changeset 52453:b0af758a092c

8212605: Pure-Java implementation of AccessController.doPrivileged Reviewed-by: dholmes, mullan, vlivanov, mchung, alanb, rriggs
author dlong
date Tue, 06 Nov 2018 16:04:50 -0800
parents 4ee78b5583f9
children b43f8976cf81
files make/hotspot/symbols/symbols-unix src/hotspot/share/classfile/classFileParser.cpp src/hotspot/share/classfile/javaClasses.cpp src/hotspot/share/classfile/javaClasses.hpp src/hotspot/share/classfile/systemDictionary.hpp src/hotspot/share/classfile/vmSymbols.hpp src/hotspot/share/include/jvm.h src/hotspot/share/jfr/leakprofiler/checkpoint/rootResolver.cpp src/hotspot/share/memory/universe.cpp src/hotspot/share/memory/universe.hpp src/hotspot/share/prims/jvm.cpp src/hotspot/share/prims/privilegedStack.cpp src/hotspot/share/prims/privilegedStack.hpp src/hotspot/share/runtime/os.cpp src/hotspot/share/runtime/thread.cpp src/hotspot/share/runtime/thread.hpp src/hotspot/share/utilities/debug.cpp src/hotspot/share/utilities/globalDefinitions.hpp src/java.base/share/classes/java/security/AccessController.java src/java.base/share/classes/java/security/ProtectionDomain.java src/java.base/share/native/libjava/AccessController.c test/hotspot/jtreg/runtime/JVMDoPrivileged/DoPrivRunAbstract.jasm test/hotspot/jtreg/runtime/JVMDoPrivileged/DoPrivileged.java test/jdk/java/lang/StackWalker/VerifyStackTrace.java
diffstat 24 files changed, 214 insertions(+), 451 deletions(-) [+]
line wrap: on
line diff
--- a/make/hotspot/symbols/symbols-unix	Wed Nov 07 01:04:26 2018 +0000
+++ b/make/hotspot/symbols/symbols-unix	Tue Nov 06 16:04:50 2018 -0800
@@ -52,7 +52,6 @@
 JVM_DefineClass
 JVM_DefineClassWithSource
 JVM_DesiredAssertionStatus
-JVM_DoPrivileged
 JVM_DumpAllStacks
 JVM_DumpThreads
 JVM_FillInStackTrace
--- a/src/hotspot/share/classfile/classFileParser.cpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/classfile/classFileParser.cpp	Tue Nov 06 16:04:50 2018 -0800
@@ -1066,7 +1066,7 @@
     _method_DontInline,
     _method_InjectedProfile,
     _method_LambdaForm_Compiled,
-    _method_LambdaForm_Hidden,
+    _method_Hidden,
     _method_HotSpotIntrinsicCandidate,
     _jdk_internal_vm_annotation_Contended,
     _field_Stable,
@@ -2121,7 +2121,12 @@
     case vmSymbols::VM_SYMBOL_ENUM_NAME(java_lang_invoke_LambdaForm_Hidden_signature): {
       if (_location != _in_method)  break;  // only allow for methods
       if (!privileged)              break;  // only allow in privileged code
-      return _method_LambdaForm_Hidden;
+      return _method_Hidden;
+    }
+    case vmSymbols::VM_SYMBOL_ENUM_NAME(java_security_AccessController_Hidden_signature): {
+      if (_location != _in_method)  break;  // only allow for methods
+      if (!privileged)              break;  // only allow in privileged code
+      return _method_Hidden;
     }
     case vmSymbols::VM_SYMBOL_ENUM_NAME(jdk_internal_HotSpotIntrinsicCandidate_signature): {
       if (_location != _in_method)  break;  // only allow for methods
@@ -2178,7 +2183,7 @@
     m->set_has_injected_profile(true);
   if (has_annotation(_method_LambdaForm_Compiled) && m->intrinsic_id() == vmIntrinsics::_none)
     m->set_intrinsic_id(vmIntrinsics::_compiledLambdaForm);
-  if (has_annotation(_method_LambdaForm_Hidden))
+  if (has_annotation(_method_Hidden))
     m->set_hidden(true);
   if (has_annotation(_method_HotSpotIntrinsicCandidate) && !m->is_synthetic())
     m->set_intrinsic_candidate(true);
--- a/src/hotspot/share/classfile/javaClasses.cpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/classfile/javaClasses.cpp	Tue Nov 06 16:04:50 2018 -0800
@@ -3786,12 +3786,6 @@
 }
 #endif
 
-bool java_security_AccessControlContext::is_authorized(Handle context) {
-  assert(context.not_null() && context->klass() == SystemDictionary::AccessControlContext_klass(), "Invalid type");
-  assert(_isAuthorized_offset != -1, "should be set");
-  return context->bool_field(_isAuthorized_offset) != 0;
-}
-
 oop java_security_AccessControlContext::create(objArrayHandle context, bool isPrivileged, Handle privileged_context, TRAPS) {
   assert(_isPrivileged_offset != 0, "offsets should have been initialized");
   // Ensure klass is initialized
@@ -3975,13 +3969,6 @@
 int java_lang_System::out_offset_in_bytes() { return static_out_offset; }
 int java_lang_System::err_offset_in_bytes() { return static_err_offset; }
 
-
-bool java_lang_System::has_security_manager() {
-  InstanceKlass* ik = SystemDictionary::System_klass();
-  oop base = ik->static_field_base_raw();
-  return base->obj_field(static_security_offset) != NULL;
-}
-
 int java_lang_Class::_klass_offset;
 int java_lang_Class::_array_klass_offset;
 int java_lang_Class::_oop_size_offset;
--- a/src/hotspot/share/classfile/javaClasses.hpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/classfile/javaClasses.hpp	Tue Nov 06 16:04:50 2018 -0800
@@ -1241,8 +1241,6 @@
   static void serialize_offsets(SerializeClosure* f) NOT_CDS_RETURN;
   static oop create(objArrayHandle context, bool isPrivileged, Handle privileged_context, TRAPS);
 
-  static bool is_authorized(Handle context);
-
   // Debugging/initialization
   friend class JavaClasses;
 };
@@ -1316,8 +1314,6 @@
   static int out_offset_in_bytes();
   static int err_offset_in_bytes();
 
-  static bool has_security_manager();
-
   static void compute_offsets();
   static void serialize_offsets(SerializeClosure* f) NOT_CDS_RETURN;
 
--- a/src/hotspot/share/classfile/systemDictionary.hpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/classfile/systemDictionary.hpp	Tue Nov 06 16:04:50 2018 -0800
@@ -116,6 +116,7 @@
   do_klass(SecurityManager_klass,                       java_lang_SecurityManager                             ) \
   do_klass(ProtectionDomain_klass,                      java_security_ProtectionDomain                        ) \
   do_klass(AccessControlContext_klass,                  java_security_AccessControlContext                    ) \
+  do_klass(AccessController_klass,                      java_security_AccessController                        ) \
   do_klass(SecureClassLoader_klass,                     java_security_SecureClassLoader                       ) \
   do_klass(ClassNotFoundException_klass,                java_lang_ClassNotFoundException                      ) \
   do_klass(NoClassDefFoundError_klass,                  java_lang_NoClassDefFoundError                        ) \
--- a/src/hotspot/share/classfile/vmSymbols.hpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/classfile/vmSymbols.hpp	Tue Nov 06 16:04:50 2018 -0800
@@ -99,6 +99,8 @@
   template(java_lang_CharSequence,                    "java/lang/CharSequence")                   \
   template(java_lang_SecurityManager,                 "java/lang/SecurityManager")                \
   template(java_security_AccessControlContext,        "java/security/AccessControlContext")       \
+  template(java_security_AccessController,            "java/security/AccessController")           \
+  template(executePrivileged_name,                    "executePrivileged")                        \
   template(java_security_CodeSource,                  "java/security/CodeSource")                 \
   template(java_security_ProtectionDomain,            "java/security/ProtectionDomain")           \
   template(java_security_SecureClassLoader,           "java/security/SecureClassLoader")          \
@@ -303,6 +305,7 @@
   template(java_lang_invoke_LambdaForm_Compiled_signature, "Ljava/lang/invoke/LambdaForm$Compiled;") \
   template(java_lang_invoke_LambdaForm_Hidden_signature, "Ljava/lang/invoke/LambdaForm$Hidden;")  \
   template(java_lang_invoke_MethodHandleNatives_CallSiteContext_signature, "Ljava/lang/invoke/MethodHandleNatives$CallSiteContext;") \
+  template(java_security_AccessController_Hidden_signature, "Ljava/security/AccessController$Hidden;")  \
   /* internal up-calls made only by the JVM, via class sun.invoke.MethodHandleNatives: */         \
   template(findMethodHandleType_name,                 "findMethodHandleType")                     \
   template(findMethodHandleType_signature,       "(Ljava/lang/Class;[Ljava/lang/Class;)Ljava/lang/invoke/MethodType;") \
@@ -546,7 +549,6 @@
   template(char_StringBuffer_signature,               "(C)Ljava/lang/StringBuffer;")                              \
   template(int_String_signature,                      "(I)Ljava/lang/String;")                                    \
   template(boolean_boolean_int_signature,             "(ZZ)I")                                                    \
-  template(codesource_permissioncollection_signature, "(Ljava/security/CodeSource;Ljava/security/PermissionCollection;)V") \
   /* signature symbols needed by intrinsics */                                                                    \
   VM_INTRINSICS_DO(VM_INTRINSIC_IGNORE, VM_SYMBOL_IGNORE, VM_SYMBOL_IGNORE, template, VM_ALIAS_IGNORE)            \
                                                                                                                   \
--- a/src/hotspot/share/include/jvm.h	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/include/jvm.h	Tue Nov 06 16:04:50 2018 -0800
@@ -621,10 +621,6 @@
  */
 
 JNIEXPORT jobject JNICALL
-JVM_DoPrivileged(JNIEnv *env, jclass cls,
-                 jobject action, jobject context, jboolean wrapException);
-
-JNIEXPORT jobject JNICALL
 JVM_GetInheritedAccessControlContext(JNIEnv *env, jclass cls);
 
 JNIEXPORT jobject JNICALL
--- a/src/hotspot/share/jfr/leakprofiler/checkpoint/rootResolver.cpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/jfr/leakprofiler/checkpoint/rootResolver.cpp	Tue Nov 06 16:04:50 2018 -0800
@@ -34,7 +34,6 @@
 #include "oops/markOop.hpp"
 #include "oops/oop.hpp"
 #include "prims/jvmtiThreadState.hpp"
-#include "prims/privilegedStack.hpp"
 #include "runtime/frame.inline.hpp"
 #include "runtime/mutexLocker.hpp"
 #include "runtime/threadSMR.inline.hpp"
@@ -323,14 +322,6 @@
   ReferenceLocateClosure rcl(_callback, OldObjectRoot::_threads, OldObjectRoot::_stack_variable, jt);
 
   if (jt->has_last_Java_frame()) {
-    PrivilegedElement* const pelem = jt->privileged_stack_top();
-    if (pelem != NULL) {
-      pelem->oops_do(&rcl);
-      if (rcl.complete()) {
-        return true;
-      }
-    }
-
     // traverse the registered growable array gc_array
     // can't do this as it is not reachable from outside
 
--- a/src/hotspot/share/memory/universe.cpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/memory/universe.cpp	Tue Nov 06 16:04:50 2018 -0800
@@ -106,7 +106,6 @@
 oop Universe::_the_min_jint_string                   = NULL;
 LatestMethodCache* Universe::_finalizer_register_cache = NULL;
 LatestMethodCache* Universe::_loader_addClass_cache    = NULL;
-LatestMethodCache* Universe::_pd_implies_cache         = NULL;
 LatestMethodCache* Universe::_throw_illegal_access_error_cache = NULL;
 LatestMethodCache* Universe::_do_stack_walk_cache     = NULL;
 oop Universe::_out_of_memory_error_java_heap          = NULL;
@@ -230,7 +229,6 @@
 
   _finalizer_register_cache->metaspace_pointers_do(it);
   _loader_addClass_cache->metaspace_pointers_do(it);
-  _pd_implies_cache->metaspace_pointers_do(it);
   _throw_illegal_access_error_cache->metaspace_pointers_do(it);
   _do_stack_walk_cache->metaspace_pointers_do(it);
 }
@@ -272,7 +270,6 @@
   f->do_ptr((void**)&_the_empty_instance_klass_array);
   _finalizer_register_cache->serialize(f);
   _loader_addClass_cache->serialize(f);
-  _pd_implies_cache->serialize(f);
   _throw_illegal_access_error_cache->serialize(f);
   _do_stack_walk_cache->serialize(f);
 }
@@ -687,7 +684,6 @@
   // Metaspace::initialize_shared_spaces() tries to populate them.
   Universe::_finalizer_register_cache = new LatestMethodCache();
   Universe::_loader_addClass_cache    = new LatestMethodCache();
-  Universe::_pd_implies_cache         = new LatestMethodCache();
   Universe::_throw_illegal_access_error_cache = new LatestMethodCache();
   Universe::_do_stack_walk_cache = new LatestMethodCache();
 
@@ -941,12 +937,6 @@
                           "addClass",
                           vmSymbols::class_void_signature(), false, CHECK);
 
-  // Set up method for checking protection domain
-  initialize_known_method(_pd_implies_cache,
-                          SystemDictionary::ProtectionDomain_klass(),
-                          "impliesCreateAccessControlContext",
-                          vmSymbols::void_boolean_signature(), false, CHECK);
-
   // Set up method for stack walking
   initialize_known_method(_do_stack_walk_cache,
                           SystemDictionary::AbstractStackWalker_klass(),
--- a/src/hotspot/share/memory/universe.hpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/memory/universe.hpp	Tue Nov 06 16:04:50 2018 -0800
@@ -137,7 +137,6 @@
   static oop          _the_min_jint_string;          // A cache of "-2147483648" as a Java string
   static LatestMethodCache* _finalizer_register_cache; // static method for registering finalizable objects
   static LatestMethodCache* _loader_addClass_cache;    // method for registering loaded classes in class loader vector
-  static LatestMethodCache* _pd_implies_cache;         // method for checking protection domain attributes
   static LatestMethodCache* _throw_illegal_access_error_cache; // Unsafe.throwIllegalAccessError() method
   static LatestMethodCache* _do_stack_walk_cache;      // method for stack walker callback
 
@@ -322,7 +321,6 @@
   static Method*      finalizer_register_method()     { return _finalizer_register_cache->get_method(); }
   static Method*      loader_addClass_method()        { return _loader_addClass_cache->get_method(); }
 
-  static Method*      protection_domain_implies_method() { return _pd_implies_cache->get_method(); }
   static Method*      throw_illegal_access_error()    { return _throw_illegal_access_error_cache->get_method(); }
 
   static Method*      do_stack_walk_method()          { return _do_stack_walk_cache->get_method(); }
--- a/src/hotspot/share/prims/jvm.cpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/prims/jvm.cpp	Tue Nov 06 16:04:50 2018 -0800
@@ -55,7 +55,6 @@
 #include "prims/jvmtiExport.hpp"
 #include "prims/jvmtiThreadState.hpp"
 #include "prims/nativeLookup.hpp"
-#include "prims/privilegedStack.hpp"
 #include "prims/stackwalk.hpp"
 #include "runtime/arguments.hpp"
 #include "runtime/atomic.hpp"
@@ -1166,155 +1165,6 @@
 JVM_END
 
 
-static bool is_authorized(Handle context, InstanceKlass* klass, TRAPS) {
-  // If there is a security manager and protection domain, check the access
-  // in the protection domain, otherwise it is authorized.
-  if (java_lang_System::has_security_manager()) {
-
-    // For bootstrapping, if pd implies method isn't in the JDK, allow
-    // this context to revert to older behavior.
-    // In this case the isAuthorized field in AccessControlContext is also not
-    // present.
-    if (Universe::protection_domain_implies_method() == NULL) {
-      return true;
-    }
-
-    // Whitelist certain access control contexts
-    if (java_security_AccessControlContext::is_authorized(context)) {
-      return true;
-    }
-
-    oop prot = klass->protection_domain();
-    if (prot != NULL) {
-      // Call pd.implies(new SecurityPermission("createAccessControlContext"))
-      // in the new wrapper.
-      methodHandle m(THREAD, Universe::protection_domain_implies_method());
-      Handle h_prot(THREAD, prot);
-      JavaValue result(T_BOOLEAN);
-      JavaCallArguments args(h_prot);
-      JavaCalls::call(&result, m, &args, CHECK_false);
-      return (result.get_jboolean() != 0);
-    }
-  }
-  return true;
-}
-
-// Create an AccessControlContext with a protection domain with null codesource
-// and null permissions - which gives no permissions.
-oop create_dummy_access_control_context(TRAPS) {
-  InstanceKlass* pd_klass = SystemDictionary::ProtectionDomain_klass();
-  // Call constructor ProtectionDomain(null, null);
-  Handle obj = JavaCalls::construct_new_instance(pd_klass,
-                          vmSymbols::codesource_permissioncollection_signature(),
-                          Handle(), Handle(), CHECK_NULL);
-
-  // new ProtectionDomain[] {pd};
-  objArrayOop context = oopFactory::new_objArray(pd_klass, 1, CHECK_NULL);
-  context->obj_at_put(0, obj());
-
-  // new AccessControlContext(new ProtectionDomain[] {pd})
-  objArrayHandle h_context(THREAD, context);
-  oop acc = java_security_AccessControlContext::create(h_context, false, Handle(), CHECK_NULL);
-  return acc;
-}
-
-JVM_ENTRY(jobject, JVM_DoPrivileged(JNIEnv *env, jclass cls, jobject action, jobject context, jboolean wrapException))
-  JVMWrapper("JVM_DoPrivileged");
-
-  if (action == NULL) {
-    THROW_MSG_0(vmSymbols::java_lang_NullPointerException(), "Null action");
-  }
-
-  // Compute the frame initiating the do privileged operation and setup the privileged stack
-  vframeStream vfst(thread);
-  vfst.security_get_caller_frame(1);
-
-  if (vfst.at_end()) {
-    THROW_MSG_0(vmSymbols::java_lang_InternalError(), "no caller?");
-  }
-
-  Method* method        = vfst.method();
-  InstanceKlass* klass  = method->method_holder();
-
-  // Check that action object understands "Object run()"
-  Handle h_context;
-  if (context != NULL) {
-    h_context = Handle(THREAD, JNIHandles::resolve(context));
-    bool authorized = is_authorized(h_context, klass, CHECK_NULL);
-    if (!authorized) {
-      // Create an unprivileged access control object and call it's run function
-      // instead.
-      oop noprivs = create_dummy_access_control_context(CHECK_NULL);
-      h_context = Handle(THREAD, noprivs);
-    }
-  }
-
-  // Check that action object understands "Object run()"
-  Handle object (THREAD, JNIHandles::resolve(action));
-
-  // get run() method
-  Method* m_oop = object->klass()->uncached_lookup_method(
-                                           vmSymbols::run_method_name(),
-                                           vmSymbols::void_object_signature(),
-                                           Klass::find_overpass);
-
-  // See if there is a default method for "Object run()".
-  if (m_oop == NULL && object->klass()->is_instance_klass()) {
-    InstanceKlass* iklass = InstanceKlass::cast(object->klass());
-    m_oop = iklass->lookup_method_in_ordered_interfaces(
-                                           vmSymbols::run_method_name(),
-                                           vmSymbols::void_object_signature());
-  }
-
-  methodHandle m (THREAD, m_oop);
-  if (m.is_null() || !m->is_method() || !m()->is_public() || m()->is_static() || m()->is_abstract()) {
-    THROW_MSG_0(vmSymbols::java_lang_InternalError(), "No run method");
-  }
-
-  // Stack allocated list of privileged stack elements
-  PrivilegedElement pi;
-  if (!vfst.at_end()) {
-    pi.initialize(&vfst, h_context(), thread->privileged_stack_top(), CHECK_NULL);
-    thread->set_privileged_stack_top(&pi);
-  }
-
-
-  // invoke the Object run() in the action object. We cannot use call_interface here, since the static type
-  // is not really known - it is either java.security.PrivilegedAction or java.security.PrivilegedExceptionAction
-  Handle pending_exception;
-  JavaValue result(T_OBJECT);
-  JavaCallArguments args(object);
-  JavaCalls::call(&result, m, &args, THREAD);
-
-  // done with action, remove ourselves from the list
-  if (!vfst.at_end()) {
-    assert(thread->privileged_stack_top() != NULL && thread->privileged_stack_top() == &pi, "wrong top element");
-    thread->set_privileged_stack_top(thread->privileged_stack_top()->next());
-  }
-
-  if (HAS_PENDING_EXCEPTION) {
-    pending_exception = Handle(THREAD, PENDING_EXCEPTION);
-    CLEAR_PENDING_EXCEPTION;
-    // JVMTI has already reported the pending exception
-    // JVMTI internal flag reset is needed in order to report PrivilegedActionException
-    if (THREAD->is_Java_thread()) {
-      JvmtiExport::clear_detected_exception((JavaThread*) THREAD);
-    }
-    if ( pending_exception->is_a(SystemDictionary::Exception_klass()) &&
-        !pending_exception->is_a(SystemDictionary::RuntimeException_klass())) {
-      // Throw a java.security.PrivilegedActionException(Exception e) exception
-      JavaCallArguments args(pending_exception);
-      THROW_ARG_0(vmSymbols::java_security_PrivilegedActionException(),
-                  vmSymbols::exception_void_signature(),
-                  &args);
-    }
-  }
-
-  if (pending_exception.not_null()) THROW_OOP_0(pending_exception());
-  return JNIHandles::make_local(env, (oop) result.get_jobject());
-JVM_END
-
-
 // Returns the inherited_access_control_context field of the running thread.
 JVM_ENTRY(jobject, JVM_GetInheritedAccessControlContext(JNIEnv *env, jclass cls))
   JVMWrapper("JVM_GetInheritedAccessControlContext");
@@ -1349,25 +1199,35 @@
   // duplicate consecutive protection domains into a single one, as
   // well as stopping when we hit a privileged frame.
 
-  // Use vframeStream to iterate through Java frames
-  vframeStream vfst(thread);
-
   oop previous_protection_domain = NULL;
   Handle privileged_context(thread, NULL);
   bool is_privileged = false;
   oop protection_domain = NULL;
 
-  for(; !vfst.at_end(); vfst.next()) {
+  // Iterate through Java frames
+  RegisterMap reg_map(thread);
+  javaVFrame *vf = thread->last_java_vframe(&reg_map);
+  for (; vf != NULL; vf = vf->java_sender()) {
     // get method of frame
-    Method* method = vfst.method();
-    intptr_t* frame_id   = vfst.frame_id();
-
-    // check the privileged frames to see if we have a match
-    if (thread->privileged_stack_top() && thread->privileged_stack_top()->frame_id() == frame_id) {
+    Method* method = vf->method();
+
+    // stop at the first privileged frame
+    if (method->method_holder() == SystemDictionary::AccessController_klass() &&
+      method->name() == vmSymbols::executePrivileged_name())
+    {
       // this frame is privileged
       is_privileged = true;
-      privileged_context = Handle(thread, thread->privileged_stack_top()->privileged_context());
-      protection_domain  = thread->privileged_stack_top()->protection_domain();
+
+      javaVFrame *priv = vf;                        // executePrivileged
+      javaVFrame *caller_fr = priv->java_sender();  // doPrivileged
+      caller_fr = caller_fr->java_sender();         // caller
+
+      StackValueCollection* locals = priv->locals();
+      privileged_context = locals->obj_at(1);
+      Handle caller      = locals->obj_at(2);
+
+      Klass *caller_klass = java_lang_Class::as_Klass(caller());
+      protection_domain  = caller_klass->protection_domain();
     } else {
       protection_domain = method->method_holder()->protection_domain();
     }
--- a/src/hotspot/share/prims/privilegedStack.cpp	Wed Nov 07 01:04:26 2018 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- *
- */
-
-#include "precompiled.hpp"
-#include "memory/allocation.inline.hpp"
-#include "oops/instanceKlass.hpp"
-#include "oops/method.hpp"
-#include "oops/oop.inline.hpp"
-#include "prims/privilegedStack.hpp"
-#include "runtime/thread.inline.hpp"
-#include "runtime/vframe.inline.hpp"
-
-void PrivilegedElement::initialize(vframeStream* vfst, oop context, PrivilegedElement* next, TRAPS) {
-  Method* method        = vfst->method();
-  _klass                = method->method_holder();
-  _privileged_context   = context;
-#ifdef CHECK_UNHANDLED_OOPS
-  THREAD->allow_unhandled_oop(&_privileged_context);
-#endif // CHECK_UNHANDLED_OOPS
-  _frame_id             = vfst->frame_id();
-  _next                 = next;
-  assert(oopDesc::is_oop_or_null(_privileged_context), "must be an oop");
-  assert(oopDesc::is_oop_or_null(protection_domain()), "must be an oop");
-}
-
-void PrivilegedElement::oops_do(OopClosure* f) {
-  PrivilegedElement *cur = this;
-  do {
-    f->do_oop((oop*) &cur->_privileged_context);
-    cur = cur->_next;
-  } while(cur != NULL);
-}
-
-//-------------------------------------------------------------------------------
-#ifndef PRODUCT
-
-void PrivilegedElement::print_on(outputStream* st) const {
-  st->print("   " PTR_FORMAT " ", p2i(_frame_id));
-  _klass->print_value_on(st);
-  if (protection_domain() != NULL) {
-    st->print("   ");
-    protection_domain()->print_value_on(st);
-  }
-  st->cr();
-}
-
-bool PrivilegedElement::contains(address addr) {
-  PrivilegedElement *e = (PrivilegedElement *)addr;
-  if (e >= this && e < this+1) return true;
-
-  if (_next != NULL) {
-    return _next->contains(addr);
-  } else {
-    return false;
-  }
-}
-
-#endif
--- a/src/hotspot/share/prims/privilegedStack.hpp	Wed Nov 07 01:04:26 2018 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- *
- */
-
-#ifndef SHARE_VM_PRIMS_PRIVILEGEDSTACK_HPP
-#define SHARE_VM_PRIMS_PRIVILEGEDSTACK_HPP
-
-#include "oops/oopsHierarchy.hpp"
-#include "runtime/vframe.hpp"
-#include "utilities/growableArray.hpp"
-
-class PrivilegedElement {
- private:
-  Klass*    _klass;                // klass for method
-  oop       _privileged_context;   // context for operation
-  intptr_t*     _frame_id;             // location on stack
-  PrivilegedElement* _next;        // Link to next one on stack
- public:
-  void initialize(vframeStream* vf, oop context, PrivilegedElement* next, TRAPS);
-  void oops_do(OopClosure* f);
-  intptr_t* frame_id() const           { return _frame_id; }
-  oop  privileged_context() const  { return _privileged_context; }
-  oop  class_loader() const        { return InstanceKlass::cast(_klass)->class_loader(); }
-  oop  protection_domain() const   { return InstanceKlass::cast(_klass)->protection_domain(); }
-  PrivilegedElement *next() const  { return _next; }
-
-  // debugging (used for find)
-  void print_on(outputStream* st) const   PRODUCT_RETURN;
-  bool contains(address addr)             PRODUCT_RETURN0;
-};
-
-#endif // SHARE_VM_PRIMS_PRIVILEGEDSTACK_HPP
--- a/src/hotspot/share/runtime/os.cpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/runtime/os.cpp	Tue Nov 06 16:04:50 2018 -0800
@@ -44,7 +44,6 @@
 #include "memory/resourceArea.hpp"
 #include "oops/oop.inline.hpp"
 #include "prims/jvm_misc.hpp"
-#include "prims/privilegedStack.hpp"
 #include "runtime/arguments.hpp"
 #include "runtime/atomic.hpp"
 #include "runtime/frame.inline.hpp"
@@ -1091,14 +1090,6 @@
 
   // Check if addr belongs to a Java thread.
   for (JavaThreadIteratorWithHandle jtiwh; JavaThread *thread = jtiwh.next(); ) {
-    // Check for privilege stack
-    if (thread->privileged_stack_top() != NULL &&
-        thread->privileged_stack_top()->contains(addr)) {
-      st->print_cr(INTPTR_FORMAT " is pointing into the privilege stack "
-                   "for thread: " INTPTR_FORMAT, p2i(addr), p2i(thread));
-      if (verbose) thread->print_on(st);
-      return;
-    }
     // If the addr is a java thread print information about that.
     if (addr == (address)thread) {
       if (verbose) {
--- a/src/hotspot/share/runtime/thread.cpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/runtime/thread.cpp	Tue Nov 06 16:04:50 2018 -0800
@@ -61,7 +61,6 @@
 #include "prims/jvm_misc.hpp"
 #include "prims/jvmtiExport.hpp"
 #include "prims/jvmtiThreadState.hpp"
-#include "prims/privilegedStack.hpp"
 #include "runtime/arguments.hpp"
 #include "runtime/atomic.hpp"
 #include "runtime/biasedLocking.hpp"
@@ -1558,7 +1557,6 @@
   _on_thread_list = false;
   set_thread_state(_thread_new);
   _terminated = _not_terminated;
-  _privileged_stack_top = NULL;
   _array_for_gc = NULL;
   _suspend_equivalent = false;
   _in_deopt_handler = 0;
@@ -1990,7 +1988,6 @@
 
   // These things needs to be done while we are still a Java Thread. Make sure that thread
   // is in a consistent state, in case GC happens
-  assert(_privileged_stack_top == NULL, "must be NULL when we get here");
 
   if (active_handles() != NULL) {
     JNIHandleBlock* block = active_handles();
@@ -2840,11 +2837,6 @@
     // Record JavaThread to GC thread
     RememberProcessedThread rpt(this);
 
-    // Traverse the privileged stack
-    if (_privileged_stack_top != NULL) {
-      _privileged_stack_top->oops_do(f);
-    }
-
     // traverse the registered growable array
     if (_array_for_gc != NULL) {
       for (int index = 0; index < _array_for_gc->length(); index++) {
--- a/src/hotspot/share/runtime/thread.hpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/runtime/thread.hpp	Tue Nov 06 16:04:50 2018 -0800
@@ -1882,14 +1882,9 @@
   void thread_main_inner();
 
  private:
-  // PRIVILEGED STACK
-  PrivilegedElement*  _privileged_stack_top;
   GrowableArray<oop>* _array_for_gc;
  public:
 
-  // Returns the privileged_stack information.
-  PrivilegedElement* privileged_stack_top() const       { return _privileged_stack_top; }
-  void set_privileged_stack_top(PrivilegedElement *e)   { _privileged_stack_top = e; }
   void register_array_for_gc(GrowableArray<oop>* array) { _array_for_gc = array; }
 
  public:
--- a/src/hotspot/share/utilities/debug.cpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/utilities/debug.cpp	Tue Nov 06 16:04:50 2018 -0800
@@ -37,7 +37,6 @@
 #include "memory/resourceArea.hpp"
 #include "memory/universe.hpp"
 #include "oops/oop.inline.hpp"
-#include "prims/privilegedStack.hpp"
 #include "runtime/arguments.hpp"
 #include "runtime/atomic.hpp"
 #include "runtime/flags/flagSetting.hpp"
--- a/src/hotspot/share/utilities/globalDefinitions.hpp	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/hotspot/share/utilities/globalDefinitions.hpp	Tue Nov 06 16:04:50 2018 -0800
@@ -925,7 +925,6 @@
 class ConstantValue;
 class IllegalValue;
 
-class PrivilegedElement;
 class MonitorArray;
 
 class MonitorInfo;
--- a/src/java.base/share/classes/java/security/AccessController.java	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/java.base/share/classes/java/security/AccessController.java	Tue Nov 06 16:04:50 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,9 +25,18 @@
 
 package java.security;
 
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import java.lang.ref.Reference;
 import sun.security.util.Debug;
+import sun.security.util.SecurityConstants;
 import jdk.internal.reflect.CallerSensitive;
 import jdk.internal.reflect.Reflection;
+import jdk.internal.vm.annotation.DontInline;
+import jdk.internal.vm.annotation.ForceInline;
+import jdk.internal.vm.annotation.ReservedStackAccess;
 
 /**
  * <p> The AccessController class is used for access control operations
@@ -296,7 +305,10 @@
      */
 
     @CallerSensitive
-    public static native <T> T doPrivileged(PrivilegedAction<T> action);
+    public static <T> T doPrivileged(PrivilegedAction<T> action)
+    {
+        return executePrivileged(action, null, Reflection.getCallerClass());
+    }
 
     /**
      * Performs the specified {@code PrivilegedAction} with privileges
@@ -369,8 +381,13 @@
      * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
      */
     @CallerSensitive
-    public static native <T> T doPrivileged(PrivilegedAction<T> action,
-                                            AccessControlContext context);
+    public static <T> T doPrivileged(PrivilegedAction<T> action,
+                                     AccessControlContext context)
+    {
+        Class<?> caller = Reflection.getCallerClass();
+        context = checkContext(context, caller);
+        return executePrivileged(action, context, caller);
+    }
 
 
     /**
@@ -425,7 +442,7 @@
         if (perms == null) {
             throw new NullPointerException("null permissions parameter");
         }
-        Class <?> caller = Reflection.getCallerClass();
+        Class<?> caller = Reflection.getCallerClass();
         return AccessController.doPrivileged(action, createWrapper(null,
             caller, parent, context, perms));
     }
@@ -491,7 +508,7 @@
         if (perms == null) {
             throw new NullPointerException("null permissions parameter");
         }
-        Class <?> caller = Reflection.getCallerClass();
+        Class<?> caller = Reflection.getCallerClass();
         return AccessController.doPrivileged(action, createWrapper(dc, caller,
             parent, context, perms));
     }
@@ -524,10 +541,20 @@
      * @see java.security.DomainCombiner
      */
     @CallerSensitive
-    public static native <T> T
+    public static <T> T
         doPrivileged(PrivilegedExceptionAction<T> action)
-        throws PrivilegedActionException;
-
+        throws PrivilegedActionException
+    {
+        AccessControlContext context = null;
+        Class<?> caller = Reflection.getCallerClass();
+        try {
+            return executePrivileged(action, context, caller);
+        } catch (RuntimeException e) {
+            throw e;
+        } catch (Exception e) {
+            throw wrapException(e);
+        }
+    }
 
     /**
      * Performs the specified {@code PrivilegedExceptionAction} with
@@ -587,11 +614,11 @@
                       AccessControlContext parent, AccessControlContext context,
                       Permission[] perms)
     {
-        ProtectionDomain callerPD = getCallerPD(caller);
+        ProtectionDomain callerPD = getProtectionDomain(caller);
         // check if caller is authorized to create context
-        if (context != null && !context.isAuthorized() &&
-            System.getSecurityManager() != null &&
-            !callerPD.impliesCreateAccessControlContext())
+        if (System.getSecurityManager() != null &&
+            context != null && !context.isAuthorized() &&
+            !callerPD.implies(SecurityConstants.CREATE_ACC_PERMISSION))
         {
             return getInnocuousAcc();
         } else {
@@ -611,16 +638,7 @@
         return AccHolder.innocuousAcc;
     }
 
-    private static ProtectionDomain getCallerPD(final Class <?> caller) {
-        ProtectionDomain callerPd = doPrivileged
-            (new PrivilegedAction<>() {
-            public ProtectionDomain run() {
-                return caller.getProtectionDomain();
-            }
-        });
-
-        return callerPd;
-    }
+    private static native ProtectionDomain getProtectionDomain(final Class<?> caller);
 
     /**
      * Performs the specified {@code PrivilegedExceptionAction} with
@@ -659,11 +677,125 @@
      * @see #doPrivileged(PrivilegedAction,AccessControlContext)
      */
     @CallerSensitive
-    public static native <T> T
+    public static <T> T
         doPrivileged(PrivilegedExceptionAction<T> action,
                      AccessControlContext context)
-        throws PrivilegedActionException;
+        throws PrivilegedActionException
+    {
+        Class<?> caller = Reflection.getCallerClass();
+        context = checkContext(context, caller);
+        try {
+            return executePrivileged(action, context, caller);
+        } catch (RuntimeException e) {
+            throw e;
+        } catch (Exception e) {
+            throw wrapException(e);
+        }
+    }
 
+    private static AccessControlContext checkContext(AccessControlContext context,
+        Class<?> caller)
+    {
+        // check if caller is authorized to create context
+        if (System.getSecurityManager() != null &&
+            context != null && !context.isAuthorized() &&
+            context != getInnocuousAcc())
+        {
+            ProtectionDomain callerPD = getProtectionDomain(caller);
+            if (callerPD != null && !callerPD.implies(SecurityConstants.CREATE_ACC_PERMISSION)) {
+                return getInnocuousAcc();
+            }
+        }
+        return context;
+    }
+
+    /**
+     * Sanity check that the caller context is indeed privileged.
+     *
+     * Used by executePrivileged to make sure the frame is properly
+     * recognized by the VM.
+     */
+    private static boolean isPrivileged() {
+        AccessControlContext ctx = getStackAccessControlContext();
+        return ctx == null || ctx.isPrivileged();
+    }
+
+    /**
+     * Execute the action as privileged.
+     *
+     * The VM recognizes this method as special, so any changes to the
+     * name or signature require corresponding changes in
+     * getStackAccessControlContext().
+     */
+    @Hidden
+    @ForceInline
+    private static <T> T
+        executePrivileged(PrivilegedAction<T> action,
+                          AccessControlContext context,
+                          Class<?> caller)
+    {
+        assert isPrivileged(); // sanity check invariant
+        T result = action.run();
+        assert isPrivileged(); // sanity check invariant
+
+        // Keep these alive across the run() call so they can be
+        // retrieved by getStackAccessControlContext().
+        Reference.reachabilityFence(context);
+        Reference.reachabilityFence(caller);
+        Reference.reachabilityFence(action);
+        return result;
+    }
+
+    /**
+     * Execute the action as privileged.
+     *
+     * The VM recognizes this method as special, so any changes to the
+     * name or signature require corresponding changes in
+     * getStackAccessControlContext().
+     */
+    @Hidden
+    @ForceInline
+    private static <T> T
+        executePrivileged(PrivilegedExceptionAction<T> action,
+                          AccessControlContext context,
+                          Class<?> caller)
+        throws Exception
+    {
+        assert isPrivileged(); // sanity check invariant
+        T result = action.run();
+        assert isPrivileged(); // sanity check invariant
+
+        // Keep these alive across the run() call so they can be
+        // retrieved by getStackAccessControlContext().
+        Reference.reachabilityFence(context);
+        Reference.reachabilityFence(caller);
+        Reference.reachabilityFence(action);
+        return result;
+    }
+
+
+    /**
+     * Internal marker for hidden implementation frames.
+     */
+    /*non-public*/
+    @Target(ElementType.METHOD)
+    @Retention(RetentionPolicy.RUNTIME)
+    @interface Hidden {
+    }
+
+
+    /**
+     * Wrap an exception.  The annotations are used in a best effort to
+     * avoid StackOverflowError in the caller.  Inlining the callees as
+     * well and tail-call elimination could also help here, but are not
+     * needed for correctness, only quality of implementation.
+     */
+    @Hidden
+    @ForceInline
+    @ReservedStackAccess
+    private static PrivilegedActionException wrapException(Exception e) {
+        return new PrivilegedActionException(e);
+    }
 
     /**
      * Performs the specified {@code PrivilegedExceptionAction} with
@@ -720,7 +852,7 @@
         if (perms == null) {
             throw new NullPointerException("null permissions parameter");
         }
-        Class <?> caller = Reflection.getCallerClass();
+        Class<?> caller = Reflection.getCallerClass();
         return AccessController.doPrivileged(action, createWrapper(null, caller, parent, context, perms));
     }
 
@@ -789,7 +921,7 @@
         if (perms == null) {
             throw new NullPointerException("null permissions parameter");
         }
-        Class <?> caller = Reflection.getCallerClass();
+        Class<?> caller = Reflection.getCallerClass();
         return AccessController.doPrivileged(action, createWrapper(dc, caller,
             parent, context, perms));
     }
--- a/src/java.base/share/classes/java/security/ProtectionDomain.java	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/java.base/share/classes/java/security/ProtectionDomain.java	Tue Nov 06 16:04:50 2018 -0800
@@ -394,11 +394,6 @@
         return false;
     }
 
-    // called by the VM -- do not remove
-    boolean impliesCreateAccessControlContext() {
-        return implies(SecurityConstants.CREATE_ACC_PERMISSION);
-    }
-
     /**
      * Convert a ProtectionDomain to a String.
      */
--- a/src/java.base/share/native/libjava/AccessController.c	Wed Nov 07 01:04:26 2018 +0000
+++ b/src/java.base/share/native/libjava/AccessController.c	Tue Nov 06 16:04:50 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 1998, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,48 +34,13 @@
 #include "jvm.h"
 #include "java_security_AccessController.h"
 
-/*
- * Class:     java_security_AccessController
- * Method:    doPrivileged
- * Signature: (Ljava/security/PrivilegedAction;)Ljava/lang/Object;
- */
-JNIEXPORT jobject JNICALL Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2
-  (JNIEnv *env, jclass cls, jobject action)
+JNIEXPORT jobject JNICALL
+Java_java_security_AccessController_getProtectionDomain(
+                                                              JNIEnv *env,
+                                                              jclass cls,
+                                                              jclass caller)
 {
-    return JVM_DoPrivileged(env, cls, action, NULL, JNI_FALSE);
-}
-
-/*
- * Class:     java_security_AccessController
- * Method:    doPrivileged
- * Signature: (Ljava/security/PrivilegedAction;Ljava/security/AccessControlContext;)Ljava/lang/Object;
- */
-JNIEXPORT jobject JNICALL Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2Ljava_security_AccessControlContext_2
-  (JNIEnv *env, jclass cls, jobject action, jobject context)
-{
-    return JVM_DoPrivileged(env, cls, action, context, JNI_FALSE);
-}
-
-/*
- * Class:     java_security_AccessController
- * Method:    doPrivileged
- * Signature: (Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;
- */
-JNIEXPORT jobject JNICALL Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2
-  (JNIEnv *env, jclass cls, jobject action)
-{
-    return JVM_DoPrivileged(env, cls, action, NULL, JNI_TRUE);
-}
-
-/*
- * Class:     java_security_AccessController
- * Method:    doPrivileged
- * Signature: (Ljava/security/PrivilegedExceptionAction;Ljava/security/AccessControlContext;)Ljava/lang/Object;
- */
-JNIEXPORT jobject JNICALL Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2
-  (JNIEnv *env, jclass cls, jobject action, jobject context)
-{
-    return JVM_DoPrivileged(env, cls, action, context, JNI_TRUE);
+    return JVM_GetProtectionDomain(env, caller);
 }
 
 JNIEXPORT jobject JNICALL
--- a/test/hotspot/jtreg/runtime/JVMDoPrivileged/DoPrivRunAbstract.jasm	Wed Nov 07 01:04:26 2018 +0000
+++ b/test/hotspot/jtreg/runtime/JVMDoPrivileged/DoPrivRunAbstract.jasm	Tue Nov 06 16:04:50 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @summary Test that JVM_DoPrivilege throws java.lang.InternalError for an
+ * @summary Test that AccessController.doPrivileged throws java.lang.AbstractMethodError for an
  *          abstract run() method.
  * @bug 8183962
  * @compile DoPrivRunAbstract.jasm
@@ -56,8 +56,8 @@
 //    public static void main(String[] args) throws Exception {
 //        try {
 //            doPrivileged(() -> System.out.println(System.getProperty("java.home")));
-//            throw new RuntimeException("Expected InternalError not throw");
-//        } catch (java.lang.InternalError e) { }
+//            throw new RuntimeException("Expected AbstractMethodError not throw");
+//        } catch (java.lang.AbstractMethodError e) { }
 //    }
 //}
 
@@ -82,13 +82,13 @@
         invokestatic    Method doPrivileged:"(LDoPrivRunAbstract$VoidPrivActRunAbstract;)V";
         new    class java/lang/RuntimeException;
         dup;
-        ldc    String "Expected InternalError not throw";
+        ldc    String "Expected AbstractMethodError not throw";
         invokespecial    Method java/lang/RuntimeException."<init>":"(Ljava/lang/String;)V";
         athrow;
         endtry t0;
-        catch t0 java/lang/InternalError;
+        catch t0 java/lang/AbstractMethodError;
         stack_frame_type stack1;
-        stack_map class java/lang/InternalError;
+        stack_map class java/lang/AbstractMethodError;
         astore_1;
         return;
     }
--- a/test/hotspot/jtreg/runtime/JVMDoPrivileged/DoPrivileged.java	Wed Nov 07 01:04:26 2018 +0000
+++ b/test/hotspot/jtreg/runtime/JVMDoPrivileged/DoPrivileged.java	Tue Nov 06 16:04:50 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @summary Test that JVM_DoPrivilege() searches default methods when looking
+ * @summary Test that AccessController.doPrivileged() searches default methods when looking
  *          for the run() method.
  * @bug 8183962
  * @run main DoPrivileged
--- a/test/jdk/java/lang/StackWalker/VerifyStackTrace.java	Wed Nov 07 01:04:26 2018 +0000
+++ b/test/jdk/java/lang/StackWalker/VerifyStackTrace.java	Tue Nov 06 16:04:50 2018 -0800
@@ -71,7 +71,7 @@
             "3: VerifyStackTrace$Handle.run(VerifyStackTrace.java:158)\n" +
             "4: VerifyStackTrace.invoke(VerifyStackTrace.java:188)\n" +
             "5: VerifyStackTrace$1.run(VerifyStackTrace.java:218)\n" +
-            "6: java.base/java.security.AccessController.doPrivileged(Native Method)\n" +
+            "6: java.base/java.security.AccessController.doPrivileged(AccessController.java:310)\n" +
             "7: VerifyStackTrace.test(VerifyStackTrace.java:227)\n" +
             "8: VerifyStackTrace.main(VerifyStackTrace.java:182)\n";
 
@@ -105,7 +105,7 @@
             "7: java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n" +
             "8: java.base/java.lang.reflect.Method.invoke(Method.java:520)\n" +
             "9: VerifyStackTrace$1.run(VerifyStackTrace.java:220)\n" +
-            "10: java.base/java.security.AccessController.doPrivileged(Native Method)\n" +
+            "10: java.base/java.security.AccessController.doPrivileged(AccessController.java:310)\n" +
             "11: VerifyStackTrace.test(VerifyStackTrace.java:229)\n" +
             "12: VerifyStackTrace.main(VerifyStackTrace.java:185)\n";
 
@@ -142,9 +142,10 @@
             "10: java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n" +
             "11: java.base/java.lang.reflect.Method.invoke(Method.java:520)\n" +
             "12: VerifyStackTrace$1.run(VerifyStackTrace.java:222)\n" +
-            "13: java.base/java.security.AccessController.doPrivileged(Native Method)\n" +
-            "14: VerifyStackTrace.test(VerifyStackTrace.java:231)\n" +
-            "15: VerifyStackTrace.main(VerifyStackTrace.java:188)\n";
+            "13: java.base/java.security.AccessController.executePrivileged(AccessController.java:759)\n" +
+            "14: java.base/java.security.AccessController.doPrivileged(AccessController.java:310)\n" +
+            "15: VerifyStackTrace.test(VerifyStackTrace.java:231)\n" +
+            "16: VerifyStackTrace.main(VerifyStackTrace.java:188)\n";
 
         @Override public StackWalker walker() { return walker;}
         @Override public String description() { return description;}