Break OO privacy
You are encouraged to solve this task according to the task description, using any language you may know.
Show how to access private or protected members of a class in an object-oriented language from outside an instance of the class, without calling non-private or non-protected members of the class as a proxy. The intent is to show how a debugger, serializer, or other meta-programming tool might access information that is barred by normal access methods to the object but can nevertheless be accessed from within the language by some provided escape hatch or reflection mechanism. The intent is specifically not to demonstrate heroic measures such as peeking and poking raw memory.
Note that cheating on your type system is almost universally regarded as unidiomatic at best, and poor programming practice at worst. Nonetheless, if your language intentionally maintains a double-standard for OO privacy, here's where you can show it off.
ABAP
Similar to C++, ABAP allows the declaration of friends which can be both classes and interfaces. All subclasses of friend classes are automatically friends of the source class. For example if classA (source) has classB as a friend and classC is a subclass of classB then classC is a friend of classA. Similarly all implementing classes of friend interfaces are friends of the source class. Also all interfaces which contain the befriended interface as a component are friends of the source class.
class friendly_class definition deferred.
class my_class definition friends friendly_class .
public section.
methods constructor.
private section.
data secret type char30.
endclass.
class my_class implementation .
method constructor.
secret = 'a password'. " Instantiate secret.
endmethod.
endclass.
class friendly_class definition create public .
public section.
methods return_secret
returning value(r_secret) type char30.
endclass.
class friendly_class implementation.
method return_secret.
data lr_my_class type ref to my_class.
create object lr_my_class. " Instantiate my_class
write lr_my_class->secret. " Here's the privacy violation.
endmethod.
endclass.
Ada
One of the great criticisms of Pascal was "there is no escape". The reason was that sometimes you have to convert the incompatible. We start with a package, which defines the data type which holds the secret.
package OO_Privacy is
type Confidential_Stuff is tagged private;
subtype Password_Type is String(1 .. 8);
private
type Confidential_Stuff is tagged record
Password: Password_Type := "default!"; -- the "secret"
end record;
end OO_Privacy;
When we later define an object C of type Confidential_Stuff, we can't read read the password stored in C -- except by breaking / bypassing OO privacy rules.
Using Unchecked_Conversion
One way to read the password is by using the generic function Unchecked_Conversion:
with OO_Privacy, Ada.Unchecked_Conversion, Ada.Text_IO;
procedure OO_Break_Privacy is
type Hacker_Stuff is tagged record
Password: OO_Privacy.Password_Type := "?unknown";
end record;
function Hack is new Ada.Unchecked_Conversion
(Source => OO_Privacy.Confidential_Stuff, Target => Hacker_Stuff);
C: OO_Privacy.Confidential_Stuff; -- which password is hidden inside C?
begin
Ada.Text_IO.Put_Line("The secret password is """ & Hack(C).Password & """");
end OO_Break_Privacy;
The output shows that C holds, surprise, surprise, the default password:
The secret password is "default!"
Child Packages
Another way to bypass privacy is using a child package. Ada child packages have access to their parents' private data structures (somewhat similar to "friends" in C++"):
package OO_Privacy.Friend is -- child package of OO.Privacy
function Get_Password(Secret: Confidential_Stuff) return String;
end OO_Privacy.Friend;
package body OO_Privacy.Friend is -- implementation of the child package
function Get_Password(Secret: Confidential_Stuff) return String is
(Secret.Password);
end OO_Privacy.Friend;
Now here is the program that uses the child package, to read the secret:
with OO_Privacy.Friend, Ada.Text_IO;
procedure Bypass_OO_Privacy is
C: OO_Privacy.Confidential_Stuff; -- which password is hidden inside C?
begin
Ada.Text_IO.Put_Line("Password: """ &
OO_Privacy.Friend.Get_Password(C) &
"""");
end Bypass_OO_Privacy;
Once again, we have been too lazy to overwrite the default password:
Password: "default!"
In fact, the password has to be the default one, because we cannot change the password. For that purpose, we would have to write a setter procedure, and either include it in the package OO_Privacy, or in a child package of OO_Privacy. (Or we could use Unchecked_Conversion to overwrite the default password -- but that is bad style.)
C#
using System;
using System.Reflection;
public class MyClass
{
private int answer = 42;
}
public class Program
{
public static void Main()
{
var myInstance = new MyClass();
var fieldInfo = typeof(MyClass).GetField("answer", BindingFlags.NonPublic | BindingFlags.Instance);
var answer = fieldInfo.GetValue(myInstance);
Console.WriteLine(answer);
}
}
- Output:
42
C++
C++ has the 'friend' keyword to indicate that one class should have access to the private data of another. Here's a simple use case. (Please note that this code is not thread-safe.)
#include <iostream>
class CWidget; // Forward-declare that we have a class named CWidget.
class CFactory
{
friend class CWidget;
private:
unsigned int m_uiCount;
public:
CFactory();
~CFactory();
CWidget* GetWidget();
};
class CWidget
{
private:
CFactory& m_parent;
private:
CWidget(); // Disallow the default constructor.
CWidget(const CWidget&); // Disallow the copy constructor
CWidget& operator=(const CWidget&); // Disallow the assignment operator.
public:
CWidget(CFactory& parent);
~CWidget();
};
// CFactory constructors and destructors. Very simple things.
CFactory::CFactory() : m_uiCount(0) {}
CFactory::~CFactory() {}
// CFactory method which creates CWidgets.
CWidget* CFactory::GetWidget()
{
// Create a new CWidget, tell it we're its parent.
return new CWidget(*this);
}
// CWidget constructor
CWidget::CWidget(CFactory& parent) : m_parent(parent)
{
++m_parent.m_uiCount;
std::cout << "Widget spawning. There are now " << m_parent.m_uiCount << " Widgets instanciated." << std::endl;
}
CWidget::~CWidget()
{
--m_parent.m_uiCount;
std::cout << "Widget dieing. There are now " << m_parent.m_uiCount << " Widgets instanciated." << std::endl;
}
int main()
{
CFactory factory;
CWidget* pWidget1 = factory.GetWidget();
CWidget* pWidget2 = factory.GetWidget();
delete pWidget1;
CWidget* pWidget3 = factory.GetWidget();
delete pWidget3;
delete pWidget2;
}
- Output:
Widget spawning. There are now 1 Widgets instanciated.
Widget spawning. There are now 2 Widgets instanciated.
Widget dieing. There are now 1 Widgets instanciated.
Widget spawning. There are now 2 Widgets instanciated.
Widget dieing. There are now 1 Widgets instanciated.
Widget dieing. There are now 0 Widgets instanciated.
Without the "friend" mechanism, it's still possible to meaningfully modify any member in another class, as long as you know that member's address in memory, and its type. Here's the same program as above, but using a pointer to m_uicount, rather a reference to the factory:
#include <iostream>
class CWidget; // Forward-declare that we have a class named CWidget.
class CFactory
{
private:
unsigned int m_uiCount;
public:
CFactory();
~CFactory();
CWidget* GetWidget();
};
class CWidget
{
private:
unsigned int* m_pCounter;
private:
CWidget(); // Disallow the default constructor.
CWidget(const CWidget&); // Disallow the copy constructor
CWidget& operator=(const CWidget&); // Disallow the assignment operator.
public:
CWidget(unsigned int* pCounter);
~CWidget();
};
// CFactory constructors and destructors. Very simple things.
CFactory::CFactory() : m_uiCount(0) {}
CFactory::~CFactory() {}
// CFactory method which creates CWidgets.
CWidget* CFactory::GetWidget()
{
// Create a new CWidget, tell it we're its parent.
return new CWidget(&m_uiCount);
}
// CWidget constructor
CWidget::CWidget(unsigned int* pCounter) : m_pCounter(pCounter)
{
++*m_pCounter;
std::cout << "Widget spawning. There are now " << *m_pCounter<< " Widgets instanciated." << std::endl;
}
CWidget::~CWidget()
{
--*m_pCounter;
std::cout << "Widget dieing. There are now " << *m_pCounter<< " Widgets instanciated." << std::endl;
}
int main()
{
CFactory factory;
CWidget* pWidget1 = factory.GetWidget();
CWidget* pWidget2 = factory.GetWidget();
delete pWidget1;
CWidget* pWidget3 = factory.GetWidget();
delete pWidget3;
delete pWidget2;
}
Clojure
You can use the var-quote macro to get values from private variables. Here's an example of a variable 'priv' marked private in namespace 'a':
(ns a)
(def ^:private priv :secret)
; From REPL, in another namespace 'user':
user=> @a/priv ; fails with: IllegalStateException: var: a/priv is not public
user=> @#'a/priv ; succeeds
:secret
Clojure can also access Java private variables with the same strategy that Java uses. As a convenience, use the get-field function from clojure.contrib.reflect. Here's an example of grabbing the private field "serialVersionUID" from java.lang.Double:
user=> (get-field Double "serialVersionUID" (Double/valueOf 1.0))
-9172774392245257468
Common Lisp
Common Lisp doesn't have concepts like class scopes, name lookup rules, or access. Essentially, the way things are referenced in the source code (the static view of the program) is not involved in the class hierarchy. For instance, when a class is derived from another one, it is purely an object-oriented inheritance. There is no parallel symbol-table inheritance going on whereby one namespace becomes a tributary of another (the identifier scope of a derived class inheriting symbols from, or a visibility window into the base class).
The primary concept of naming privacy in Lisp is located in the package system.
An external symbol S in package P can be accessed using P:S. If S is internal then P:S results in error at read time.
This is completely independent of context and orthogonal to the use of symbols to denote class slots (instance variables), methods, functions, class names themselves, global variables, et cetera.
Even if the private symbol appears in a literal piece of data like a quoted list, it is an error to refer to it: (1 2 3 P:S)
.
The internal symbol S in package P can be accessed using P::S
.
This is easy to do because programmers are assumed to be responsible grownups who can be trusted to know what they are doing.
Also, note that this privacy is a property of the relationship between a symbol and a package.
A symbol can be present in more than one package, such that it can be internal in some of them, and external in others.
(defpackage :funky
;; only these symbols are public
(:export :widget :get-wobbliness)
;; for convenience, bring common lisp symbols into funky
(:use :cl))
;; switch reader to funky package: all symbols that are
;; not from the CL package are interned in FUNKY.
(in-package :funky)
(defclass widget ()
;; :initarg -> slot "wobbliness" is initialized using :wobbliness keyword
;; :initform -> if initarg is missing, slot defaults to 42
;; :reader -> a "getter" method called get-wobbliness is generated
((wobbliness :initarg :wobbliness :initform 42 :reader get-wobbliness)))
;; simulate being in another source file with its own package:
;; cool package gets external symbols from funky, and cl:
(defpackage :cool
(:use :funky :cl))
(in-package :cool)
;; we can use the symbol funky:widget without any package prefix:
(defvar *w* (make-instance 'widget :wobbliness 36))
;; ditto with funky:get-wobbliness
(format t "wobbliness: ~a~%" (get-wobbliness *w*))
;; direct access to the slot requires fully qualified private symbol
;; and double colon:
(format t "wobbliness: ~a~%" (slot-value *w* 'funky::wobbliness))
;; if we use unqualified wobbliness, it's a different symbol:
;; it is cool::wobbliness interned in our local package.
;; we do not have funky:wobbliness because it's not exported by funky.
(unless (ignore-errors
(format t "wobbliness: ~a~%" (slot-value *w* 'wobbliness)))
(write-line "didn't work"))
;; single colon results in error at read time! The expression is not
;; even read and evaluated. The symbol is internal and so cannot be used.
(format t "wobbliness: ~a~%" (slot-value *w* 'funky:wobbliness))
- Output:
using CLISP
wobbliness: 36 wobbliness: 36 didn't work *** - READ from #<INPUT BUFFERED FILE-STREAM CHARACTER #P"funky.lisp" @44>: #<PACKAGE FUNKY> has no external symbol with name "WOBBLINESS"
D
Private members can be accessed by other code in the same module. You can access private members of structs/classes imported from another module using compile time reflection.
breakingprivacy.d:
module breakingprivacy;
struct Foo
{
int[] arr;
private:
int x;
string str;
float f;
}
app.d:
import std.stdio;
import breakingprivacy;
void main()
{
auto foo = Foo([1,2,3], 42, "Hello World!", 3.14);
writeln(foo);
// __traits(getMember, obj, name) allows you to access any field of obj given its name
// Reading a private field
writeln("foo.x = ", __traits(getMember, foo, "x"));
// Writing to a private field
__traits(getMember, foo, "str") = "Not so private anymore!";
writeln("Modified foo: ", foo);
}
- Output:
Foo([1, 2, 3], 42, "Hello World!", 3.14)
foo.x = 42
Modified foo: Foo([1, 2, 3], 42, "Not so private anymore!", 3.14)
E
In its goal of supporting programs including mutually suspicious robust components and potentially executing untrusted code, E specifically does not provide any means within the language to break the encapsulation of an object. The official answer to how you access private state is: evaluate the code with a special evaluator which permits such access to the objects the code creates, or, entirely equivalently, transform the code so that each object definition has hooks for private access.
Ecstasy
In Ecstasy, using the keywords public , protected , and private to mark classes and class members is solely for the benefit of the developer, and not in any way related to security. These keywords help the developer to classify information among three categories: Things that are useful to everyone; things that are useful to further compositions (such as sub-classes and mixins); and things that, were they exposed, would likely to create an ugly mess. Information hiding is about organization, and not about security.
An Ecstasy reference contains both its type (the type of the reference itself, as opposed to the type of the referred-to object, a.k.a. the referent), and the means -- a "pointer" or a "value" -- to refer to the referent. By default, the type of a reference is of the public type of the referent, but it is possible to reveal the referent as any other legal type -- where legal simply means that strong type safety is enforced. This is not a type cast; it is a request to the runtime to provide a different reference to the same underlying object.
Ecstasy security is accomplished by the use of software containers. Code running in a container is always allowed reveal any legal type on any object created within that container, including any object created within sub-containers. However, the runtime will reject any reveal request on any object that was not created within that container.
module BreakOO {
/**
* This is a class with public, protected, and private properties.
*/
class Exposed {
public String pub = "public";
protected String pro = "protected";
private String pri = "private";
@Override
String toString() {
return $"pub={pub.quoted()}, pro={pro.quoted()}, pri={pri.quoted()}";
}
}
void run() {
@Inject Console console;
Exposed expo = new Exposed();
console.print($"before: {expo}");
// you can only access public members from the default reference
expo.pub = $"this was {expo.pub}";
// expo.pro = $"this was {expo.pro}"; <- compiler error
// expo.pri = $"this was {expo.pri}"; <- compiler error
// but you can ask for the protected reference ...
assert (protected Exposed) expoPro := &expo.revealAs((protected Exposed));
expoPro.pro = $"this was {expoPro.pro}";
// expoPro.pri = $"this was {expoPro.pri}"; <- compiler error
// and you can ask for the private reference ...
assert (private Exposed) expoPri := &expo.revealAs((private Exposed));
expoPri.pri = $"this was {expoPri.pri}";
// or you can ask for the underlying struct, which is a passive
// object that contains only the field storage
assert (struct Exposed) expoStr := &expo.revealAs((struct Exposed));
expoStr.pub = $"{expoStr.pub}!!!";
expoStr.pro = $"{expoStr.pro}!!!";
expoStr.pri = $"{expoStr.pri}!!!";
console.print($"after: {expo}");
}
}
- Output:
before: pub="public", pro="protected", pri="private" after: pub="this was public!!!", pro="this was protected!!!", pri="this was private!!!"
F#
open System
open System.Reflection
type MyClass() =
let answer = 42
member this.GetAnswer
with get() = answer
[<EntryPoint>]
let main argv =
let myInstance = MyClass()
let fieldInfo = myInstance.GetType().GetField("answer", BindingFlags.NonPublic ||| BindingFlags.Instance)
let answer = fieldInfo.GetValue(myInstance)
printfn "%s = %A" (answer.GetType().ToString()) answer
0
- Output:
System.Int32 = 42
Factor
From the documentation for private words: "Privacy is not enforced by the system; private words can be called from other vocabularies, and from the listener. However, this should be avoided where possible."
This example uses the private word sequence/tester from the vocabulary sets.private. It tries to count the elements in an intersection of two sets.
( scratchpad ) USING: sets sets.private ;
( scratchpad ) { 1 2 3 } { 1 2 4 } sequence/tester count .
2
There is better way to do the same, without any private words.
( scratchpad ) USE: sets
( scratchpad ) { 1 2 3 } { 1 2 4 } intersect length .
2
Forth
Works with any ANS Forth
Needs the FMS-SI (single inheritance) library code located here: http://soton.mpeforth.com/flag/fms/index.html
include FMS-SI.f
99 value x \ create a global variable named x
:class foo
ivar x \ this x is private to the class foo
:m init: 10 x ! ;m \ constructor
:m print x ? ;m
;class
foo f1 \ instantiate a foo object
f1 print \ 10 access the private x with the print message
x . \ 99 x is a globally scoped name
50 .. f1.x ! \ use the dot parser to access the private x without a message
f1 print \ 50
FreeBASIC
FreeBASIC generally does a good job of maintaining OO privacy as it doesn't support reflection and even its OffsetOf keyword cannot obtain the offset within a user defined type of a private or protected field. You therefore have to guess the offset of a non-public field in order to be able to access it using a raw pointer though this is not generally a difficult task.
However, as usual, macros come to the rescue and one can easily access non-public members by the simple expedient (or, if you prefer, 'dirty hack') of redefining the Private and Protected keywords to mean Public:
'FB 1.05.0 Win64
#Undef Private
#Undef Protected
#Define Private Public
#Define Protected Public
Type MyType
Public :
x As Integer = 1
Protected :
y As Integer = 2
Private :
z As Integer = 3
End Type
Dim mt As MyType
Print mt.x, mt.y, mt.z
Print
Print "Press any key to quit"
Sleep
- Output:
1 2 3
Go
Go has a reflect
and unsafe
package that together can do this.
Of course, as mentioned in the task description, this is a bad idea.
A relevant Go Blog article is The Laws of Reflection.
package main
import (
"bufio"
"errors"
"fmt"
"os"
"reflect"
"unsafe"
)
type foobar struct {
Exported int // In Go identifiers that are capitalized are exported,
unexported int // while lowercase identifiers are not.
}
func main() {
obj := foobar{12, 42}
fmt.Println("obj:", obj)
examineAndModify(&obj)
fmt.Println("obj:", obj)
anotherExample()
}
// For simplicity this skips several checks. It assumes the thing in the
// interface is a pointer without checking (v.Kind()==reflect.Ptr),
// it then assumes it is a structure type with two int fields
// (v.Kind()==reflect.Struct, f.Type()==reflect.TypeOf(int(0))).
func examineAndModify(any interface{}) {
v := reflect.ValueOf(any) // get a reflect.Value
v = v.Elem() // dereference the pointer
fmt.Println(" v:", v, "=", v.Interface())
t := v.Type()
// Loop through the struct fields
fmt.Printf(" %3s %-10s %-4s %s\n", "Idx", "Name", "Type", "CanSet")
for i := 0; i < v.NumField(); i++ {
f := v.Field(i) // reflect.Value of the field
fmt.Printf(" %2d: %-10s %-4s %t\n", i,
t.Field(i).Name, f.Type(), f.CanSet())
}
// "Exported", field 0, has CanSet==true so we can do:
v.Field(0).SetInt(16)
// "unexported", field 1, has CanSet==false so the following
// would fail at run-time with:
// panic: reflect: reflect.Value.SetInt using value obtained using unexported field
//v.Field(1).SetInt(43)
// However, we can bypass this restriction with the unsafe
// package once we know what type it is (so we can use the
// correct pointer type, here *int):
vp := v.Field(1).Addr() // Take the fields's address
up := unsafe.Pointer(vp.Pointer()) // … get an int value of the address and convert it "unsafely"
p := (*int)(up) // … and end up with what we want/need
fmt.Printf(" vp has type %-14T = %v\n", vp, vp)
fmt.Printf(" up has type %-14T = %#0x\n", up, up)
fmt.Printf(" p has type %-14T = %v pointing at %v\n", p, p, *p)
*p = 43 // effectively obj.unexported = 43
// or an incr all on one ulgy line:
*(*int)(unsafe.Pointer(v.Field(1).Addr().Pointer()))++
// Note that as-per the package "unsafe" documentation,
// the return value from vp.Pointer *must* be converted to
// unsafe.Pointer in the same expression; the result is fragile.
//
// I.e. it is invalid to do:
// thisIsFragile := vp.Pointer()
// up := unsafe.Pointer(thisIsFragile)
}
// This time we'll use an external package to demonstrate that it's not
// restricted to things defined locally. We'll mess with bufio.Reader's
// interal workings by happening to know they have a non-exported
// "err error" field. Of course future versions of Go may not have this
// field or use it in the same way :).
func anotherExample() {
r := bufio.NewReader(os.Stdin)
// Do the dirty stuff in one ugly and unsafe statement:
errp := (*error)(unsafe.Pointer(
reflect.ValueOf(r).Elem().FieldByName("err").Addr().Pointer()))
*errp = errors.New("unsafely injected error value into bufio inner workings")
_, err := r.ReadByte()
fmt.Println("bufio.ReadByte returned error:", err)
}
- Output:
obj: {12 42} v: <main.foobar Value> = {12 42} Idx Name Type CanSet 0: Exported int true 1: unexported int false vp has type reflect.Value = <*int Value> up has type unsafe.Pointer = 0xc208000208 p has type *int = 0xc208000208 pointing at 42 obj: {16 44} bufio.ReadByte returned error: unsafely injected error value into bufio inner workings
Icon and Unicon
Unicon implements object environments with records and supporting procedures for creation, initialization, and methods. The variables in the class environment can be accessed like any other record field. Additionally, with the fieldnames procedure you can obtain the names of the class variables.
In addition to debuggers and diagnostic tools, these techniques could be used in 'monkey patching' extensions (see Add_a_variable_to_a_class_instance_at_runtime).
Note: Unicon can be translated via a command line switch into icon which allows for classes to be shared with Icon code (assuming no other incompatibilities exist).
link printf
procedure main()
(x := foo(1,2,3)).print() # create and show a foo
printf("Fieldnames of foo x : ") # show fieldnames
every printf(" %i",fieldnames(x)) # __s (self), __m (methods), vars
printf("\n")
printf("var 1 of foo x = %i\n", x.var1) # read var1 from outside x
x.var1 := -1 # change var1 from outside x
x.print() # show we changed it
end
class foo(var1,var2,var3) # class with no set/read methods
method print()
printf("foo var1=%i, var2=%i, var3=%i\n",var1,var2,var3)
end
end
printf.icn provides formatting
Output:
foo var1=1, var2=2, var3=3 Fieldnames of foo x : "__s" "__m" "var1" "var2" "var3" var 1 of foo x = 1 foo var1=-1, var2=2, var3=3
J
Current implementations of J do not enforce OO privacy, instead favoring design techniques (such as functional programming) which eliminate private information in persistent contexts.
It's possible to use OS features (such as other processes, and servers) to hide information. But that, by definition, is outside the scope of the language.
J does support a "Lock Script" mechanism - to transform a J script so that it's unreadable. However, anyone with access to a machine running the code and ordinary developer tools or who understands the "locking" technique could unlock it.
Java
In order the access a class member of another class which is marked as private
, you'll need to use reflection.
Java offers a collection of reflection-related utilities within the java.lang.reflect
package.
In this example I'll use a class with two fields, stringA
and stringB
.
class Example {
String stringA = "rosetta";
private String stringB = "code";
}
From another class, I'll instantiate Example
, and use a Field
object to return a specified, declared field.
To do this you call the getDeclaredField
on your Class
object, supplying the name of the field.
Example example = new Example();
Field field = example.getClass().getDeclaredField("stringB");
To allow access to stringB
we'll need to use the Field.setAccessible
method, and signify true.
This is essentially what the task is looking for, the ability to override the access-modifier.
field.setAccessible(true);
Now, we can access the data from the field by using the Field.get
method, specifying the instance as the parameter.
String stringB = (String) field.get(example);
So, all together our method would contain the following lines.
Example example = new Example();
Field field = example.getClass().getDeclaredField("stringB");
field.setAccessible(true);
String stringA = example.stringA;
String stringB = (String) field.get(example);
System.out.println(stringA + " " + stringB);
With an output of the following.
rosetta code
If we hadn't used the Field.setAccessible
method, we would get an IllegalAccessException
.
cannot access a member of class Example with modifiers "private"
Additionally, you can do this with methods via the Method
object.
Consider the following class.
class Example {
String stringA = "rosetta";
private String stringB() {
return "code";
}
}
The approach is the same, except we are using getDeclaredMethod
, and instead of get
we are using invoke
.
Example example = new Example();
Method method = example.getClass().getDeclaredMethod("stringB");
method.setAccessible(true);
String stringA = example.stringA;
String stringB = (String) method.invoke(example);
System.out.println(stringA + " " + stringB);
rosetta code
Julia
Julia's object model is one of structs which contain data and methods which are just functions using those structs, with multiple dispatch, rather than object methods, used to distinguish similarly named calls for different object types. Julia does not therefore enforce any private fields in its structures, since, except for constructors, it does not distinguish object methods from other functions. If private fields or methods are actually needed they can be kept from view by placing them inside a module which cannot be directly accessed by user code, such as in a module within a module.
Kotlin
For tasks such as this, reflection is your friend:
import kotlin.reflect.full.declaredMemberProperties
import kotlin.reflect.jvm.isAccessible
class ToBeBroken {
@Suppress("unused")
private val secret: Int = 42
}
fun main(args: Array<String>) {
val tbb = ToBeBroken()
val props = ToBeBroken::class.declaredMemberProperties
for (prop in props) {
prop.isAccessible = true // make private properties accessible
println("${prop.name} -> ${prop.get(tbb)}")
}
}
- Output:
secret -> 42
Logtalk
Logtalk provides a context switching call control construct that allows a call to be executed as from within an object. It's mainly used for debugging and for writing unit tests. This control construct can be disabled on a global or per object basis to prevent it of being used to break encapsulation.
In the following example, a prototype is used for simplicity.
:- object(foo).
% be sure that context switching calls are allowed
:- set_logtalk_flag(context_switching_calls, allow).
% declare and define a private method
:- private(bar/1).
bar(1).
bar(2).
bar(3).
:- end_object.
After compiling and loading the above object, we can use the following query to access the private method:
| ?- foo<<bar(X).
X = 1 ;
X = 2 ;
X = 3
true
Lua
Lua doesn't have a native concept of classes, and the only custom data structure available is the table (in which all fields are always public). However, it's pretty common for table/object creation functions in object-oriented code to return instances of other functions that uses local variables through lexical scoping, or their closure, which is not accessible to the outside code and could be considered a space with "private" fields. These can be accessed indirectly through the debug library.
local function Counter()
-- These two variables are "private" to this function and can normally
-- only be accessed from within this scope, including by any function
-- created inside here.
local counter = {}
local count = 0
function counter:increment()
-- 'count' is an upvalue here and can thus be accessed through the
-- debug library, as long as we have a reference to this function.
count = count + 1
end
return counter
end
-- Create a counter object and try to access the local 'count' variable.
local counter = Counter()
for i = 1, math.huge do
local name, value = debug.getupvalue(counter.increment, i)
if not name then break end -- No more upvalues.
if name == "count" then
print("Found 'count', which is "..tostring(value))
-- If the 'counter.increment' function didn't access 'count'
-- directly then we would never get here.
break
end
end
- Output:
Found 'count', which is 0
Note that there's an infinite number of other more complex ways for functions to store values in a "private" manner, and the introspection functionality of the debug library can only get you so far.
M2000 Interpreter
We want to read two private variables, and change values without using a public method (a module or a function), and without attach a temporary method (we can do that in M2000). There is a variant in READ statemend to set references from group members (for variables and arrays, and objects) to names with a reference for each. So using these names (here in the exaample K, M) we can read and write private variables.
Module CheckIt {
Group Alfa {
Private:
X=10, Y=20
Public:
Module SetXY (.X, .Y) {}
Module Print {
Print .X, .Y
}
}
Alfa.Print ' 10 20
\\ we have to KnΟw position in group
\\ so we make references from two first
Read From Alfa, K, M
Print K=10, M=20
K+=10
M+=1000
Alfa.Print ' 20 1020
}
CheckIt
Nim
File oo.nim:
type Foo* = object
a: string
b: string
c: int
proc createFoo*(a, b, c): Foo =
Foo(a: a, b: b, c: c)
By not adding a *
to Foo
's members we don't export them. When we import this module we can't use them directly:
var x = createFoo("this a", "this b", 12)
echo x.a # compile time error
The easiest way to get a debug view of any data:
echo repr(x)
Output:
[a = 0x7f6bb87a7050"this a", b = 0x7f6bb87a7078"this b", c = 12]
More fine-grained:
import typeinfo
for key, val in fields(toAny(x)):
echo "Key ", key
case val.kind
of akString:
echo " is a string with value: ", val.getString
of akInt..akInt64, akUint..akUint64:
echo " is an integer with value: ", val.getBiggestInt
else:
echo " is an unknown with value: ", val.repr
Output:
Key a is a string with value: this a Key b is a string with value: this b Key c is an integer with value: 12
Objective-C
In older versions of the compiler, you can simply access a private field from outside of the class. The compiler will give a warning, but you can ignore it and it will still compile. However, in current compiler versions it is now a hard compile error.
Key-Value Coding
One solution is to use Key-Value Coding. It treats properties and instance variables as "keys" that you can get and set using key-value coding methods.
#import <Foundation/Foundation.h>
@interface Example : NSObject {
@private
NSString *_name;
}
- (instancetype)initWithName:(NSString *)name;
@end
@implementation Example
- (NSString *)description {
return [NSString stringWithFormat:@"Hello, I am %@", _name];
}
- (instancetype)initWithName:(NSString *)name {
if ((self = [super init])) {
_name = [name copy];
}
return self;
}
@end
int main (int argc, const char * argv[]) {
@autoreleasepool{
Example *foo = [[Example alloc] initWithName:@"Eric"];
// get private field
NSLog(@"%@", [foo valueForKey:@"name"]);
// set private field
[foo setValue:@"Edith" forKey:@"name"];
NSLog(@"%@", foo);
}
return 0;
}
- Output:
Eric Hello, I am Edith
Category
Another solution is to use a category to add methods to the class (you can have categories in your code modify any class, even classes compiled by someone else, including system classes). Since the new method is in the class, it can use the class's private instance variables with no problem.
#import <Foundation/Foundation.h>
@interface Example : NSObject {
@private
NSString *_name;
}
- (instancetype)initWithName:(NSString *)name;
@end
@implementation Example
- (NSString *)description {
return [NSString stringWithFormat:@"Hello, I am %@", _name];
}
- (instancetype)initWithName:(NSString *)name {
if ((self = [super init])) {
_name = [name copy];
}
return self;
}
@end
@interface Example (HackName)
- (NSString *)getName;
- (void)setNameTo:(NSString *)newName;
@end
@implementation Example (HackName)
- (NSString *)getName {
return _name;
}
- (void)setNameTo:(NSString *)newName {
_name = [newName copy];
}
@end
int main (int argc, const char * argv[]) {
@autoreleasepool{
Example *foo = [[Example alloc] initWithName:@"Eric"];
// get private field
NSLog(@"%@", [foo getName]);
// set private field
[foo setNameTo:@"Edith"];
NSLog(@"%@", foo);
}
return 0;
}
- Output:
Eric Hello, I am Edith
Reflection
Finally, you can access the instance variable directly using runtime functions.
#import <Foundation/Foundation.h>
#import <objc/runtime.h>
@interface Example : NSObject {
@private
NSString *_name;
}
- (instancetype)initWithName:(NSString *)name;
@end
@implementation Example
- (NSString *)description {
return [NSString stringWithFormat:@"Hello, I am %@", _name];
}
- (instancetype)initWithName:(NSString *)name {
if ((self = [super init])) {
_name = [name copy];
}
return self;
}
@end
int main (int argc, const char * argv[]) {
@autoreleasepool{
Example *foo = [[Example alloc] initWithName:@"Eric"];
// get private field
Ivar nameField = class_getInstanceVariable([foo class], "_name");
NSLog(@"%@", object_getIvar(foo, nameField));
// set private field
object_setIvar(foo, nameField, @"Edith");
NSLog(@"%@", foo);
}
return 0;
}
- Output:
Eric Hello, I am Edith
OCaml
OCaml includes a function called Obj.magic, of type 'a -> 'b.
That type alone should tell you that this function is crystallized pure evil. The following is not quite as heroic as peeking at random addresses of memory, but to repeat it does require an understanding of the physical layout of OCaml data.
In the following, point's attributes are completely private to the object. They can be revealed with print but can't be directly modified or checked at all. Obj.magic is then used to commit this lie: actually, what was a point object, can be viewed as a four-element tuple of ints. The first two values are meaningless except to OCaml internals and are discarded; the second two values are point's hidden attributes. Then, an even more sinister lie is told that allows us to mutate the point's hidden attributes. Lies of this nature can be used to mutate normally immutable data, which can directly lead to very hard to understand bugs.
The reader is advised to stop reading here.
class point x y =
object
val mutable x = x
val mutable y = y
method print = Printf.printf "(%d, %d)\n" x y
method dance =
x <- x + Random.int 3 - 1;
y <- y + Random.int 3 - 1
end
type evil_point {
blah : int;
blah2 : int;
mutable x : int;
mutable y : int;
}
let evil_reset p =
let ep = Obj.magic p in
ep.x <- 0;
ep.y <- 0
let () =
let p = new point 0 0 in
p#print;
p#dance;
p#print;
p#dance;
p#print;
let (_, _, x, y) : int * int * int * int = Obj.magic p in
Printf.printf "Broken coord: (%d, %d)\n" x y;
evil_reset p
p#print
- Output:
(0, 0) (-1, 0) (-1, -1) Broken coord: (-1, -1) (0, 0)
Oforth
In Oforth, all attributes are private.
There is no other way to access attributes values from outside but to call methods on the object.
PascalABC.NET
uses System.Reflection;
type MyClass = class
private
x: integer := 5;
public
procedure PrintFields := Print(x);
end;
begin
var a := new MyClass;
var fi := a.GetType.GetField('x', BindingFlags.Instance or BindingFlags.NonPublic);
fi.SetValue(a,777);
a.PrintFields;
end.
- Output:
777
Perl
Perl's object model does not enforce privacy. An object is just a blessed reference, and a blessed reference can be dereferenced just like an ordinary reference.
package Foo;
sub new {
my $class = shift;
my $self = { _bar => 'I am ostensibly private' };
return bless $self, $class;
}
sub get_bar {
my $self = shift;
return $self->{_bar};
}
package main;
my $foo = Foo->new();
print "$_\n" for $foo->get_bar(), $foo->{_bar};
- Output:
I am ostensibly private I am ostensibly private
Phix
Privacy operates by having a context of routine_id("classname") in force between the class..end class.
We can easily break that privacy mechanism via low-level routines with the required simulated/fake context,
and at the same time be reasonably confident that no-one is ever going to manage to achieve that by accident.
without js -- (no class under p2js) class test private string msg = "this is a test" procedure show() ?this.msg end procedure end class test t = new() t.show() --?t.msg -- illegal --t.msg = "this is broken" -- illegal include builtins\structs.e as structs constant ctx = routine_id("test") -- magic/context --constant ctx = "test" -- also works --constant ctx = test -- also works ?structs:fetch_field(t,"msg",ctx)&" (with some magic)" structs:store_field(t,"msg","this breaks privacy",ctx) t.show()
(Obviously you could inline the ctx values rather than create a separate constant.)
- Output:
"this is a test" "this is a test (with some magic)" "this breaks privacy"
PHP
While normally accessing private variables causes fatal errors, it's possible to catch output of some debugging functions and use it. Known functions which can get private variables include: var_dump()
, print_r()
, var_export()
and serialize()
. The easiest to use is var_export()
because it's both valid PHP code and doesn't recognize private and public variables.
<?php
class SimpleClass {
private $answer = "hello\"world\nforever :)";
}
$class = new SimpleClass;
ob_start();
// var_export() expects class to contain __set_state() method which would import
// data from array. But let's ignore this and remove from result the method which
// sets state and just leave data which can be used everywhere...
var_export($class);
$class_content = ob_get_clean();
$class_content = preg_replace('"^SimpleClass::__set_state\("', 'return ', $class_content);
$class_content = preg_replace('"\)$"', ';', $class_content);
$new_class = eval($class_content);
echo $new_class['answer'];
Another way commonly used to access private and protected variables in PHP is to cast the object to an array. It's probably unintentional though looking on how casted array contains null bytes (probably "private" mark). This works unless a magic method for the cast operation is implemented:
<?php
class SimpleClass {
private $answer = 42;
}
$class = new SimpleClass;
$classvars = (array)$class;
echo $classvars["\0SimpleClass\0answer"];
Since php 5.3, one can easily read and write any protected and private member in a object via reflection.
<?php
class fragile {
private $foo = 'bar';
}
$fragile = new fragile;
$ro = new ReflectionObject($fragile);
$rp = $ro->getProperty('foo');
$rp->setAccessible(true);
var_dump($rp->getValue($fragile));
$rp->setValue($fragile, 'haxxorz!');
var_dump($rp->getValue($fragile));
var_dump($fragile);
- Output:
string(3) "bar" string(8) "haxxorz!" object(fragile)#1 (1) { ["foo":"fragile":private]=> string(8) "haxxorz!" }
PicoLisp
PicoLisp uses "transient symbols" for variables, functions, methods etc. inaccessible from other parts of the program. Lexically, a transient symbol is enclosed by double quotes. The only way to access a transient symbol outside its namespace is to search for its name in other (public) structures. This is done by the 'loc' function.
(class +Example)
# "_name"
(dm T (Name)
(=: "_name" Name) )
(dm string> ()
(pack "Hello, I am " (: "_name")) )
(====) # Close transient scope
(setq Foo (new '(+Example) "Eric"))
Test:
: (string> Foo) # Access via method call
-> "Hello, I am Eric"
: (get Foo '"_name") # Direct access doesn't work
-> NIL
: (get Foo (loc "_name" +Example)) # Locating the transient symbol works
-> "Eric"
: (put Foo (loc "_name" +Example) "Edith")
-> "Edith"
: (string> Foo) # Ditto
-> "Hello, I am Edith"
: (get Foo '"_name")
-> NIL
: (get Foo (loc "_name" +Example))
-> "Edith"
Python
Python isn't heavily into private class names. Although private class names can be defined by using a double underscore at the start of the name, such names are accessible as they are mangled into the original name preceded by the name of its class as shown in this example:
>>> class MyClassName:
__private = 123
non_private = __private * 2
>>> mine = MyClassName()
>>> mine.non_private
246
>>> mine.__private
Traceback (most recent call last):
File "<pyshell#23>", line 1, in <module>
mine.__private
AttributeError: 'MyClassName' object has no attribute '__private'
>>> mine._MyClassName__private
123
>>>
Raku
(formerly Perl 6)
We may call into the MOP (Meta-Object Protocol) via the .^ operator, and the MOP knows all about the object, including any supposedly private bits. We ask for its attributes, find the correct one, and get its value.
class Foo {
has $!shyguy = 42;
}
my Foo $foo .= new;
say $foo.^attributes.first('$!shyguy').get_value($foo);
- Output:
42
Ruby
Ruby lets you redefine great parts of the object model at runtime and provides several methods to do so conveniently. For a list of all available methods look up the documentation of Object
and Module
or call informative methods at runtime (puts Object.methods
).
class Example
def initialize
@private_data = "nothing" # instance variables are always private
end
private
def hidden_method
"secret"
end
end
example = Example.new
p example.private_methods(false) # => [:hidden_method]
#p example.hidden_method # => NoMethodError: private method `name' called for #<Example:0x101308408>
p example.send(:hidden_method) # => "secret"
p example.instance_variables # => [:@private_data]
p example.instance_variable_get :@private_data # => "nothing"
p example.instance_variable_set :@private_data, 42 # => 42
p example.instance_variable_get :@private_data # => 42
Scala
class Example(private var name: String) {
override def toString = s"Hello, I am $name"
}
object BreakPrivacy extends App {
val field = classOf[Example].getDeclaredField("name")
field.setAccessible(true)
val foo = new Example("Erik")
println(field.get(foo))
field.set(foo, "Edith")
println(foo)
}
Sidef
Sidef's object model does not enforce privacy, but it allows storing private attributes inside the container of an object, which is an hash:
class Example {
has public = "foo"
method init {
self{:private} = "secret"
}
}
var obj = Example();
# Access public attributes
say obj.public; #=> "foo"
say obj{:public}; #=> "foo"
# Access private attributes
say obj{:private}; #=> "secret"
Swift
Swift reflection provides a Collection of label-value pairs for struct properties
struct Example {
var notSoSecret = "Hello!"
private var secret = 42
}
let e = Example()
let mirror = Mirror(reflecting: e)
if let secret = mirror.children.filter({ $0.label == "secret" }).first?.value {
print("Value of the secret is \(secret)")
}
- Output:
Value of the secret is 42
Tcl
Tcl's object properties are just variables in the a per-instance namespace; all that's required to get hold of them is to discover the name of the namespace concerned:
package require Tcl 8.6
oo::class create Example {
variable name
constructor n {set name $n}
method print {} {puts "Hello, I am $name"}
}
set e [Example new "Eric"]
$e print
set [info object namespace $e]::name "Edith"
$e print
- Output:
Hello, I am Eric Hello, I am Edith
Visual Basic .NET
Like the other .NET languages, VB can use Reflection (Microsoft docs).
Imports System.Reflection
' MyClass is a VB keyword.
Public Class MyClazz
Private answer As Integer = 42
End Class
Public Class Program
Public Shared Sub Main()
Dim myInstance = New MyClazz()
Dim fieldInfo = GetType(MyClazz).GetField("answer", BindingFlags.NonPublic Or BindingFlags.Instance)
Dim answer = fieldInfo.GetValue(myInstance)
Console.WriteLine(answer)
End Sub
End Class
- Output:
42
Wren
In Wren all instance and static fields of a class are private and are prefixed by an underscore and a double underscore respectively. There is no way to break the privacy of such fields that I'm aware of (Wren doesn't have reflection). If one wants to provide public access to fields then this is done via getter and/or setter methods.
However, there is no such thing as a private method. Although conventionally methods which are not intended to be called from outside the class are suffixed with an underscore, this doesn't prevent anyone from accessing them as the following example shows.
class Safe {
construct new() { _safe = 42 } // the field _safe is private
safe { _safe } // provides public access to field
doubleSafe { notSoSafe_ } // another public method
notSoSafe_ { _safe * 2 } // intended only for private use but still accesible externally
}
var s = Safe.new()
var a = [s.safe, s.doubleSafe, s.notSoSafe_]
for (e in a) System.print(e)
- Output:
42 84 84
zkl
In zkl, privacy is more convention than enforced (unlike const or protected).
class C{var [private] v; fcn [private] f{123} class [private] D {}}
C.v; C.f; C.D; // all generate NotFoundError exceptions
However:
C.fcns //-->L(Fcn(nullFcn),Fcn(f))
C.fcns[1]() //-->123
C.classes //-->L(Class(D))
C.vars //-->L(L("",Void)) (name,value) pairs
In the case of private vars, the name isn't saved.
- Object oriented
- Programming Tasks
- Solutions by Programming Task
- ABAP
- Ada
- C sharp
- C++
- Clojure
- Common Lisp
- D
- E
- E examples needing attention
- Examples needing attention
- Ecstasy
- F Sharp
- Factor
- Forth
- FreeBASIC
- Go
- Unicon
- Icon Programming Library
- J
- Java
- Julia
- Kotlin
- Logtalk
- Lua
- M2000 Interpreter
- Nim
- Objective-C
- OCaml
- Oforth
- PascalABC.NET
- Perl
- Phix
- Phix/Class
- PHP
- PicoLisp
- Python
- Raku
- Ruby
- Scala
- Sidef
- Swift
- Tcl
- Visual Basic .NET
- Wren
- Zkl
- 6502 Assembly/Omit
- 8086 Assembly/Omit
- 68000 Assembly/Omit
- ARM Assembly/Omit
- AWK/Omit
- BASIC/Omit
- BBC BASIC/Omit
- C/Omit
- Déjà Vu/Omit
- GUISS/Omit
- Haskell/Omit
- Icon/Omit
- Locomotive Basic/Omit
- Lotus 123 Macro Scripting/Omit
- Mathematica/Omit
- Rust/Omit
- R/Omit
- SmileBASIC/Omit
- Standard ML/Omit
- X86 Assembly/Omit
- Z80 Assembly/Omit
- Zig/Omit
- ZX Spectrum Basic/Omit
- Insitux/Omit