On Mon, Jan 4, 2016 at 5:13 AM, Sundararajan Athijegannathan < sundararajan.athijegannat...@oracle.com> wrote:
> I'm yet to look at the code. Is it possible to use any callable for > methods? For members of a delegate ScriptObject, yes. The adapter constructors still only accept either a ScriptObject or a ScriptFunction, but if you pass in an object, its members implementing methods can now be arbitrary callables. > If so, do we have tests to cover those cases (like JSObject "functions", > DynamicMethods etc.)? In particular, sandbox tests to make sure can't get > any more privilege by implementing an interface (for eg. binding sensitive > Java method as function implementing interface method and making sure it > gets SecurityException when interface method is called). > We generate separate adapter classes for every ProtectionDomain, so I'm quite confident everything is secure, but it's better to not be overconfident when it comes to security… surely we can add such tests. Do you have some go-to sensitive functionality for testing in this fashion? FWIW, I actually started writing some tests for other functionality; what I have so far is tests for correct conversion of primitive return values as well as tests for try/finally for restoring old Global being executed when UnsupportedOperationException is thrown. (All tests I wrote pass, so the code as it is now is correct for these.) I wanted to write few more tests, specifically for binding to vararg functions. Actually, I realized that there's one deficiency in the current code that wasn't there before my changes, namely since the CALL operation takes explicit callee and this arguments, the adapter code will actually fail to generate a delegate for a method with more than 253 parameters. I might need to introduce a special case for this, to have them packed into an Object array in this case and do a Nashorn vararg invocation… Speaking of which, anyone knows why is LinkerCallSite.ARGLIMIT set to 250 and not 253? Attila. > > Thanks, > -Sundar > > > On 1/2/2016 8:31 PM, Attila Szegedi wrote: > >> Please review JDK-8133299 "Nashorn Java adapters should not early bind to >> functions" at <http://cr.openjdk.java.net/~attila/8133299/webrev.jdk9> >> for <https://bugs.openjdk.java.net/browse/JDK-8133299> >> >> See implementation notes in < >> https://bugs.openjdk.java.net/browse/JDK-8133299?focusedCommentId=13883269&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13883269 >> > >> >> Also note that this changeset is based on current tip (rev 1584, >> [da397aea8ada]) and is as such independent of the change sets for >> JDK-8144917 and JDK-8144919 that are still pending review. >> >> Thanks, >> Attila. >> > >
