RFR: 8222895: StackOverflowError in custom security manager that relies on ClassSpecializer

Claes Redestad claes.redestad at oracle.com
Wed Apr 24 12:49:13 UTC 2019


recent changes to the String concatenation bootstrap sequence[1]
accidentally uncovered an issue introduced earlier by changing the
ClassSpecializer to use Lookup.defineClass[2].

The issue with this is the introduction of a call to SM.checkPermission
deep inside the ClassSpecializer code used when bootstrapping certain
String concatenation expressions. When triggered, this causes a
recursive bootstrap cycle and a crash with a StackOverflowError.

This is related to earlier bootstrapping issues in the area[3], and
would have been caught by the regression test added then if not for the
fact that we've been rather successful in avoiding the use of
ClassSpecializer during bootstrap of commonly used concatenation shapes.

Providing a more contorted concatenation shape in the test ensures we
drop into the ClassSpecializer code path where the recursive
checkPermission call happens. The updated test passes before
JDK-8181443, fails since, and passes with the changes proposed in this

Webrev: http://cr.openjdk.java.net/~redestad/8222895/open.00/
Bug:    https://bugs.openjdk.java.net/browse/JDK-8222895

Testing: tier1-3 (still in-flight), local verification



[1] https://bugs.openjdk.java.net/browse/JDK-8222484
[2] https://bugs.openjdk.java.net/browse/JDK-8181443
[3] https://bugs.openjdk.java.net/browse/JDK-8155090

More information about the core-libs-dev mailing list