While developing a Java application under Eclipse I got the warning about "method/value accessed via a synthetic method". The solution was simply changing a private access modifier to a default level.
That left me wondering: what's the penalty on using a synthetic method? There is some? I assume so as the compiler/Eclipse raises the warning, but it's something so relevant or something that could be safely ignored?
I've not seen this information around here, so I'm asking.
Eclipse is warning you that you may be exposing information you think is private. Synthetic accessors can be exploited by malicious code as demonstrated below.
If your code needs to run in a secure VM, it may be unwise to use inner classes. If you can use reflection and have full access to everything, synthetic accessors are unlikely to make a measurable difference.
For example, consider this class:
public class Foo {
private Object baz = "Hello";
private class Bar {
private Bar() {
System.out.println(baz);
}
}
}
The signature for Foo
is actually:
public class Foo extends java.lang.Object{
public Foo();
static java.lang.Object access$000(Foo);
}
access$000
is generated automatically to let the separate class Bar
access baz
and will be marked with the Synthetic attribute. The precise names generated are implementation dependent. Regular compilers won't let you compile against this method, but you can generate your own classes using ASM (or similar) like this:
import org.objectweb.asm.*;
public class FooSpyMaker implements Opcodes {
public static byte[] dump() throws Exception {
ClassWriter cw = new ClassWriter(0);
cw.visit(V1_6, ACC_PUBLIC + ACC_SUPER, "Spy", null, "java/lang/Object",null);
MethodVisitor ctor = cw.visitMethod(ACC_PUBLIC, "<init>", "()V", null, null);
ctor.visitCode();
ctor.visitVarInsn(ALOAD, 0);
ctor.visitMethodInsn(INVOKESPECIAL, "java/lang/Object", "<init>", "()V");
ctor.visitInsn(RETURN);
ctor.visitMaxs(1, 1);
ctor.visitEnd();
MethodVisitor getBaz = cw.visitMethod(ACC_PUBLIC, "getBaz",
"(LFoo;)Ljava/lang/Object;", null, null);
getBaz.visitCode();
getBaz.visitVarInsn(ALOAD, 1);
getBaz.visitMethodInsn(INVOKESTATIC, "Foo", "access$000",
"(LFoo;)Ljava/lang/Object;");
getBaz.visitInsn(ARETURN);
getBaz.visitMaxs(1, 2);
getBaz.visitEnd();
cw.visitEnd();
return cw.toByteArray();
}
}
This creates a simple class called Spy
that will allow you to call access$000
:
public class Spy extends java.lang.Object{
public Spy();
public java.lang.Object getBaz(Foo);
}
Using this, you can inspect the value of baz
without reflection or any method exposing it.
public class Test {
public static void main(String[] args) {
Foo foo = new Foo();
Spy spy = new Spy();
System.out.println(spy.getBaz(foo));
}
}
The Spy
implementation requires that it be in the same package as Foo
and that Foo
isn't in a sealed JAR.