You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Uwe Schindler (JIRA)" <ji...@apache.org> on 2015/12/05 02:15:11 UTC

[jira] [Comment Edited] (LUCENE-6920) Simplify callable function checks in Expression module

    [ https://issues.apache.org/jira/browse/LUCENE-6920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15042528#comment-15042528 ] 

Uwe Schindler edited comment on LUCENE-6920 at 12/5/15 1:14 AM:
----------------------------------------------------------------

New patch with permission removed. Solr never had this permission.
When backporting I will for sure also check Java 7, but I don't think there are problems.


was (Author: thetaphi):
New patch with permission removed. Solr never had this permission.

> Simplify callable function checks in Expression module
> ------------------------------------------------------
>
>                 Key: LUCENE-6920
>                 URL: https://issues.apache.org/jira/browse/LUCENE-6920
>             Project: Lucene - Core
>          Issue Type: Improvement
>          Components: modules/expressions
>            Reporter: Uwe Schindler
>            Assignee: Uwe Schindler
>             Fix For: Trunk, 5.5
>
>         Attachments: LUCENE-6920.patch, LUCENE-6920.patch
>
>
> The expressions module allows to specify custom functions. It does some checks to ensure that the compiled Expression works correctly and does not produce linkage errors. It also checks parameters and return type to  be doubles.
> There are two problems with the current approach:
> - the check gets classloaders of the method's declaring class. This fails if a security manager forbids access to bootstrap classes (e.g., java.lang.Math)
> - the code only checks if method or declaring class are public, but not if it is really reachable. This may not be the case in Java 9 (different module without exports,...)
> This issue will use MethodHandles to do the accessibility checks (it uses MethodHandles.publicLookup() to resolve the given reflected method). If that fails, our compiled code cannot acess it. If module system prevents access, this is also checked.
> To fix the issue with classloaders, it uses a trick: It calls Class.forName() with the classloader we use to compile our expression. If that does not return the same class as the declared method, it also fails compilation. This prevents NoClassDefFoundException on executing the expression.
> All tests pass.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org