JDK-8222732 : -XX:BytecodeVerificationRemote and -XX:BytecodeVerificationLocal should be diagnostic options
  • Type: CSR
  • Component: hotspot
  • Sub-Component: runtime
  • Priority: P4
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 13
  • Submitted: 2019-04-18
  • Updated: 2019-08-15
  • Resolved: 2019-04-22
Related Reports
CSR :  
JDK-8221685 - -XX:BytecodeVerificationRemote and -XX:BytecodeVerificationLocal should be diagnostic options
Relates :  
JDK-8214731 - Deprecate -Xverify:none option
Description
Summary
-------

Change the -XX:BytecodeVerificationRemote and -XX:BytecodeVerificationLocal options from product to diagnostic options to discourage their use because these options can disable byte code verification potentially enabling execution of Java programs which can produce erroneous results.

Problem
-------

Providing users with easy to use options for manipulating byte code verification settings can lead to multiple problems including running code which can potentially leave their applications open to malicious code, and make it harder for them to find issues in their code.

Solution
--------

Change the -XX:BytecodeVerificationRemote and -XX:BytecodeVerificationLocal options to be Diagnostic options to discourage their use and so encourage users to run with default verification settings.  Requiring users to specify -XX:+UnlockDiagnosticVMOptions when using either of these two options should help discourage their use.

Users will now get the following error messages when running: 'java -XX:+BytecodeVerificationRemote -version':

Error: VM option 'BytecodeVerificationRemote' is diagnostic and must be enabled via -XX:+UnlockDiagnosticVMOptions.                                                                                                                        
Error: The unlock option must precede 'BytecodeVerificationRemote'.                                                                 
Error: Could not create the Java Virtual Machine.                                                                                                  
Error: A fatal exception has occurred. Program will exit.

Similar error messages will be displayed when -XX:BytecodeVerificationLocal is specified.

Users can prevent the error message by running with -XX:+UnlockDiagnosticVMOptions, as follows: 'java -XX:+UnlockDiagnosticVMOptions -XX:-BytecodeVerificationLocal -version', resulting in:

java version "13-internal" 2019-09-17                                                                                                                  
Java(TM) SE Runtime Environment (build 13-internal+0-2019-04-18-1310007.hseigel.null)                                
Java HotSpot(TM) 64-Bit Server VM (build 13-internal+0-2019-04-18-1310007.hseigel.null, mixed mode, sharing)

Additionally, the following text will be added to the description of the -XX:+UnlockDiagnosticVMOptions to further discourage use of these options:

Command line options that are enabled with the use of UnlockDiagnosticVMOptions are not supported.  If you encounter issues while using any of these options, it is very likely that you will be required to reproduce the problem without using any of these unsupported options before Oracle Support can assist with an investigation.  It is also possible that any of these options may be removed or their behavior changed without any warning.


Specification
-------------

Change the -XX:BytecodeVerificationRemote and -XX:BytecodeVerificationLocal options to be Diagnostic options and display the above error messages requiring that -XX:+UnlockDiagnosticVMOptions be specified before their use.
Comments
Moving to Approved.
22-04-2019