TutorialsJava

Java 11 - Nest-Based Access Control (JEP 181)

In Java 11, the JVM supports the arrangement of classes and interfaces into a new access control context, called a nest. Nests allow classes and interfaces that are logically part of the same code entity, but which are compiled to distinct class files, to access each other's private members without the need for compilers to insert accessibility-broadening bridge methods. Nests are a low-level mechanism of the Java SE Platform; there are no changes to the access control rules of the Java programming language. This is purely a Java class bytecode level change (that's why this changes categorized under hotspot/runtime).

Let's check JEP181Reflection to understand this feature:

JEP181Reflection.java
package com.dariawan.jdk11;

import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;

public class JEP181Reflection {

    private class Nest {

        private int intNest;
    }

    public static void main(String[] args)
            throws NoSuchFieldException,
            InvocationTargetException,
            IllegalAccessException {
        
        JEP181Reflection me = new JEP181Reflection();        
        Nest n = me.new Nest();
        
        // this is working
        n.intNest = 11;
        System.out.println("Nest.intNest = " + n.intNest);
        
        // this is not working before Java 11
        final Field f = Nest.class.getDeclaredField("intNest");
        f.setInt(n, 2018);
        System.out.println("Nest.intNest = " + n.intNest);
    }
}

If you run this code with Java version prior 11, then you get IllegalAccessException. The outputs are similar to this:

Nest.intNest = 11
Exception in thread "main" java.lang.IllegalAccessException: Class com.dariawan.jdk11.JEP181Reflection can not access a member of class com.dariawan.jdk11.JEP181Reflection$Nest with modifiers "private"
	at sun.reflect.Reflection.ensureMemberAccess(Reflection.java:102)
	at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(AccessibleObject.java:296)
	at java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:288)
	at java.lang.reflect.Field.setInt(Field.java:946)
	at com.dariawan.jdk11.JEP181Reflection.main(JEP181Reflection.java:27)

The javac compiler has been updated to use nests when compiling nested classes and interfaces in Java source code, by generating new class files attributes that place a top-level class (or interface) and all its nested classes and interfaces in the same nest. The Java Virtual Machine has been updated to use these attributes when checking the accessibility of a private constructor, method, or field, including via core reflection and the java.lang.invoke.MethodHandles.Lookup API. Membership in a nest is exposed through the new getNestHost and getNestMembers methods of java.lang.Class.

And when we compile it using Java 11 and run it, we will get:

Nest.intNest = 11
Nest.intNest = 2018

Analyzing Bytecode

When we compile JEP181Reflection with a pre Java 11 version (In my case, it's Java 8) I got three class files:

JEP181Reflection$1.class
JEP181Reflection$Nest.class
JEP181Reflection.class

And when analyze the compiled bytecodes via javap:

$ javap com.dariawan.jdk11.JEP181Reflection$Nest
Compiled from "JEP181Reflection.java"
class com.dariawan.jdk11.JEP181Reflection$Nest {
  final com.dariawan.jdk11.JEP181Reflection this$0;
  com.dariawan.jdk11.JEP181Reflection$Nest(com.dariawan.jdk11.JEP181Reflection, com.dariawan.jdk11.JEP181Reflection$1);
  static int access$102(com.dariawan.jdk11.JEP181Reflection$Nest, int);
  static int access$100(com.dariawan.jdk11.JEP181Reflection$Nest);
}
$ javap -v com.dariawan.jdk11.JEP181Reflection$Nest
Classfile /D:/Projects/dallanube/dariawan/target/classes/com/dariawan/jdk11/JEP181Reflection$Nest.class
  Last modified 21 Jan, 2019; size 1081 bytes
  MD5 checksum 46745b115522203ff8351229ecc5bda8
  Compiled from "JEP181Reflection.java"
class com.dariawan.jdk11.JEP181Reflection$Nest
  minor version: 0
  major version: 52
  flags: ACC_SUPER
Constant pool:
   *** CONSTANT POOL PRINTED HERE ***
{
  final com.dariawan.jdk11.JEP181Reflection this$0;
    descriptor: Lcom/dariawan/jdk11/JEP181Reflection;
    flags: ACC_FINAL, ACC_SYNTHETIC

  com.dariawan.jdk11.JEP181Reflection$Nest(com.dariawan.jdk11.JEP181Reflection, com.dariawan.jdk11.JEP181Reflection$1);
    descriptor: (Lcom/dariawan/jdk11/JEP181Reflection;Lcom/dariawan/jdk11/JEP181Reflection$1;)V
    flags: ACC_SYNTHETIC
    Code:
      stack=2, locals=3, args_size=3
         0: aload_0
         1: aload_1
         2: invokespecial #2                  // Method "<init>":(Lcom/dariawan/jdk11/JEP181Reflection;)V
         5: return
      LineNumberTable:
        line 8: 0
      LocalVariableTable:
        Start  Length  Slot  Name   Signature
            0       6     0  this   Lcom/dariawan/jdk11/JEP181Reflection$Nest;
            0       6     1    x0   Lcom/dariawan/jdk11/JEP181Reflection;
            0       6     2    x1   Lcom/dariawan/jdk11/JEP181Reflection$1;

  static int access$102(com.dariawan.jdk11.JEP181Reflection$Nest, int);
    descriptor: (Lcom/dariawan/jdk11/JEP181Reflection$Nest;I)I
    flags: ACC_STATIC, ACC_SYNTHETIC
    Code:
      stack=3, locals=2, args_size=2
         0: aload_0
         1: iload_1
         2: dup_x1
         3: putfield      #1                  // Field intNest:I
         6: ireturn
      LineNumberTable:
        line 8: 0
      LocalVariableTable:
        Start  Length  Slot  Name   Signature
            0       7     0    x0   Lcom/dariawan/jdk11/JEP181Reflection$Nest;
            0       7     1    x1   I

  static int access$100(com.dariawan.jdk11.JEP181Reflection$Nest);
    descriptor: (Lcom/dariawan/jdk11/JEP181Reflection$Nest;)I
    flags: ACC_STATIC, ACC_SYNTHETIC
    Code:
      stack=1, locals=1, args_size=1
         0: aload_0
         1: getfield      #1                  // Field intNest:I
         4: ireturn
      LineNumberTable:
        line 8: 0
      LocalVariableTable:
        Start  Length  Slot  Name   Signature
            0       5     0    x0   Lcom/dariawan/jdk11/JEP181Reflection$Nest;
}
SourceFile: "JEP181Reflection.java"
InnerClasses:
     static #20; //class com/dariawan/jdk11/JEP181Reflection$1

As seen above, to access nested class field 'Nest.intNest', bridge package-private method access$102 and access$100 are syntactically generated. This is because of the reason that the outer and nested classes are compiled to different files and they need package-private visibility to access each other's private members (instance/static). From a user perspective, however, these two classes are considered to be in "the same class", and therefore users expect them to be accessed via a single common access control mechanism.

Now, when we compile JEP181Reflection with a Java 11 version I got two class files:

JEP181Reflection$Nest.class
JEP181Reflection.class

Then we do similar javap to analyze compiled bytecodes:

$ javap com.dariawan.jdk11.JEP181Reflection$Nest
Compiled from "JEP181Reflection.java"
class com.dariawan.jdk11.JEP181Reflection$Nest {
  final com.dariawan.jdk11.JEP181Reflection this$0;
}
$ javap -v com.dariawan.jdk11.JEP181Reflection$Nest
Classfile /D:/Projects/dallanube/dariawan11/target/classes/com/dariawan/jdk11/JEP181Reflection$Nest.class
  Last modified 21 Jan 2019; size 556 bytes
  MD5 checksum 607c78372ec1ae340f6ec1c5d67a4e09
  Compiled from "JEP181Reflection.java"
class com.dariawan.jdk11.JEP181Reflection$Nest
  minor version: 0
  major version: 55
  flags: (0x0020) ACC_SUPER
  this_class: #3                          // com/dariawan/jdk11/JEP181Reflection$Nest
  super_class: #4                         // java/lang/Object
  interfaces: 0, fields: 2, methods: 1, attributes: 3
Constant pool:
   *** CONSTANT POOL PRINTED HERE ***
{
  final com.dariawan.jdk11.JEP181Reflection this$0;
    descriptor: Lcom/dariawan/jdk11/JEP181Reflection;
    flags: (0x1010) ACC_FINAL, ACC_SYNTHETIC

}
SourceFile: "JEP181Reflection.java"
NestHost: class com/dariawan/jdk11/JEP181Reflection

The Java 8 compiler generates the access$100 and access$102 methods, but Java 11 compiler does not. Instead, it has a nesting host field in the class file (See: NestHost: class com/dariawan/jdk11/JEP181Reflection). Now, we also javap JEP181Reflection to analyze the bytecode:

Classfile /D:/Projects/dallanube/dariawan11/target/classes/com/dariawan/jdk11/JEP181Reflection.class
  Last modified 21 Jan 2019; size 1805 bytes
  MD5 checksum 0e2ec1fdfdec9b3d96a6758344418555
  Compiled from "JEP181Reflection.java"
public class com.dariawan.jdk11.JEP181Reflection
  minor version: 0
  major version: 55
  flags: (0x0021) ACC_PUBLIC, ACC_SUPER
  this_class: #2                          // com/dariawan/jdk11/JEP181Reflection
  super_class: #14                        // java/lang/Object
  interfaces: 0, fields: 0, methods: 2, attributes: 4
Constant pool:
   *** CONSTANT POOL PRINTED HERE ***
{
  public com.dariawan.jdk11.JEP181Reflection();
    descriptor: ()V
    flags: (0x0001) ACC_PUBLIC
    Code:
      stack=1, locals=1, args_size=1
         0: aload_0
         1: invokespecial #1                  // Method java/lang/Object."<init>":()V
         4: return
      LineNumberTable:
        line 6: 0
      LocalVariableTable:
        Start  Length  Slot  Name   Signature
            0       5     0  this   Lcom/dariawan/jdk11/JEP181Reflection;

  public static void main(java.lang.String[]) throws java.lang.NoSuchFieldException, java.lang.reflect.InvocationTargetException, java.lang.IllegalAccessException;
    descriptor: ([Ljava/lang/String;)V
    flags: (0x0009) ACC_PUBLIC, ACC_STATIC
    Code:
      stack=4, locals=4, args_size=1
         *** CODE PRINTED HERE ***
      LineNumberTable:
        *** LINENUMBERTABLE PRINTED HERE ***
      LocalVariableTable:
        Start  Length  Slot  Name   Signature
            0      75     0  args   [Ljava/lang/String;
            8      67     1    me   Lcom/dariawan/jdk11/JEP181Reflection;
           22      53     2     n   Lcom/dariawan/jdk11/JEP181Reflection$Nest;
           51      24     3     f   Ljava/lang/reflect/Field;
    Exceptions:
      throws java.lang.NoSuchFieldException, java.lang.reflect.InvocationTargetException, java.lang.IllegalAccessException
}
SourceFile: "JEP181Reflection.java"
NestMembers:
  com/dariawan/jdk11/JEP181Reflection$Nest
InnerClasses:
  public static final #89= #88 of #91;    // Lookup=class java/lang/invoke/MethodHandles$Lookup of class java/lang/invoke/MethodHandles
BootstrapMethods:
  0: #50 REF_invokeStatic java/lang/invoke/StringConcatFactory.makeConcatWithConstants:(Ljava/lang/invoke/MethodHandles$Lookup;Ljava/lang/String;Ljava/lang/invoke/MethodType;Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/invoke/CallSite;
    Method arguments:
      #51 Nest.intNest = \u0001

In here we get:

NestMembers:
  com/dariawan/jdk11/JEP181Reflection$Nest

And with this the connection between NestHost and NestMembers established, and with that the runtime can detect if two classes are NestMates or not.

Conclusion

Java 11 introduces JVM level support for private access within outer/nested classes via NestMembers and NestHost attributes. NestMembers are referring to nested classes and NestHost is referring to the enclosing outer class. They are generally called Nests or Nestmates. Outer and nested classes are linked by these attributes rather than synthetically generated package-private bridge methods as in previous version.

Although JEP-181 is a small change in Java and most of the developers will not even notice this, it's better to know how our compiler and runtime (JVM) works, and how we can maximize this features.

This article is part of Java 11 Features and Changes Series.

Other articles in this series:

Published 21 January 2019

Desson Ariawan

Desson AriawanProgrammer

tags