On Wed, 28 Apr 2021 21:10:33 GMT, Maurizio Cimadamore <[email protected]>
wrote:
> I just did a test:
>
> ```
> public class TestLookup {
> public static void main(String[] args) throws Throwable {
> MethodHandle handle =
> MethodHandles.lookup().findVirtual(CLinker.class, "downcallHandle",
> MethodType.methodType(MethodHandle.class, Addressable.class,
> MethodType.class, FunctionDescriptor.class));
> CLinker linker = CLinker.getInstance();
> handle.invoke(linker, MemoryAddress.NULL,
> MethodType.methodType(void.class), FunctionDescriptor.ofVoid());
> }
> }
> ```
>
> this fails as expected when the handle is invoked. To test I had to disable
> the check on CLinker.getInstance - otherwise that would have always throw
> anyway.
My statement was overly simplified. If `handle` is invoked in another module
B and invoked by a class in module B, which module (the `lookup`'s module or )
do you expect be the caller to check against for native access check?
`CLinker::downcallHandle` is not caller-sensitive but its implementation is.
The method handle of a caller-sensitive method behaves as if it were called
from an instruction contained in the lookup class [1].
[1]
https://download.java.net/java/early_access/jdk17/docs/api/java.base/java/lang/invoke/MethodHandles.Lookup.html#callsens
> Also, on IllegalCaller vs. IllegalAccess - looking more, I think our impl
> throws IllegalCaller - now that was done because IllegalAccess is a checked
> exception and we don't want a checked exception here - but the option is
> called "enableNativeAccess" - is that still ok?
Yes the implementation throws `IllegalCallerException` which is why I point out
this. Hmm... this seems more of `IllegalAccess` as the caller does not have
access to this restricted method. OTOH, `Module::addOpens` grants deep
reflection access to the named module if the caller has access. Otherwise,
`IllegalCallerException` is thrown. So I think it's okay to throw ICE. Others
may have a different opinion.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3699
