8316970: Add internal annotation to mark restricted methods
Reviewed-by: jvernee, iris, alanb
This commit is contained in:
Maurizio Cimadamore
parent
77fac0f4c6
commit
798125152b
@ -45,6 +45,7 @@ import java.util.stream.Collectors;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import jdk.internal.javac.PreviewFeature;
|
||||
import jdk.internal.javac.Restricted;
|
||||
import jdk.internal.loader.ClassLoaderValue;
|
||||
import jdk.internal.loader.Loader;
|
||||
import jdk.internal.loader.LoaderPool;
|
||||
@ -325,6 +326,7 @@ public final class ModuleLayer {
|
||||
*/
|
||||
@PreviewFeature(feature=PreviewFeature.Feature.FOREIGN)
|
||||
@CallerSensitive
|
||||
@Restricted
|
||||
public Controller enableNativeAccess(Module target) {
|
||||
ensureInLayer(target);
|
||||
Reflection.ensureNativeAccess(Reflection.getCallerClass(), Module.class,
|
||||
|
||||
@ -27,6 +27,7 @@ package java.lang.foreign;
|
||||
|
||||
import jdk.internal.foreign.layout.ValueLayouts;
|
||||
import jdk.internal.javac.PreviewFeature;
|
||||
import jdk.internal.javac.Restricted;
|
||||
import jdk.internal.reflect.CallerSensitive;
|
||||
|
||||
import java.lang.foreign.Linker.Option;
|
||||
@ -108,6 +109,7 @@ public sealed interface AddressLayout extends ValueLayout permits ValueLayouts.O
|
||||
* @see #targetLayout()
|
||||
*/
|
||||
@CallerSensitive
|
||||
@Restricted
|
||||
AddressLayout withTargetLayout(MemoryLayout layout);
|
||||
|
||||
/**
|
||||
|
||||
@ -30,6 +30,7 @@ import jdk.internal.foreign.abi.LinkerOptions;
|
||||
import jdk.internal.foreign.abi.CapturableState;
|
||||
import jdk.internal.foreign.abi.SharedUtils;
|
||||
import jdk.internal.javac.PreviewFeature;
|
||||
import jdk.internal.javac.Restricted;
|
||||
import jdk.internal.reflect.CallerSensitive;
|
||||
import jdk.internal.reflect.Reflection;
|
||||
|
||||
@ -528,6 +529,7 @@ public sealed interface Linker permits AbstractLinker {
|
||||
* @see SymbolLookup
|
||||
*/
|
||||
@CallerSensitive
|
||||
@Restricted
|
||||
MethodHandle downcallHandle(MemorySegment address, FunctionDescriptor function, Option... options);
|
||||
|
||||
/**
|
||||
@ -574,6 +576,7 @@ public sealed interface Linker permits AbstractLinker {
|
||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||
*/
|
||||
@CallerSensitive
|
||||
@Restricted
|
||||
MethodHandle downcallHandle(FunctionDescriptor function, Option... options);
|
||||
|
||||
/**
|
||||
@ -618,6 +621,7 @@ public sealed interface Linker permits AbstractLinker {
|
||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||
*/
|
||||
@CallerSensitive
|
||||
@Restricted
|
||||
MemorySegment upcallStub(MethodHandle target, FunctionDescriptor function, Arena arena, Linker.Option... options);
|
||||
|
||||
/**
|
||||
|
||||
@ -50,6 +50,7 @@ import jdk.internal.foreign.Utils;
|
||||
import jdk.internal.foreign.abi.SharedUtils;
|
||||
import jdk.internal.foreign.layout.ValueLayouts;
|
||||
import jdk.internal.javac.PreviewFeature;
|
||||
import jdk.internal.javac.Restricted;
|
||||
import jdk.internal.reflect.CallerSensitive;
|
||||
import jdk.internal.vm.annotation.ForceInline;
|
||||
|
||||
@ -607,6 +608,7 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl {
|
||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||
*/
|
||||
@CallerSensitive
|
||||
@Restricted
|
||||
MemorySegment reinterpret(long newSize);
|
||||
|
||||
/**
|
||||
@ -646,6 +648,7 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl {
|
||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||
*/
|
||||
@CallerSensitive
|
||||
@Restricted
|
||||
MemorySegment reinterpret(Arena arena, Consumer<MemorySegment> cleanup);
|
||||
|
||||
/**
|
||||
@ -688,6 +691,7 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl {
|
||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||
*/
|
||||
@CallerSensitive
|
||||
@Restricted
|
||||
MemorySegment reinterpret(long newSize, Arena arena, Consumer<MemorySegment> cleanup);
|
||||
|
||||
/**
|
||||
|
||||
@ -30,6 +30,7 @@ import jdk.internal.access.SharedSecrets;
|
||||
import jdk.internal.foreign.MemorySessionImpl;
|
||||
import jdk.internal.foreign.Utils;
|
||||
import jdk.internal.javac.PreviewFeature;
|
||||
import jdk.internal.javac.Restricted;
|
||||
import jdk.internal.loader.BuiltinClassLoader;
|
||||
import jdk.internal.loader.NativeLibrary;
|
||||
import jdk.internal.loader.RawNativeLibraries;
|
||||
@ -232,6 +233,7 @@ public interface SymbolLookup {
|
||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||
*/
|
||||
@CallerSensitive
|
||||
@Restricted
|
||||
static SymbolLookup libraryLookup(String name, Arena arena) {
|
||||
Reflection.ensureNativeAccess(Reflection.getCallerClass(), SymbolLookup.class, "libraryLookup");
|
||||
if (Utils.containsNullChars(name)) {
|
||||
@ -264,6 +266,7 @@ public interface SymbolLookup {
|
||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||
*/
|
||||
@CallerSensitive
|
||||
@Restricted
|
||||
static SymbolLookup libraryLookup(Path path, Arena arena) {
|
||||
Reflection.ensureNativeAccess(Reflection.getCallerClass(), SymbolLookup.class, "libraryLookup");
|
||||
return libraryLookup(path, RawNativeLibraries::load, arena);
|
||||
|
||||
@ -0,0 +1,39 @@
|
||||
/*
|
||||
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
package jdk.internal.javac;
|
||||
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
/**
|
||||
* This annotation is used to mark <em>restricted</em> methods in the Java SE API
|
||||
* (e.g. {@link java.lang.foreign.MemorySegment#reinterpret(long)}).
|
||||
*/
|
||||
@Target({ElementType.METHOD})
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface Restricted {
|
||||
}
|
||||
167
test/jdk/java/foreign/TestRestricted.java
Normal file
167
test/jdk/java/foreign/TestRestricted.java
Normal file
@ -0,0 +1,167 @@
|
||||
/*
|
||||
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @enablePreview
|
||||
* @modules java.base/jdk.internal.javac
|
||||
* @modules java.base/jdk.internal.reflect
|
||||
* @run testng TestRestricted
|
||||
*/
|
||||
|
||||
import jdk.internal.javac.Restricted;
|
||||
import jdk.internal.reflect.CallerSensitive;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.UncheckedIOException;
|
||||
import java.lang.foreign.AddressLayout;
|
||||
import java.lang.foreign.Arena;
|
||||
import java.lang.foreign.FunctionDescriptor;
|
||||
import java.lang.foreign.Linker;
|
||||
import java.lang.foreign.MemoryLayout;
|
||||
import java.lang.foreign.MemorySegment;
|
||||
import java.lang.foreign.SymbolLookup;
|
||||
import java.lang.invoke.MethodHandle;
|
||||
import java.lang.invoke.MethodType;
|
||||
import java.lang.module.ModuleReader;
|
||||
import java.lang.module.ModuleReference;
|
||||
import java.lang.reflect.Method;
|
||||
import java.lang.reflect.Modifier;
|
||||
import java.nio.file.Path;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.StringJoiner;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import static org.testng.Assert.assertTrue;
|
||||
import static org.testng.Assert.fail;
|
||||
|
||||
/**
|
||||
* This test checks all methods in java.base to make sure that methods annotated with {@link Restricted} are
|
||||
* expected restricted methods. Conversely, the test also checks that there is no expected restricted method
|
||||
* that is not marked with the annotation. For each restricted method, we also check that they are
|
||||
* marked with the {@link CallerSensitive} annotation.
|
||||
*/
|
||||
public class TestRestricted {
|
||||
|
||||
record RestrictedMethod(Class<?> owner, String name, MethodType type) {
|
||||
static RestrictedMethod from(Method method) {
|
||||
return of(method.getDeclaringClass(), method.getName(), method.getReturnType(), method.getParameterTypes());
|
||||
}
|
||||
|
||||
static RestrictedMethod of(Class<?> owner, String name, Class<?> returnType, Class<?>... paramTypes) {
|
||||
return new RestrictedMethod(owner, name, MethodType.methodType(returnType, paramTypes));
|
||||
}
|
||||
};
|
||||
|
||||
static final Set<RestrictedMethod> RESTRICTED_METHODS = Set.of(
|
||||
RestrictedMethod.of(SymbolLookup.class, "libraryLookup", SymbolLookup.class, String.class, Arena.class),
|
||||
RestrictedMethod.of(SymbolLookup.class, "libraryLookup", SymbolLookup.class, Path.class, Arena.class),
|
||||
RestrictedMethod.of(Linker.class, "downcallHandle", MethodHandle.class, FunctionDescriptor.class, Linker.Option[].class),
|
||||
RestrictedMethod.of(Linker.class, "downcallHandle", MethodHandle.class, MemorySegment.class, FunctionDescriptor.class, Linker.Option[].class),
|
||||
RestrictedMethod.of(Linker.class, "upcallStub", MemorySegment.class, MethodHandle.class, FunctionDescriptor.class, Arena.class, Linker.Option[].class),
|
||||
RestrictedMethod.of(MemorySegment.class, "reinterpret", MemorySegment.class, long.class),
|
||||
RestrictedMethod.of(MemorySegment.class, "reinterpret", MemorySegment.class, Arena.class, Consumer.class),
|
||||
RestrictedMethod.of(MemorySegment.class, "reinterpret", MemorySegment.class, long.class, Arena.class, Consumer.class),
|
||||
RestrictedMethod.of(AddressLayout.class, "withTargetLayout", AddressLayout.class, MemoryLayout.class),
|
||||
RestrictedMethod.of(ModuleLayer.Controller.class, "enableNativeAccess", ModuleLayer.Controller.class, Module.class)
|
||||
);
|
||||
|
||||
@Test
|
||||
public void testRestricted() {
|
||||
Set<RestrictedMethod> restrictedMethods = new HashSet<>(RESTRICTED_METHODS);
|
||||
restrictedMethods(Object.class.getModule()).forEach(m -> checkRestrictedMethod(m, restrictedMethods));
|
||||
if (!restrictedMethods.isEmpty()) {
|
||||
fail("@Restricted annotation not found for methods: " + restrictedMethods);
|
||||
}
|
||||
}
|
||||
|
||||
void checkRestrictedMethod(Method meth, Set<RestrictedMethod> restrictedMethods) {
|
||||
String sig = meth.getDeclaringClass().getName() + "::" + shortSig(meth);
|
||||
boolean expectRestricted = restrictedMethods.remove(RestrictedMethod.from(meth));
|
||||
assertTrue(expectRestricted, "unexpected @Restricted annotation found on method " + sig);
|
||||
assertTrue(meth.isAnnotationPresent(CallerSensitive.class), "@CallerSensitive annotation not found on restricted method " + sig);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a stream of all restricted methods on public classes in packages
|
||||
* exported by a named module. This logic is borrowed from CallerSensitiveTest.
|
||||
*/
|
||||
static Stream<Method> restrictedMethods(Module module) {
|
||||
assert module.isNamed();
|
||||
ModuleReference mref = module.getLayer().configuration()
|
||||
.findModule(module.getName())
|
||||
.orElseThrow(() -> new RuntimeException())
|
||||
.reference();
|
||||
// find all ".class" resources in the module
|
||||
// transform the resource name to a class name
|
||||
// load every class in the exported packages
|
||||
// return the restricted methods of the public classes
|
||||
try (ModuleReader reader = mref.open()) {
|
||||
return reader.list()
|
||||
.filter(rn -> rn.endsWith(".class"))
|
||||
.map(rn -> rn.substring(0, rn.length() - 6)
|
||||
.replace('/', '.'))
|
||||
.filter(cn -> module.isExported(packageName(cn)))
|
||||
.map(cn -> Class.forName(module, cn))
|
||||
.filter(refc -> refc != null
|
||||
&& Modifier.isPublic(refc.getModifiers()))
|
||||
.map(refc -> restrictedMethods(refc))
|
||||
.flatMap(List::stream);
|
||||
} catch (IOException ioe) {
|
||||
throw new UncheckedIOException(ioe);
|
||||
}
|
||||
}
|
||||
|
||||
static String packageName(String cn) {
|
||||
int last = cn.lastIndexOf('.');
|
||||
if (last > 0) {
|
||||
return cn.substring(0, last);
|
||||
} else {
|
||||
return "";
|
||||
}
|
||||
}
|
||||
|
||||
static String shortSig(Method m) {
|
||||
StringJoiner sj = new StringJoiner(",", m.getName() + "(", ")");
|
||||
for (Class<?> parameterType : m.getParameterTypes()) {
|
||||
sj.add(parameterType.getTypeName());
|
||||
}
|
||||
return sj.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of restricted methods directly declared by the given
|
||||
* class.
|
||||
*/
|
||||
static List<Method> restrictedMethods(Class<?> refc) {
|
||||
return Arrays.stream(refc.getDeclaredMethods())
|
||||
.filter(m -> m.isAnnotationPresent(Restricted.class))
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user