Re: [Clirr-devel] Java doesn't appear to do runtime checks for class/method access rights
Status: Alpha
Brought to you by:
lkuehne
Menu
▾
▴
Re: [Clirr-devel] Java doesn't appear to do runtime checks for class/method access rights
|
From: Simon K. <si...@ec...> - 2004-07-05 23:23:47
|
On Tue, 2004-07-06 at 06:06, Lars K=FChne wrote: > Simon Kitching wrote: > >Attached is an archive which contains some java code that appears to > >demonstrate that the Java JVM/runtime does not check for class or meth= od > >access rights. > > > >The java lang spec document seems clear that this *should* throw an > >IllegalAccessError, but it doesn't. I would like someone to confirm th= at > >I am not having hallucinations here before I add a note about this to > >the message description document. > > > I can confirm your results: >=20 > access> java Main > public method f1 of package scope class Foo called! > private method f2 of package scope class Foo called! >=20 > Wow!! >=20 > This is scary, but on the other hand it's quite logical. Try to=20 > disassemble the code of Main: [...] > It seems the bytecode for both method calls is the same. The Main class= =20 > simply seems to have no record whether the called methods are private o= r=20 > public, so the VM can't check anything... ? The information must be in the class file somewhere, because in BCEL we can ask: somemethod.isPrivate() etc. Also, when compiling source with javac against a library the compiler can report attempted calls to inaccessable methods. >=20 > I couldn't find the IllegalAccessError requirement you mentioned, but i= n=20 > $13.4.6 the JLS says: >=20 > "Changing the declared access of a member or constructor to permit less= =20 > access may break compatibility with pre-existing binaries, causing a=20 > linkage error to be thrown when these binaries are resolved. >=20 > Less access is permitted if the access modifier is changed from default= =20 > access to |private| access; from |protected| access to default or=20 > |private| access; or from |public| access to |protected|, default, or=20 > |private| access" >=20 > Not quite sure what to make of this, to me the spec is quite confusing = -=20 > aren't those two sentences contradicting each other? The sentence beginning "Less access" *is* poorly worded, but correct.=20 To rephrase:=20 "<em>Less</em> access is permitted if ..." or: "The access permissions are defined to be 'less' if the access =20 modifier is changed from...."=20 The sentence starting "Changing..." says what happens if a change resulting in "less access" is made: a linkage error is thrown. Hmm..I can't find the bit that specifies "IllegalAccessError" either, though I'm sure this *is* the exception that should be thrown. >=20 > Still surprised, Me too. And I think that clirr still should report an ERROR here, because this change is a violation of the spec, even if it isn't currently enforced by either Sun or IBM JVMs. What do you think? Cheers, Simon |
