Bug ID: JDK-8317269 Archive old classes in verified state when AOTClassLinking is enabled

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 25
25Unresolved

[NOTE: this feature has been implemented in Leyden repo and should be upstreamed to mainline]

This is a new proposal for supporting the verification of old classes in CDS (see JDK-8309074 for a discussion why old classes are not currently archived in the "verified" state).

BACKGROUND:

Currently, old classes (InstanceKlass::major_version() < 50) are be archived in the "unlinked" state, to be verified by the inference verifier at runtime. At runtime, it's possible for such classes to fail verification if some of their verification constraints cannot be satisfied.

E.g., assuming we have created a CDS archive A.jsa that contains the classes X, Super, and Sub:

    class X {
        Super get() {
            return new Sub();
       }
    }

During the verification of X, the verifier would load Super and Sub to check, and require that Sub is indeed a subtype of Super. Such a requirement is called a "verification constraint" of X.

When the application runs with the archive A.jsa, before it uses X, it can dynamically load an alternative version of Sub that's not a subtype of Super. As a result, when the application tries to use X later, it will receive a VerifyError because the verification constraints of X have been violated.

IMPACT TO LEYDEN:

In Leyden, we plan to archive heap objects that are instances of application classes. Many of today's applications still use "old" classes (usually due to usage of older class libraries). If we happen to archive an object instance of X, but X becomes unverifiable due to verification constraint violations, the archived heap objects may become unusable.

PROPOSAL:

For the leyden-premain branch, we have a -XX:+AOTClassLinking option (see JDK-8315737) that loads all the archived classes during JVM start-up. If this option is enable, it's not possible for the application to load alternative versions of Sub and/or Super that would violate the verification constraints of X.

Therefore, as long as -XX:+AOTClassLinking is enabled, we can archive old classes in the verified state. As a result, there's no need to do additional verification constraints checks at run time, as we know that such checks will always succeed.

Initial support has been implemented in the premain repo: (test) https://github.com/openjdk/leyden/commit/173181cce34cc486c8d2517cf4205947fef4b3b6 https://github.com/openjdk/leyden/commit/5fdfef1df3bbcded1001fd1f0be8cce46d3bb35e (code) https://github.com/openjdk/leyden/commit/cae8bbcd7aecf97b3a67cabba16df3e0f03f5167 // Preserve all states that were examined used during dumptime verification, such // that the verification result (pass or fail) cannot be changed at runtime. // // For example, if the verification of ik requires that class A must be a subtype of B, // then this relationship between A and B cannot be changed at runtime. I.e., the app // cannot load alternative versions of A and B such that A is not a subtype of B. bool CDSConfig::preserve_all_dumptime_verification_states(const InstanceKlass* ik) { return PreloadSharedClasses && SystemDictionaryShared::is_builtin(ik); } More clean up may be needed

09-07-2024

Blocks :	JDK-8315737 - JEP 483: Ahead-of-Time Class Loading & Linking
Relates :	JDK-8315719 - [premain] -XX:+ArchiveInvokeDynamic is incompatible with old classes
Relates :	JDK-8309074 - Store verified old classes in CDS archive
Relates :	JDK-8288334 - Support old classes in dynamic CDS