The expressions module allows to specify custom functions. It does some checks to ensure that the compiled Expression works correctly and does not produce linkage errors. It also checks parameters and return type to be doubles.
There are two problems with the current approach:
- the check gets classloaders of the method's declaring class. This fails if a security manager forbids access to bootstrap classes (e.g., java.lang.Math)
- the code only checks if method or declaring class are public, but not if it is really reachable. This may not be the case in Java 9 (different module without exports,...)
This issue will use MethodHandles to do the accessibility checks (it uses MethodHandles.publicLookup() to resolve the given reflected method). If that fails, our compiled code cannot acess it. If module system prevents access, this is also checked.
To fix the issue with classloaders, it uses a trick: It calls Class.forName() with the classloader we use to compile our expression. If that does not return the same class as the declared method, it also fails compilation. This prevents NoClassDefFoundException on executing the expression.
All tests pass.