RFR 6642881: Improve performance of Class.getClassLoader()
Coleen Phillimore
coleen.phillimore at oracle.com
Thu Jun 19 21:09:57 UTC 2014
On 6/19/14, 4:53 PM, Joel Borggrén-Franck wrote:
> Hi Mandy,
>
> On 19 jun 2014, at 22:34, Mandy Chung <mandy.chung at oracle.com> wrote:
>
>> On 6/19/14 12:34 PM, Joel Borggrén-Franck wrote:
>>> Hi,
>>>
>>> On 19 jun 2014, at 20:46, Coleen Phillimore <coleen.phillimore at oracle.com> wrote:
>>>> On 6/17/14, 12:38 AM, Joel Borggrén-Franck wrote:
>>>>> Have you considered hiding the Class.classLoader field from reflection? I’m not sure it is necessary but I’m not to keen on the idea of people poking at this field with Unsafe (which should go away in 9 but …).
>>>> I don't know how to hide the field from reflection. It's a private final field so you need to get priviledges to make it setAccessible. If you mean injecting it on the JVM side, the reason for this change is so that the JIT compilers can inline this call and not have to call into the JVM to get the class loader.
>>>>
>>> There is sun.reflect.Reflection.registerFieldsToFilter() that hides a field from being found using reflection. It might very well be the case that private and final is enough, I haven’t thought this through 100%. On the other hand, is there a reason to give users access through the field instead of having to use Class.getClassLoader()?
>>>
>> There are many getter methods that returns a private final field.
>> I'm not sure if hiding the field is necessary nor a good precedence
>> to set. Accessing a private field requires "accessDeclaredMember"
>> permission although it's a different security check (vs "getClassLoader"
>> permission). Arguably before this new classLoader field, one could
>> call Class.getClassLoader0() via reflection to get a hold of class
>> loader.
>>
>> Perhaps you are concerned that the "accessDeclaredMember" permission
>> is too coarse-grained? I think the security team is looking into
>> the improvement in that regards.
> I think I’m a bit worried about two things, first as you wrote, “accessDeclaredMember” isn’t the same as “getClassLoader”, but since you could get the class loader through getClassLoader0() that shouldn’t be a new issue.
>
> The second thing is that IIRC there are ways to set a final field after initialization. I’m not sure we need to care about that either if you need Unsafe to do it.
>
> cheers
> /Joel
So hiding this field from reflection and Unsafe doesn't seem like
something we would need to do. If the field is the protectionDomain
associated with this class, would that be different?
Coleen
More information about the jdk9-dev
mailing list