Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8197972

Always verify non-system classes during CDS dump time

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Fixed
    • Icon: P3 P3
    • 11
    • 11
    • hotspot
    • b10

      Always enable -Xverify:remote during CDS dump time so that all non-system classes will be verified.
      This change will serve two purposes:
      a. Defense in depth -- ensure no unverifiable (app) classes are archived to reduce exploitability.
      b. Limited usefulness in failure analysis
          Since the -Verify:remote will be set during CDS dump time, there won't be any unverifiable classes stored in the archive.
          When a failure happens and and we suspect that it may be related to unverifiable bytecode, we can limit the suspects to the classes that are dynamically loaded.

      If the user specifies -Xverify:none during CDS dump time, the -Xverify:remote will be set and a warning/info message will be printed.

      All unverifiable classes will be ignored during dump time (with a warning message).

            ccheung Calvin Cheung
            ccheung Calvin Cheung
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: