[9] RFR (M): 8057967: CallSite dependency tracking scales devastatingly poorly

Vladimir Ivanov vladimir.x.ivanov at oracle.com
Thu Apr 2 22:08:10 UTC 2015


John,

Thanks for the clarification!

>> BTW why do you think security manager was the problem? (1)
>> Class.getDeclaredField() is caller-sensitive; and (2)
>> DependencyContext was eagerly initialized with CallSite (see
>> UNSAFE.ensureClassInitialized() in original version).
>
> CallSite$DependencyContext and CallSite are distinct classes.
> At the JVM level they cannot access each others' private members.
> So if DependencyContext wants to reflect a private field from CallSite,
> there will be extra security checks.  These sometimes fail, as in:
Member access permission check isn't performed if caller and member 
owner class are loaded by the same class loader (which is the case with 
CallSite$DependencyContext and CallSite classes).

jdk/src/java.base/share/classes/java/lang/Class.java:
@CallerSensitive
     public Field getDeclaredField(String name)
         throws NoSuchFieldException, SecurityException {
         checkMemberAccess(Member.DECLARED, Reflection.getCallerClass(), 
true);
...
     private void checkMemberAccess(int which, Class<?> caller, boolean 
checkProxyInterfaces) {
         final SecurityManager s = System.getSecurityManager();
         if (s != null) {
             final ClassLoader ccl = ClassLoader.getClassLoader(caller);
             final ClassLoader cl = getClassLoader0();
             if (which != Member.PUBLIC) {
                 if (ccl != cl) {
 
s.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
                 }

Best regards,
Vladimir Ivanov


More information about the hotspot-compiler-dev mailing list