[9] RFR (M): 8057967: CallSite dependency tracking scales devastatingly poorly
Vladimir Ivanov
vladimir.x.ivanov at oracle.com
Thu Apr 2 22:08:10 UTC 2015
John,
Thanks for the clarification!
>> BTW why do you think security manager was the problem? (1)
>> Class.getDeclaredField() is caller-sensitive; and (2)
>> DependencyContext was eagerly initialized with CallSite (see
>> UNSAFE.ensureClassInitialized() in original version).
>
> CallSite$DependencyContext and CallSite are distinct classes.
> At the JVM level they cannot access each others' private members.
> So if DependencyContext wants to reflect a private field from CallSite,
> there will be extra security checks. These sometimes fail, as in:
Member access permission check isn't performed if caller and member
owner class are loaded by the same class loader (which is the case with
CallSite$DependencyContext and CallSite classes).
jdk/src/java.base/share/classes/java/lang/Class.java:
@CallerSensitive
public Field getDeclaredField(String name)
throws NoSuchFieldException, SecurityException {
checkMemberAccess(Member.DECLARED, Reflection.getCallerClass(),
true);
...
private void checkMemberAccess(int which, Class<?> caller, boolean
checkProxyInterfaces) {
final SecurityManager s = System.getSecurityManager();
if (s != null) {
final ClassLoader ccl = ClassLoader.getClassLoader(caller);
final ClassLoader cl = getClassLoader0();
if (which != Member.PUBLIC) {
if (ccl != cl) {
s.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
}
Best regards,
Vladimir Ivanov
More information about the mlvm-dev
mailing list