Examples of java.lang.invoke.MethodHandles$Lookup

• com.jpetrak.gate.stringannotation.extendedgazetteer2.Lookup
  A lookup object is a factory for creating method handles, when the creation requires access checking. Method handles do not perform access checks when they are called, but rather when they are created. Therefore, method handle access restrictions must be enforced when a method handle is created. The caller class against which those restrictions are enforced is known as the {@linkplain #lookupClass lookup class}.

  A lookup class which needs to create method handles will call {@link MethodHandles#lookup MethodHandles.lookup} to create a factory for itself.When the {@code Lookup} factory object is created, the identity of the lookup class isdetermined, and securely stored in the {@code Lookup} object.The lookup class (or its delegates) may then use factory methods on the {@code Lookup} object to create method handles for access-checked members.This includes all methods, constructors, and fields which are allowed to the lookup class, even private ones.

  Lookup Factory Methods

  The factory methods on a {@code Lookup} object correspond to all majoruse cases for methods, constructors, and fields. Each method handle created by a factory method is the functional equivalent of a particular bytecode behavior. (Bytecode behaviors are described in section 5.4.3.5 of the Java Virtual Machine Specification.) Here is a summary of the correspondence between these factory methods and the behavior the resulting method handles:

  lookup expression	member	bytecode behavior
  {@link java.lang.invoke.MethodHandles.Lookup#findGetter lookup.findGetter(C.class,"f",FT.class)}	{@code FT f;}	{@code (T) this.f;}
  {@link java.lang.invoke.MethodHandles.Lookup#findStaticGetter lookup.findStaticGetter(C.class,"f",FT.class)}	{@code static} {@code FT f;}	{@code (T) C.f;}
  {@link java.lang.invoke.MethodHandles.Lookup#findSetter lookup.findSetter(C.class,"f",FT.class)}	{@code FT f;}	{@code this.f = x;}
  {@link java.lang.invoke.MethodHandles.Lookup#findStaticSetter lookup.findStaticSetter(C.class,"f",FT.class)}	{@code static} {@code FT f;}	{@code C.f = arg;}
  {@link java.lang.invoke.MethodHandles.Lookup#findVirtual lookup.findVirtual(C.class,"m",MT)}	{@code T m(A*);}	{@code (T) this.m(arg*);}
  {@link java.lang.invoke.MethodHandles.Lookup#findStatic lookup.findStatic(C.class,"m",MT)}	{@code static} {@code T m(A*);}	{@code (T) C.m(arg*);}
  {@link java.lang.invoke.MethodHandles.Lookup#findSpecial lookup.findSpecial(C.class,"m",MT,this.class)}	{@code T m(A*);}	{@code (T) super.m(arg*);}
  {@link java.lang.invoke.MethodHandles.Lookup#findConstructor lookup.findConstructor(C.class,MT)}	{@code C(A*);}	{@code new C(arg*);}
  {@link java.lang.invoke.MethodHandles.Lookup#unreflectGetter lookup.unreflectGetter(aField)}	( {@code static})? {@code FT f;}	{@code (FT) aField.get(thisOrNull);}
  {@link java.lang.invoke.MethodHandles.Lookup#unreflectSetter lookup.unreflectSetter(aField)}	( {@code static})? {@code FT f;}	{@code aField.set(thisOrNull, arg);}
  {@link java.lang.invoke.MethodHandles.Lookup#unreflect lookup.unreflect(aMethod)}	( {@code static})? {@code T m(A*);}	{@code (T) aMethod.invoke(thisOrNull, arg*);}
  {@link java.lang.invoke.MethodHandles.Lookup#unreflectConstructor lookup.unreflectConstructor(aConstructor)}	{@code C(A*);}	{@code (C) aConstructor.newInstance(arg*);}
  {@link java.lang.invoke.MethodHandles.Lookup#unreflect lookup.unreflect(aMethod)}	( {@code static})? {@code T m(A*);}	{@code (T) aMethod.invoke(thisOrNull, arg*);}

  Here, the type {@code C} is the class or interface being searched for a member,documented as a parameter named {@code refc} in the lookup methods.The method type {@code MT} is composed from the return type {@code T}and the sequence of argument types {@code A*}. The constructor also has a sequence of argument types {@code A*} andis deemed to return the newly-created object of type {@code C}. Both {@code MT} and the field type {@code FT} are documented as a parameter named {@code type}. The formal parameter {@code this} stands for the self-reference of type {@code C}; if it is present, it is always the leading argument to the method handle invocation. (In the case of some {@code protected} members, {@code this} may berestricted in type to the lookup class; see below.) The name {@code arg} stands for all the other method handle arguments.In the code examples for the Core Reflection API, the name {@code thisOrNull}stands for a null reference if the accessed method or field is static, and {@code this} otherwise.The names {@code aMethod}, {@code aField}, and {@code aConstructor} standfor reflective objects corresponding to the given members.

  In cases where the given member is of variable arity (i.e., a method or constructor) the returned method handle will also be of {@linkplain MethodHandle#asVarargsCollector variable arity}. In all other cases, the returned method handle will be of fixed arity.

  Discussion: The equivalence between looked-up method handles and underlying class members and bytecode behaviors can break down in a few ways:

  • If {@code C} is not symbolically accessible from the lookup class's loader,the lookup can still succeed, even when there is no equivalent Java expression or bytecoded constant.
  • Likewise, if {@code T} or {@code MT}is not symbolically accessible from the lookup class's loader, the lookup can still succeed. For example, lookups for {@code MethodHandle.invokeExact} and{@code MethodHandle.invoke} will always succeed, regardless of requested type.
  • If there is a security manager installed, it can forbid the lookup on various grounds (see below). By contrast, the {@code ldc} instruction on a {@code CONSTANT_MethodHandle}constant is not subject to security manager checks.
  • If the looked-up method has a very large arity, the method handle creation may fail, due to the method handle type having too many parameters.

  Access checking

  Access checks are applied in the factory methods of {@code Lookup}, when a method handle is created. This is a key difference from the Core Reflection API, since {@link java.lang.reflect.Method#invoke java.lang.reflect.Method.invoke}performs access checking against every caller, on every call.

  All access checks start from a {@code Lookup} object, whichcompares its recorded lookup class against all requests to create method handles. A single {@code Lookup} object can be used to create any numberof access-checked method handles, all checked against a single lookup class.

  A {@code Lookup} object can be shared with other trusted code,such as a metaobject protocol. A shared {@code Lookup} object delegates the capabilityto create method handles on private members of the lookup class. Even if privileged code uses the {@code Lookup} object,the access checking is confined to the privileges of the original lookup class.

  A lookup can fail, because the containing class is not accessible to the lookup class, or because the desired class member is missing, or because the desired class member is not accessible to the lookup class, or because the lookup object is not trusted enough to access the member. In any of these cases, a {@code ReflectiveOperationException} will bethrown from the attempted lookup. The exact class will be one of the following:

  • NoSuchMethodException — if a method is requested but does not exist
  • NoSuchFieldException — if a field is requested but does not exist
  • IllegalAccessException — if the member exists but an access check fails

  In general, the conditions under which a method handle may be looked up for a method {@code M} are no more restrictive than the conditionsunder which the lookup class could have compiled, verified, and resolved a call to {@code M}. Where the JVM would raise exceptions like {@code NoSuchMethodError}, a method handle lookup will generally raise a corresponding checked exception, such as {@code NoSuchMethodException}. And the effect of invoking the method handle resulting from the lookup is exactly equivalent to executing the compiled, verified, and resolved call to {@code M}. The same point is true of fields and constructors.

  Discussion: Access checks only apply to named and reflected methods, constructors, and fields. Other method handle creation methods, such as {@link MethodHandle#asType MethodHandle.asType}, do not require any access checks, and are used independently of any {@code Lookup} object.

  If the desired member is {@code protected}, the usual JVM rules apply, including the requirement that the lookup class must be either be in the same package as the desired member, or must inherit that member. (See the Java Virtual Machine Specification, sections 4.9.2, 5.4.3.5, and 6.4.) In addition, if the desired member is a non-static field or method in a different package, the resulting method handle may only be applied to objects of the lookup class or one of its subclasses. This requirement is enforced by narrowing the type of the leading {@code this} parameter from {@code C}(which will necessarily be a superclass of the lookup class) to the lookup class itself.

  The JVM imposes a similar requirement on {@code invokespecial} instruction,that the receiver argument must match both the resolved method and the current class. Again, this requirement is enforced by narrowing the type of the leading parameter to the resulting method handle. (See the Java Virtual Machine Specification, section 4.10.1.9.)

  The JVM represents constructors and static initializer blocks as internal methods with special names ( {@code ""} and {@code ""}). The internal syntax of invocation instructions allows them to refer to such internal methods as if they were normal methods, but the JVM bytecode verifier rejects them. A lookup of such an internal method will produce a {@code NoSuchMethodException}.

  In some cases, access between nested classes is obtained by the Java compiler by creating an wrapper method to access a private method of another class in the same top-level declaration. For example, a nested class {@code C.D}can access private members within other related classes such as {@code C}, {@code C.D.E}, or {@code C.B}, but the Java compiler may need to generate wrapper methods in those related classes. In such cases, a {@code Lookup} object on{@code C.E} would be unable to those private members.A workaround for this limitation is the {@link Lookup#in Lookup.in} method,which can transform a lookup on {@code C.E} into one on any of those otherclasses, without special elevation of privilege.

  The accesses permitted to a given lookup object may be limited, according to its set of {@link #lookupModes lookupModes}, to a subset of members normally accessible to the lookup class. For example, the {@link MethodHandles#publicLookup publicLookup}method produces a lookup object which is only allowed to access public members in public classes. The caller sensitive method {@link MethodHandles#lookup lookup}produces a lookup object with full capabilities relative to its caller class, to emulate all supported bytecode behaviors. Also, the {@link Lookup#in Lookup.in} method may produce a lookup objectwith fewer access modes than the original lookup object.

  Discussion of private access: We say that a lookup has private access if its {@linkplain #lookupModes lookup modes}include the possibility of accessing {@code private} members.As documented in the relevant methods elsewhere, only lookups with private access possess the following capabilities:

  • access private fields, methods, and constructors of the lookup class
  • create method handles which invoke caller sensitive methods, such as {@code Class.forName}
  • create method handles which {@link Lookup#findSpecial emulate invokespecial} instructions
  • avoid package access checks for classes accessible to the lookup class
  • create {@link Lookup#in delegated lookup objects} which have private access to other classeswithin the same package member

  Each of these permissions is a consequence of the fact that a lookup object with private access can be securely traced back to an originating class, whose bytecode behaviors and Java language access permissions can be reliably determined and emulated by method handles.

  Security manager interactions

  Although bytecode instructions can only refer to classes in a related class loader, this API can search for methods in any class, as long as a reference to its {@code Class} object isavailable. Such cross-loader references are also possible with the Core Reflection API, and are impossible to bytecode instructions such as {@code invokestatic} or {@code getfield}. There is a {@linkplain java.lang.SecurityManager security manager API}to allow applications to check such cross-loader references. These checks apply to both the {@code MethodHandles.Lookup} APIand the Core Reflection API (as found on {@link java.lang.Class Class}).

  If a security manager is present, member lookups are subject to additional checks. From one to three calls are made to the security manager. Any of these calls can refuse access by throwing a {@link java.lang.SecurityException SecurityException}. Define {@code smgr} as the security manager,{@code lookc} as the lookup class of the current lookup object,{@code refc} as the containing class in which the memberis being sought, and {@code defc} as the class in which themember is actually defined. The value {@code lookc} is defined as not presentif the current lookup object does not have private access. The calls are made according to the following rules:

  • Step 1: If {@code lookc} is not present, or if its class loader is notthe same as or an ancestor of the class loader of {@code refc}, then {@link SecurityManager#checkPackageAccess smgr.checkPackageAccess(refcPkg)} is called,where {@code refcPkg} is the package of {@code refc}.
  • Step 2: If the retrieved member is not public and {@code lookc} is not present, then{@link SecurityManager#checkPermission smgr.checkPermission}with {@code RuntimePermission("accessDeclaredMembers")} is called.
  • Step 3: If the retrieved member is not public, and if {@code lookc} is not present,and if {@code defc} and {@code refc} are different,then {@link SecurityManager#checkPackageAccess smgr.checkPackageAccess(defcPkg)} is called,where {@code defcPkg} is the package of {@code defc}.

  Security checks are performed after other access checks have passed. Therefore, the above rules presuppose a member that is public, or else that is being accessed from a lookup class that has rights to access the member.

  Caller sensitive methods

  A small number of Java methods have a special property called caller sensitivity. A caller-sensitive method can behave differently depending on the identity of its immediate caller.

  If a method handle for a caller-sensitive method is requested, the general rules for bytecode behaviors apply, but they take account of the lookup class in a special way. The resulting method handle behaves as if it were called from an instruction contained in the lookup class, so that the caller-sensitive method detects the lookup class. (By contrast, the invoker of the method handle is disregarded.) Thus, in the case of caller-sensitive methods, different lookup classes may give rise to differently behaving method handles.

  In cases where the lookup object is {@link MethodHandles#publicLookup() publicLookup()}, or some other lookup object without private access, the lookup class is disregarded. In such cases, no caller-sensitive method handle can be created, access is forbidden, and the lookup fails with an {@code IllegalAccessException}.

  Discussion: For example, the caller-sensitive method {@link java.lang.Class#forName(String) Class.forName(x)}can return varying classes or throw varying exceptions, depending on the class loader of the class that calls it. A public lookup of {@code Class.forName} will fail, becausethere is no reasonable way to determine its bytecode behavior.

  If an application caches method handles for broad sharing, it should use {@code publicLookup()} to create them.If there is a lookup of {@code Class.forName}, it will fail, and the application must take appropriate action in that case. It may be that a later lookup, perhaps during the invocation of a bootstrap method, can incorporate the specific identity of the caller, making the method accessible.

  The function {@code MethodHandles.lookup} is caller sensitiveso that there can be a secure foundation for lookups. Nearly all other methods in the JSR 292 API rely on lookup objects to check access requests.

    System.out.println("State after s: "+s2);
    System.out.println("isFinal: "+s2.isFinal());
    Iterator<Lookup> lookupIter = gs.getLookups(s2);
    System.out.println("Have lookups: "+lookupIter.hasNext());
    while(lookupIter.hasNext()) {
      Lookup l = lookupIter.next();
      System.out.println("Have a lookup"+l);
    }
    File someFile = new File("tmp.gazbin");
    try {
      gs.save(someFile);
    } catch (FileNotFoundException e) {
      e.printStackTrace();
      assertTrue("could not save trie", false);
      return;
    }
    GazStoreTrie3 gs2 = new GazStoreTrie3();
    try {
      gs2 = (GazStoreTrie3)gs2.load(someFile);
    } catch (FileNotFoundException e) {
      e.printStackTrace();
      assertTrue("could not load trie",false);
      return;
    }
    State init_2 = gs2.getInitialState();
    System.out.println("Initial State: "+init_2);
    State s1_2 = init_2.next('a');
    System.out.println("State after a: "+s1_2);
    System.out.println("isFinal: "+s1_2.isFinal());
    State s2_2 = s1_2.next('s');
    System.out.println("State after s: "+s2_2);
    System.out.println("isFinal: "+s2_2.isFinal());
    Iterator<Lookup> lookupIter_2 = gs2.getLookups(s2_2);
    System.out.println("Have lookups: "+lookupIter_2.hasNext());
    while(lookupIter_2.hasNext()) {
      Lookup l = lookupIter_2.next();
      System.out.println("Have a lookup"+l);
    }

    System.out.println("************* end ********************");
  }