<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 9/13/18 1:02 PM, Sean Mullan wrote:<br>
</div>
<blockquote type="cite"
cite="mid:4c0ddbab-facb-0a57-b5b9-56490ebb4882@oracle.com">This is
a SecurityManager related change which warrants some additional
details for its motivation.
<br>
<br>
The current System.setSecurityManager() API allows a
SecurityManager to be set at run-time. However, because of this
mutability, it incurs a performance overhead even for applications
that never call it and do not enable a SecurityManager
dynamically, which is probably the majority of applications.
<br>
<br>
:<br>
webrev:
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~mullan/webrevs/8191053/webrev.00/">http://cr.openjdk.java.net/~mullan/webrevs/8191053/webrev.00/</a>
<br>
CSR: <a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8203316">https://bugs.openjdk.java.net/browse/JDK-8203316</a>
<br>
JBS: <a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8191053">https://bugs.openjdk.java.net/browse/JDK-8191053</a>
<br>
</blockquote>
<br>
This is a welcoming change as many applications run without security
manager and they will benefit the performance improvement. This
patch makes the private System::security field @Stable hich is the
first installment of perf optimization. I hope to see further
optimization can be done for example speed up of doPrivileged block
in the no-security manager case.<br>
<br>
This patch looks good. It may be good to add one test case to
launch with -Djava.security.manager and
-Djdk.allowSecurityManager=false to show that no security manager is
installed; essential -Djava.security.manager is ignored. Maybe
@implNote should mention such case where -Djava.security.manager is
ignored if -Djdk.allowSecurityManager=false.<br>
<br>
Mandy<br>
</body>
</html>