On 5/23/2017 7:44 AM, Volker Simonis wrote:
So maybe I rephrase my question a little more generally:
Is it required for the verifier to do security and/or access checks
during the verification phase or could/should these checks be
postponed to runtime? The issue with verification errors due to
missing classes from Remi's previous answer is probably a corner case
of this question.
Verification must perform class loading in order to check subtyping, but
verification does not check access to the loaded classes. To be precise,
verification in JVMS 4.10.1 does not appeal to class resolution (JVMS
5.4.3.1) nor to access control (JVMS 5.4.4). Nor does verification in
JVMS 4.10.1 know what the package.access file is.
What you are seeing when the Security Manager is enabled is that class
loading fails (due to a package.access check in Hotspot) and so
verification fails. The verifier is not performing the package.access
check per se.
Alex
