digitalmars.D.learn - Not true for Java about Function Hijacking.
- Matthew Ong (50/50) May 23 2011 Hi Digitalmars/Walter Bright,
- Jonathan M Davis (7/77) May 23 2011 Report errors on the website and online documentation in bugzilla:
- Matthew Ong (5/11) May 23 2011 Thanks Jonathan.
- Dan Olson (73/73) May 26 2011 I recall specific cases, though, in which hijacking can happen in java. ...
Hi Digitalmars/Walter Bright, http://www.digitalmars.com/d/2.0/hijack.html This talk covers function hijacking, where adding innocent and reasonable declarations in a module can wreak arbitrary havoc on an application program in C++(maybe true) and Java(not true). Since I have not done C++ for a long while, I am not going to comment about that. But Java I have to place this request for correction from DigitalMars. javac(from sun) Compiler will complain if there is an ambiguous to link any indentifier that has the same signature for contructor, methods(static/overloaded/overriden) Overload Sets Java denys global functions. All functions/methods are within a single class. Within the same class, the overloaded methods cannot have the same signature. public class MyClass{ public int myVal(){ } public String myVal(){ // compiler will complain here as error and NOT warning. } } Both the method identifier and zero param list makes a identical signature. Derived Class Member Function Hijacking IDE like Netbeans and does flag: override public void myMethodA(){ // Say you did not use the override tag } Base Class Member Function Hijacking to prevent the child class from stealing your implementation for this single method, do: } That is shown clearly when you tries to import both this 2 classes within Java: import java.util.Date; import java.sql.Date; public class MyTest{ public static void main(String[] args){ Date now=new Date(); // thinking that you are using java.util.Date; } } Again, as a senior Java Developer since java jdk 1.1 I agrees D as a good replacement for C++ because of modern design and approaches. Kindly correct that to avoid confusing the new Java to D developer. There are also other run time intelligent build into JVM to avoid malicious hacker attack on such thing using class proxy & stub. -- Matthew Ong email: ongbp yahoo.com
May 23 2011
On 2011-05-23 02:22, Matthew Ong wrote:Hi Digitalmars/Walter Bright, http://www.digitalmars.com/d/2.0/hijack.html This talk covers function hijacking, where adding innocent and reasonable declarations in a module can wreak arbitrary havoc on an application program in C++(maybe true) and Java(not true). Since I have not done C++ for a long while, I am not going to comment about that. But Java I have to place this request for correction from DigitalMars. javac(from sun) Compiler will complain if there is an ambiguous to link any indentifier that has the same signature for contructor, methods(static/overloaded/overriden) Overload Sets Java denys global functions. All functions/methods are within a single class. Within the same class, the overloaded methods cannot have the same signature. public class MyClass{ public int myVal(){ } public String myVal(){ // compiler will complain here as error and NOT warning. } } Both the method identifier and zero param list makes a identical signature. Derived Class Member Function Hijacking IDE like Netbeans and does flag: override public void myMethodA(){ // Say you did not use the override tag } Base Class Member Function Hijacking to prevent the child class from stealing your implementation for this single method, do: } That is shown clearly when you tries to import both this 2 classes within Java: import java.util.Date; import java.sql.Date; public class MyTest{ public static void main(String[] args){ Date now=new Date(); // thinking that you are using java.util.Date; } } Again, as a senior Java Developer since java jdk 1.1 I agrees D as a good replacement for C++ because of modern design and approaches. Kindly correct that to avoid confusing the new Java to D developer. There are also other run time intelligent build into JVM to avoid malicious hacker attack on such thing using class proxy & stub.Report errors on the website and online documentation in bugzilla: http://d.puremagic.com/issues/ . Choose "D" (out of D, DStress, and puremagic.com) to get to the correct bug report form, and select "websites" as the component of the bug report. Bugs and enhancement requests that aren't entered into bugzilla tend to get lost. - Jonathan M Davis
May 23 2011
On 5/23/2011 5:37 PM, Jonathan M Davis wrote:Report errors on the website and online documentation in bugzilla: http://d.puremagic.com/issues/ . Choose "D" (out of D, DStress, and puremagic.com) to get to the correct bug report form, and select "websites" as the component of the bug report. Bugs and enhancement requests that aren't entered into bugzilla tend to get lost. - Jonathan M DavisThanks Jonathan. -- Matthew Ong email: ongbp yahoo.com
May 23 2011
I recall specific cases, though, in which hijacking can happen in java. I coded them up to make sure I remembed it correctly. Imagine a base class A and subclass B. =-=-= file A.java =-=-= public class A { // pretty boring } =-=-= file B.java =-=-= public class B extends A { private void foo(long x) { System.out.println("B.foo(long)"); } private void put(Object o) { System.out.println("B.put(Object)"); } public void doStuff() { foo(0xcafebabe); put(this); } public static void main(String[] args) { B b = new B(); b.doStuff(); } } As is, doStuff() prints: B.foo(long) B.put(Object) But in a new version of the base class A, some new methods are added that are intended to be overriden. public class A { // These methods are added later and hijack B's methods because they // match better public void foo(int x) {System.out.println("A.foo(int)");} public void put(A a) {System.out.println("A.foo(A)");} } Because they are a better match for the arg types in doStuff(), they are called instead. But that's not what the designer of class B intended :-( It compiles with javac without warning. Now the output from doStuff() is: A.foo(int) A.foo(A) ---- // Opposite case. A subclass hijacks functions of a base class class X { // launch is a new function that a designer intended to be // overridable. But the designer has no way of knowing that launch() // is already implemented in a subclass somewhere (some other // company perhaps), and it does something completely different. public void launch(int x) { // Launch application ID x System.out.println("X.launch app id " + x); } public void cleanup() { launch(42); } } // When class Y was designed, X didn't have a launch method class Y extends X { // If Override keyword was required for overrides, then this // would be flagged. Or at least provide a switch to warn about this. public void launch(int sec) { // Launch the missle in 'sec' seconds System.out.println("Y.launch missle in " + sec + " sec"); } public static final void main(final String[] args) { Y y = new Y(); y.cleanup(); } } Mathew, it sounds like netbeans flags this case, but I think it will go unnoticed if your builds are done with something like ant and javac. -- Dan Olson
May 26 2011