--permit-illegal-access and non-reflective access

Alan Bateman Alan.Bateman at oracle.com
Mon Apr 24 14:17:03 UTC 2017

On 24/04/2017 14:53, Sander Mak wrote:

> :
> What's the idea behind this distinction? The Test class fails just as well with an IllegalAccessException without the --permit-illegal-access flag. Only, I don't get to see the problem when running with --permit-illegal-access unless the access is done reflectively. Is it because non-reflective uses can be found statically by jdeps, and are not 'worthy' of a warning? Just looking for the rationele here. It does mean fixing all warnings logged by --permit-illegal-access is not a guarantee there won't be IllegalAccessExceptions anymore afterwards.
Doing the equivalent in the VM for static references is deeply intrusive 
and would involve significant effort. It didn't seem worth it. As you 
noted, it's easy to run `jdeps` to find static references to internal 
APIs. So I think it's best to think of `jdeps` and 
`--permit-illegal-access` as complementary. Start out by using `jdeps` 
to scan the application and the libraries that is uses. Then do some 
test runs with `--permit-illegal-access` to locate code that is doing 
illegal access with core reflection.


More information about the jigsaw-dev mailing list