By default, the Verifier is disabled on .Net and Java

[cradle at umd.edu (David Eisner)]

Wall, Kevin wrote:
> >  same intuition about the verifier, but have just tested  
> > this and it is not the case.  It seems that the -noverify is the  
> > default setting! If you want to verify classes loaded from the local  
> > filesystem, then you need to explicitly add -verify to the cmd line.
> >     


Is this (still) true?  The -verify and -noverify flag are no longer
documented [1], although they are still accepted.

I did a little experiment (with my default 1.5 VM).  I compiled a
HelloWorld program, then changed a few byes in the class file with a hex
editor.

-----8<----------
$ java -cp . HelloWorld
Exception in thread "main" java.lang.ClassFormatError: Interface name
has bad constant pool index 13056 in class file HelloWorld
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
        at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
        at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)

$ java -cp . -verify HelloWorld
Exception in thread "main" java.lang.ClassFormatError: Interface name
has bad constant pool index 13056 in class file HelloWorld
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
        at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
        at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)

$ java -cp . -noverify HelloWorld
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d7415fb, pid=3512,
tid=2260
#
# Java VM: Java HotSpot(TM) Client VM (1.5.0_06-b05 mixed mode)
# Problematic frame:
# V  [jvm.dll+0x615fb]
#
# An error report file with more information is saved as hs_err_pid3512.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

-----8<----------

-David

[1] http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/java.html