Get declared fields of java.lang.reflect.Fields in jdk12
Why It No Longer Works
The reason this no longer works in Java 12 is due to JDK-8210522. This CSR says:
Summary
Core reflection has a filtering mechanism to hide security and integrity sensitive fields and methods from Class getXXXField(s) and getXXXMethod(s). The filtering mechanism has been used for several releases to hide security sensitive fields such as System.security and Class.classLoader.
This CSR proposes to extend the filters to hide fields from a number of highly security sensitive classes in java.lang.reflect and java.lang.invoke.
Problem
Many of classes in java.lang.reflect and java.lang.invoke packages have private fields that, if accessed directly, will compromise the runtime or crash the VM. Ideally all non-public/non-protected fields of classes in java.base would be filtered by core reflection and not be readable/writable via the Unsafe API but we are no where near this at this time. In the mean-time the filtering mechanism is used as a band aid.
Solution
Extend the filter to all fields in the following classes:
java.lang.ClassLoader
java.lang.reflect.AccessibleObject
java.lang.reflect.Constructor
java.lang.reflect.Field
java.lang.reflect.Methodand the private fields in java.lang.invoke.MethodHandles.Lookup that are used for the lookup class and access mode.
Specification
There are no specification changes, this is filtering of non-public/non-protected fields that nothing outside of java.base should rely on. None of the classes are serializable.
Basically, they filter out the fields of java.lang.reflect.Field
so you can't abuse them—as you're currently trying to do. You should find another way to do what you need; the answer by Eugene appears to provide at least one option.
Proper Fix
The proper way to drop a final
modifier is to instrument the running program, and have your agent redefine the class. If you do this when the class is first loaded, it's no different than having modified the class file before the JVM was even started. In other words, it's like the final
modifier was never present.
Workaround
Obligatory Warning: The developers of Java obviously don't want you to be able to change a final field into a non-final field without actually changing the class file (e.g., by recompiling the source code, instrumentation, etc.). Use any hack at your own risk; it may have unintended side-effects, work only some times, and/or stop working in a future release.
Use java.lang.invoke
The following uses the java.lang.invoke
package. For whatever reason, the same restrictions applied to the Reflection API are not applied to the Invoke API (at least up to and including Java 17; continue reading for more information).
The example modifies the EMPTY_ELEMENTDATA
final field of the ArrayList
class. This field normally contains an empty array that's shared between all ArrayList
instances when initialized with a capacity of 0
. The below sets the field to {"Hello", "World!"}
, and as you can see by running the program, this results in the list instance containing elements that were never added to it.
Java 12 - 17
I tested this on Java 16.0.2 and Java 17.0.3, both downloaded from https://adoptium.net/.
import java.lang.invoke.MethodHandles;
import java.lang.invoke.VarHandle;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
public class Main {
private static final VarHandle MODIFIERS;
static {
try {
var lookup = MethodHandles.privateLookupIn(Field.class, MethodHandles.lookup());
MODIFIERS = lookup.findVarHandle(Field.class, "modifiers", int.class);
} catch (IllegalAccessException | NoSuchFieldException ex) {
throw new RuntimeException(ex);
}
}
public static void main(String[] args) throws Exception {
var emptyElementDataField = ArrayList.class.getDeclaredField("EMPTY_ELEMENTDATA");
// make field non-final
MODIFIERS.set(emptyElementDataField, emptyElementDataField.getModifiers() & ~Modifier.FINAL);
// set field to new value
emptyElementDataField.setAccessible(true);
emptyElementDataField.set(null, new Object[] {"Hello", "World!"});
var list = new ArrayList<>(0);
// println uses toString(), and ArrayList.toString() indirectly relies on 'size'
var sizeField = ArrayList.class.getDeclaredField("size");
sizeField.setAccessible(true);
sizeField.set(list, 2); // the new "empty element data" has a length of 2
System.out.println(list);
}
}
Run the code with:
javac Main.java
java --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED Main
Note: I tried to use the "single source file" feature, but that resulted in a ConcurrentModificationException
. As pointed out in the comments, this is likely due to some JIT optimization (e.g., the static final field has been inlined, because the JVM does not expect such a field to be able to change).
Output:
[Hello, World!]
Java 18+
Unfortunately, the above results in the following exception on Java 18.0.1 (downloaded from https://adoptium.net/):
Exception in thread "main" java.lang.UnsupportedOperationException
at java.base/java.lang.invoke.VarForm.getMemberName(VarForm.java:114)
at Main.main(Main.java:23)
Where line 23 is:
MODIFIERS.set(emptyElementDataField, emptyElementDataField.getModifiers() & ~Modifier.FINAL);
Change static final field in java 12+
You can use Unsafe
.
public class Example
{
// javac will inline static final Strings, so let's say it's Object
private static final Object changeThis = "xxx";
public static void main(String... args) throws Exception
{
final Field unsafeField = Unsafe.class.getDeclaredField("theUnsafe");
unsafeField.setAccessible(true);
final Unsafe unsafe = (Unsafe) unsafeField.get(null);
System.out.println("before = " + changeThis);
final Field ourField = Example.class.getDeclaredField("changeThis");
final Object staticFieldBase = unsafe.staticFieldBase(ourField);
final long staticFieldOffset = unsafe.staticFieldOffset(ourField);
unsafe.putObject(staticFieldBase, staticFieldOffset, "it works");
System.out.println("after = " + changeThis);
}
}
Result:
before = xxx
after = it works
Change private static final field using Java reflection
Assuming no SecurityManager
is preventing you from doing this, you can use setAccessible
to get around private
and resetting the modifier to get rid of final
, and actually modify a private static final
field.
Here's an example:
import java.lang.reflect.*;
public class EverythingIsTrue {
static void setFinalStatic(Field field, Object newValue) throws Exception {
field.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
field.set(null, newValue);
}
public static void main(String args[]) throws Exception {
setFinalStatic(Boolean.class.getField("FALSE"), true);
System.out.format("Everything is %s", false); // "Everything is true"
}
}
Assuming no SecurityException
is thrown, the above code prints "Everything is true"
.
What's actually done here is as follows:
- The primitive
boolean
valuestrue
andfalse
inmain
are autoboxed to reference typeBoolean
"constants"Boolean.TRUE
andBoolean.FALSE
- Reflection is used to change the
public static final Boolean.FALSE
to refer to theBoolean
referred to byBoolean.TRUE
- As a result, subsequently whenever a
false
is autoboxed toBoolean.FALSE
, it refers to the sameBoolean
as the one refered to byBoolean.TRUE
- Everything that was
"false"
now is"true"
Related questions
- Using reflection to change
static final File.separatorChar
for unit testing - How to limit setAccessible to only “legitimate” uses?
- Has examples of messing with
Integer
's cache, mutating aString
, etc
- Has examples of messing with
Caveats
Extreme care should be taken whenever you do something like this. It may not work because a SecurityManager
may be present, but even if it doesn't, depending on usage pattern, it may or may not work.
JLS 17.5.3 Subsequent Modification of Final Fields
In some cases, such as deserialization, the system will need to change the
final
fields of an object after construction.final
fields can be changed via reflection and other implementation dependent means. The only pattern in which this has reasonable semantics is one in which an object is constructed and then thefinal
fields of the object are updated. The object should not be made visible to other threads, nor should thefinal
fields be read, until all updates to thefinal
fields of the object are complete. Freezes of afinal
field occur both at the end of the constructor in which thefinal
field is set, and immediately after each modification of afinal
field via reflection or other special mechanism.Even then, there are a number of complications. If a
final
field is initialized to a compile-time constant in the field declaration, changes to thefinal
field may not be observed, since uses of thatfinal
field are replaced at compile time with the compile-time constant.Another problem is that the specification allows aggressive optimization of
final
fields. Within a thread, it is permissible to reorder reads of afinal
field with those modifications of a final field that do not take place in the constructor.
See also
- JLS 15.28 Constant Expression
- It's unlikely that this technique works with a primitive
private static final boolean
, because it's inlineable as a compile-time constant and thus the "new" value may not be observable
- It's unlikely that this technique works with a primitive
Appendix: On the bitwise manipulation
Essentially,
field.getModifiers() & ~Modifier.FINAL
turns off the bit corresponding to Modifier.FINAL
from field.getModifiers()
. &
is the bitwise-and, and ~
is the bitwise-complement.
See also
- Wikipedia/Bitwise operation
Remember Constant Expressions
Still not being able to solve this?, have fallen onto depression like I did for it? Does your code looks like this?
public class A {
private final String myVar = "Some Value";
}
Reading the comments on this answer, specially the one by @Pshemo, it reminded me that Constant Expressions are handled different so it will be impossible to modify it. Hence you will need to change your code to look like this:
public class A {
private final String myVar;
private A() {
myVar = "Some Value";
}
}
if you are not the owner of the class... I feel you!
For more details about why this behavior read this?
Related Topics
Highlights Substring in the Tablecell(S) Which Is Using for Jtable Filetering
Missing Return Statement in a Non-Void Method Compiles
Gradle to Execute Java Class (Without Modifying Build.Gradle)
Best Way to Build a Plugin System with Java
Registering and Using a Custom Java.Net.Url Protocol
How to Monitor Java Memory Usage
Converting an Int to a Binary String Representation in Java
How to Correctly Decode Unicode Parameters Passed to a Servlet
"The Public Type <<Classname>> Must Be Defined in Its Own File" Error in Eclipse
Wrap the String After a Number of Characters Word-Wise in Java
How to Set Icon in a Column of Jtable
How to Tell Jackson to Ignore a Property for Which I Don't Have Control Over the Source Code
Javabean Wrapping with Javafx Properties
How to Avoid a Lot of If Else Conditions
Difference Between Shutdown and Shutdownnow of Executor Service