What’s the penalty for Synthetic methods?

by

Eclipse is warning you that you may be exposing information you think is private. Synthetic accessors can be exploited by malicious code as demonstrated below.

If your code needs to run in a secure VM, it may be unwise to use inner classes. If you can use reflection and have full access to everything, synthetic accessors are unlikely to make a measurable difference.

For example, consider this class:

public class Foo {
  private Object baz = "Hello";
  private class Bar {
    private Bar() {
      System.out.println(baz);
    }
  }
}

The signature for Foo is actually:

public class Foo extends java.lang.Object{
    public Foo();
    static java.lang.Object access$000(Foo);
}

access$000 is generated automatically to let the separate class Bar access baz and will be marked with the Synthetic attribute. The precise names generated are implementation dependent. Regular compilers won’t let you compile against this method, but you can generate your own classes using ASM (or similar) like this:

import org.objectweb.asm.*;
public class FooSpyMaker implements Opcodes {
  public static byte[] dump() throws Exception {
    ClassWriter cw = new ClassWriter(0);
    cw.visit(V1_6, ACC_PUBLIC + ACC_SUPER, "Spy", null, "java/lang/Object",null);
    MethodVisitor ctor = cw.visitMethod(ACC_PUBLIC, "<init>", "()V", null, null);
    ctor.visitCode();
    ctor.visitVarInsn(ALOAD, 0);
    ctor.visitMethodInsn(INVOKESPECIAL, "java/lang/Object", "<init>", "()V");
    ctor.visitInsn(RETURN);
    ctor.visitMaxs(1, 1);
    ctor.visitEnd();
    MethodVisitor getBaz = cw.visitMethod(ACC_PUBLIC, "getBaz",
        "(LFoo;)Ljava/lang/Object;", null, null);
    getBaz.visitCode();
    getBaz.visitVarInsn(ALOAD, 1);
    getBaz.visitMethodInsn(INVOKESTATIC, "Foo", "access$000",
        "(LFoo;)Ljava/lang/Object;");
    getBaz.visitInsn(ARETURN);
    getBaz.visitMaxs(1, 2);
    getBaz.visitEnd();
    cw.visitEnd();
    return cw.toByteArray();
  }
}

This creates a simple class called Spy that will allow you to call access$000:

public class Spy extends java.lang.Object{
    public Spy();
    public java.lang.Object getBaz(Foo);
}

Using this, you can inspect the value of baz without reflection or any method exposing it.

public class Test {
  public static void main(String[] args) {
    Foo foo = new Foo();
    Spy spy = new Spy();
    System.out.println(spy.getBaz(foo));
  }
}

The Spy implementation requires that it be in the same package as Foo and that Foo isn’t in a sealed JAR.

More Related Contents:

  1. How to deal with “java.lang.OutOfMemoryError: Java heap space” error?
  2. Maximum Java heap size of a 32-bit JVM on a 64-bit OS
  3. How to get VM arguments from inside of Java application?
  4. Where does Java’s String constant pool live, the heap or the stack?
  5. Why does the JVM still not support tail-call optimization?
  6. Override Java System.currentTimeMillis for testing time sensitive code
  7. How to get a thread and heap dump of a Java process on Windows that’s not running in a console
  8. Entry point for Java applications: main(), init(), or run()?
  9. Differences between “java -cp” and “java -jar”?
  10. Inlining in Java
  11. How does the Java cast operator work?
  12. Android Studio – No JVM Installation found
  13. Print All JVM Flags
  14. Totally Confused with java.exe
  15. In which language are the Java compiler and JVM written?
  16. Is JVM open source code?
  17. Size of Huge Objects directly allocated to Old Generation
  18. Java: Which of multiple resources on classpath JVM takes?
  19. Scope of the Java System Properties
  20. Limit jvm process memory on ubuntu
  21. Does Java JIT cheat when running JDK code?
  22. What are ReservedCodeCacheSize and InitialCodeCacheSize?
  23. Singleton across JVM or Application instance or Tomcat instance
  24. Garbage collection on intern’d strings, String Pool, and perm-space
  25. What is a stack map frame
  26. How to emit and execute Java bytecode at runtime?
  27. What is the size of methods that JIT automatically inlines?
  28. Attach to already running JVM
  29. Analyzing of x86 output generated by JIT in the context of volatile
  30. Is *this* really the best way to start a second JVM from Java code?

Leave a Comment