Allow SDK to run in environments prohibiting use of sun.misc.Unsafe

[rrva]

Some applications run under strict java.security permissions which do not allow access to sun.misc.Unsafe.

BatchSpanProcessor uses Unsafe via jctools, but has a fallback to ArrayBlockingQueue. Extending that fallback rule to cover java security exceptions as well.

Since the entire java security manager is marked for deprecation in future java versions, I went with string-matching on the root cause message, which removes deprecation warnings when building with newer java but still does the job in those versions which use java.security policies.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: rrva / name: Ragnar Rova (5c283d9)

[rrva]

The Individual CLA option is not enabled for this project.

[trask]

thx @rrva! do you have any ideas on how to run some(?) tests under the security manager?

[trask]

The Individual CLA option is not enabled for this project.

hi @rrva, it should be, can you attach a screenshot of what you see?

[rrva]

The Individual CLA option is not enabled for this project.

hi @rrva, it should be, can you attach a screenshot of what you see?

Signed. Yesterday I got an error saying the individual option was not enabled and I should contact the project admin.

[rrva]

thx @rrva! do you have any ideas on how to run some(?) tests under the security manager?

I have added a test and squashed all commits

[codecov]

Codecov Report

Base: 90.93% // Head: 90.96% // Increases project coverage by +0.03% 🎉

Coverage data is based on head (511a3ac) compared to base (ef076c2).
Patch coverage: 33.33% of modified lines in pull request are covered.

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #4902      +/-   ##
============================================
+ Coverage     90.93%   90.96%   +0.03%     
- Complexity     4817     4820       +3     
============================================
  Files           545      545              
  Lines         14383    14388       +5     
  Branches       1383     1384       +1     
============================================
+ Hits          13079    13088       +9     
+ Misses          901      897       -4     
  Partials        403      403              

Impacted Files	Coverage Δ
...a/io/opentelemetry/sdk/trace/internal/JcTools.java	31.57% <33.33%> (+3.00%)	⬆️
...metry/sdk/logs/export/BatchLogRecordProcessor.java	89.70% <0.00%> (+0.73%)	⬆️
.../io/opentelemetry/api/internal/PercentEscaper.java	84.21% <0.00%> (+4.51%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[rrva]

I get higher code coverage of JcTools.java than codecov when checking with "Run with coverage" in IntelliJ. What could be wrong?

[rrva]

@trask Please have a look at what I could do to the coverage issue of JcTools.java, it's a bit tricky.

I think what is happening is that MpscArrayQueueProducerIndexField.P_INDEX_OFFSET is sometimes sucessfully initialized before the SunMiscProhibitedSecurityManager is installed. Since it is a static field it is only initialized once per JVM invocation, it stays that way. This initialization is needed to fail if JcToolsSecurityManagerTest is to be allowed to cover the code paths I have changed.

I'm a bit unsure if this theory holds but thats what I think is happening when running jacoco.

I think we either need to find a way that jacoco runs JcToolsSecurityManagerTest in an isolated jvm or excluding the changed code from coverage checks.

When I run JcToolsSecurityManagerTest and JcToolsTest test separately in IntelliJ I do get coverage on all paths. When I run JcToolsSecurityManagerTest without the changes in this PR it fails as expected.

[jkwatson]

codecov is claiming quite a bit of uncovered new code in this PR. Can you add more test cases to cover what it says isn't covered?

[rrva]

@jsuereth

I simplified the actual change to the code down to a single line, the rest is test code (which jacoco has trouble recognizing coverage of when running the entire projects' tests).

It also needs this ugly thing (only in the build.gradle.kts of the sdk/trace-shaded-deps module which today only contains a single other test)

tasks.withType<Test>().configureEach {
  // JcToolsSecurityManagerTest interferes with JcToolsTest
  setForkEvery(1)
}

If you're fine with that, thats OK by me. OR, I drop the entire test since:

• Jacoco did not recognize coverage properly
• Tests that interfere with each other and leave the test JVM in some unclean state (yuck)
• The old code had a clause for catching NoClassDefFoundError, with a reworked simplified impl I am actually just adding a case to that, and that functionality did not have any test coverage either ;)

[rrva]

sorry the tests probably do not leave the test JVM in an unclean state, but if other tests are run concurrently with the JcToolsSecurityManagerTest then it will get ArrayBlockingQueue instead of JcTools queue (a bit randomly since test execution parallelism/ordering is not deterministic)

[jack-berg]

Just a couple of small comments but looks good otherwise

[rrva]

is this mergeable?

[rrva]

the only thing I am afraid of is that it will degrade performance in these environments without any warning so perhaps a warning should be logged

[jack-berg]

the only thing I am afraid of is that it will degrade performance in these environments without any warning so perhaps a warning should be logged

I'm in favor of logging a warning though. Should make sure its only logged once, rather than each time a queue is created.

[rrva]

the only thing I am afraid of is that it will degrade performance in these environments without any warning so perhaps a warning should be logged

I'm in favor of logging a warning though. Should make sure its only logged once, rather than each time a queue is created.

Warning added and duplicates mostly avoided (could still happen when creating many queues concurrently)

Rebased.

Good to merge?