On Thu, 5 Mar 2026 14:56:26 GMT, Jorn Vernee <[email protected]> wrote:
>> The bootstrap methods in java.lang.runtime do not have explicit requirements
>> for the lookup; they largely ignored it until they suddenly start using the
>> lookups.
>>
>> Currently, the unprivileged lookup behavior is as follows:
>> 1. `ObjectMethods.bootstrap` for `equals` and `hashCode` may fail with
>> `IllegalAccessException` if the lookup is used to generate hidden classes;
>> it may be ignored if no hidden class is needed.
>> 2. `ObjectMethods.bootstrap` for `toString` fails with a `RuntimeException`
>> caused by a `StringConcatException`.
>> 3. `SwitchBootstraps` methods fail with `IllegalArgumentException` caused by
>> `IllegalAccessException`.
>>
>> In contrast, `LambdaMetafactory` and `StringConcatFactory` throw their own
>> types of exceptions.
>>
>> In this patch, I decided to make all these java.lang.runtime BSMs throw
>> `IllegalArgumentException` without a cause for any unprivileged lookup that
>> cannot support bytecode generation. Future BSMs should also reject
>> unprivileged lookup eagerly to allow implementations to have bytecode
>> generation freedom. The `IllegalArgumentException` is consistent with other
>> consistency checks done by these BSMs.
>
> src/java.base/share/classes/java/lang/runtime/ObjectMethods.java line 487:
>
>> 485: * full privilege access}.
>> 486: * When used with {@code invokedynamic}, this is
>> stacked
>> 487: * automatically by the VM.
>
> Not sure about the text "this is stacked automatically". What is "stacked"? I
> can guess, but does a reader know?
>
> I think what you're trying to say here is that the VM provides a lookup
> object with the right privileges automatically. Do we have some existing text
> that explains the bootstrap protocol? A lookup being passed automatically is
> common to all BSM invocations through indy, so I think having a central place
> that describes this makes sense (and then we could just link to it from here).
This text is originally copied from `LambdaMetafactory`. I am fine with
removing the "When used" sentence.
> src/java.base/share/classes/java/lang/runtime/package-info.java line 37:
>
>> 35: * IllegalArgumentException} when they are called with a {@link
>> Lookup} that
>> 36: * does not have {@linkplain Lookup#hasFullPrivilegeAccess() full
>> privilege
>> 37: * access}.
>
> I'm not sure about just putting this warning here but not linking to it.
> Null-hostility is a more obvious default behavior, it's just specified for
> completeness. But, restrictions on lookup objects are much more specific.
>
> For instance, if someone passes `null` to a method and gets an NPE, it's
> obvious that they shouldn't pass `null`, but if the lookup they pass is
> rejected it's not as obvious what kind of lookup is expected instead, and I
> don't think they will be looking in the package javadoc to find out.
>
> I think if you have a central text describing the bootstrap protocol like I
> suggested in my other comment, you could put the restriction on lookup
> privileges in there. In that case each bootstrap method could link to the
> central text that contains the restriction. (putting the central text in this
> package javadoc would work as well I think, as long as you link to it from
> each bootstrap method).
>
> I'm thinking something like starting each bootstrap method javadoc like:
>
>
> * A <a href="package-info.html#bootstrap-methods">bootstrap method</a> ...
>
>
> Which would link to the central doc.
Sure, I think I will link to java.lang.invoke##bsm.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/30067#discussion_r2890982539
PR Review Comment: https://git.openjdk.org/jdk/pull/30067#discussion_r2890980028
