Re: RFR: 8338411: Implement JEP 486: Permanently Disable the Security Manager [v2]

2024-10-24 Thread Alexander Zvegintsev 
On Fri, 18 Oct 2024 19:03:30 GMT, Sean Mullan  wrote:

>> This is the implementation of JEP 486: Permanently Disable the Security 
>> Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The 
>> [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in detail the 
>> main changes in the JEP and also includes an apidiff of the specification 
>> changes.
>> 
>> NOTE: the majority (~95%) of the changes in this PR are test updates 
>> (removal/modifications) and API specification changes, the latter mostly to 
>> remove `@throws SecurityException`. The remaining changes are primarily the 
>> removal of the `SecurityManager`, `Policy`, `AccessController` and other 
>> Security Manager API implementations. There is very little new code.
>> 
>> The code changes can be broken down into roughly the following categories:
>> 
>> 1. Degrading the behavior of Security Manager APIs to either throw 
>> Exceptions by default or provide an execution environment that disallows 
>> access to all resources by default.
>> 2. Changing hundreds of methods and constructors to no longer throw a 
>> `SecurityException` if a Security Manager was enabled. They will operate as 
>> they did in JDK 23 with no Security Manager enabled.
>> 3. Changing the `java` command to exit with a fatal error if a Security 
>> Manager is enabled.
>> 4. Removing the hotspot native code for the privileged stack walk and the 
>> inherited access control context. The remaining hotspot code and tests 
>> related to the Security Manager will be removed immediately after 
>> integration - see [JDK-8341916](https://bugs.openjdk.org/browse/JDK-8341916).
>> 5. Removing or modifying hundreds of tests. Many tests that tested Security 
>> Manager behavior are no longer relevant and thus have been removed or 
>> modified.
>> 
>> There are a handful of Security Manager related tests that are failing and 
>> are at the end of the `test/jdk/ProblemList.txt`, 
>> `test/langtools/ProblemList.txt` and `test/hotspot/jtreg/ProblemList.txt` 
>> files - these will be removed or separate bugs will be filed before 
>> integrating this PR. 
>> 
>> Inside the JDK, we have retained calls to 
>> `SecurityManager::getSecurityManager` and `AccessController::doPrivileged` 
>> for now, as these methods have been degraded to behave the same as they did 
>> in JDK 23 with no Security Manager enabled. After we integrate this JEP, 
>> those calls will be removed in each area (client-libs, core-libs, security, 
>> etc).
>> 
>> I don't expect each reviewer to review all the code changes in this JEP. 
>> Rather, I advise that you only focus on the changes for the area 
>> (client-libs, core-libs, net, ...
>
> Sean Mullan has updated the pull request with a new target base due to a 
> merge or a rebase. The pull request now contains 97 commits:
> 
>  - Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411
>  - Change apiNote to deprecated annotation on checkAccess methods. Change 
> method dedescription to "Does nothing".
>  - Sanitize the class descriptions of DelegationPermission and 
> ServicePermission
>by removing text that refers to granting permissions, but avoid changes 
> that
>affect the API specification, such as the description and format of input
>parameters.
>  - Restored methods in RMIConnection to throw SecurityExceptions again but
>with adjusted text that avoids the word "permission".
>  - Add text to class description of MBeanServer stating that implementations
>may throw SecurityException if authorization doesn't allow access to 
> resource.
>  - Restore text about needing permissions from the desktop environment in the
>getPixelColor and createScreenCapture methods.
>  - Add api note to getClassContext to use StackWalker instead and
>add DROP_METHOD_INFO option to StackWalker.
>  - Change checkAccess() methods to be no-ops, rather than throwing
>SecurityException.
>  - Merge
>  - Merge
>  - ... and 87 more: https://git.openjdk.org/jdk/compare/f50bd0d9...f89d9d09

java beans changes looks good

-

Marked as reviewed by azvegint (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/21498#pullrequestreview-2391943640

Re: Integrated: 8323011: ProblemList serviceability/HeapDump/FullGCHeapDumpLimitTest.java

2024-01-04 Thread Alexander Zvegintsev 
On Thu, 4 Jan 2024 16:24:53 GMT, Daniel D. Daugherty  wrote:

> A trivial fix to  ProblemList 
> serviceability/HeapDump/FullGCHeapDumpLimitTest.java
> on all platforms.
> 
> We're already up to 54 failures in Tier3 and Tier5.

Marked as reviewed by azvegint (Reviewer).

-

PR Review: https://git.openjdk.org/jdk/pull/17269#pullrequestreview-1804540855

Re: RFR: 8318038: ProblemList runtime/CompressedOops/CompressedClassPointers.java on two platforms

2023-10-12 Thread Alexander Zvegintsev 
On Thu, 12 Oct 2023 19:26:10 GMT, Daniel D. Daugherty  
wrote:

> Trivial ProblemListing for some tests:
> 
> [JDK-8318038](https://bugs.openjdk.org/browse/JDK-8318038) ProblemList 
> runtime/CompressedOops/CompressedClassPointers.java on two platforms
> [JDK-8318040](https://bugs.openjdk.org/browse/JDK-8318040) ProblemList 
> vmTestbase/nsk/monitoring/ThreadMXBean/findMonitorDeadlockedThreads/find006/TestDescription.java
>  on macosx-aarch64
> [JDK-8318042](https://bugs.openjdk.org/browse/JDK-8318042) ProblemList 
> java/nio/channels/vthread/BlockingChannelOps.java#direct-register with GenZGC

Marked as reviewed by azvegint (Reviewer).

-

PR Review: https://git.openjdk.org/jdk/pull/16172#pullrequestreview-1675071104

Re: RFR: 8315877: ProblemList vmTestbase/nsk/jvmti/InterruptThread/intrpthrd003/TestDescription.java on macosx-aarch64

2023-09-07 Thread Alexander Zvegintsev 
On Thu, 7 Sep 2023 19:17:42 GMT, Daniel D. Daugherty  wrote:

> Trivial fixes to ProblemList some tests:
> - [JDK-8315877](https://bugs.openjdk.org/browse/JDK-8315877) ProblemList 
> vmTestbase/nsk/jvmti/InterruptThread/intrpthrd003/TestDescription.java on 
> macosx-aarch64
> - [JDK-8315879](https://bugs.openjdk.org/browse/JDK-8315879) ProblemList 
> java/awt/PopupMenu/PopupMenuLocation.java on macosx-aarch64

Marked as reviewed by azvegint (Reviewer).

-

PR Review: https://git.openjdk.org/jdk/pull/15627#pullrequestreview-1616146162

Re: RFR: 8315717: ProblemList serviceability/sa/TestHeapDumpForInvokeDynamic.java with ZGC

2023-09-05 Thread Alexander Zvegintsev 
On Tue, 5 Sep 2023 17:17:25 GMT, Daniel D. Daugherty  wrote:

> A trivial fix to ProblemList 
> serviceability/sa/TestHeapDumpForInvokeDynamic.java with ZGC.

Marked as reviewed by azvegint (Reviewer).

-

PR Review: https://git.openjdk.org/jdk/pull/15570#pullrequestreview-1611581278

Re: Integrated: 8314672: ProblemList runtime/cds/appcds/customLoader/HelloCustom_JFR.java on linux-all and windows-x64

2023-08-21 Thread Alexander Zvegintsev 
On Mon, 21 Aug 2023 17:06:12 GMT, Daniel D. Daugherty  
wrote:

> A trivial fix to ProblemList 
> runtime/cds/appcds/customLoader/HelloCustom_JFR.java on linux-all and 
> windows-x64.
> 
> This test was previously ProblemListed on linux-all with ZGC via: 
> 
> [JDK-8314533](https://bugs.openjdk.org/browse/JDK-8314533) ProblemList 
> runtime/cds/appcds/customLoader/HelloCustom_JFR.java on linux-all with ZGC 
> 
> but we have had 7 new failures in different configs since then 
> so the ProblemListing needs to be wider. I thought above using 
> generic-all, but we haven't seen an macosx-x64 failure since 
> mid-May 2020 and have yet to see a macosx-aarch64 failure.

Marked as reviewed by azvegint (Reviewer).

-

PR Review: https://git.openjdk.org/jdk/pull/15366#pullrequestreview-1587507508

Re: Integrated: 8314533: ProblemList runtime/cds/appcds/customLoader/HelloCustom_JFR.java on linux-all with ZGC

2023-08-17 Thread Alexander Zvegintsev 
On Thu, 17 Aug 2023 16:58:41 GMT, Daniel D. Daugherty  
wrote:

> A trivial fix to ProblemList 
> runtime/cds/appcds/customLoader/HelloCustom_JFR.java on linux-all with ZGC.

Marked as reviewed by azvegint (Reviewer).

-

PR Review: https://git.openjdk.org/jdk/pull/15333#pullrequestreview-1583061689

Re: RFR: 8309614: [BACKOUT] JDK-8307153 JVMTI GetThreadState on carrier should return STATE_WAITING

2023-06-07 Thread Alexander Zvegintsev 
On Wed, 7 Jun 2023 14:33:51 GMT, Daniel D. Daugherty  wrote:

> This reverts commit 177e8327d685444d63235567f2a9bde0ec3d51cf.

Marked as reviewed by azvegint (Reviewer).

-

PR Review: https://git.openjdk.org/jdk/pull/14359#pullrequestreview-1467877421

Re: RFR: 8304172: ProblemList serviceability/sa/UniqueVtableTest.java

2023-03-14 Thread Alexander Zvegintsev 
On Tue, 14 Mar 2023 19:52:01 GMT, Daniel D. Daugherty  
wrote:

> Trivial fixes to ProblemList a couple of tests:
> 
> [JDK-8304172](https://bugs.openjdk.org/browse/JDK-8304172) ProblemList 
> serviceability/sa/UniqueVtableTest.java
> [JDK-8304175](https://bugs.openjdk.org/browse/JDK-8304175) ProblemList 
> compiler/vectorapi/VectorLogicalOpIdentityTest.java on 2 platforms

Marked as reviewed by azvegint (Reviewer).

-

PR: https://git.openjdk.org/jdk/pull/13029

Re: [jdk20] Integrated: 8298987: ProblemList jdk/internal/vm/Continuation/Fuzz.java#default with ZGC on X64

2022-12-17 Thread Alexander Zvegintsev 
On Sat, 17 Dec 2022 16:00:32 GMT, Daniel D. Daugherty  
wrote:

> A batch of trivial fixes to ProblemList tests:
> [JDK-8298987](https://bugs.openjdk.org/browse/JDK-8298987) ProblemList 
> jdk/internal/vm/Continuation/Fuzz.java#default with ZGC on X64
> [JDK-8298989](https://bugs.openjdk.org/browse/JDK-8298989) ProblemList 
> vmTestbase/nsk/jvmti/InterruptThread/intrpthrd003/TestDescription.java on 
> macosx-x64
> [JDK-8298990](https://bugs.openjdk.org/browse/JDK-8298990) ProblemList 
> java/lang/Thread/virtual/stress/Skynet.java subtests with ZGC

Marked as reviewed by azvegint (Reviewer).

-

PR: https://git.openjdk.org/jdk20/pull/51

Re: RFR: 8293548: ProblemList sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 on linux-x64

2022-09-08 Thread Alexander Zvegintsev 
On Thu, 8 Sep 2022 16:19:15 GMT, Daniel D. Daugherty  wrote:

> A trivial fix to ProblemList 
> sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 on linux-x64.
> This time for sure Rocky! I've included the "#id1" sub-test identifier.

Marked as reviewed by azvegint (Reviewer).

-

PR: https://git.openjdk.org/jdk/pull/10220

Re: [jdk19] Integrated: 8290033: ProblemList serviceability/jvmti/GetLocalVariable/GetLocalWithoutSuspendTest.java on windows-x64 in -Xcomp mode

2022-07-08 Thread Alexander Zvegintsev 
On Fri, 8 Jul 2022 19:39:24 GMT, Daniel D. Daugherty  wrote:

> A trivial fix to ProblemList 
> serviceability/jvmti/GetLocalVariable/GetLocalWithoutSuspendTest.java
> on windows-x64 in -Xcomp mode.

Marked as reviewed by azvegint (Reviewer).

-

PR: https://git.openjdk.org/jdk19/pull/127

Re: [jdk19] Integrated: 8289398: ProblemList jdk/jfr/api/consumer/recordingstream/TestOnEvent.java on linux-x64 again

2022-06-28 Thread Alexander Zvegintsev 
On Tue, 28 Jun 2022 19:57:46 GMT, Daniel D. Daugherty  
wrote:

> A trivial fix to ProblemList 
> jdk/jfr/api/consumer/recordingstream/TestOnEvent.java on linux-x64 again.

Marked as reviewed by azvegint (Reviewer).

-

PR: https://git.openjdk.org/jdk19/pull/86

Re: Integrated: 8288988: ProblemList serviceability/jvmti/vthread/ContStackDepthTest/ContStackDepthTest.java in -Xcomp mode

2022-06-22 Thread Alexander Zvegintsev 
On Wed, 22 Jun 2022 16:12:06 GMT, Daniel D. Daugherty  
wrote:

> A trivial fix to ProblemList 
> serviceability/jvmti/vthread/ContStackDepthTest/ContStackDepthTest.java in 
> -Xcomp mode.

Marked as reviewed by azvegint (Reviewer).

-

PR: https://git.openjdk.org/jdk19/pull/58