RFR: 8060130: Simplify the synchronization of defining and getting java.lang.Package
Mandy Chung
mandy.chung at oracle.com
Wed Oct 15 01:23:15 UTC 2014
On 10/13/2014 2:04 AM, Peter Levart wrote:
> On 10/13/2014 04:18 AM, David Holmes wrote:
>>
>> Looking at definePackage it seems both old and new code have serious
>> race conditions due to a lack of atomicity when checking the
>> parent/system packages. A package of the same name could be defined
>> in the parent/system after definePackage has called getPackage - and
>> we then end up with two same named Packages in different loaders.
>
I don't know the history of the getPackage(s) methods. Since two
different class loaders can define a package of the same name and
effectively two separate runtime packages, it seems to me that
ClassLoader.getPackages should return all Package objects including the
duplicated names. Claes - do you mind filing a bug for it?
> ...
> p1: package javax.swing
> p2: package javax.swing, Java Platform API Specification, version 1.9
> p3: package javax.swing, Java Platform API Specification, version 1.9
>
>
> Now if the order of class loading is changed:
>
> ...
> p1: package javax.swing, Java Platform API Specification, version 1.9
> p2: package javax.swing, Java Platform API Specification, version 1.9
> p3: package javax.swing, Java Platform API Specification, version 1.9
>
>
> So reliable "sealed" packages can only exist if they are defined
> in-advance or at least one class from a particular sealed package is
> loaded by the authoritative ClassLoader before a child of that loader
> is given a chance to load classes.
>
> A: So perhaps, to support class-loading-order independent behaviour, a
> descendant ClassLoader could be given a chance to define it's own
> package although the ancestor has already defined one with the same
> name, unless this is a sealed package of course.
>
> B: A backwards-incompatible and more restrictive strategy could be to
> prevent an ancestor ClassLoader from defining a Package if one of
> descendants in the chain leading from initiating ClassLoader to the
> ancestor already defines a package with the same name. This would not
> prevent loading of such "conflicting" classes for the entire system,
> but only for a particular code that happens to be defined by the
> ClassLoader that (or it's ancestor) violates the constraint that a
> descendant ClassLoader must not define classes in the package of the
> same name as ancestor ClassLoader. It would prevent classes loaded by
> a violating ClassLoader from accessing classes in sealed packages,
> which might be enough to enforce intra-package access restrictions...
>
> How does Jigsaw solve this puzzle?
java.lang.Package is not used at runtime. I think
ClassLoader.getPackage(s) method should be revisited whether it should
lookup its parent loader. I think your question concerns the runtime
package that is not effect by java.lang.Package.
Mandy
More information about the core-libs-dev
mailing list