RFR: 8368199: Add @AOTSafeClassInitializer to jdk.internal.access.SharedSecrets

ExE Boss duke at openjdk.org
Mon Oct 27 13:28:10 UTC 2025 

On Mon, 27 Oct 2025 06:23:58 GMT, Ioi Lam <iklam at openjdk.org> wrote:

>> Is there a particular subset of the SharedSecrets accessors that we want to allow to be set during the assembly phase?
>> 
>> Is there a way we can mark the fields in SharedSecrets as allowed to be assembly initialized vs those that must be null?
>> 
>> The unfortunate thing is that if these fields didn't use Lambdas, they would also be fine to assembly-time initialize as it's the side-effect of the lambda forcing init that's the problem
>
> I looked at all the calls of the pattern `SharedSecrets.set.*::`
> 
> 
> java/io/ObjectInputFilter.java: SharedSecrets.setJavaObjectInputFilterAccess(Config::createFilter2);
> java/io/ObjectInputStream.java: SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::checkArray);
> java/io/ObjectInputStream.java: SharedSecrets.setJavaObjectInputStreamReadString(ObjectInputStream::readString);
> javax/crypto/SealedObject.java: SharedSecrets.setJavaxCryptoSealedObjectAccess(SealedObject::getExtObjectInputStream);
> 
> 
> These calls are all done inside a `<clinit>`. In the four cases, only the first class (`java.io.ObjectInputFilter.Config`) has environment-dependent code inside its `<clinit>`.
> 
> Maybe we should mark the `java.io.ObjectInputFilter.Config` class with a new annotation `AOTUnsafeClassInitializer` (the opposite of the existing `AOTSafeClassInitializer`). If this class is initialized in the assembly phase, the VM will exit.
> 
> I think we can leave the other 3 cases alone.
> 
> An alternative is to rewrite the first case from:
> 
> 
> SharedSecrets.setJavaObjectInputFilterAccess(Config::createFilter2);
> 
> 
> to
> 
> 
> SharedSecrets.setJavaObjectInputFilterAccess(new JavaObjectInputFilterAccess() {
>     ObjectInputFilter createFilter2(String pattern) {
>         return Config.createFilter2(pattern);
>     }
> });

The `ObjectInputStreamReadString` interface should just be merged into `ObjectInputStreamAccess`:

SharedSecrets.setJavaObjectInputStreamAccess(new ObjectInputStreamAccess() {
	public void checkArray(ObjectInputStream ois, Class<?> arrayType, int arrayLength) throws ObjectStreamException {
		ois.checkArray(arrayType, arrayLength);
	}

	public String readString(ObjectInputStream ois) throws IOException {
		return ois.readString();
	}
});

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/27880#discussion_r2465667143

More information about the hotspot-runtime-dev mailing list