Not logged in
Log in now
Create an account
Subscribe to LWN
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
What every C Programmer should know about undefined behavior #2/3
Posted May 16, 2011 23:12 UTC (Mon) by tialaramex (subscriber, #21167)
Of course in a debug mode, or in a non-compliant JVM, or if there's a bug, you may make this work. But in /theory/ at least they've thought of this, so it would be fair for a Java programmer (unlike a C++ programmer) to treat private members as genuinely private.
Posted May 16, 2011 23:30 UTC (Mon) by cmccabe (guest, #60281)
I have a pretty good hunch that this API gives me a hole in "private" big enough to drive my truck through.
I haven't tried it, though.
Posted May 17, 2011 1:07 UTC (Tue) by foom (subscriber, #14868)
Posted May 17, 2011 8:54 UTC (Tue) by tialaramex (subscriber, #21167)
In other cases it would be very deliberate e.g. we can imagine a system where untrusted code runs in a Java sandbox on a remote system, and has access to certain serialisable objects which are sensitive, so their serialisations are encrypted, versioned and signed with keys not available to the untrusted code.
Even if you're allowed to make the subclass (security policy again) - your subclass doesn't get to look at protected data members from other instances, so this will often be useless. Remember this is Java, so type restrictions are enforced at runtime.
Basically this goes on and on, unlike in C++ the designers actually intended this to be enforced, not just a vague guideline to help those willing to help themselves. So even if you find a crack in the wall, someone will fix it. There really aren't any gaps "big enough to drive a truck through" as you imagine and as is the case in something like C++. If you want to drive a truck in, you need someone to conveniently open the truck-sized gate from the other side by disabling the relevant security policy.
Posted May 17, 2011 9:01 UTC (Tue) by tialaramex (subscriber, #21167)
Actually this bit might be wrong. You could be able to just pass in a suitable instance and have the code inside your imposter subclass poke around in its protected internals. But again the security policy gets to decide whether you're allowed to make this subclass at all (unlike the 'final' keyword this places no such restriction on the author of the rest of the system who may very well operate under a different policy).
Posted May 17, 2011 17:21 UTC (Tue) by jeremiah (subscriber, #1221)
Posted May 17, 2011 8:39 UTC (Tue) by chad.netzer (✭ supporter ✭, #4257)
#define class struct
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds