Nest host validation vs NestHost attribute performed by Lookup::defineHiddenClass

Mandy Chung mandy.chung at
Fri Sep 27 22:46:35 UTC 2019

I have a follow-up question w.r.t. JVMS 5.4.4 access control check (see 
#4 below).  Below #1-3 is a summary with what we agree (please correct 
if anything is incorrect).

1. Hidden classes do not have names and they cannot participate in NH/NM 
attributes.   These attributes in a hidden class are ignored and 
pretending not present.

2. LC::defineHiddenClass defines HNC as a nestmate of LC

LC must be a nest host and full-power lookup which are required to 
authorize to add NHC as a member to the nest of LC.

(A nest member can do to teleport 
to its nest host and call defineHiddenClass.)

2a) validate LC's static NH attribute and error is ignored; LC's runtime 
nest host is determined.
2b) dynamic nestmates are not available for return in Class::getNM
   HNC::getNestHost == LC
   HNC::getNestMembers == LC::getNestMembers

3.  LC::defineHiddenClass defines HC (not added to LC's nest)

3a) no validation of LC's static nest information (as not adding to 
other nest)
3b) HC belongs to a nest of itself; NH/NM attributes are ignored
    HC::getNestHost == HC
    HC.getNestMembers returns 1-element array of HC

HC can add dynamic nestmates to its own nest.

4. nestmate access check specified in JVMS 5.4.4

> 3a. After validation of the asymmetric NH/NM attributes (or after a “bad” NH is thrown away), access control effects of
> nesting structure are applied uniformly across the nest.
> 3b. The NestHost has no dynamic distinction from the other nest members, other than a “ceremonial” role in reflection.

In JVMS 5.4.4, "The nest host of C  and the nest host of D are validated 
at access check.  If any exception is thrown, the nestmate test fails 
for the same reason."

The runtime nest host of LC determined in (3a) above will be considered 

LC calls HNC::m after HNC is defined (or HNC calls LC::privM).  This 
access check succeeds as LC and HNC are in the same nest.

However, if LC is accessed by other class D (not a dynamic nestmate) but 
the  nest host has been validated, as the bad NH is thrown away, then 
IAE should be thrown in this case.

If no validation of nest host of C has been performed, then access check 
is the first time attempting the validation, then NCDFE or ICCE is 
thrown instead.  (Note than C and D can be any class).

The access control effects are applied uniformly access the nest while 
in the error case, the exception may be different depends on the timing 
when validation of C's and D's nest host are triggered. This seems to 
bring non-uniformity but may be fine as with error cases?


More information about the valhalla-dev mailing list