RFR (XS) 8155090: String concatenation fails with a custom SecurityManager that uses concatenation

Claes Redestad claes.redestad at oracle.com
Thu Apr 28 20:54:19 UTC 2016

Hi Aleksey,

On 2016-04-28 22:10, Aleksey Shipilev wrote:
> Hi,
> Please review the fix for a shady bootstrapping issue, when a custom
> SecurityManager is using string concatenation:
>    https://bugs.openjdk.java.net/browse/JDK-8155090
> The essence of the issue is that during StringConcatFactory::<clinit>,
> we are reading the system properties via the privileged calls. When
> user SecurityManager that uses string concatenation is set, we are
> trying to produce a string concatenation stub in order to proceed, and
> double-back on SCF. There, we try to run SCF methods without fully
> complete <clinit>: the existing test fails with uninitialized static
> final Strategy field.
> The cleanest (yet subtle) solution here is to make sure the default SCF
> settings are good to run with, which allows transient <clinit>
> operations to complete normally:
>    http://cr.openjdk.java.net/~shade/8155090/webrev.00/

looks good to me!

While a subtle fix indeed, the comment well explains the need
for doing this, and alternatives like ensuring there are no calls
back into the SecurityManager from SCF would be very fragile
in comparison.

Nits: the the -> the, (onto -> into?) no need for a re-review if
you choose to fix these.



> Testing: offending test; java/lang/String jtregs
> Thanks,
> -Aleksey

More information about the core-libs-dev mailing list