8316970: Add internal annotation to mark restricted methods
Reviewed-by: jvernee, iris, alanb
This commit is contained in:
parent
77fac0f4c6
commit
798125152b
@ -45,6 +45,7 @@ import java.util.stream.Collectors;
|
|||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
import jdk.internal.javac.PreviewFeature;
|
import jdk.internal.javac.PreviewFeature;
|
||||||
|
import jdk.internal.javac.Restricted;
|
||||||
import jdk.internal.loader.ClassLoaderValue;
|
import jdk.internal.loader.ClassLoaderValue;
|
||||||
import jdk.internal.loader.Loader;
|
import jdk.internal.loader.Loader;
|
||||||
import jdk.internal.loader.LoaderPool;
|
import jdk.internal.loader.LoaderPool;
|
||||||
@ -325,6 +326,7 @@ public final class ModuleLayer {
|
|||||||
*/
|
*/
|
||||||
@PreviewFeature(feature=PreviewFeature.Feature.FOREIGN)
|
@PreviewFeature(feature=PreviewFeature.Feature.FOREIGN)
|
||||||
@CallerSensitive
|
@CallerSensitive
|
||||||
|
@Restricted
|
||||||
public Controller enableNativeAccess(Module target) {
|
public Controller enableNativeAccess(Module target) {
|
||||||
ensureInLayer(target);
|
ensureInLayer(target);
|
||||||
Reflection.ensureNativeAccess(Reflection.getCallerClass(), Module.class,
|
Reflection.ensureNativeAccess(Reflection.getCallerClass(), Module.class,
|
||||||
|
@ -27,6 +27,7 @@ package java.lang.foreign;
|
|||||||
|
|
||||||
import jdk.internal.foreign.layout.ValueLayouts;
|
import jdk.internal.foreign.layout.ValueLayouts;
|
||||||
import jdk.internal.javac.PreviewFeature;
|
import jdk.internal.javac.PreviewFeature;
|
||||||
|
import jdk.internal.javac.Restricted;
|
||||||
import jdk.internal.reflect.CallerSensitive;
|
import jdk.internal.reflect.CallerSensitive;
|
||||||
|
|
||||||
import java.lang.foreign.Linker.Option;
|
import java.lang.foreign.Linker.Option;
|
||||||
@ -108,6 +109,7 @@ public sealed interface AddressLayout extends ValueLayout permits ValueLayouts.O
|
|||||||
* @see #targetLayout()
|
* @see #targetLayout()
|
||||||
*/
|
*/
|
||||||
@CallerSensitive
|
@CallerSensitive
|
||||||
|
@Restricted
|
||||||
AddressLayout withTargetLayout(MemoryLayout layout);
|
AddressLayout withTargetLayout(MemoryLayout layout);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -30,6 +30,7 @@ import jdk.internal.foreign.abi.LinkerOptions;
|
|||||||
import jdk.internal.foreign.abi.CapturableState;
|
import jdk.internal.foreign.abi.CapturableState;
|
||||||
import jdk.internal.foreign.abi.SharedUtils;
|
import jdk.internal.foreign.abi.SharedUtils;
|
||||||
import jdk.internal.javac.PreviewFeature;
|
import jdk.internal.javac.PreviewFeature;
|
||||||
|
import jdk.internal.javac.Restricted;
|
||||||
import jdk.internal.reflect.CallerSensitive;
|
import jdk.internal.reflect.CallerSensitive;
|
||||||
import jdk.internal.reflect.Reflection;
|
import jdk.internal.reflect.Reflection;
|
||||||
|
|
||||||
@ -528,6 +529,7 @@ public sealed interface Linker permits AbstractLinker {
|
|||||||
* @see SymbolLookup
|
* @see SymbolLookup
|
||||||
*/
|
*/
|
||||||
@CallerSensitive
|
@CallerSensitive
|
||||||
|
@Restricted
|
||||||
MethodHandle downcallHandle(MemorySegment address, FunctionDescriptor function, Option... options);
|
MethodHandle downcallHandle(MemorySegment address, FunctionDescriptor function, Option... options);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -574,6 +576,7 @@ public sealed interface Linker permits AbstractLinker {
|
|||||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||||
*/
|
*/
|
||||||
@CallerSensitive
|
@CallerSensitive
|
||||||
|
@Restricted
|
||||||
MethodHandle downcallHandle(FunctionDescriptor function, Option... options);
|
MethodHandle downcallHandle(FunctionDescriptor function, Option... options);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -618,6 +621,7 @@ public sealed interface Linker permits AbstractLinker {
|
|||||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||||
*/
|
*/
|
||||||
@CallerSensitive
|
@CallerSensitive
|
||||||
|
@Restricted
|
||||||
MemorySegment upcallStub(MethodHandle target, FunctionDescriptor function, Arena arena, Linker.Option... options);
|
MemorySegment upcallStub(MethodHandle target, FunctionDescriptor function, Arena arena, Linker.Option... options);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -50,6 +50,7 @@ import jdk.internal.foreign.Utils;
|
|||||||
import jdk.internal.foreign.abi.SharedUtils;
|
import jdk.internal.foreign.abi.SharedUtils;
|
||||||
import jdk.internal.foreign.layout.ValueLayouts;
|
import jdk.internal.foreign.layout.ValueLayouts;
|
||||||
import jdk.internal.javac.PreviewFeature;
|
import jdk.internal.javac.PreviewFeature;
|
||||||
|
import jdk.internal.javac.Restricted;
|
||||||
import jdk.internal.reflect.CallerSensitive;
|
import jdk.internal.reflect.CallerSensitive;
|
||||||
import jdk.internal.vm.annotation.ForceInline;
|
import jdk.internal.vm.annotation.ForceInline;
|
||||||
|
|
||||||
@ -607,6 +608,7 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl {
|
|||||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||||
*/
|
*/
|
||||||
@CallerSensitive
|
@CallerSensitive
|
||||||
|
@Restricted
|
||||||
MemorySegment reinterpret(long newSize);
|
MemorySegment reinterpret(long newSize);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -646,6 +648,7 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl {
|
|||||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||||
*/
|
*/
|
||||||
@CallerSensitive
|
@CallerSensitive
|
||||||
|
@Restricted
|
||||||
MemorySegment reinterpret(Arena arena, Consumer<MemorySegment> cleanup);
|
MemorySegment reinterpret(Arena arena, Consumer<MemorySegment> cleanup);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -688,6 +691,7 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl {
|
|||||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||||
*/
|
*/
|
||||||
@CallerSensitive
|
@CallerSensitive
|
||||||
|
@Restricted
|
||||||
MemorySegment reinterpret(long newSize, Arena arena, Consumer<MemorySegment> cleanup);
|
MemorySegment reinterpret(long newSize, Arena arena, Consumer<MemorySegment> cleanup);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -30,6 +30,7 @@ import jdk.internal.access.SharedSecrets;
|
|||||||
import jdk.internal.foreign.MemorySessionImpl;
|
import jdk.internal.foreign.MemorySessionImpl;
|
||||||
import jdk.internal.foreign.Utils;
|
import jdk.internal.foreign.Utils;
|
||||||
import jdk.internal.javac.PreviewFeature;
|
import jdk.internal.javac.PreviewFeature;
|
||||||
|
import jdk.internal.javac.Restricted;
|
||||||
import jdk.internal.loader.BuiltinClassLoader;
|
import jdk.internal.loader.BuiltinClassLoader;
|
||||||
import jdk.internal.loader.NativeLibrary;
|
import jdk.internal.loader.NativeLibrary;
|
||||||
import jdk.internal.loader.RawNativeLibraries;
|
import jdk.internal.loader.RawNativeLibraries;
|
||||||
@ -232,6 +233,7 @@ public interface SymbolLookup {
|
|||||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||||
*/
|
*/
|
||||||
@CallerSensitive
|
@CallerSensitive
|
||||||
|
@Restricted
|
||||||
static SymbolLookup libraryLookup(String name, Arena arena) {
|
static SymbolLookup libraryLookup(String name, Arena arena) {
|
||||||
Reflection.ensureNativeAccess(Reflection.getCallerClass(), SymbolLookup.class, "libraryLookup");
|
Reflection.ensureNativeAccess(Reflection.getCallerClass(), SymbolLookup.class, "libraryLookup");
|
||||||
if (Utils.containsNullChars(name)) {
|
if (Utils.containsNullChars(name)) {
|
||||||
@ -264,6 +266,7 @@ public interface SymbolLookup {
|
|||||||
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
* @throws IllegalCallerException If the caller is in a module that does not have native access enabled.
|
||||||
*/
|
*/
|
||||||
@CallerSensitive
|
@CallerSensitive
|
||||||
|
@Restricted
|
||||||
static SymbolLookup libraryLookup(Path path, Arena arena) {
|
static SymbolLookup libraryLookup(Path path, Arena arena) {
|
||||||
Reflection.ensureNativeAccess(Reflection.getCallerClass(), SymbolLookup.class, "libraryLookup");
|
Reflection.ensureNativeAccess(Reflection.getCallerClass(), SymbolLookup.class, "libraryLookup");
|
||||||
return libraryLookup(path, RawNativeLibraries::load, arena);
|
return libraryLookup(path, RawNativeLibraries::load, arena);
|
||||||
|
@ -0,0 +1,39 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation. Oracle designates this
|
||||||
|
* particular file as subject to the "Classpath" exception as provided
|
||||||
|
* by Oracle in the LICENSE file that accompanied this code.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
package jdk.internal.javac;
|
||||||
|
|
||||||
|
import java.lang.annotation.ElementType;
|
||||||
|
import java.lang.annotation.Retention;
|
||||||
|
import java.lang.annotation.RetentionPolicy;
|
||||||
|
import java.lang.annotation.Target;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This annotation is used to mark <em>restricted</em> methods in the Java SE API
|
||||||
|
* (e.g. {@link java.lang.foreign.MemorySegment#reinterpret(long)}).
|
||||||
|
*/
|
||||||
|
@Target({ElementType.METHOD})
|
||||||
|
@Retention(RetentionPolicy.RUNTIME)
|
||||||
|
public @interface Restricted {
|
||||||
|
}
|
167
test/jdk/java/foreign/TestRestricted.java
Normal file
167
test/jdk/java/foreign/TestRestricted.java
Normal file
@ -0,0 +1,167 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @test
|
||||||
|
* @enablePreview
|
||||||
|
* @modules java.base/jdk.internal.javac
|
||||||
|
* @modules java.base/jdk.internal.reflect
|
||||||
|
* @run testng TestRestricted
|
||||||
|
*/
|
||||||
|
|
||||||
|
import jdk.internal.javac.Restricted;
|
||||||
|
import jdk.internal.reflect.CallerSensitive;
|
||||||
|
import org.testng.annotations.Test;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.UncheckedIOException;
|
||||||
|
import java.lang.foreign.AddressLayout;
|
||||||
|
import java.lang.foreign.Arena;
|
||||||
|
import java.lang.foreign.FunctionDescriptor;
|
||||||
|
import java.lang.foreign.Linker;
|
||||||
|
import java.lang.foreign.MemoryLayout;
|
||||||
|
import java.lang.foreign.MemorySegment;
|
||||||
|
import java.lang.foreign.SymbolLookup;
|
||||||
|
import java.lang.invoke.MethodHandle;
|
||||||
|
import java.lang.invoke.MethodType;
|
||||||
|
import java.lang.module.ModuleReader;
|
||||||
|
import java.lang.module.ModuleReference;
|
||||||
|
import java.lang.reflect.Method;
|
||||||
|
import java.lang.reflect.Modifier;
|
||||||
|
import java.nio.file.Path;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
|
import java.util.StringJoiner;
|
||||||
|
import java.util.function.Consumer;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
|
import static org.testng.Assert.assertTrue;
|
||||||
|
import static org.testng.Assert.fail;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This test checks all methods in java.base to make sure that methods annotated with {@link Restricted} are
|
||||||
|
* expected restricted methods. Conversely, the test also checks that there is no expected restricted method
|
||||||
|
* that is not marked with the annotation. For each restricted method, we also check that they are
|
||||||
|
* marked with the {@link CallerSensitive} annotation.
|
||||||
|
*/
|
||||||
|
public class TestRestricted {
|
||||||
|
|
||||||
|
record RestrictedMethod(Class<?> owner, String name, MethodType type) {
|
||||||
|
static RestrictedMethod from(Method method) {
|
||||||
|
return of(method.getDeclaringClass(), method.getName(), method.getReturnType(), method.getParameterTypes());
|
||||||
|
}
|
||||||
|
|
||||||
|
static RestrictedMethod of(Class<?> owner, String name, Class<?> returnType, Class<?>... paramTypes) {
|
||||||
|
return new RestrictedMethod(owner, name, MethodType.methodType(returnType, paramTypes));
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
static final Set<RestrictedMethod> RESTRICTED_METHODS = Set.of(
|
||||||
|
RestrictedMethod.of(SymbolLookup.class, "libraryLookup", SymbolLookup.class, String.class, Arena.class),
|
||||||
|
RestrictedMethod.of(SymbolLookup.class, "libraryLookup", SymbolLookup.class, Path.class, Arena.class),
|
||||||
|
RestrictedMethod.of(Linker.class, "downcallHandle", MethodHandle.class, FunctionDescriptor.class, Linker.Option[].class),
|
||||||
|
RestrictedMethod.of(Linker.class, "downcallHandle", MethodHandle.class, MemorySegment.class, FunctionDescriptor.class, Linker.Option[].class),
|
||||||
|
RestrictedMethod.of(Linker.class, "upcallStub", MemorySegment.class, MethodHandle.class, FunctionDescriptor.class, Arena.class, Linker.Option[].class),
|
||||||
|
RestrictedMethod.of(MemorySegment.class, "reinterpret", MemorySegment.class, long.class),
|
||||||
|
RestrictedMethod.of(MemorySegment.class, "reinterpret", MemorySegment.class, Arena.class, Consumer.class),
|
||||||
|
RestrictedMethod.of(MemorySegment.class, "reinterpret", MemorySegment.class, long.class, Arena.class, Consumer.class),
|
||||||
|
RestrictedMethod.of(AddressLayout.class, "withTargetLayout", AddressLayout.class, MemoryLayout.class),
|
||||||
|
RestrictedMethod.of(ModuleLayer.Controller.class, "enableNativeAccess", ModuleLayer.Controller.class, Module.class)
|
||||||
|
);
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testRestricted() {
|
||||||
|
Set<RestrictedMethod> restrictedMethods = new HashSet<>(RESTRICTED_METHODS);
|
||||||
|
restrictedMethods(Object.class.getModule()).forEach(m -> checkRestrictedMethod(m, restrictedMethods));
|
||||||
|
if (!restrictedMethods.isEmpty()) {
|
||||||
|
fail("@Restricted annotation not found for methods: " + restrictedMethods);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void checkRestrictedMethod(Method meth, Set<RestrictedMethod> restrictedMethods) {
|
||||||
|
String sig = meth.getDeclaringClass().getName() + "::" + shortSig(meth);
|
||||||
|
boolean expectRestricted = restrictedMethods.remove(RestrictedMethod.from(meth));
|
||||||
|
assertTrue(expectRestricted, "unexpected @Restricted annotation found on method " + sig);
|
||||||
|
assertTrue(meth.isAnnotationPresent(CallerSensitive.class), "@CallerSensitive annotation not found on restricted method " + sig);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a stream of all restricted methods on public classes in packages
|
||||||
|
* exported by a named module. This logic is borrowed from CallerSensitiveTest.
|
||||||
|
*/
|
||||||
|
static Stream<Method> restrictedMethods(Module module) {
|
||||||
|
assert module.isNamed();
|
||||||
|
ModuleReference mref = module.getLayer().configuration()
|
||||||
|
.findModule(module.getName())
|
||||||
|
.orElseThrow(() -> new RuntimeException())
|
||||||
|
.reference();
|
||||||
|
// find all ".class" resources in the module
|
||||||
|
// transform the resource name to a class name
|
||||||
|
// load every class in the exported packages
|
||||||
|
// return the restricted methods of the public classes
|
||||||
|
try (ModuleReader reader = mref.open()) {
|
||||||
|
return reader.list()
|
||||||
|
.filter(rn -> rn.endsWith(".class"))
|
||||||
|
.map(rn -> rn.substring(0, rn.length() - 6)
|
||||||
|
.replace('/', '.'))
|
||||||
|
.filter(cn -> module.isExported(packageName(cn)))
|
||||||
|
.map(cn -> Class.forName(module, cn))
|
||||||
|
.filter(refc -> refc != null
|
||||||
|
&& Modifier.isPublic(refc.getModifiers()))
|
||||||
|
.map(refc -> restrictedMethods(refc))
|
||||||
|
.flatMap(List::stream);
|
||||||
|
} catch (IOException ioe) {
|
||||||
|
throw new UncheckedIOException(ioe);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static String packageName(String cn) {
|
||||||
|
int last = cn.lastIndexOf('.');
|
||||||
|
if (last > 0) {
|
||||||
|
return cn.substring(0, last);
|
||||||
|
} else {
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static String shortSig(Method m) {
|
||||||
|
StringJoiner sj = new StringJoiner(",", m.getName() + "(", ")");
|
||||||
|
for (Class<?> parameterType : m.getParameterTypes()) {
|
||||||
|
sj.add(parameterType.getTypeName());
|
||||||
|
}
|
||||||
|
return sj.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a list of restricted methods directly declared by the given
|
||||||
|
* class.
|
||||||
|
*/
|
||||||
|
static List<Method> restrictedMethods(Class<?> refc) {
|
||||||
|
return Arrays.stream(refc.getDeclaredMethods())
|
||||||
|
.filter(m -> m.isAnnotationPresent(Restricted.class))
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user