modifies javassist.util.proxy.DefinePackageHelper to be compatible to Java 11.
It also adds a javadoc comment to CtClass#toClass() to recommend the users to use #toClass(Class) or #toClass(Lookup).
Andres Luuk [Mon, 9 Jul 2018 08:05:25 +0000 (11:05 +0300)]
Custom URL stream handler in ByteArrayClassPath
Otherwise a normal streamhandler lookup is made and if javassist is used early on server startup protses this can lead to a deadlock on rare cases on WebSpheare.
For example. A new StreamHandlerFactory is registered but not jet fully initialized. Now javassist is used at the same time but form another thread and it will be the first one to invoke the new StreamHandlerFactory and now it can deadlock with the other thread:
Snipets from my deadlock:
3XMTHREADINFO "main" J9VMThread:0x000000000175EC00, omrthread_t:0x00007F4120008100, java/lang/Thread:0x00000000624290B8, state:B, prio=5
3XMTHREADBLOCK Blocked on: org/osgi/util/tracker/ServiceTracker$Tracked@0x00000000627F0A90 Owned by: "other-thread" (J9VMThread:0x0000000001B26300, java/lang/Thread:0x00000000629F1458)
3XMHEAPALLOC Heap bytes allocated since last GC cycle=0 (0x0)
3XMTHREADINFO3 Java callstack:
4XESTACKTRACE at org/osgi/util/tracker/ServiceTracker.getServiceReferences(ServiceTracker.java:525)
4XESTACKTRACE at org/eclipse/osgi/framework/internal/protocol/StreamHandlerFactory.createInternalURLStreamHandler(StreamHandlerFactory.java:162)
4XESTACKTRACE at org/eclipse/osgi/framework/internal/protocol/StreamHandlerFactory.createURLStreamHandler(StreamHandlerFactory.java:118)
4XESTACKTRACE at java/net/URL.getURLStreamHandler(URL.java:1154)
4XESTACKTRACE at java/net/URL.<init>(URL.java:611(Compiled Code))
4XESTACKTRACE at java/net/URL.<init>(URL.java:502(Compiled Code))
4XESTACKTRACE at java/net/URL.<init>(URL.java:451)
4XESTACKTRACE at javassist/ByteArrayClassPath.find(JRebel:92)
...
4XESTACKTRACE at java/lang/ClassLoader.loadClassHelper(ClassLoader.java:924(Compiled Code))
5XESTACKTRACE (entered lock: org/eclipse/core/launcher/Main$StartupClassLoader@0x0000000062F3AA88, entry count: 1)
3XMTHREADINFO "other-thread" J9VMThread:0x0000000001B26300, omrthread_t:0x00007F4120A5D060, java/lang/Thread:0x00000000629F1458, state:B, prio=5
3XMTHREADBLOCK Blocked on: org/eclipse/core/launcher/Main$StartupClassLoader@0x0000000062F3AA88 Owned by: "main" (J9VMThread:0x000000000175EC00, java/lang/Thread:0x00000000624290B8)
3XMHEAPALLOC Heap bytes allocated since last GC cycle=0 (0x0)
3XMTHREADINFO3 Java callstack:
4XESTACKTRACE at org/osgi/util/tracker/AbstractTracked.size(AbstractTracked.java:356)
4XESTACKTRACE at org/osgi/util/tracker/ServiceTracker.getServiceReferences(ServiceTracker.java:526)
5XESTACKTRACE (entered lock: org/osgi/util/tracker/ServiceTracker$Tracked@0x00000000627F0A90, entry count: 1)
4XESTACKTRACE at org/eclipse/osgi/framework/internal/protocol/StreamHandlerFactory.createInternalURLStreamHandler(StreamHandlerFactory.java:162)
4XESTACKTRACE at org/eclipse/osgi/framework/internal/protocol/StreamHandlerFactory.createURLStreamHandler(StreamHandlerFactory.java:118)
4XESTACKTRACE at java/net/URL.getURLStreamHandler(URL.java:1154)
4XESTACKTRACE at java/net/URL.<init>(URL.java:611(Compiled Code))
4XESTACKTRACE at java/net/URL.<init>(URL.java:502(Compiled Code))
4XESTACKTRACE at java/net/URL.<init>(URL.java:451)
4XESTACKTRACE at java/net/URI.toURL(URI.java:1100)
4XESTACKTRACE at com/ibm/jsse2/av.a(av.java:92)
4XESTACKTRACE at com/ibm/jsse2/av.engineInit(av.java:7)
4XESTACKTRACE at javax/net/ssl/TrustManagerFactory.init(TrustManagerFactory.java:25)
nickl- [Sat, 11 Nov 2017 20:34:34 +0000 (22:34 +0200)]
Fix #152 inner class modifiers.
Applied fix for #152 "Wrong modifiers returned for nested classes" as suggested by @pietrobraione.
Includes unit tests for all access modifiers and static.
nickl- [Fri, 10 Nov 2017 17:13:01 +0000 (19:13 +0200)]
Unit Test: CtField.make referencing 'this'.
As per question raised in #161 passing 'this' reference for CtField value new object instance.
Also added assert for testing referncing 'this' for newly added field.
nickl- [Sun, 29 Oct 2017 21:42:49 +0000 (23:42 +0200)]
Fixes to javassist.scopepool
Applied parameters and squashed all compiler warnings.
Changed loops to enhanced for where appropriate.
Fixed SoftValueHashMap:
Made it a raw type.
Overwritten implementation of the `get` method correctly unwrapped the reference but the methods
`containsValue` and `entrySet` needed to be fixed.
Implemented the remaining outstanding methods from the `java.util.Map` contract `values`, `putAll`
and `keySet`.
Dropped `AbstractMap` inheritance as we were not inheriting anything anymore.
Changed internal map to `ConcurrentHashMap' to be atomic and parallel safe.
Found original unit tests from jboss retro which are now updated to reflect the javassist
versions of the scoped pool classes. Added tests for the SoftValueHashMap including
test which overloads the heap to ensure the cache cleans itself appropriately.
nickl- [Fri, 27 Oct 2017 06:33:55 +0000 (08:33 +0200)]
Some functional unit tests proofs.
Proves that you cannot access restricted functionality then goes ahead and
mock test all 3 exposures JAVA_9, JAVA_7+ and OTHERS by changing the
private static final class referenced default chosen on initialise.
nickl- [Fri, 27 Oct 2017 06:10:22 +0000 (08:10 +0200)]
Even now Oracle still not happy.
Runtime still throws warnings illegal actions even after all that, there's
just no logic to it. We can use Unsafe but don't touch setAccessible. O well
might as well enjoy Unsafe while we still can.
Wrapped the Unsafe and added method cache with varargs method for invoke calls.
Can still do a lot with it but it does what it needs to for now.
nickl- [Fri, 27 Oct 2017 05:55:08 +0000 (07:55 +0200)]
Add caller class checking.
The only thing remotely inforceable is caller class checking. You cannot
bypass an exception with setAccesible. Oracle went and removed
Reflection.getCallerClass() completely in favour of StackWalker. At least
we can share the SecurityManage ClassContext, SecurityActions seems the
appropriate venue for our stack trace peek to support the older versions
nickl- [Fri, 27 Oct 2017 05:36:38 +0000 (07:36 +0200)]
MethodHandles for JDK7+.
Java 7 and 8 does support method handles so we can cater for them. When doing
repeated invokes to the same method, keeping a reference to the Method handle
is much faster than reflection. Also the API is cleaner not having to Object[]
args etc. Worth the effort...
nickl- [Fri, 27 Oct 2017 04:43:49 +0000 (06:43 +0200)]
Add getMethodHandle to SecurityActions.
The main advantage is that we can do the privileged setAccessible during creation and
then freely invoke via the authorized method handle.
As per the javadocs:
Access checks are applied in the factory methods of Lookup, when a method handle is created.
his is a key difference from the Core Reflection API, since java.lang.reflect.Method.invoke
performs access checking against every caller, on every call.
nickl- [Wed, 25 Oct 2017 18:40:04 +0000 (20:40 +0200)]
Make an effort to secure privileged use.
Oracle (or maybe it was still Sun) warns that we should prevent from exposing access we gain to
privileged functionality like the unsafe etc. Before Oracle decides to restrict us even more lets
make an effort at least.