Slashdot Mirror

← Back to Stories (view on slashdot.org)

Help crack the Java 1.6 Classfile Verifier

Posted by ryuzaki0 on from the crack-it-break-it-open-jump-on-it dept.

pdoubleya writes "As part of the development of Mustang (Java 1.6), Sun is developing a new, smaller and faster classfile verifier which they want your help in trying to break. As Sun VP Graham Hamilton puts it in his blog entry, "As part of Mustang we will be delivering a whole new classfile verifier implementation based on an entirely new verification approach. The classfile verifier is the very heart of the whole Java sandbox model, so replacing both the implementation and the basic verification model is a Really Big Deal.... The new verifier is faster and smaller than the classic verifier, but at the same time it doesn't have the ten years of reassuring shakedown history that we have with the classic verifier." You can read about the new verifier on Gilad Bracha's blog, and join the new Crack the Verifier initiative to if you can break it. Read all about the Crack the Verifier - Challenge."

2 of 276 comments (clear)

  1. Aren't QA people supposed to get paid? by Jeff+Hornby · · Score: 0, Troll

    Sounds like a desperate attempt to save a few bucks by not hiring testers: release the software and "challenge" people to break it.

    I challenge Sun to hire a full development team including quality assurance and not put the onus on the community to find their bugs.

    --
    Why doesn't Slashdot ever get slashdotted?
  2. Someone Remind Me... by h4ck7h3p14n37 · · Score: 1, Troll
    ...why we'd want to test Sun's code for free? Oh, that's right, we get props at either the JavaOne Conference, or on a webpage!
    • If you find a flaw in the specification itself - the design of the Type Checking Verifier as embodied in JSR 202 - that compromises the security of the JDK, Sun will specially recognize and thank you for your contribution to the Java platform at the JavaOneSM 2006 conference, during one of the Day 1 keynote sessions on May 15, 2006, in front of all JavaOne 2006 conference attendees.
    • If you find an ambiguity in the wording of the specification that could allow an alternative, unsafe implementation to be created, or if you find an implementation flaw or coding error in the source code for the Type Checking Verifier in the Java SE 6 JDK, you'll be recognized on a special "Verifier Verified" web page on the JDK Community site, as well as a roll call of contributors that will be included for posterity in the source code itself.

    To make the contest even more attractive, we have to sign a legal agreement to review the source code:

    Anyone may participate, but if you would like to review the source code, you'll need to agree to the Java Research License first.
    Thanks Sun, but no thanks. If you want me to do your work for you, I'd better be getting paid in a cash equivalent.