Although not extremely interesting with respect to static linking, module verification becomes very critical when modules are linked dynamically, for example, when using the Class.forName method. The author proposes a simple and efficient mechanism for understanding whether or not unauthorized modifications happen.
Fong proposes exploiting obligations to avoid the situation where the state of a certain object is modified by inappropriate methods. The proposed solution has a negligible impact on the performance of the running application. However, it is worth noting that parallel virtual machine (PVM) modules can verify only the type of the object and associated access rights; they cannot analyze operations within the methods for which obligations are verified. For instance, a malicious sum method could return the product of operands instead of the sum, without modifying the state of the object, thus avoiding the PVM monitoring.
It would be interesting to know how the proposed modules would work in a multithreaded Java virtual machine (JVM). The Aegis VM, implemented by the author of the paper, is single-threaded. It is also unclear how the PVM modules would behave with generic types. For instance, the iterator method of the ArrayList class returns an object instance that is usually converted into a specific Java object by using the casting operator. In such a special, but frequent, situation, the verification mechanisms would fail, since verification will refer to the generic object class, and not to the specific type that is actually used.
Despite the mentioned limitations, the work represents a very good research idea of particular interest to readers working with embedded and mobile JVMs. Indeed, these JVMs must often deal with dynamic linking, since dynamic class downloading is a very frequent operation in mobile Java-based devices.