Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld

JavaWorld.com > Java Standard Edition >

Letters to the Editor

JavaWorld.com, 07/25/03

  • Digg
  • Reddit
  • SlashDot
  • Stumble
  • del.icio.us
  • Technorati
  • dzone

Java Q&A
"Back to Your Class Roots"
Vladimir Roubtsov

Final declaration



Vladimir,

I have two questions for you:

  1. What does it mean when you write "[some comment]" in your Javadoc comments?
  2. In your method getClassLocation(), why is it necessary to declare cls as final Class and not simply Class?


Markus Neifer

Markus, I tend to detail simple pre- and post-conditions for method parameters (a simple form of Design-by-Contract, if you will) to make better use of my own Javadoc comments. For example, "[may not be null]" for a parameter usually indicates that it is illegal to pass a null object reference as the parameter value (the method will throw an IllegalArgumentException), and "[never null]" for the return value usually indicates that the method guarantees that it will never return null. Those are just elements of my personal coding style. Feel free to ignore them and change the code to suit your own conventions. In regards to your second question, declaring cls final is not necessary. Declaring method parameters (or local variables) final makes them constant in the sense that values of primitive types cannot be changed post initialization time (or after method entry), and values that are object references cannot be reassigned within the method. This const-ness is enforced by the compiler. getClassLocation() will function as before if you remove final from its parameter declarartion. Again, this is an element of my personal coding style. Since I have no need to change cls inside the method, why not make it final? I always start with declaring method parameters and local variables as final and undo that only if I truly need to reassign their values later on. This habit comes from the C++ language, which has a much more powerful and useful paradigm of const-correctness. This coding style has nothing to do with performance but rather helps me avoid copy-and-paste and other common types of mistakes. Vladimir Roubtsov Editor's note: See Vladimir's current Java Q&A for more on Class.


Java Q&A
"Cracking Java Byte-Code Encryption"
Vladimir Roubtsov

Changes for the JVM ahead?



Vladimir,

In the "Lessons Learned" section, you mentioned:

"Until JVM architecture changes to, say, support class decoding inside native code, you will be better off with traditional obfuscators that perform byte-code transformations."

Can you tell me about any anticipated changes in the JVM? Has this problem created a new clever form of protection?

Rafael Paiva

Rafael, I am unaware of any Java Specification Requests (JSRs) or other plans to enhance the JVM architecture to support secure encrypted class deployment. For now, if protecting your intellectual property is paramount to your work, I think using a well-tested commercial obfuscator is your best option. As far as I know, other managed runtime/byte code-based architectures (like .Net) suffer from the same problem. Vladimir Roubtsov


Cracked method?



Vladimir,

I have discovered your method for cracking encrypted byte code does not always work. If you implement your own findClass() method, it will not call the defineClass() method. I have encountered a program that has its own ClassLoader and generates the class file instance in native code.

  • Digg
  • Reddit
  • SlashDot
  • Stumble
  • del.icio.us
  • Technorati
  • dzone
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a JavaWorld account? Log in here. Register now for a free account.
Resources