[9] RFR (M): 8057967: CallSite dependency tracking scales devastatingly poorly

Vladimir Ivanov vladimir.x.ivanov at oracle.com
Thu Apr 2 22:08:10 UTC 2015


Thanks for the clarification!

>> BTW why do you think security manager was the problem? (1)
>> Class.getDeclaredField() is caller-sensitive; and (2)
>> DependencyContext was eagerly initialized with CallSite (see
>> UNSAFE.ensureClassInitialized() in original version).
> CallSite$DependencyContext and CallSite are distinct classes.
> At the JVM level they cannot access each others' private members.
> So if DependencyContext wants to reflect a private field from CallSite,
> there will be extra security checks.  These sometimes fail, as in:
Member access permission check isn't performed if caller and member 
owner class are loaded by the same class loader (which is the case with 
CallSite$DependencyContext and CallSite classes).

     public Field getDeclaredField(String name)
         throws NoSuchFieldException, SecurityException {
         checkMemberAccess(Member.DECLARED, Reflection.getCallerClass(), 
     private void checkMemberAccess(int which, Class<?> caller, boolean 
checkProxyInterfaces) {
         final SecurityManager s = System.getSecurityManager();
         if (s != null) {
             final ClassLoader ccl = ClassLoader.getClassLoader(caller);
             final ClassLoader cl = getClassLoader0();
             if (which != Member.PUBLIC) {
                 if (ccl != cl) {

Best regards,
Vladimir Ivanov

More information about the core-libs-dev mailing list