XAV

XAV applies objective, repeatable tests to the set of resource files that compose an application, both individually and collectively. Test categories include:

Validity. These tests determine if all resources are well formed and adhere to mandatory constraints and whether, as a whole, the application adheres to mandatory content and behavioral constraints.

Interoperability. Tests whether the application attempts to access non-standard APIs in platform-defined packages and whether the application defines all referenced APIs in application-defined packages. XAV also determines if the content or behavior uses non-interoperable features.

Security. Tests whether the application makes reference to privileged operations for which it has failed to request permission or whether the application relies upon always being granted access to a privileged operation that may be denied at runtime. If the application attempts to exploit potential implementation effects to countermand security controls, such instances will be reported. If the application is signed, then the application will be checked to see if it contains valid forms of all necessary security messages (digests, signatures, certificates, permission request files, etc).

Efficiency. These tests include whether the resource or part of the resource going to be ignored upon execution. Eliminating these issues can make your application more efficient to transmit and execute. For example, a text chunk in a PNG image will be ignored under OCAP 1.0 so that chunk could be safely removed from the file.