<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Having had the opportunity to use ScopedValue to replace
ThreadLocal, it was suggested I might provide some feedback here.<br>
</p>
<p>Background: I'm maintaining an OpenJDK fork that retains SM, I
merge weekly from upstream, this isn't for untrusted code, it's
just ensuring permissions are only granted to authenticated users
using trusted code (checked using a SHA256 message digest, or
CodeSigner). I have good fortune; I'm not constrained by strict
backward compatibility, nor am I attempting to create a Sandbox
(Graal would be a better place to quarantine untrusted code).
Permission is no longer Serializable, allowing obsolete serial
form to be dropped and fields made final. </p>
<p>AccessControlContext is immutable now too, this was necessary, as
I'm replacing AccessController functionality using ScopedValue to
decorate doPrivileged calls, with AccessControlContext and the
caller Class, and StackWalker is used to determine the stack
context.</p>
<p>AccessController is initialized very early during the vm
initialization phase, so initially it just runs privileged calls
and returns privileged context, until init phase 3 is reached.
ScopedValue, Stackwalker and other classes depend on by them are
initialized prior to init phase 3 from a static method in
threads.cpp.<br>
</p>
<p>The second use of ScopedValue is to prevent StackOverflowError
occuring in a SecurityManager implementation, called
CombinerSecurityManager, so called because it uses a
DomainCombiner to execute permission checks on all
ProtectionDomain's in a stack concurrently, but more importantly
it contains a non-blocking timed and weakly reference cache, that
uses Doug Lee's ConcurrentSkipListSet to cache the results of
permission checks for AccessControlContext, in a ConcurrentMap.
In a system running many tasks with the same context, this makes a
big performance improvement, by avoiding repeat permission checks.
Previously StackOverflowError was prevented using a ThreadLocal
variable, with a counter that was incremented each time recursion
occurs, in try - finally blocks, to ensure that it was decremented
each time any recursion completed, once the counter reached a
limit, an exception was thrown. However ScopedValue is a much
better fit since it uses recursion, it doesn't require any try -
finally blocks.<br>
</p>
<p>CombinerSecurityManager is also using virtual threads to perform
permission checks on each ProtectionDomain, to avoid blocking on
platform threads when SocketPermission, FilePermission, are
inevitably checked. There are also a non-caching Policy provider
and policy parser implementations, that parse and stores policy
grants in an immutable form following safe publication, it uses
thread isolation to prevent contention on PermissionCollection
instances. There is a policy writing tool, that generates polp
policy files.</p>
<p>ProtectionDomain now implements equals and hashcode methods, the
hashcode is final and calculated during construction. The reason
for this is many ProtectionDomain instances are created for a
Subject's Principal[]'s and caching their result improves
performance. Similarly AccessControlContext also now has a final
hashcode calculated during construction.<br>
</p>
<p>I've also added support for privileged context to virtual
threads, to allow virtual threads to be used with privileges, just
like platform threads.</p>
<p>There are two test failures which occur due to the new
AccessController functionality, with both platform threads and
virtual threads.</p>
<p>I looked into the values of the Thread's inherited and Snapshot's
Carrier, neither contain the ScopedValue used by
AccessController. It may have something to do with earlier class
initialization, I'm still trying to determine the cause.<br>
</p>
<pre class="notranslate"
style="box-sizing: border-box; font-family: var(--fontStack-monospace, ui-monospace, SFMono-Regular, SF Mono, Menlo, Consolas, Liberation Mono, monospace); font-size: 11.9px; margin-top: 0px; margin-bottom: var(--base-size-16); overflow-wrap: normal; padding: var(--base-size-16); overflow: auto; line-height: 1.45; color: rgb(31, 35, 40); background-color: var(--bgColor-muted, var(--color-canvas-subtle)); border-radius: 6px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><code
class="notranslate"
style="box-sizing: border-box; font-family: var(--fontStack-monospace, ui-monospace, SFMono-Regular, SF Mono, Menlo, Consolas, Liberation Mono, monospace); font-size: 11.9px; padding: 0px; margin: 0px; white-space: pre; background: transparent; border-radius: 6px; word-break: normal; border: 0px; display: inline; overflow: visible; line-height: inherit; overflow-wrap: normal;">ThreadFlockTest::testThreadExitWithOpenFlock '[1] java.lang.ThreadBuilders$VirtualThreadFactory@21edf8f8'
java.lang.Exception: Stack trace
at java.base/java.lang.Thread.dumpStack(Thread.java:2155)
at ThreadFlockTest.lambda$testThreadExitWithOpenFlock$0(ThreadFlockTest.java:1018)
at java.base/java.lang.VirtualThread.run(VirtualThread.java:470)
Exception in thread "" java.util.concurrent.StructureViolationException: Scoped value bindings have changed
at java.base/java.lang.Thread.inheritScopedValueBindings(Thread.java:324)</code></pre>
<p></p>
<pre class="moz-signature" cols="72">--
Regards,
Peter</pre>
<div class="moz-cite-prefix">On 22/01/2025 8:39 pm, Volkan Yazıcı
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CABDM8gA+FsNyYcHRO2MZYCSbRC0d6JkPtsdf-XnPU6OVHyHn_g@mail.gmail.com">
<div dir="ltr">Hello Peter,
<div><br>
</div>
<div>Thanks so much for the feedback. AFAIK, that work is
delivered by the Loom crew and they use <a
href="https://mail.openjdk.org/mailman/listinfo/loom-dev"
moz-do-not-send="true">the `loom-dev` mailing list</a> for
discussions. I think they would really appreciate hearing your
feedback: What is the real-world use case you used SVs for?
How was that particular logic implemented before? What are the
performance/code/semantic changes you observed during
migration? Did you encounter any problems? Did you find the
API intuitive? etc.</div>
<div><br>
</div>
<div>Kind regards.</div>
</div>
<br>
<div class="gmail_quote gmail_quote_container">
<div dir="ltr" class="gmail_attr">On Wed, Jan 22, 2025 at
4:11 AM Peter Firmstone <<a
href="mailto:peter.firmstone@zeus.net.au"
moz-do-not-send="true" class="moz-txt-link-freetext">peter.firmstone@zeus.net.au</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Just
wanted to say, I've been experimenting with replacing
ThreadLocal <br>
with ScopedValue, this is a great new API, I love the way
ScopedValue <br>
uses recursion, we can have multiple immutable instances
representing a <br>
scoped value for a short period and we're not worried about
managing <br>
state as it goes out of scope as soon as it's no longer in
use.<br>
<br>
Cheers,<br>
<br>
Peter.<br>
</blockquote>
</div>
</blockquote>
</body>
</html>