RFR: 8072692: Improve performance of SecurityManager.checkPackageAccess
Thomas Lußnig
openjdk at suche.org
Tue Jun 16 16:49:00 UTC 2015
Hi,
two points that come directly to my mind when i checked the code:
1) An Error in the description.
+ // If plast >= plen then restrictedPkg is longer than pkg by at
+ // least one char. This means pkg cannot start with restrictedPkg,
+ // since restrictedPkg will be longer than pkg.
+ //
+ // Similarly if plast != plen, then pkg + "." cannot be the same
+ // as restrictedPkg, since pkg + "." will have a different length
+ // than restrictedPkg.
If this would be correct then where would never be an match because
!(plast >= plen) && !(plast != plen) must be true for an possible match.
That could be rewriten to (plast < plen) && (plast == plen) and this is always FALSE.
2) Would it be worth to use the state Engine instead of looping over the array ?
Gruß Thomas
On 16.06.2015 16:54, Sean Mullan wrote:
> This is the sixth in a series of fixes for JEP 232 (Improve Secure
> Application Performance) [1].
>
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8072692/webrev.00/
> bug: https://bugs.openjdk.java.net/browse/JDK-8072692
>
> This fix adds several optimizations to the package matching algorithm
> used by the SecurityManager.checkPackageAcccess method. These
> improvements result in a 5-7x increase in throughput of this method. A
> performance chart has been attached to the bug with more information.
>
> A new test is included which uses a state machine to verify that the
> matching algorithm is working correctly.
>
> Special thanks to Daniel Fuchs for contributing this fix and the test.
>
> Thanks,
> Sean
>
> [1] http://openjdk.java.net/jeps/232
More information about the security-dev
mailing list