RFR (XS) 8155090: String concatenation fails with a custom SecurityManager that uses concatenation

Chris Hegarty chris.hegarty at oracle.com
Fri Apr 29 07:09:27 UTC 2016

> On 28 Apr 2016, at 21:54, Claes Redestad <claes.redestad at oracle.com> wrote:
> Hi Aleksey,
> On 2016-04-28 22:10, Aleksey Shipilev wrote:
>> Hi,
>> Please review the fix for a shady bootstrapping issue, when a custom
>> SecurityManager is using string concatenation:
>>   https://bugs.openjdk.java.net/browse/JDK-8155090
>> The essence of the issue is that during StringConcatFactory::<clinit>,
>> we are reading the system properties via the privileged calls. When
>> user SecurityManager that uses string concatenation is set, we are
>> trying to produce a string concatenation stub in order to proceed, and
>> double-back on SCF. There, we try to run SCF methods without fully
>> complete <clinit>: the existing test fails with uninitialized static
>> final Strategy field.
>> The cleanest (yet subtle) solution here is to make sure the default SCF
>> settings are good to run with, which allows transient <clinit>
>> operations to complete normally:
>>   http://cr.openjdk.java.net/~shade/8155090/webrev.00/
> looks good to me!


I’ve seen a few similar, but not the same, issues like this in the core area before.


> While a subtle fix indeed, the comment well explains the need
> for doing this, and alternatives like ensuring there are no calls
> back into the SecurityManager from SCF would be very fragile
> in comparison.
> Nits: the the -> the, (onto -> into?) no need for a re-review if
> you choose to fix these.
> Thanks!
> /Claes
>> Testing: offending test; java/lang/String jtregs
>> Thanks,
>> -Aleksey

More information about the core-libs-dev mailing list