Always enable -Xverify:remote during CDS dump time so that all non-system classes will be verified.
This change will serve two purposes:
a. Defense in depth -- ensure no unverifiable (app) classes are archived to reduce exploitability.
b. Limited usefulness in failure analysis
Since the -Verify:remote will be set during CDS dump time, there won't be any unverifiable classes stored in the archive.
When a failure happens and and we suspect that it may be related to unverifiable bytecode, we can limit the suspects to the classes that are dynamically loaded.
If the user specifies -Xverify:none during CDS dump time, the -Xverify:remote will be set and a warning/info message will be printed.
All unverifiable classes will be ignored during dump time (with a warning message).
This change will serve two purposes:
a. Defense in depth -- ensure no unverifiable (app) classes are archived to reduce exploitability.
b. Limited usefulness in failure analysis
Since the -Verify:remote will be set during CDS dump time, there won't be any unverifiable classes stored in the archive.
When a failure happens and and we suspect that it may be related to unverifiable bytecode, we can limit the suspects to the classes that are dynamically loaded.
If the user specifies -Xverify:none during CDS dump time, the -Xverify:remote will be set and a warning/info message will be printed.
All unverifiable classes will be ignored during dump time (with a warning message).
- csr for
-
JDK-8198849 Always verify non-system classes during CDS dump time
-
- Closed
-
- relates to
-
JDK-8230413 Support archiving Pre JDK 6 class
-
- Closed
-