Memory allocation unsafe?

erikd · January 2, 2004, 6:31am

Hi there,

I just had a discussion with somebody who has some serious security doubts about java. One point he mentioned was that java can allocate at most 3Gb of memory safely and when you let it allocate more, memory allocation becomes uncontrolled and thus ‘unsafe’.
This struck me as both unfounded (he couldn’t provide any details about this) and implementation specific at most (he couldn’t say on which platform that was).
Has anybody else heard about this memory allocation thing? I couldn’t find anything about this.
I always thought java was more secure than native apps because of java’s memory management (amongst other things).

Erik

erikd · January 2, 2004, 7:10am

BTW, fyi I replied that java should throw exceptions that it can’t allocate more memory but if he can show that it doesn’t he should submit it as a bug. And that the max amount of memory that can be allocated is implementation/platform specific.
I was just curious if one of you guys have heard anything about such a thing.

Herkules · January 2, 2004, 8:54am

Never heard of things like that. Although I got to know OutOfMemoryException too often!

I know there always are concerns keeping the JVM scalable, means being able to run on a small device as well as on a 3GB memory box.

I think your answer was just appropriate.

Happy new year!

swpalmer · January 2, 2004, 5:06pm

It is totally dependent on the VM and OS… on Windows for instance there is usually only 2GB available for applications. (3GB at most with registry tweaks)

The 64-bit VM would be what you want for applications that need that amount of memory or more.

I have never used the 64-bit VM so I don’t know if it has issues with >3GB or not.

Chances are the OS is what becomes unstable :).

Jeff · January 3, 2004, 2:34am

[quote]Hi there,

I just had a discussion with somebody who has some serious security doubts about java. One point he mentioned was that java can allocate at most 3Gb of memory safely and when you let it allocate more, memory allocation becomes uncontrolled and thus ‘unsafe’.
[/quote]
Have him explain this “magic”. I’m dying of curiosity.
How does it magcially bcome “unsafe”?? Whats does
“uncontrolled” mean??

Sounds like hes getting his info from bad MSFT press releases.

Its definitely NOT true. We run secure apps on huge heaps under Solaris.

He might be confused by swapping. When you run out of system RAM your VM will happily swap to disk. Theoretically IF you knew the particular confugration of sawp files AND if the OS let you, you could attack memory there.

But that would be a nasty OS weakness. I’m sure you can’t touch the swap file from a user process on Solaris. If you can on Win32 then this is simply a MASSIVE Win32 security hole and has nothing whatsoever to do with Java.

Java can’t make an inherently unsecure environment secure.

erikd · January 3, 2004, 11:07am

Exactly my thoughts although the platform of the person in question is using SE Linux. It seems there is a lot of misunderstanding about java which seems to lead to unfounded but emotional distrust.