to avoid creating it.

但是，请注意，总是有一些未来的一代JIT编译器的可能性... cleverer。如果你想避免这种情况，你需要确保 dummy 以某种方式影响程序的输出;例如

Note however, that there is always the possibility of some future generation JIT compiler being ... cleverer. If you want to avoid that, you'd need to make sure that dummy affects the program's output in some way; e.g. by printing it.

是否有任何好的类存储密码inst数组？

Is there any good class to store password insted of char array?

AFAIK，没有一个不会遇到同样的问题。

AFAIK, none that won't suffer from the same problems.

说到这个级别，保护密码是（IMO）接近偏执狂。如果有人具有从堆中无法访问的对象窃取密码所需的访问级别，则他们很可能以其他方式获取密码;例如通过在操作系统级别拦截字符或通过调试您的JVM。

Having said that, going to this level to protect a password is (IMO) bordering on paranoia. If someone has the level of access required to steal a password out of unreachable objects in the heap, they can most likely get the password other ways; e.g. by intercepting the characters at the OS level, or by "debugging" your JVM.

我的偏执狂与调试JVM相关。

My paranoia is associated with the debug JVM.

很不幸，你的偏执狂不会帮助。

Well unfortunately, your paranoia won't help.

例如，您设计的防止某人附加调试器的方案可以通过逆向工程失败，然后修改 exe 文件。所以你设计的任何其他计划。

For instance, the schemes you designed to prevent someone attaching a debugger can be defeated by reverse engineering and then modifying the exe file. And so can any other schemes you devised.

如果用户控制执行程序的平台，则无法阻止他/她对正在运行的程序进行调试。防止它的唯一方法是只在您控制的平台上运行应用程序。

If a user controls the platform on which your program is executed, it is not possible stop him/her from "debugging" the running program. The only way to prevent it is to only run the application on a platform that you control.

（BTW - 这不是Java特定的问题，它适用于所有的编程语言，一些比其他人更容易攻击，但如果不道德的用户具有熟练和动机，他们可以被黑客攻击，并且有时间开发 。）

(BTW - this is not a Java specific problem. It applies to all programming languages. Some are easier to "hack" than others, but they can all be hacked if the unscrupulous user is skilled and motivated, and has the time to develop the "hack".)

这篇关于可以阻止JIT优化方法吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！