Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8197972

Always verify non-system classes during CDS dump time

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Fixed
    • P3
    • 11
    • 11
    • hotspot
    • b10

    Description

      Always enable -Xverify:remote during CDS dump time so that all non-system classes will be verified.
      This change will serve two purposes:
      a. Defense in depth -- ensure no unverifiable (app) classes are archived to reduce exploitability.
      b. Limited usefulness in failure analysis
          Since the -Verify:remote will be set during CDS dump time, there won't be any unverifiable classes stored in the archive.
          When a failure happens and and we suspect that it may be related to unverifiable bytecode, we can limit the suspects to the classes that are dynamically loaded.

      If the user specifies -Xverify:none during CDS dump time, the -Xverify:remote will be set and a warning/info message will be printed.

      All unverifiable classes will be ignored during dump time (with a warning message).

      Attachments

        Issue Links

          Activity

            People

              ccheung Calvin Cheung
              ccheung Calvin Cheung
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: