On Thu, 5 Mar 2026 03:51:37 GMT, Chen Liang <[email protected]> wrote:
> The bootstrap methods in java.lang.runtime do not have explicit requirements
> for the lookup; they largely ignored it until they suddenly start using the
> lookups.
>
> Currently, the unprivileged lookup behavior is as follows:
> 1. `ObjectMethods.bootstrap` for `equals` and `hashCode` may fail with
> `IllegalAccessException` if the lookup is used to generate hidden classes; it
> may be ignored if no hidden class is needed.
> 2. `ObjectMethods.bootstrap` for `toString` fails with a `RuntimeException`
> caused by a `StringConcatException`.
> 3. `SwitchBootstraps` methods fail with `IllegalArgumentException` caused by
> `IllegalAccessException`.
>
> In contrast, `LambdaMetafactory` and `StringConcatFactory` throw their own
> types of exceptions.
>
> In this patch, I decided to make all these java.lang.runtime BSMs throw
> `IllegalArgumentException` without a cause for any unprivileged lookup that
> cannot support bytecode generation. Future BSMs should also reject
> unprivileged lookup eagerly to allow implementations to have bytecode
> generation freedom. The `IllegalArgumentException` is consistent with other
> consistency checks done by these BSMs.
src/java.base/share/classes/java/lang/runtime/ObjectMethods.java line 487:
> 485: * full privilege access}.
> 486: * When used with {@code invokedynamic}, this is
> stacked
> 487: * automatically by the VM.
Not sure about the text "this is stacked automatically". What is "stacked"? I
can guess, but does a reader know?
I think what you're trying to say here is that the VM provides a lookup object
with the right privileges automatically. Do we have some existing text that
explains the bootstrap protocol? A lookup being passed automatically is common
to all BSM invocations through indy, so I think having a central place that
describes this makes sense (and then we could just link to it from here).
src/java.base/share/classes/java/lang/runtime/package-info.java line 37:
> 35: * IllegalArgumentException} when they are called with a {@link
> Lookup} that
> 36: * does not have {@linkplain Lookup#hasFullPrivilegeAccess() full
> privilege
> 37: * access}.
I'm not sure about just putting this warning here but not linking to it.
Null-hostility is a more obvious default behavior, it's just specified for
completeness. But, restrictions on lookup objects are much more specific.
For instance, if someone passes `null` to a method and gets an NPE, it's
obvious that they shouldn't pass `null`, but if the lookup they pass is
rejected it's not as obvious what kind of lookup is expected instead, and I
don't think they will be looking in the package javadoc to find out.
I think if you have a central text describing the bootstrap protocol like I
suggested in my other comment, you could put the restriction on lookup
privileges in there. In that case each bootstrap method could link to the
central text that contains the restriction. (putting the central text in this
package javadoc would work as well I think, as long as you link to it from each
bootstrap method).
I'm thinking something like starting each bootstrap method javadoc like:
* A <a href="package-info.html#bootstrap-methods">bootstrap method</a> ...
Which would link to the central doc.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/30067#discussion_r2890501833
PR Review Comment: https://git.openjdk.org/jdk/pull/30067#discussion_r2890586960
