From 6a95ea4d7ca6aed6866fc7de10ef17a3506f21db Mon Sep 17 00:00:00 2001 From: Grzegorz Piwowarek Date: Wed, 18 Nov 2020 15:55:02 +0100 Subject: [PATCH 1/7] Initialize java.lang.StrictMath.RandomNumberGeneratorHolder at runtime --- .../src/com/oracle/svm/core/jdk/RandomNumbersFeature.java | 1 + 1 file changed, 1 insertion(+) diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/RandomNumbersFeature.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/RandomNumbersFeature.java index a45e4fd8f6cc..a6bb242db433 100644 --- a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/RandomNumbersFeature.java +++ b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/RandomNumbersFeature.java @@ -40,5 +40,6 @@ public void duringSetup(DuringSetupAccess access) { * values properly. Otherwise the numbers generated will be fixed for each generated image. */ ImageSingletons.lookup(RuntimeClassInitializationSupport.class).rerunInitialization(access.findClassByName("java.lang.Math$RandomNumberGeneratorHolder"), "for random number generator"); + ImageSingletons.lookup(RuntimeClassInitializationSupport.class).rerunInitialization(access.findClassByName("java.lang.StrictMath$RandomNumberGeneratorHolder"), "for random number generator"); } } From 896cdb4b0feba8cc86acbb755b9b842cca8ea823 Mon Sep 17 00:00:00 2001 From: Grzegorz Piwowarek Date: Sun, 22 Nov 2020 11:21:44 +0100 Subject: [PATCH 2/7] Disallow Random/SplittableRandom in the image heap --- .../svm/core/image/DisallowedImageHeapObjects.java | 10 ++++++++++ .../svm/core/jdk/ThreadLocalRandomAccessors.java | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/image/DisallowedImageHeapObjects.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/image/DisallowedImageHeapObjects.java index 23397515364a..0880d0698138 100644 --- a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/image/DisallowedImageHeapObjects.java +++ b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/image/DisallowedImageHeapObjects.java @@ -30,6 +30,9 @@ import java.lang.reflect.Field; import java.nio.Buffer; import java.nio.MappedByteBuffer; +import java.util.Random; +import java.util.SplittableRandom; +import java.util.concurrent.ThreadLocalRandom; import com.oracle.svm.core.util.VMError; import com.oracle.svm.util.ReflectionUtil; @@ -55,6 +58,13 @@ public interface DisallowedObjectReporter { } public static void check(Object obj, DisallowedObjectReporter reporter) { + /* Random/SplittableRandom can not be in the image heap. */ + if (((obj instanceof Random) && !(obj instanceof ThreadLocalRandom)) || obj instanceof SplittableRandom) { + throw reporter.raise("Detected an instance of Random/SplittableRandom class in the image heap. " + + "Instances created during image generation have cached seed values and don't behave as expected.", + obj, "Try avoiding to initialize the class that caused initialization of the object."); + } + /* Started Threads can not be in the image heap. */ if (obj instanceof Thread) { final Thread asThread = (Thread) obj; diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/ThreadLocalRandomAccessors.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/ThreadLocalRandomAccessors.java index 28ca4acdd76e..c2a93a91a76b 100644 --- a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/ThreadLocalRandomAccessors.java +++ b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/ThreadLocalRandomAccessors.java @@ -55,7 +55,7 @@ public static AtomicLong getSeeder() { return SINGLETON.getOrInitializeSeeder(); } - /** The setter is necessary if ThreadLocalRandom is initilized at run time. */ + /** The setter is necessary if ThreadLocalRandom is initialized at run time. */ public static void setSeeder(AtomicLong value) { SINGLETON.seeder = value; } From 43f78bccae56eb14d0d65a1ed9b2d89f1aacc884 Mon Sep 17 00:00:00 2001 From: Grzegorz Piwowarek Date: Sun, 22 Nov 2020 15:10:19 +0100 Subject: [PATCH 3/7] Reinitialize DigestAuthentication.Parameters class due to internal static Random field --- .../core/jdk/DigestAuthenticationFeature.java | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java new file mode 100644 index 000000000000..fbe831f6e233 --- /dev/null +++ b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2019, 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +package com.oracle.svm.core.jdk; + +import com.oracle.svm.core.annotate.AutomaticFeature; +import org.graalvm.nativeimage.ImageSingletons; +import org.graalvm.nativeimage.hosted.Feature; +import org.graalvm.nativeimage.impl.RuntimeClassInitializationSupport; + +@AutomaticFeature +public class DigestAuthenticationFeature implements Feature { + + @Override + public void duringSetup(DuringSetupAccess access) { + ImageSingletons.lookup(RuntimeClassInitializationSupport.class).rerunInitialization(access.findClassByName("sun.net.www.protocol.http.DigestAuthentication$Parameters"), "for internal Random instance"); + } +} From 5aef2953dc956cbe15e55652bd54107e577c6258 Mon Sep 17 00:00:00 2001 From: Grzegorz Piwowarek Date: Sun, 22 Nov 2020 15:25:03 +0100 Subject: [PATCH 4/7] Reinitialize KrbServiceLocator class due to internal static Random field --- .../core/jdk/DigestAuthenticationFeature.java | 3 +- .../core/jdk/KrbServiceLocatorFeature.java | 40 +++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/KrbServiceLocatorFeature.java diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java index fbe831f6e233..87cd8cea86c0 100644 --- a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java +++ b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java @@ -24,11 +24,12 @@ */ package com.oracle.svm.core.jdk; -import com.oracle.svm.core.annotate.AutomaticFeature; import org.graalvm.nativeimage.ImageSingletons; import org.graalvm.nativeimage.hosted.Feature; import org.graalvm.nativeimage.impl.RuntimeClassInitializationSupport; +import com.oracle.svm.core.annotate.AutomaticFeature; + @AutomaticFeature public class DigestAuthenticationFeature implements Feature { diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/KrbServiceLocatorFeature.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/KrbServiceLocatorFeature.java new file mode 100644 index 000000000000..39efc0deab12 --- /dev/null +++ b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/KrbServiceLocatorFeature.java @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2019, 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +package com.oracle.svm.core.jdk; + +import org.graalvm.nativeimage.ImageSingletons; +import org.graalvm.nativeimage.hosted.Feature; +import org.graalvm.nativeimage.impl.RuntimeClassInitializationSupport; + +import com.oracle.svm.core.annotate.AutomaticFeature; + +@AutomaticFeature +public class KrbServiceLocatorFeature implements Feature { + + @Override + public void duringSetup(DuringSetupAccess access) { + ImageSingletons.lookup(RuntimeClassInitializationSupport.class).rerunInitialization(access.findClassByName("sun.security.krb5.KrbServiceLocator"), "for internal Random instance"); + } +} From 0600d9c689cf77a3059419c5b69f91ee8b3b35ce Mon Sep 17 00:00:00 2001 From: Grzegorz Piwowarek Date: Sun, 22 Nov 2020 15:57:57 +0100 Subject: [PATCH 5/7] Reformat DigestAuthenticationFeature class --- .../com/oracle/svm/core/jdk/DigestAuthenticationFeature.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java index 87cd8cea86c0..d1191608e9a6 100644 --- a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java +++ b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java @@ -35,6 +35,7 @@ public class DigestAuthenticationFeature implements Feature { @Override public void duringSetup(DuringSetupAccess access) { - ImageSingletons.lookup(RuntimeClassInitializationSupport.class).rerunInitialization(access.findClassByName("sun.net.www.protocol.http.DigestAuthentication$Parameters"), "for internal Random instance"); + ImageSingletons.lookup(RuntimeClassInitializationSupport.class).rerunInitialization(access.findClassByName("sun.net.www.protocol.http.DigestAuthentication$Parameters"), + "for internal Random instance"); } } From 7562ec3c55fcfc4d60e532968fb805ff218ced27 Mon Sep 17 00:00:00 2001 From: Grzegorz Piwowarek Date: Mon, 23 Nov 2020 15:11:31 +0100 Subject: [PATCH 6/7] Move JDK-related fixes to JDKInitializationFeature --- .../core/jdk/DigestAuthenticationFeature.java | 41 ------------------- .../core/jdk/KrbServiceLocatorFeature.java | 40 ------------------ .../hosted/jdk/JDKInitializationFeature.java | 4 +- 3 files changed, 3 insertions(+), 82 deletions(-) delete mode 100644 substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java delete mode 100644 substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/KrbServiceLocatorFeature.java diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java deleted file mode 100644 index d1191608e9a6..000000000000 --- a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/DigestAuthenticationFeature.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2019, 2019, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ -package com.oracle.svm.core.jdk; - -import org.graalvm.nativeimage.ImageSingletons; -import org.graalvm.nativeimage.hosted.Feature; -import org.graalvm.nativeimage.impl.RuntimeClassInitializationSupport; - -import com.oracle.svm.core.annotate.AutomaticFeature; - -@AutomaticFeature -public class DigestAuthenticationFeature implements Feature { - - @Override - public void duringSetup(DuringSetupAccess access) { - ImageSingletons.lookup(RuntimeClassInitializationSupport.class).rerunInitialization(access.findClassByName("sun.net.www.protocol.http.DigestAuthentication$Parameters"), - "for internal Random instance"); - } -} diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/KrbServiceLocatorFeature.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/KrbServiceLocatorFeature.java deleted file mode 100644 index 39efc0deab12..000000000000 --- a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/KrbServiceLocatorFeature.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2019, 2019, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ -package com.oracle.svm.core.jdk; - -import org.graalvm.nativeimage.ImageSingletons; -import org.graalvm.nativeimage.hosted.Feature; -import org.graalvm.nativeimage.impl.RuntimeClassInitializationSupport; - -import com.oracle.svm.core.annotate.AutomaticFeature; - -@AutomaticFeature -public class KrbServiceLocatorFeature implements Feature { - - @Override - public void duringSetup(DuringSetupAccess access) { - ImageSingletons.lookup(RuntimeClassInitializationSupport.class).rerunInitialization(access.findClassByName("sun.security.krb5.KrbServiceLocator"), "for internal Random instance"); - } -} diff --git a/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/jdk/JDKInitializationFeature.java b/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/jdk/JDKInitializationFeature.java index 249b1868ffdf..8e09ec9e4948 100644 --- a/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/jdk/JDKInitializationFeature.java +++ b/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/jdk/JDKInitializationFeature.java @@ -117,7 +117,9 @@ public void afterRegistration(AfterRegistrationAccess access) { RuntimeClassInitialization.initializeAtBuildTime("sun.security.x509", "Core JDK classes are initialized at build time"); RuntimeClassInitialization.initializeAtBuildTime("sun.security.smartcardio", "Core JDK classes are initialized at build time"); - // contains a SecureRandom reference, therefore it can't be included in the image heap + // contain Random references, therefore can't be included in the image heap RuntimeClassInitialization.initializeAtRunTime(com.sun.jndi.dns.DnsClient.class); + RuntimeClassInitialization.initializeAtRunTime("sun.net.www.protocol.http.DigestAuthentication$Parameters"); + RuntimeClassInitialization.initializeAtRunTime("sun.security.krb5.KrbServiceLocator"); } } From 46b3397ab1923f45dc3862cf2430c71a7f66114d Mon Sep 17 00:00:00 2001 From: Grzegorz Piwowarek Date: Mon, 23 Nov 2020 15:26:09 +0100 Subject: [PATCH 7/7] Move RandomNumbersFeature into JDKInitializationFeature --- .../svm/core/jdk/RandomNumbersFeature.java | 45 ------------------- .../hosted/jdk/JDKInitializationFeature.java | 5 +++ 2 files changed, 5 insertions(+), 45 deletions(-) delete mode 100644 substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/RandomNumbersFeature.java diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/RandomNumbersFeature.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/RandomNumbersFeature.java deleted file mode 100644 index a6bb242db433..000000000000 --- a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/RandomNumbersFeature.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2019, 2019, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ -package com.oracle.svm.core.jdk; - -import org.graalvm.nativeimage.ImageSingletons; -import org.graalvm.nativeimage.hosted.Feature; -import org.graalvm.nativeimage.impl.RuntimeClassInitializationSupport; - -import com.oracle.svm.core.annotate.AutomaticFeature; - -@AutomaticFeature -public class RandomNumbersFeature implements Feature { - - @Override - public void duringSetup(DuringSetupAccess access) { - /* - * The random number provider classes should be reinitialized at runtime to reset their - * values properly. Otherwise the numbers generated will be fixed for each generated image. - */ - ImageSingletons.lookup(RuntimeClassInitializationSupport.class).rerunInitialization(access.findClassByName("java.lang.Math$RandomNumberGeneratorHolder"), "for random number generator"); - ImageSingletons.lookup(RuntimeClassInitializationSupport.class).rerunInitialization(access.findClassByName("java.lang.StrictMath$RandomNumberGeneratorHolder"), "for random number generator"); - } -} diff --git a/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/jdk/JDKInitializationFeature.java b/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/jdk/JDKInitializationFeature.java index 8e09ec9e4948..50bd1db6fe08 100644 --- a/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/jdk/JDKInitializationFeature.java +++ b/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/jdk/JDKInitializationFeature.java @@ -121,5 +121,10 @@ public void afterRegistration(AfterRegistrationAccess access) { RuntimeClassInitialization.initializeAtRunTime(com.sun.jndi.dns.DnsClient.class); RuntimeClassInitialization.initializeAtRunTime("sun.net.www.protocol.http.DigestAuthentication$Parameters"); RuntimeClassInitialization.initializeAtRunTime("sun.security.krb5.KrbServiceLocator"); + + // The random number provider classes should be reinitialized at runtime to reset their + // values properly. Otherwise the numbers generated will be fixed for each generated image. + RuntimeClassInitialization.initializeAtRunTime("java.lang.Math$RandomNumberGeneratorHolder"); + RuntimeClassInitialization.initializeAtRunTime("java.lang.StrictMath$RandomNumberGeneratorHolder"); } }