RFR: 8315487: Security Providers Filter [v17]
Xuelei Fan
xuelei.f at gmail.com
Wed Dec 18 19:44:19 UTC 2024
Nice! Thank you!
On Wed, Dec 18, 2024 at 5:57 AM Martin Balao <mbalao at redhat.com> wrote:
> On 12/18/24 05:25, Xuelei Fan wrote:> Hm, that would be nice if JIT
> could optimize it. Did you have a chance
> > to verify it?
> >
>
> Yes. For example, to verify we can do the following:
>
> 1) Debug Signature::getInstance throughout the path that calls
> Signature::getInstanceRSA and ProvidersFilter::isAllowed to make sure
> that we are hitting the filter code (i.e. the fast-path for a disabled
> filter).
>
> 2) Dump C2's Signature::getInstance.
>
> 3) Recompile the JDK removing the call to ProvidersFilter::isAllowed.
>
> 4) Debug again to make sure that the call was removed (i.e. the
> classfile recompiled)
>
> 5) Dump C2's Signature::getInstance.
>
> 6) Compare the two Signature::getInstance dumps.
>
> After following the previous steps, we can see how the difference
> between the methods are just addresses. Find attached to this email
> Main.java to reproducer yourself (run with
> '-XX:CompileCommand=compileonly,java.security.Signature::getInstance
> -XX:CompileCommand=print,java.security.Signature::getInstance
> -XX:-BackgroundCompilation -XX:-TieredCompilation'), and my two
> ProvidersFilter::isAllowed dumps.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20241218/b70ba49a/attachment.htm>
More information about the security-dev
mailing list