RFR (XS) 8155090: String concatenation fails with a custom SecurityManager that uses concatenation
Chris Hegarty
chris.hegarty at oracle.com
Fri Apr 29 07:09:27 UTC 2016
> On 28 Apr 2016, at 21:54, Claes Redestad <claes.redestad at oracle.com> wrote:
>
> Hi Aleksey,
>
> On 2016-04-28 22:10, Aleksey Shipilev wrote:
>> Hi,
>>
>> Please review the fix for a shady bootstrapping issue, when a custom
>> SecurityManager is using string concatenation:
>> https://bugs.openjdk.java.net/browse/JDK-8155090
>>
>> The essence of the issue is that during StringConcatFactory::<clinit>,
>> we are reading the system properties via the privileged calls. When
>> user SecurityManager that uses string concatenation is set, we are
>> trying to produce a string concatenation stub in order to proceed, and
>> double-back on SCF. There, we try to run SCF methods without fully
>> complete <clinit>: the existing test fails with uninitialized static
>> final Strategy field.
>>
>> The cleanest (yet subtle) solution here is to make sure the default SCF
>> settings are good to run with, which allows transient <clinit>
>> operations to complete normally:
>> http://cr.openjdk.java.net/~shade/8155090/webrev.00/
>
> looks good to me!
+1.
I’ve seen a few similar, but not the same, issues like this in the core area before.
-Chris.
> While a subtle fix indeed, the comment well explains the need
> for doing this, and alternatives like ensuring there are no calls
> back into the SecurityManager from SCF would be very fragile
> in comparison.
>
> Nits: the the -> the, (onto -> into?) no need for a re-review if
> you choose to fix these.
>
> Thanks!
>
> /Claes
>
>>
>> Testing: offending test; java/lang/String jtregs
>>
>> Thanks,
>> -Aleksey
More information about the core-libs-dev
mailing list