RFR: 6983726: remove Proxy from MethodHandleProxies.asInterfaceInstance SAM conversion [v8]

Thu Apr 6 19:26:15 UTC 2023

On Thu, 6 Apr 2023 18:33:29 GMT, Chen Liang <liach at openjdk.org> wrote:

>> As John Rose has pointed out in this issue, the current j.l.r.Proxy based implementation of MethodHandleProxies.asInterface has a few issues:
>> 1. Exposes too much information via Proxy supertype (and WrapperInstance interface)
>> 2. Does not allow future expansion to support SAM[^1] abstract classes
>> 3. Slow (in fact, very slow)
>> 
>> This patch addresses all 3 problems:
>> 1. It implements proxies with one hidden class for each requested interface and replaced WrapperInstance inheritance with an annotation. This can avoid unexpected passing of `instanceof`, and avoids the nasty problem of exporting a JDK interface to a dynamic module to ensure access.
>> 2. This patch obtains already generated classes from a ClassValue by the requested interface type; the ClassValue can later be updated to compute implementation generation for abstract classes as well.
>> 3. This patch's generated hidden classes has call performance on par with those of lambda expressions; the creation performance is slightly less than that of LambdaMetafactory: https://jmh.morethan.io/?gist=fcb946d83ee4ac7386901795ca49b224
>> 
>> Additionally, an obsolete `ProxyForMethodHandle` test was removed, for it's no longer applicable. Tests in `jdk/java/lang/invoke` and `jdk/java/lang/reflect` pass.
>> 
>> In addition, I have a question: in [8161245](https://bugs.openjdk.org/browse/JDK-8161245) it seems some fields can be optimized as seen in [ciField.cpp](https://github.com/openjdk/jdk/blob/6aec6f3a842ead30b26cd31dc57a2ab268f67875/src/hotspot/share/ci/ciField.cpp#L219). Does it affect the execution performance of MethodHandle in hidden classes' Condy vs. MethodHandle in regular final field in hidden classes?
>> 
>> [^1]: single abstract method
>
> Chen Liang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   pass interface info via condy,
>   drop explicit ea flags
>   initialize benchmark work variable randomly
>   benchmarks just need 1 fork

This is good work.    This needs some careful study on the security aspect.  I see the proxy class is in the same module of the interface, is non-public, and it has a no-arg non-public constructor. 

Defining the proxy class in the same module would grant this class reflective access to any class in this module.  This seems a concern if the target method handle should not have access to the class in that module.

W.r.t. the no-arg constructor,  I would consider another level of defense to make the constructor to take `Lookup` of itself and throw an IAE if the lookup class is not itself or it does not have `ORIGINAL` access.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/13197#issuecomment-1499513116