RFR: 8177845: Need a mechanism to load Graal

Wed Apr 19 22:28:09 UTC 2017

Hotspot changes looks good to me.

Thanks,
Vladimir

On 4/19/17 2:26 PM, Doug Simon wrote:
> I've updated http://cr.openjdk.java.net/~dnsimon/8177845/hotspot/ with these changes:
>
> 1. JVMCIServiceLocator.getProvider(Class<S>) is now protected
> 2. JVMCIServiceLocator.getProviders(Class<S>) now checks JVMCIPermission
> 3. Rename: jdk.vm.ci.services.internal.JDK9 -> jdk.vm.ci.services.internal.ReflectionAccessJDK
>
> -Doug
>
>> On 19 Apr 2017, at 23:12, Doug Simon <doug.simon at oracle.com> wrote:
>>
>>>
>>> On 19 Apr 2017, at 21:40, Christian Thalinger <cthalinger at twitter.com> wrote:
>>>
>>>>
>>>> On Apr 19, 2017, at 9:27 AM, Doug Simon <doug.simon at oracle.com> wrote:
>>>>
>>>>>
>>>>> On 19 Apr 2017, at 21:04, Mandy Chung <mandy.chung at oracle.com> wrote:
>>>>>
>>>>>
>>>>>> On Apr 19, 2017, at 11:55 AM, Christian Thalinger <cthalinger at twitter.com> wrote:
>>>>>>
>>>>>>
>>>>>>> On Apr 19, 2017, at 8:38 AM, Mandy Chung <mandy.chung at oracle.com> wrote:
>>>>>>>
>>>>>>> Since jdk.internal.vm.compiler becomes an upgradeable module, it is not hashed with java.base to allow it to be upgraded and there is no integrity check.  Such qualified export will be granted to any module named jdk.internal.vm.compiler at runtime.  The goal is for upgradeable modules not to use any internal APIs and eliminate the qualified exports.
>>>>>>>
>>>>>>> The main thing is that jdk.vm.ci.services API would need to be guarded if it’s used by non-Graal modules.
>>>>>>
>>>>>> This all makes sense but where is the restriction that only jdk.internal.vm.compiler can use jdk.vm.ci.services?
>>>>>
>>>>> It's unqualified and no restriction in this change.
>>>>
>>>> The public methods currently in jdk.vm.ci.services are:
>>>>
>>>> 1. JVMCIServiceLocator.getProvider(Class<S>)
>>>> 2. JVMCIServiceLocator.getProviders(Class<S>)
>>>> 3. Services.initializeJVMCI()
>>>> 4. Services.getSavedProperties()
>>>> 5. Services.exportJVMCITo(Class<?>)
>>>> 6. Services.load(Class<S>)
>>>> 7. Services.loadSingle(Class<S>, boolean)
>>>>
>>>> 1 should be made protected. I'll update the webrev with this change.
>>>
>>> Good.
>>>
>>>>
>>>> 2 should check for JVMCIPermission. I'll update the webrev with this change.
>>>
>>> Good.
>>>
>>>>
>>>> 3 is harmless from a security perspective in my opinion.
>>>
>>> Would be good if one of Oracle’s security engineers could take a quick look just to be sure.
>>
>> Vladimir, can you please bring this to the attention of the relevant engineer.
>>
>>>>
>>>> 4 checks for JVMCIPermission.
>>>
>>> Ok.
>>>
>>>>
>>>> 5, 6 and 7 will be removed in a follow bug that updates Graal from upstream (and removes its usage of these methods).
>>>
>>> About this, will this Graal update happen for JDK 9?
>>
>> Yes.
>>
>>> It’s awfully late in the cycle...
>>
>> These are jigsaw related changes and I've been told jigsaw has an FC exception (although I don't exactly know what that is).
>>
>> -Doug
>