12 RFR(M) 8214583: AccessController.getContext may return wrong value after JDK-8212605

dean.long at oracle.com dean.long at oracle.com
Mon Dec 17 04:45:02 UTC 2018


Unfortunately, I don't think @DontInline on an empty method is sufficient
here.  If other code is relying on @DontInline for the same purpose then
we might need to reexamine that code.  My understanding from discussing
with other compiler engineers is that using a native method is the safest
technique that the compilers can't see through.  The problem with
@DontInline is that C2 looks at the bytecodes of the target method, even
if it isn't inlined (see BCEscapeAnalyzer and the EstimateArgEscape flag).
There may be a way to make it work, but that would require more
investigation, and I'm not sure the benefit outweighs the risk.

dl

On 12/15/18 6:48 AM, Claes Redestad wrote:
> Hi Dean,
>
> to avoid escape analysis-eliminated allocations in the past @DontInline
> has been sufficient. This means a simpler patch (no changes to native
> code needed - added assertions notwithstanding) and passes your tests
> with C2 (it'd concern me if Graal's EA sees through this trick, as it
> might break some existing places where DontInline is used to this
> effect):
>
>     /**
>      * The value needs to be physically located in the frame, so that it
>      * can be found by a stack walk.
>      */
>     @Hidden
>     @DontInline
>     private static void ensureMaterializedForStackWalk(Object o) {}
>
> Thanks!
>
> /Claes
>
> On 2018-12-15 01:59, dean.long at oracle.com wrote:
>> https://bugs.openjdk.java.net/browse/JDK-8214583
>> http://cr.openjdk.java.net/~dlong/8214583/webrev
>>
>> This change includes two new regression test that demonstrate the 
>> problem, and a fix that allows the tests
>> to pass.
>>
>> The problem happens when the JIT compiler's escape analysis 
>> eliminates the allocation of the AccessControlContext object passed 
>> to doPrivileged.  The compiler thinks this is safe because it does 
>> not see that the object "escapes".  However, getContext needs to be 
>> able to find the object using a stack walk, so we need a way to tell 
>> the compiler that it does indeed escape.  To do this we pass the 
>> value to a native method that does nothing.
>>
>> Microbenchmark results:
>>
>> jdk12-b18:
>>
>> Benchmark                Mode  Cnt    Score   Error  Units
>> DoPrivileged.test        avgt   25  255.626 ± 6.446  ns/op
>> DoPrivileged.testInline  avgt   25  250.968 ± 4.975  ns/op
>>
>>
>> jdk12-b19:
>>
>> Benchmark                Mode  Cnt  Score    Error  Units
>> DoPrivileged.test        avgt   25  5.689 ±  0.001  ns/op
>> DoPrivileged.testInline  avgt   25  2.765 ±  0.001  ns/op
>>
>> this fix:
>>
>> Benchmark                Mode  Cnt  Score    Error  Units
>> DoPrivileged.test        avgt   25  5.020 ±  0.001  ns/op
>> DoPrivileged.testInline  avgt   25  2.774 ±  0.025  ns/op
>>
>>
>> dl




More information about the security-dev mailing list