启动java应用程序时使用-noverify [英] Use of -noverify when launching java apps

问题描述

我看过很多应用程序需要使用乐器类并将 -javaagent 作为参数加载时也放入 -noverify 到命令行。

I have seen many apps that take instrument classes and take -javaagent as a param when loading also put a -noverify to the command line.

Java doc说 -noverify 关闭了类验证。

The Java doc says that -noverify turns off class verification.

然而，为什么有人想要关闭验证，即使他们正在检测课程？

However why would anyone want to turn off verification even if they are instrumenting classes?

推荐答案

启动时间，我会说。在加载类时，验证类是否正确需要一些时间。由于类可能以惰性方式加载（不是在应用程序启动时加载，而是在第一次使用时），这可能会导致意外和不希望的运行时延迟。

Start-up time, I'd say. Verification that classes are correct takes some time when the class is loaded. Since classes might be loaded in a lazy fashion (not on app start, but when being used for the first time), this might cause unexpected and undesired runtime delays.

实际上该课程一般不需要检查。编译器不会发出任何无效的字节码或类构造。验证的原因是该类可以构建在一个系统上，在线托管并通过未受保护的互联网传输给您。在此路径上，恶意攻击者可能会修改字节码并创建编译器可能永远不会创建的内容;可能导致JVM崩溃或可能绕过安全限制的东西。因此，在使用之前验证该类。如果这是本地应用程序，通常不需要再次检查字节码。

Actually the class does not need to be checked in general. The compiler will not emit any invalid bytecode or class construct. The reason for verification is that the class may be build on one system, get hosted online and is transmitted to you through the unprotected internet. On this path, a malicious attacker might modify the bytecode and create something the compiler might never create; something that can crash the JVM or possibly circumvents security restrictions. Thus the class is verified before it is used. If this is a local application, there is usually no need to check the bytecode again.

这篇关于启动java应用程序时使用-noverify的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！