gcj is not type-safe
Tom Tromey
tromey@redhat.com
Thu Mar 22 18:17:00 GMT 2007
>>>>> "Gary" == Gary Benson <gbenson@redhat.com> writes:
Gary> While testing on a patch for this I realised there's two ways to spoof
Gary> a method: you can spoof the return type, like we're doing, or you can
Gary> spoof a parameter.
Yeah, the code in link.cc ought to check both the parameter types and
the return type.
Gary> Spoofed return types and fields are caught in Sun
Gary> Java by the initiating loader check [1] but spoofed parameters are
Gary> caught explicitly [2], and if you spoof _both_ a parameter and the
Gary> return type then it's the parameter that gets caught. So it looks
Gary> like they don't check the return type when they check the signature.
I think it probably doesn't matter which check catches the problem in
our implementation, provided we catch it and the appropriate exception
is thrown. (Sometimes I think there may be multiple valid possible
exceptions; but I didn't look to see if that is the case here.)
We probably do also need an initiating loader check. Otherwise maybe
an instanceof check, or superclass link, or an actual cast could be
spoofed.
Exactly where & when to do this, I don't know, atm.
Tom
More information about the Java
mailing list