8261918: two runtime/cds/appcds/VerifierTest failed with "Unable to use shared archive"

Reviewed-by: iklam, minqi

src/hotspot/share/memory/filemap.cpp

@@ -2219,16 +2219,28 @@ bool FileMapHeader::validate() {
     _has_platform_or_app_classes = false;
   }
 
-  // For backwards compatibility, we don't check the verification setting
-  // if the archive only contains system classes.
-  if (_has_platform_or_app_classes &&
-      ((!_verify_local && BytecodeVerificationLocal) ||
-       (!_verify_remote && BytecodeVerificationRemote))) {
-    FileMapInfo::fail_continue("The shared archive file was created with less restrictive "
-                  "verification setting than the current setting.");
+
+  if (!_verify_local && BytecodeVerificationLocal) {
+    //  we cannot load boot classes, so there's no point of using the CDS archive
+    FileMapInfo::fail_continue("The shared archive file's BytecodeVerificationLocal setting (%s)"
+                               " does not equal the current BytecodeVerificationLocal setting (%s).",
+                               _verify_local ? "enabled" : "disabled",
+                               BytecodeVerificationLocal ? "enabled" : "disabled");
     return false;
   }
 
+  // For backwards compatibility, we don't check the BytecodeVerificationRemote setting
+  // if the archive only contains system classes.
+  if (_has_platform_or_app_classes
+      && !_verify_remote // we didn't verify the archived platform/app classes
+      && BytecodeVerificationRemote) { // but we want to verify all loaded platform/app classes
+    FileMapInfo::fail_continue("The shared archive file was created with less restrictive "
+                               "verification setting than the current setting.");
+    // Pretend that we didn't have any archived platform/app classes, so they won't be loaded
+    // by SystemDictionaryShared.
+    _has_platform_or_app_classes = false;
+  }
+
   // Java agents are allowed during run time. Therefore, the following condition is not
   // checked: (!_allow_archiving_with_java_agent && AllowArchivingWithJavaAgent)
   // Note: _allow_archiving_with_java_agent is set in the shared archive during dump time

test/hotspot/jtreg/runtime/cds/appcds/TestCommon.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -177,10 +177,27 @@ public class TestCommon extends CDSTestUtils {
     // name of the base archive to be used for dynamic dump
     private static String tempBaseArchive = null;
 
+    private static void captureVerifyOpts(ArrayList<String> opts, ArrayList<String> verifyOpts) {
+        boolean addedDiagnosticOpt = false;
+        for (String s : opts) {
+            if (s.startsWith("-XX:-BytecodeVerification")) {
+                if (!addedDiagnosticOpt) {
+                    verifyOpts.add("-XX:+UnlockDiagnosticVMOptions");
+                    addedDiagnosticOpt = true;
+                }
+                verifyOpts.add(s);
+            }
+            if (s.startsWith("-Xverify")) {
+                verifyOpts.add(s);
+            }
+        }
+    }
+
     // Create AppCDS archive using appcds options
     public static OutputAnalyzer createArchive(AppCDSOptions opts)
         throws Exception {
         ArrayList<String> cmd = new ArrayList<String>();
+        ArrayList<String> verifyOpts = new ArrayList<String>();
         startNewArchiveName();
 
         for (String p : opts.prefix) cmd.add(p);
@@ -202,9 +219,15 @@ public class TestCommon extends CDSTestUtils {
 
         if (DYNAMIC_DUMP) {
             File baseArchive = null;
-            if (tempBaseArchive == null || !(new File(tempBaseArchive)).isFile()) {
+            captureVerifyOpts(opts.suffix, verifyOpts);
+            int size = verifyOpts.size();
+            if (tempBaseArchive == null || !(new File(tempBaseArchive)).isFile() || size > 0) {
                 tempBaseArchive = getNewArchiveName("tempBaseArchive");
-                dumpBaseArchive(tempBaseArchive);
+                if (size == 0) {
+                    dumpBaseArchive(tempBaseArchive);
+                } else {
+                    dumpBaseArchive(tempBaseArchive, verifyOpts.toArray(new String[size]));
+                }
             }
             cmd.add("-Xshare:on");
             cmd.add("-XX:SharedArchiveFile=" + tempBaseArchive);

test/hotspot/jtreg/runtime/cds/appcds/VerifierTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,8 +42,8 @@ public class VerifierTest implements Opcodes {
 
     static final String ERR =
         "ERROR: class VerifierTestC was loaded unexpectedly";
-    static final String MAP_FAIL =
-        "shared archive file was created with less restrictive verification setting";
+    static final String MAP_FAIL_VFY_LOCAL =
+        "shared archive file's BytecodeVerificationLocal setting";
     static final String VFY_ERR = "java.lang.VerifyError";
     static final String PASS_RESULT = "Hi, how are you?";
     static final String VFY_INFO_MESSAGE =
@@ -132,7 +132,7 @@ public class VerifierTest implements Opcodes {
 
             // Dump app/ext with -Xverify:remote
             {"app",   VFY_REMOTE, VFY_REMOTE, VFY_ERR},
-            {"app",   VFY_REMOTE, VFY_ALL,    MAP_FAIL},
+            {"app",   VFY_REMOTE, VFY_ALL,    MAP_FAIL_VFY_LOCAL},
             {"app",   VFY_REMOTE, VFY_NONE,   ERR },
             // Dump app/ext with -Xverify:all
             {"app",   VFY_ALL,    VFY_REMOTE, VFY_ERR },
@@ -140,11 +140,11 @@ public class VerifierTest implements Opcodes {
             {"app",   VFY_ALL,    VFY_NONE,   ERR },
             // Dump app/ext with verifier turned off
             {"app",   VFY_NONE,   VFY_REMOTE, VFY_ERR},
-            {"app",   VFY_NONE,   VFY_ALL,    MAP_FAIL},
+            {"app",   VFY_NONE,   VFY_ALL,    MAP_FAIL_VFY_LOCAL},
             {"app",   VFY_NONE,   VFY_NONE,   ERR },
             // Dump sys only with -Xverify:remote
             {"noApp", VFY_REMOTE, VFY_REMOTE, VFY_ERR},
-            {"noApp", VFY_REMOTE, VFY_ALL,    VFY_ERR},
+            {"noApp", VFY_REMOTE, VFY_ALL,    MAP_FAIL_VFY_LOCAL},
             {"noApp", VFY_REMOTE, VFY_NONE,   ERR},
             // Dump sys only with -Xverify:all
             {"noApp", VFY_ALL, VFY_REMOTE,    VFY_ERR},
@@ -152,7 +152,7 @@ public class VerifierTest implements Opcodes {
             {"noApp", VFY_ALL, VFY_NONE,      ERR},
             // Dump sys only with verifier turned off
             {"noApp", VFY_NONE, VFY_REMOTE,   VFY_ERR},
-            {"noApp", VFY_NONE, VFY_ALL,      VFY_ERR},
+            {"noApp", VFY_NONE, VFY_ALL,      MAP_FAIL_VFY_LOCAL},
             {"noApp", VFY_NONE, VFY_NONE,     ERR},
         };
 
@@ -245,7 +245,7 @@ public class VerifierTest implements Opcodes {
 
             // Dump app/ext with -Xverify:remote
             {"app",   VFY_REMOTE, VFY_REMOTE, PASS_RESULT},
-            {"app",   VFY_REMOTE, VFY_ALL,    MAP_FAIL},
+            {"app",   VFY_REMOTE, VFY_ALL,    MAP_FAIL_VFY_LOCAL},
             {"app",   VFY_REMOTE, VFY_NONE,   PASS_RESULT },
             // Dump app/ext with -Xverify:all
             {"app",   VFY_ALL,    VFY_REMOTE, PASS_RESULT },
@@ -253,7 +253,7 @@ public class VerifierTest implements Opcodes {
             {"app",   VFY_ALL,    VFY_NONE,   PASS_RESULT },
             // Dump app/ext with verifier turned off
             {"app",   VFY_NONE,   VFY_REMOTE, PASS_RESULT},
-            {"app",   VFY_NONE,   VFY_ALL,    MAP_FAIL},
+            {"app",   VFY_NONE,   VFY_ALL,    MAP_FAIL_VFY_LOCAL},
             {"app",   VFY_NONE,   VFY_NONE,   PASS_RESULT },
         };
         String prev_dump_setting = "";