Abstract
We propose an integration of field access rights into the Java type system such that those access permission checks which are now performed dynamically (at run time), can instead be done statically, i.e. checked by the Java compiler and rechecked (at link time) by the bytecode verifier. We explain how this can be extended to remove all dynamic checks of field read access rights, completely eliminating the overhead of get methods for reading the value of a field. Improvements include using fast static lookup instead of dynamic dispatch for field access (without requiring a sophisticated inlining analysis), the space required by get methods is avoided, and denial-of-service attacks on field access is prevented. We sketch a formalization of adding field access to the bytecode verifier which will make it possible to prove that the change is safe and backwards compatible. Copyright © 2001 John Wiley & Sons, Ltd.