RFR 8187742 Minimal set of bootstrap methods for dynamic constants

Paul Sandoz paul.sandoz at oracle.com
Tue Nov 7 22:00:23 UTC 2017

> On 7 Nov 2017, at 13:54, Paul Sandoz <paul.sandoz at oracle.com> wrote:
>>> If it's not used by an indy, why do we need to test that ? Also, why it's not called in invoke ?
>> …Enum.valueOf doesn't do a security check; that is its choice.
>> This means that if you pass it an enum type that is not public
>> or not in a package exported to you, you can still peek at its
>> enum values.  Meanwhile, when javac emits a reference to
>> an enum, it does so with getstatic.  The getstatic bytecode
>> *does* perform access checks.  The call to validateClassAccess
>> performs those checks, for alignment with the semantics
>> of getstatic.  The internal use of Enum.valueOf is just a detail
>> of the emulation of getstatic in the case of an enum.
>> (Note to self:  Never use enums to implement a shared
>> secrets pattern.)
>> For bootstrap methods I prefer to use the most restrictive
>> set of applicable access rules, handshaking with the lookup.
>> In the case of enums it doesn't matter much, as you say,
>> because Enum.valueOf leaves the door open.
> Yes, Brian and I noticed that so we punted on the access control.

Hold on… no we didn’t, we included the explicit access control check.


More information about the core-libs-dev mailing list