Nest host validation vs NestHost attribute performed by Lookup::defineHiddenClass

Peter Levart peter.levart at gmail.com
Tue Oct 1 10:11:53 UTC 2019


Hi,

I'm just an observer of this conversation, but I think I may have 
something to add...

On 10/1/19 6:08 AM, Mandy Chung wrote:
>
>
> On 9/30/19 8:01 PM, John Rose wrote:
>> On Sep 27, 2019, at 3:46 PM, Mandy Chung <mandy.chung at oracle.com> wrote:
>>> I have a follow-up question w.r.t. JVMS 5.4.4 access control check 
>>> (see #4 below).  Below #1-3 is a summary with what we agree (please 
>>> correct if anything is incorrect).
>>>
>>> 1. Hidden classes do not have names and they cannot participate in 
>>> NH/NM attributes.   These attributes in a hidden class are ignored 
>>> and pretending not present.
>> +1
>>
>>> 2. LC::defineHiddenClass defines HNC as a nestmate of LC
>>> LC must be a nest host and full-power lookup which are required to 
>>> authorize to add NHC as a member to the nest of LC.
>> This is wrong, I think.  The asymmetry between nest host and nest 
>> members is an artifact
>> of the static structure of the class file attributes (NH/NMs) and not 
>> semantically significant
>> to access control (after validation).

I agree. Every member of a nest should have equal permissions. Promoting 
NH to be more "equal" than the rest during runtime is wrong. It is wrong 
also because of another aspect. There has been talk about 
Class.getNestHost() being "dynamic", but Class.getNestMembers() to be 
"static" only. And there was a dilemma of whether to return itself in 
the Class.getNestMembers() for hidden classes.

I think there is no need to return hidden classes in the list of nest 
members even for nests that consist of hidden class(es) only. I think 
that even Class.getNestHost() should be "static" only. Imagine a 
situation where a hidden class HC1 is defined in it's own nest. Then 
this HC1 is used as a LC in a Lookup to define another hidden class HC2 
to be part of this nest (HC1, HC2). What should HC2.getNestHost() 
return? If it returns HC1, then HC2 is effectively preventing HC1 to be 
unloaded.

But this is of course moot since what is the purpose of a nest 
consisting of hidden classes only if they can not refer to each other 
symbolically. Anyway, if above situation can be constructed, then there 
is a problem. Would it make sense to only allow multi member nests if 
they consist of at least one normal named class? Such nests always have 
a named nest host, so Class.getNestHost() never returns a hidden class 
different from this. If we only have nests consisting of:

1 - at least one named class; or
2 - a single hidden class

Then also Class.getNestMembers() could be "static" and simply return an 
empty array for 2nd type of nests - this can always be interpreted as a 
singular nest in program logic. But if it returns an array with one 
member - this, it is also OK considering that it does not hold any other 
hidden class accessible. It is just that is is not "consistent".

Regards, Peter



More information about the valhalla-dev mailing list