[foreign-memaccess+abi] RFR: 8263459: Add better support for restricted methods [v3]

Maurizio Cimadamore mcimadamore at openjdk.java.net
Mon Mar 22 10:48:55 UTC 2021 

On Fri, 19 Mar 2021 12:06:51 GMT, Maurizio Cimadamore <mcimadamore at openjdk.org> wrote:

>> I've already reviewed the code separately and provided some commments which have been addressed here. It would be great if somebody from the VM team could go over the VM changes. Added some minor comments.
>
> For the records, the approach implemented in this patch works as follows: when a Panama native restricted method is called, we will no require that the caller module (which could be ALL-UNNAMED) has been whitelisted accordingly, on the command line, using this flag:
> 
> --enable-native-access=<modulename>
> 
> In other words, this work replaces the hacky `-Dforeign.restricted=permit` property with a system which works in tandem with the Java module system.
> 
> While the support is relatively minimal, we have spent some cycles to add a new jlink plugin which will search a module for all calls to restricted methods and, if any is found, will mark the module-info.class as "native" with a special classfile attribute.
> 
> At startup, if the runtime sees that the module graph contains one or more modules that are marked as "native" but whose command line flag has not been set, an error will occur immediately - otherwise, w/o jlink, an error will only occur when a restricted method is called.
> 
> Changes to javadoc and jshell will come as a separate patch - the idea is to for for native restricted methods something similar as to what has been done in javadoc for preview API methods.

> _Mailing list message from [Chris Vest](mailto:mr.chrisvest at gmail.com) on [panama-dev](mailto:panama-dev at openjdk.java.net):_
> 
> The PR uses a mix of terminology for what sounds like the same concept;
> restricted, native, restricted_native.
> Are there subtle differences between these or are they the same thing?
> 
> On Fri, 19 Mar 2021 at 14:39, Athijegannathan Sundararajan <
> sundar at openjdk.java.net> wrote:

The concepts are meant to be the same, although the terminology used is not consistent, you are right. I think that, since the option is "enable-native-access" the various bits of code should probably reflect that a bit more; but note that there's a risk of clashing with regular JNI native methods here, for which this patch does nothing.

Note also that, in a followup patch, the "restricted" prefix from method declarations will be removed (as javadoc will render these methods in a special way anyway).

-------------

PR: https://git.openjdk.java.net/panama-foreign/pull/471

More information about the panama-dev mailing list