Re: Implementation details of VMStackWalker

[Archie Cobbs]

address@hidden wrote:
> > > The next thing I would like to have is a method to get the calling
> > > method name. This would be good for logging.
> >
> > You could create a Throwable() object and then get the StackFrame[].
>
> That is what the logging API currently does. But that's terrribly
> inefficient. We could add a new method to VMStackWalker that returns the
> calling method name and in the reference implementation it will just do
> the Throwable thing. Then every VM can decide if they want do add a native
> method.

Sounds reasonable. We take this same approach with getCallingClass()
and getCallingClassLoader(), which can be implemented more efficiently
in native code, but are also have the "fallback" Java implementation.

> > > For the security part: Is it enough to check if the class loader of
> > > context[0] is the boot classloader?
> >
> > Not sure what the question is here.
>
> In the VMStackWalker source it says only code loaded from the boot
> classloader may call the methods of this class. But how should we make
> sure? My question was if it is enough to check if the class in
> getClassContext()[0] (i.e. the class that actually invoked a method on
> VMstackWalker directly or through reflection) was loaded by the boot
> classloader.

I didn't write that comment so I'm not sure how (if at all) it
is enforced. Not sure what the real security problem is though,
even if we did allow random code to call these methods. Maybe
someone else can shed some light?

-Archie

__________________________________________________________________________
Archie Cobbs      *        CTO, Awarix        *      http://www.awarix.com