[jira] [Commented] (GROOVY-10931) Remove $getLookup method generation (Groovy 4+)

Fri, 21 Jul 2023 18:21:05 -0700 


    [ 
https://issues.apache.org/jira/browse/GROOVY-10931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17745857#comment-17745857
 ] 

Daniel Sun commented on GROOVY-10931:
-------------------------------------

Hi Eric,

 

   $getLookup implementation can handle all JDKs by the same way, but it has 
its own flaw as you found, so I am very happy to see the improvement, but I do 
not understand how the improvement help us avoid the illegal reflective 
warnings under pre-16 JDKs, so I went to check the output of test build for 
JDK11 and found some warnings, could you tweak the improvement further more?

 

https://github.com/apache/groovy/actions/runs/5625969498/job/15245826217#step:6:309

 

> Task :groovy-datetime:testClasses

WARNING: An illegal reflective access operation has occurred

 

WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v9.Java9 
(file:/home/runner/work/groovy/groovy/build/libs/groovy-raw-5.0.0-SNAPSHOT.jar) 
to method sun.util.calendar.ZoneInfo.equals(java.lang.Object)

> Remove $getLookup method generation (Groovy 4+)
> -----------------------------------------------
>
>                 Key: GROOVY-10931
>                 URL: https://issues.apache.org/jira/browse/GROOVY-10931
>             Project: Groovy
>          Issue Type: Wish
>          Components: class generator, Compiler
>            Reporter: Eric Milles
>            Assignee: Eric Milles
>            Priority: Major
>              Labels: invokedynamic, jdk16, jdk17
>             Fix For: 5.0.0-alpha-1
>
>
> The new {{$getLookup()}} method was discussed somewhat in the comments of 
> GROOVY-10273.  Groovy 3 has had JEP 396 (illegal access enforcement) support 
> backported to the invoke dynamic pathways, without {{$getLookup}}.  So, I'd 
> like to restart the discussion to find out if there are any illegal-access 
> scenarios that Groovy 4 supports that don't have a test case in Groovy 3.  
> And if there are no scenarios that remain, I'd like to propose the removal of 
> {{$getLookup}} method generation.
> I have disabled its generation in the Groovy 5 codebase, and there are no 
> tests that fail.  So I have good confidence that it can be removed and the 
> security hole can be plugged.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to