final inner class not final (was Re: Code review request: 7064075 Security libraries don't build with javac -Xlint:all, -deprecation -Werror)

David Holmes David.Holmes at oracle.com
Fri Aug 5 02:07:58 UTC 2011


Interesting -  6520152 was fixed in 6u4, so it would appear that this 
got turned on again at some stage and then off again in 6u11. Though I 
don't see a bug fix in 6u11 that would cover this.

David

Tom Rodriguez said the following on 08/05/11 04:29:
> I think that's a javac issue.  The inner class has an attribute which describes the access flags that the VM should report and that changed in _11.  Here it is in _10.
> 
>     Attr(#25) { // InnerClasses
>       [] { // InnerClasses
>         #4 #0 #0 24;
>       }
>     } // end InnerClasses
> 
> and here's _11:
> 
>     Attr(#25) { // InnerClasses
>       [] { // InnerClasses
>         #4 #0 #0 8;
>       }
>     } // end InnerClasses
> 
> tom
> 
> On Aug 3, 2011, at 7:24 PM, Weijun Wang wrote:
> 
>>> serialVersionUID warnings for classes that have had different
>>> generated serialVersionUID's in the past.
>>>>> sun.security.pkcs11.P11TlsPrfGenerator$1
>>>>> -currently: -8090049519656411362L;
>>>>> -JDK 6: -3305145912345854189L;
>> I find out the reason:
>>
>> Since 6u11, a final inner class is *not* final anymore.
>>
>> $ cat A4.java
>> import java.lang.reflect.Modifier;
>> public class A4 {
>>    public static void main(String[] args) throws Exception {
>>        Class c = Class.forName(args[0]);
>>        System.out.println(c.getModifiers() & Modifier.FINAL);
>>    }
>> }
>> $ java A4 java.lang.String
>> 16
>> $ java A4 'sun.security.pkcs11.P11TlsPrfGenerator$1'
>> 0
>>
>> getModifiers() is a native method, and calls JVM_GetClassModifiers. Is this an intended change?
>>
>> FYI, the class is defined as
>>
>>   private static final SecretKey NULL_KEY = new SecretKey() {
>>            ....
>>
>> in http://hg.openjdk.java.net/jdk8/tl/jdk/file/809e8db0c142/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java, line 100.
>>
>>
>> Thanks
>> Max
> 



More information about the security-dev mailing list