public inbox for mauve-discuss@sourceware.org
 help / color / mirror / Atom feed
* RE: runFinalization in Classloader.initialize doesn't run on cacao
@ 2006-03-11 19:07 Jeroen Frijters
  2006-03-11 21:26 ` Olivier Jolly
  0 siblings, 1 reply; 5+ messages in thread
From: Jeroen Frijters @ 2006-03-11 19:07 UTC (permalink / raw)
  To: Olivier Jolly; +Cc: mauve-discuss, Mauve Patch List

Olivier Jolly wrote:
>   while wandering around with Classloaders, I found that the teslet
> gnu.testlet.java.lang.Classloader.initialize wasn't running 
> with Cacao.
> It seems that in the beginning of the test method, it creates an
> anonymous Classloader and then call System.gc() and
> System.runFinalization() and expects the finalizer to be ran to set a
> singleton like variable holder.
>   While this is ok in jamvm and sun jre 1.5.0, cacao doesn't run the
> finalizer since runFinalization only gives a hint and not a mandatory
> order, so it is compliant.
>   My question is whether I'm missing something and this way of doing
> brings something in this test or it could be rewritten in a 
> simpler way, more compliant with the various jvm.

I'm obviously not aware of an easier (or more robust) way to do this, or
I would have used it. However, this is a very important test (from a
security pov), so it has to be in. If Cacao can't or won't support
System.runFinalization(), I suggest skipping this test.

Regards,
Jeroen

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: runFinalization in Classloader.initialize doesn't run on cacao
  2006-03-11 19:07 runFinalization in Classloader.initialize doesn't run on cacao Jeroen Frijters
@ 2006-03-11 21:26 ` Olivier Jolly
  0 siblings, 0 replies; 5+ messages in thread
From: Olivier Jolly @ 2006-03-11 21:26 UTC (permalink / raw)
  To: Jeroen Frijters; +Cc: mauve-discuss, Mauve Patch List

Jeroen Frijters a écrit :

>Olivier Jolly wrote:
>  
>
>>  while wandering around with Classloaders, I found that the teslet
>>gnu.testlet.java.lang.Classloader.initialize wasn't running 
>>with Cacao.
>>It seems that in the beginning of the test method, it creates an
>>anonymous Classloader and then call System.gc() and
>>System.runFinalization() and expects the finalizer to be ran to set a
>>singleton like variable holder.
>>  While this is ok in jamvm and sun jre 1.5.0, cacao doesn't run the
>>finalizer since runFinalization only gives a hint and not a mandatory
>>order, so it is compliant.
>>  My question is whether I'm missing something and this way of doing
>>brings something in this test or it could be rewritten in a 
>>simpler way, more compliant with the various jvm.
>>    
>>
>
>I'm obviously not aware of an easier (or more robust) way to do this, or
>I would have used it. However, this is a very important test (from a
>security pov), so it has to be in. If Cacao can't or won't support
>System.runFinalization(), I suggest skipping this test.
>
>  
>
Ok, I feared something like this. However, the way this test is written
seems very obscure (to me at least). Could you advise me why is the
class loader created with an exception thrown in the constructor and
then the reference to the semi-created instance  is retrieved in the
finalizer. And then I wonder why it then raises SecurityException
instead of ClassFormatError. I reread about the finalizer semantic and
the ClassLoader api without finding a clue.
Thanks a lot in advance

>Regards,
>Jeroen
>
>  
>
Olivier

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: runFinalization in Classloader.initialize doesn't run on cacao
  2006-03-11 21:58 Jeroen Frijters
@ 2006-03-11 22:18 ` Olivier Jolly
  0 siblings, 0 replies; 5+ messages in thread
From: Olivier Jolly @ 2006-03-11 22:18 UTC (permalink / raw)
  To: Jeroen Frijters; +Cc: mauve-discuss, Mauve Patch List

Jeroen Frijters a écrit :

>Olivier Jolly wrote:
>  
>
>>Ok, I feared something like this. However, the way this test 
>>is written seems very obscure (to me at least). Could you advise me
>>    
>>
>why
>  
>
>>is the class loader created with an exception thrown in the
>>    
>>
>constructor
>  
>
>>and then the reference to the semi-created instance  is retrieved in
>>    
>>
>the
>  
>
>>finalizer. And then I wonder why it then raises SecurityException
>>instead of ClassFormatError. I reread about the finalizer semantic and
>>the ClassLoader api without finding a clue.
>>    
>>
>
>Read http://www.securingjava.com/chapter-five/chapter-five-8.html for a
>description of the class loader attack that this is simulating.
>
>  
>
Okey, it does make perfect sense now. Thanks for the test and the info.
If you don't mind, I'll add comments to your testlet and link to this url.
And, then, we don't have any test which checks ClassLoader.getPackages
behaviour, I'm getting on this.

>Regards,
>  
>
Thanks again, take care

>Jeroen
>  
>
+Olivier

^ permalink raw reply	[flat|nested] 5+ messages in thread

* RE: runFinalization in Classloader.initialize doesn't run on cacao
@ 2006-03-11 21:58 Jeroen Frijters
  2006-03-11 22:18 ` Olivier Jolly
  0 siblings, 1 reply; 5+ messages in thread
From: Jeroen Frijters @ 2006-03-11 21:58 UTC (permalink / raw)
  To: Olivier Jolly; +Cc: mauve-discuss, Mauve Patch List

Olivier Jolly wrote:
> Ok, I feared something like this. However, the way this test 
> is written seems very obscure (to me at least). Could you advise me
why
> is the class loader created with an exception thrown in the
constructor
> and then the reference to the semi-created instance  is retrieved in
the
> finalizer. And then I wonder why it then raises SecurityException
> instead of ClassFormatError. I reread about the finalizer semantic and
> the ClassLoader api without finding a clue.

Read http://www.securingjava.com/chapter-five/chapter-five-8.html for a
description of the class loader attack that this is simulating.

Regards,
Jeroen

^ permalink raw reply	[flat|nested] 5+ messages in thread

* runFinalization in Classloader.initialize doesn't run on cacao
@ 2006-03-11 18:50 Olivier Jolly
  0 siblings, 0 replies; 5+ messages in thread
From: Olivier Jolly @ 2006-03-11 18:50 UTC (permalink / raw)
  To: jeroen; +Cc: mauve-discuss, Mauve Patch List

Hi,
  while wandering around with Classloaders, I found that the teslet
gnu.testlet.java.lang.Classloader.initialize wasn't running with Cacao.
It seems that in the beginning of the test method, it creates an
anonymous Classloader and then call System.gc() and
System.runFinalization() and expects the finalizer to be ran to set a
singleton like variable holder.
  While this is ok in jamvm and sun jre 1.5.0, cacao doesn't run the
finalizer since runFinalization only gives a hint and not a mandatory
order, so it is compliant.
  My question is whether I'm missing something and this way of doing
brings something in this test or it could be rewritten in a simpler way,
more compliant with the various jvm.
  Thanks in advance
Cheers

+Olivier

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2006-03-11 22:18 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-03-11 19:07 runFinalization in Classloader.initialize doesn't run on cacao Jeroen Frijters
2006-03-11 21:26 ` Olivier Jolly
  -- strict thread matches above, loose matches on Subject: below --
2006-03-11 21:58 Jeroen Frijters
2006-03-11 22:18 ` Olivier Jolly
2006-03-11 18:50 Olivier Jolly

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).