RFR: 8372696: Allow boot classes to explicitly opt-in for final field trusting

Alan Bateman alanb at openjdk.org
Fri Nov 28 10:55:54 UTC 2025 

On Thu, 27 Nov 2025 18:58:59 GMT, Chen Liang <liach at openjdk.org> wrote:

>> src/java.base/share/classes/jdk/internal/vm/annotation/TrustFinalFields.java line 61:
>> 
>>> 59: /// fields in classes specified by this annotation.
>>> 60: ///
>>> 61: /// This annotation is only recognized on privileged code and is ignored elsewhere.
>> 
>> "privileged code" hints of protection domains, permissions or security manager. Some of the annotations are limited to classes defined by the boot loader, is it the case here too?
>
> I took this sentence from `@AOTSafeClassInitializer`.  The term "privileged" comes from this variable in `classFileParser.cpp`:
> https://github.com/openjdk/jdk/blob/d94c52ccf2fed3fc66d25a34254c9b581c175fa1/src/hotspot/share/classfile/classFileParser.cpp#L1818-L1820
> 
> The other annotations have this note, which seems incorrect from the hotspot excerpt:
> 
> @implNote
> This annotation only takes effect for fields of classes loaded by the boot
> loader.  Annotations on fields of classes loaded outside of the boot loader
> are ignored.
> 
> 
> This behavior seems to be originally changed by 6964a690ed9a23d4c0692da2dfbced46e1436355, referring to an inaccessible issue.
> 
> What should I do with this? Should I leave this as-is and create a separate patch to update this comment for vm.annotation annotations, or fix this first and have the separate patch fix other annotations later?

For this PR then you could just change the last sentence to say that the annotation is only effective for classes defined by the boot class loader or platform class loader. A follow-up PR could propose changes to the other annotation descriptions.

As regards background then one of the significant changes in JDK 9 was that java.* modules could be mapped to the platform class loader without give them "all permission" in the security manager execution mode. If you see JBS issues or comments speaking of "de-privileging" then it's likely related to changes that "moved" modules that were originally mapped to the boot class loader to the platform class loader. Now that the security manager execution mode is gone then we don't have to deal with all these issues now.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28540#discussion_r2571257172

More information about the hotspot-dev mailing list