# HG changeset patch # User Doug Simon # Date 1407794899 -7200 # Node ID e52ad0d3b7d6f806d7612220b657a8dfdc6cc177 # Parent 8a05a498ab76ccceb947b4338d92321ea4506bcd put some security sensitive actions into a privileged action diff -r 8a05a498ab76 -r e52ad0d3b7d6 graal/com.oracle.truffle.api/src/com/oracle/truffle/api/Truffle.java --- a/graal/com.oracle.truffle.api/src/com/oracle/truffle/api/Truffle.java Tue Aug 12 00:01:54 2014 +0200 +++ b/graal/com.oracle.truffle.api/src/com/oracle/truffle/api/Truffle.java Tue Aug 12 00:08:19 2014 +0200 @@ -24,6 +24,8 @@ */ package com.oracle.truffle.api; +import java.security.*; + import com.oracle.truffle.api.impl.*; /** @@ -31,7 +33,7 @@ */ public class Truffle { - private static final TruffleRuntime RUNTIME; + private static final TruffleRuntime RUNTIME = initRuntime(); /** * Creates a new {@link TruffleRuntime} instance if the runtime has a specialized @@ -46,13 +48,15 @@ return RUNTIME; } - static { - TruffleRuntime runtime; + private static TruffleRuntime initRuntime() { try { - runtime = createRuntime(); + return AccessController.doPrivileged(new PrivilegedAction() { + public TruffleRuntime run() { + return createRuntime(); + } + }); } catch (UnsatisfiedLinkError e) { - runtime = new DefaultTruffleRuntime(); + return new DefaultTruffleRuntime(); } - RUNTIME = runtime; } } diff -r 8a05a498ab76 -r e52ad0d3b7d6 graal/com.oracle.truffle.api/src/com/oracle/truffle/api/TruffleOptions.java --- a/graal/com.oracle.truffle.api/src/com/oracle/truffle/api/TruffleOptions.java Tue Aug 12 00:01:54 2014 +0200 +++ b/graal/com.oracle.truffle.api/src/com/oracle/truffle/api/TruffleOptions.java Tue Aug 12 00:08:19 2014 +0200 @@ -24,6 +24,8 @@ */ package com.oracle.truffle.api; +import java.security.*; + import com.oracle.truffle.api.nodes.*; /** @@ -36,7 +38,7 @@ *

* Can be set with {@code -Dtruffle.TraceRewrites=true}. */ - public static boolean TraceRewrites = Boolean.getBoolean("truffle.TraceRewrites"); + public static boolean TraceRewrites; /** * Enables the generation of detailed rewrite reasons. Enabling this may introduce some overhead @@ -44,7 +46,7 @@ *

* Can be set with {@code -Dtruffle.DetailedRewriteReasons=true}. */ - public static final boolean DetailedRewriteReasons = Boolean.getBoolean("truffle.DetailedRewriteReasons"); + public static final boolean DetailedRewriteReasons; /** * Filters rewrites that do not contain the given string in the qualified name of the source or @@ -52,7 +54,7 @@ *

* Can be set with {@code -Dtruffle.TraceRewritesFilterClass=name}. */ - public static String TraceRewritesFilterClass = System.getProperty("truffle.TraceRewritesFilterClass"); + public static String TraceRewritesFilterClass; /** * Filters rewrites which does not contain the {@link NodeCost} in its source {@link NodeInfo}. @@ -61,7 +63,7 @@ * Can be set with * {@code -Dtruffle.TraceRewritesFilterFromCost=NONE|MONOMORPHIC|POLYMORPHIC|MEGAMORPHIC}. */ - public static NodeCost TraceRewritesFilterFromCost = parseNodeInfoKind(System.getProperty("truffle.TraceRewritesFilterFromCost")); + public static NodeCost TraceRewritesFilterFromCost; /** * Filters rewrites which does not contain the {@link NodeCost} in its target {@link NodeInfo}. @@ -70,14 +72,14 @@ * Can be set with * {@code -Dtruffle.TraceRewritesFilterToKind=UNINITIALIZED|SPECIALIZED|POLYMORPHIC|GENERIC}. */ - public static NodeCost TraceRewritesFilterToCost = parseNodeInfoKind(System.getProperty("truffle.TraceRewritesFilterToCost")); + public static NodeCost TraceRewritesFilterToCost; /** * Enables the dumping of Node creations and AST rewrites in JSON format. *

* Can be set with {@code -Dtruffle.TraceASTJSON=true}. */ - public static final boolean TraceASTJSON = Boolean.getBoolean("truffle.TraceASTJSON"); + public static final boolean TraceASTJSON; private static NodeCost parseNodeInfoKind(String kind) { if (kind == null) { @@ -87,4 +89,21 @@ return NodeCost.valueOf(kind); } + static { + final boolean[] values = {false, false}; + AccessController.doPrivileged(new PrivilegedAction() { + public Void run() { + TraceRewrites = Boolean.getBoolean("truffle.TraceRewrites"); + TraceRewritesFilterClass = System.getProperty("truffle.TraceRewritesFilterClass"); + TraceRewritesFilterFromCost = parseNodeInfoKind(System.getProperty("truffle.TraceRewritesFilterFromCost")); + TraceRewritesFilterToCost = parseNodeInfoKind(System.getProperty("truffle.TraceRewritesFilterToCost")); + values[0] = Boolean.getBoolean("truffle.DetailedRewriteReasons"); + values[1] = Boolean.getBoolean("truffle.TraceASTJSON"); + return null; + } + }); + + DetailedRewriteReasons = values[0]; + TraceASTJSON = values[1]; + } } diff -r 8a05a498ab76 -r e52ad0d3b7d6 graal/com.oracle.truffle.api/src/com/oracle/truffle/api/nodes/NodeUtil.java --- a/graal/com.oracle.truffle.api/src/com/oracle/truffle/api/nodes/NodeUtil.java Tue Aug 12 00:01:54 2014 +0200 +++ b/graal/com.oracle.truffle.api/src/com/oracle/truffle/api/nodes/NodeUtil.java Tue Aug 12 00:08:19 2014 +0200 @@ -27,6 +27,7 @@ import java.io.*; import java.lang.annotation.*; import java.lang.reflect.*; +import java.security.*; import java.util.*; import sun.misc.*; @@ -160,9 +161,13 @@ private static final ClassValue nodeClasses = new ClassValue() { @SuppressWarnings("unchecked") @Override - protected NodeClass computeValue(Class clazz) { + protected NodeClass computeValue(final Class clazz) { assert Node.class.isAssignableFrom(clazz); - return new NodeClass((Class) clazz, unsafeFieldOffsetProvider); + return AccessController.doPrivileged(new PrivilegedAction() { + public NodeClass run() { + return new NodeClass((Class) clazz, unsafeFieldOffsetProvider); + } + }); } };