RFR: 8327624: Remove VM implementation that bypass verification for core reflection [v2]
Mandy Chung
mchung at openjdk.org
Fri Oct 18 16:58:07 UTC 2024
On Fri, 18 Oct 2024 16:17:12 GMT, Coleen Phillimore <coleenp at openjdk.org> wrote:
>> src/hotspot/share/classfile/classFileParser.cpp line 4098:
>>
>>> 4096: }
>>> 4097: }
>>> 4098:
>>
>> This code should not be removed. The spec for this code should now be:
>>
>> // If the loader is not the boot loader then throw an exception if its
>> // superclass is in package jdk.internal.reflect
>>
>> All we need do is remove the check:
>>
>> && !java_lang_ClassLoader::is_reflection_class_loader
>
> Oh that's a good find. Maybe we should write a test for this, if as I assume there isn't one already.
> Edit: not with this RFE, just in general.
> // If the loader is not the boot loader then throw an exception if its
> // superclass is in package jdk.internal.reflect
This will never happen. `jdk.internal.reflect` is a non-exported package in `java.base` module. If another module `M` defines a class whose superclass is in `jdk.internal.reflect` package, `java.base` must export `jdk.internal.reflect` package to `M` for access. Otherwise, it will fail the super access check, as done in the check below this deleted code.
Reflection::VerifyClassAccessResults vca_result =
Reflection::verify_class_access(this_klass, InstanceKlass::cast(super), false);
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21571#discussion_r1806781954
More information about the core-libs-dev
mailing list