This is the mail archive of the java-patches@gcc.gnu.org mailing list for the Java project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: RFC: AccessController merge

From: Andrew Haley <aph at redhat dot com>
To: Casey Marshall <csm at gnu dot org>
Cc: Gary Benson <gbenson at redhat dot com>, java-patches at gcc dot gnu dot org
Date: Sat, 29 Jul 2006 10:02:02 +0100
Subject: Re: RFC: AccessController merge
References: <20060728083411.GB3675@redhat.com> <17609.58054.402976.329438@zebedee.pink> <20060728104303.GC3675@redhat.com> <8F482B96-E385-4BB3-8423-1C791573179D@gnu.org>

Casey Marshall writes:
 > On Jul 28, 2006, at 3:43 AM, Gary Benson wrote:
 > 
 > > Andrew Haley wrote:
 > >> I'm a bit concerned about efficiency.  For one example: OK, we walk
 > >> the stack -- we have to do that -- but we create a string for every
 > >> method name , and the only purpose of doing so AFAICS is to compare
 > >> it with "doPrivileged".  We then throw away all of those strings we
 > >> so laboriously constructed...
 > >
 > > I see what you mean.  Another thing is that if there is a doPrivileged
 > > there then a chunk of the generated stack trace will be ignored.  I
 > > guess Casey wanted the code he put in stacktrace.cc to be generic.
 > 
 > Yeah, AccessController is somewhat dumb, but it is extremely easy to  
 > implement for nearly any VM -- any VM that can produce an exception  
 > stack trace can also provide AccessController support. Optimizing it  
 > for GCJ is a good project; I suppose we could compare function  
 > addresses to doPrivileged instead of constructing strings, or somehow  
 > building a stack of class loading contexts instead of building the  
 > entire stack, and then inspecting that stack to determine the set of  
 > contexts.
 > 
 > Is it pretty easy to just map a PC address from the stack to class  
 > loader context?

Yes.  We have a map from method addr->class, and every class has a
pointer to its loader.

 > I'd assume it's just a matter of determining which .so a class came
 > from (and then possibly what jar that came from), or if it's
 > interpreted. Would something like that be reasonably efficient?

We could do that, but it wouldn't be much more efficient than what we
do ATM.  That's because we have to use the DWARF unwinder to unwind
the stack, and the unwinder produces a list of method pointers as a
side-effect.

 > I will, however, say that some of us do prefer a working, slow  
 > implementation over a non-existent fast one most days of the week.

In principle I agree.  In the case of AccessController, I'm not sure
that's true.  I've seen some large apps install a security manager
that doesn't seem to do anything very essential: all that adding a
slow AccessController does is slow down the app.

Andrew.

References:
- RFC: AccessController merge
  - From: Gary Benson
- Re: RFC: AccessController merge
  - From: Andrew Haley
- Re: RFC: AccessController merge
  - From: Gary Benson
- Re: RFC: AccessController merge
  - From: Casey Marshall

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]