RFR: regex changes -- sun.security.util.Debug issue
Wang Weijun
weijun.wang at oracle.com
Tue May 10 06:33:45 UTC 2016
Security-dev,
If we can live with "engine=keystore" happily, why not just make the whole string lowercase and search for "permission=java.io.filepermission"? I don't think there are permission types or URL names that are only different in cases. Although file names are case-sensitive in Unix, I doubt if any customer will complain if we show him info on /ETC even if what he sets is "codebase=/etc".
We can add new methods like hasCodebase(URL) and hasPermission(Class<? extends Permission>) to hide the search details inside Debug.
Thanks
Max
> On May 10, 2016, at 1:36 PM, Xueming Shen <xueming.shen at oracle.com> wrote:
>
> Hi,
>
> While testing for the attached regex changes, a fatal vm init error was triggered for test
> case with -Djava.security.debug=xyz turned on, as showed in following stacktrace.
>
> It appears sun.security.util.Debug is being initialized even before the lambda is ready
> for use, and unfortunately it uses j.u.regex (for its args parsing), which is being migrated
> to use lambda function in the proposed regex change.
>
> Since Debug is the only class now triggers j.u.regex -> lambda during initialization, it
> is suggested to update/rewrite the related method in Debug to NOT use j.u.regex to
> solve/workaround this specific initialization issue.
>
> The webrev below has been updated to include such a change.
>
> http://cr.openjdk.java.net/~sherman/regexBackTrack.Lamnda.CanonEQ/webrev/
>
> The sun.security.util.Debug related change is at
>
> http://cr.openjdk.java.net/~sherman/regexBackTrack.Lamnda.CanonEQ/webrev/src/java.base/share/classes/sun/security/util/Debug.java.sdiff.html
>
> Can security-dev guys help take a look if this is an acceptable/reasonable approach.
>
> Thanks,
> Sherman
>
> -----------------------------------------------------------------------------
> Caused by: java.lang.ExceptionInInitializerError
>
>
> at jdk.internal.loader.BootLoader.loadClassOrNull(java.base/BootLoader.java:110)
> at java.lang.invoke.BoundMethodHandle$Factory$1.apply(java.base/BoundMethodHandle.java:497)
> at java.lang.invoke.BoundMethodHandle$Factory$1.apply(java.base/BoundMethodHandle.java:492)
> ...
> at java.lang.invoke.MethodHandleNatives.linkCallSite(java.base/MethodHandleNatives.java:240)
> at java.util.regex.Pattern.<clinit>(java.base/Pattern.java:5682)
> at sun.security.util.Debug.marshal(java.base/Debug.java:247)
> at sun.security.util.Debug.<clinit>(java.base/Debug.java:59)
> at java.security.ProtectionDomain.<clinit>(java.base/ProtectionDomain.java:142)
> at jdk.internal.misc.InnocuousThread.<clinit>(java.base/InnocuousThread.java:129)
> at jdk.internal.ref.CleanerFactory$1$1.run(java.base/CleanerFactory.java:48)
> at jdk.internal.ref.CleanerFactory$1$1.run(java.base/CleanerFactory.java:45)
> at java.security.AccessController.doPrivileged(java.base/Native Method)
> at jdk.internal.ref.CleanerFactory$1.newThread(java.base/CleanerFactory.java:45)
> at jdk.internal.ref.CleanerImpl.start(java.base/CleanerImpl.java:116)
> at java.lang.ref.Cleaner.create(java.base/Cleaner.java:203)
> at jdk.internal.ref.CleanerFactory.<clinit>(java.base/CleanerFactory.java:42)
> at sun.nio.fs.NativeBuffer.<init>(java.base/NativeBuffer.java:60)
> at sun.nio.fs.NativeBuffers.allocNativeBuffer(java.base/NativeBuffers.java:49)
> at sun.nio.fs.UnixNativeDispatcher.copyToNativeBuffer(java.base/UnixNativeDispatcher.java:44)
> at sun.nio.fs.UnixNativeDispatcher.stat(java.base/UnixNativeDispatcher.java:306)
> at sun.nio.fs.UnixFileSystemProvider.isRegularFile(java.base/UnixFileSystemProvider.java:514)
> at java.nio.file.Files.isRegularFile(java.base/Files.java:2244)
> at java.lang.module.ModuleFinder.ofSystem(java.base/ModuleFinder.java:165)
> at jdk.internal.module.ModuleBootstrap.boot(java.base/ModuleBootstrap.java:105)
> at java.lang.System.initPhase2(java.base/System.java:1924)
>
> ---------------------------------------------------------------------------------
>
>
> On 3/18/16 1:05 PM, Xueming Shen wrote:
>> Hi,
>>
>> There are couple regex related changes waiting for review. I have pull them
>> together here (with the notes) to make it easy to review.
>>
>> http://cr.openjdk.java.net/~sherman/regexBackTrack.Lamnda.CanonEQ/webrev/
>>
>> (1) Exponential backtracking
>>
>> Note: http://cr.openjdk.java.net/~sherman/regexBackTrack.Lamnda.CanonEQ/backtracking
>>
>> https://bugs.openjdk.java.net/browse/JDK-6328855
>> https://bugs.openjdk.java.net/browse/JDK-6192895
>> https://bugs.openjdk.java.net/browse/JDK-6345469
>> https://bugs.openjdk.java.net/browse/JDK-6988218
>> https://bugs.openjdk.java.net/browse/JDK-6693451
>> https://bugs.openjdk.java.net/browse/JDK-7006761
>> https://bugs.openjdk.java.net/browse/JDK-8140212
>>
>> (2) Anonymous class to lambda function cleanup
>>
>> Note: http://cr.openjdk.java.net/~sherman/regexBackTrack.Lamnda.CanonEQ/lambdafunction
>>
>> https://bugs.openjdk.java.net/browse/JDK-8151481
>> https://bugs.openjdk.java.net/browse/JDK-6609854
>>
>> (3) Canonical Equivalents
>>
>> Note: http://cr.openjdk.java.net/~sherman/regexBackTrack.Lamnda.CanonEQ/canonEQ
>>
>> https://bugs.openjdk.java.net/browse/JDK-4916384
>> https://bugs.openjdk.java.net/browse/JDK-4867170
>> https://bugs.openjdk.java.net/browse/JDK-6995635
>> https://bugs.openjdk.java.net/browse/JDK-6728861
>> https://bugs.openjdk.java.net/browse/JDK-6736245
>> https://bugs.openjdk.java.net/browse/JDK-7080302
>>
>> Thanks
>> Sherman
>
More information about the security-dev
mailing list