Review request for 7198429: need checked categorization of caller-sensitive methods in the JDK

Mandy Chung mandy.chung at oracle.com
Wed Mar 27 17:35:48 UTC 2013


This is the JDK change for JEP 176: JEP 176: Mechanical Checking of 
Caller-Sensitive Methods [1].  Christian has posted the webrev for the 
hotspot VM change a couple weeks ago [2].

Webrev at:
http://cr.openjdk.java.net/~mchung/jdk8/webrevs/7198429/webrev.00/

While it touches many files, the fix is simple and straight-forward for 
review.

This fix annotates all methods that call Reflection.getCallerClass() 
method with @sun.reflect.CallerSensitive annotation so that it enables 
the VM to reliably enforce that methods looking up its immediate caller 
class are marked as caller-sensitive. The JVM will set a new 
caller-sensitive bit when resolving a MemberName and 
java.lang.invoke.MethodHandleNatives.isCallerSensitive is upgraded to 
query it directly.
The hand-maintained method list in MethodHandleNatives is removed.

A couple things to mention:
1. I am working on a fix for 8007035 that proposes to deprecate 
SecurityManager.checkMemberAccess method as it requires the caller’s 
frame to be at a stack depth of four, which is fragile and difficult to 
enforce.

2. NashornScriptEngineFactory.getAppClassLoader()

The change is to workaround the issue until 8009783 is resolved.

The current implementation walks the stack to find the classloader of 
the user context that NashornScriptEngine is running on which is 
fragile.  Also other script engine implementations may require similiar 
capability.  8009783 has been filed to revisit the scripting API to pass 
the user "context" to the script engine rather than relying the 
implementation to find it magically.

Thanks
Mandy

[1] http://openjdk.java.net/jeps/176
[2] 
http://mail.openjdk.java.net/pipermail/hotspot-dev/2013-March/008915.html



More information about the core-libs-dev mailing list