8368199: Add @AOTSafeClassInitializer to jdk.internal.access.SharedSecrets

[iklam]

By annotating SharedSecrets as @AOTSafeClassInitializer, we can avoid using the @AOTRuntimeSetup annotations in a few JDK core classes. This simplifies the implementation. It also brings us closer to the goal of making the AOT cache as a true snapshot of the JVM state that just needs to be resumed in the production run.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8368199: Add @AOTSafeClassInitializer to jdk.internal.access.SharedSecrets (Enhancement - P4)

Reviewers

• Chen Liang (@liach - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/27880/head:pull/27880
$ git checkout pull/27880

Update a local copy of the PR:
$ git checkout pull/27880
$ git pull https://git.openjdk.org/jdk.git pull/27880/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 27880

View PR using the GUI difftool:
$ git pr show -t 27880

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/27880.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back iklam! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@iklam This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8368199: Add @AOTSafeClassInitializer to jdk.internal.access.SharedSecrets

Reviewed-by: liach

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 8 new commits pushed to the master branch:

• 680414d: 8369631: Assess and remedy any unsafe usage of the sr_semaphore Semaphore in the Posix signal code
• c2fde51: 8357390: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java Test failing on Ubuntu 24.04 Vm Hosts used by Oracle's internal CI system
• eff6439: 8370120: Make jpackage tests output more stable
• ... and 5 more: https://git.openjdk.org/jdk/compare/0cc88e4ad4ded970433eed25778a7290ddf9b0fa...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

@iklam The following labels will be automatically applied to this pull request:

• core-libs
• hotspot-runtime
• net
• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 00: Full (a886aa85)

[liach]

Does aot initialization work with this field?

[iklam]

I think this field is safe. There are two places that could set it, but they will always set it to an instance of JavaAWTFontAccessImpl, which is stateless.

jdk/src/java.desktop/share/classes/java/awt/font/NumericShaper.java

Lines 148 to 149 in eff6439

	if (SharedSecrets.getJavaAWTFontAccess() == null) {
	SharedSecrets.setJavaAWTFontAccess(new JavaAWTFontAccessImpl());

jdk/src/java.desktop/share/classes/java/awt/font/TextAttribute.java

Lines 251 to 252 in eff6439

	if (SharedSecrets.getJavaAWTFontAccess() == null) {
	SharedSecrets.setJavaAWTFontAccess(new JavaAWTFontAccessImpl());

[liach]

Archiving the accessors should be fine.

[DanHeidinga]

Looking through the implementations of the Access classes, and I have concerns about:
setJavaObjectInputFilterAccess as it is implemented using a lambda:

SharedSecrets.setJavaObjectInputFilterAccess(Config::createFilter2);

Correct me if I'm wrong, but I believe that will cause the Config class to be AOTInitialized as well?

Config has a couple of system properties (-Djdk.serialFilter= for one) that we may not want to initialize during the assembly phase.

[DanHeidinga]

There may be a similar issue with ObjectInputStream as well as I think this forces the class to be AOTInitialized.

        SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::checkArray);
        SharedSecrets.setJavaObjectInputStreamReadString(ObjectInputStream::readString);

[iklam]

These two accessors are currently not used in the AOT assembly phase. Maybe we can add an assert that the corresponding fields are null, and abort the AOT assembly otherwise?

[DanHeidinga]

Is there a particular subset of the SharedSecrets accessors that we want to allow to be set during the assembly phase?

Is there a way we can mark the fields in SharedSecrets as allowed to be assembly initialized vs those that must be null?

The unfortunate thing is that if these fields didn't use Lambdas, they would also be fine to assembly-time initialize as it's the side-effect of the lambda forcing init that's the problem