RFR 8187742 Minimal set of bootstrap methods for dynamic constants
Paul Sandoz
paul.sandoz at oracle.com
Tue Nov 7 22:00:23 UTC 2017
> On 7 Nov 2017, at 13:54, Paul Sandoz <paul.sandoz at oracle.com> wrote:
>>
>>> If it's not used by an indy, why do we need to test that ? Also, why it's not called in invoke ?
>>
>> …Enum.valueOf doesn't do a security check; that is its choice.
>> This means that if you pass it an enum type that is not public
>> or not in a package exported to you, you can still peek at its
>> enum values. Meanwhile, when javac emits a reference to
>> an enum, it does so with getstatic. The getstatic bytecode
>> *does* perform access checks. The call to validateClassAccess
>> performs those checks, for alignment with the semantics
>> of getstatic. The internal use of Enum.valueOf is just a detail
>> of the emulation of getstatic in the case of an enum.
>>
>> (Note to self: Never use enums to implement a shared
>> secrets pattern.)
>>
>> For bootstrap methods I prefer to use the most restrictive
>> set of applicable access rules, handshaking with the lookup.
>>
>> In the case of enums it doesn't matter much, as you say,
>> because Enum.valueOf leaves the door open.
>>
>
> Yes, Brian and I noticed that so we punted on the access control.
>
Hold on… no we didn’t, we included the explicit access control check.
Paul.
More information about the core-libs-dev
mailing list