Test with --sun-misc-unsafe-memory-access=deny

trask · trask · commit 012cf65cd8c0 · 2025-09-19T18:49:51.000-07:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -32,6 +32,10 @@ jobs:
           - 11
           - 17
           - 21
+          # keeping 23 around for now because its new enough to support --sun-misc-unsafe-memory-access=deny
+          # but old enough to support -Djava.security.manager which is used to work around an issue with
+          # the protobuf test-only dependency
+          - 23
           - 24 # renovate: datasource=java-version
         # Collect coverage on latest LTS
         include:
@@ -49,6 +53,8 @@ jobs:
             test-java-version: 17
           - os: macos-13
             test-java-version: 21
+          - os: macos-13
+            test-java-version: 23
           - os: macos-13
             test-java-version: 24 # renovate: datasource=java-version
     steps:
@@ -70,11 +76,13 @@ jobs:
 
       - name: Set up gradle
         uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
+
       - name: Build
         run: >
             ./gradlew build
             ${{ matrix.coverage && 'jacocoTestReport' || '' }}
             -PtestJavaVersion=${{ matrix.test-java-version }}
+            ${{ matrix.test-java-version == 23 && '-PdenyUnsafe=true' || '' }}
             "-Porg.gradle.java.installations.paths=${{ steps.setup-java-test.outputs.path }}"
             "-Porg.gradle.java.installations.auto-download=false"
         env:
diff --git a/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts b/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts
@@ -70,6 +70,7 @@ dependencyCheck {
 }
 
 val testJavaVersion = gradle.startParameter.projectProperties.get("testJavaVersion")?.let(JavaVersion::toVersion)
+val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
 
 tasks {
   withType<JavaCompile>().configureEach {
@@ -114,6 +115,11 @@ tasks {
       )
     }
 
+    // Add JVM arguments when denyUnsafe property is set
+    if (denyUnsafe) {
+      jvmArgs("--sun-misc-unsafe-memory-access=deny")
+    }
+
     val defaultMaxRetries = if (System.getenv().containsKey("CI")) 2 else 0
     val maxTestRetries = gradle.startParameter.projectProperties["maxTestRetries"]?.toInt() ?: defaultMaxRetries
 
diff --git a/exporters/common/build.gradle.kts b/exporters/common/build.gradle.kts
@@ -76,6 +76,15 @@ testing {
 }
 
 tasks {
+  withType<Test>().configureEach {
+    val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
+    if (denyUnsafe) {
+      // Use a custom Security Manager to force proper fallback from protobuf under --sun-misc-unsafe-memory-access=deny
+      // Workaround for https://github.com/protocolbuffers/protobuf/issues/20760
+      // Note: protobuf is only a test dependency, so this issue does not affect users
+      jvmArgs("-Djava.security.manager=io.opentelemetry.exporter.internal.unsafe.ProtobufWorkaroundSecurityManager")
+    }
+  }
   check {
     dependsOn(testing.suites)
   }
diff --git a/exporters/common/src/test/java/io/opentelemetry/exporter/internal/unsafe/ProtobufWorkaroundSecurityManager.java b/exporters/common/src/test/java/io/opentelemetry/exporter/internal/unsafe/ProtobufWorkaroundSecurityManager.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.exporter.internal.unsafe;
+
+import java.security.Permission;
+
+public class ProtobufWorkaroundSecurityManager extends SecurityManager {
+
+  @Override
+  public void checkPermission(Permission perm) {
+    // Block access to sun.misc.Unsafe fields
+    if (perm instanceof java.lang.reflect.ReflectPermission) {
+      if ("suppressAccessChecks".equals(perm.getName())) {
+        // Get the stack trace to see what's trying to access
+        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+        for (StackTraceElement element : stack) {
+          if (element.getClassName().contains("UnsafeUtil")
+              && element.getMethodName().contains("getUnsafe")) {
+            throw new SecurityException("Access to sun.misc.Unsafe denied");
+          }
+        }
+      }
+    }
+    // Allow everything else
+  }
+
+  @Override
+  public void checkPermission(Permission perm, Object context) {
+    checkPermission(perm);
+  }
+}
diff --git a/exporters/common/src/testGrpcSenderProvider/java/io/opentelemetry/exporter/internal/unsafe/ProtobufWorkaroundSecurityManager.java b/exporters/common/src/testGrpcSenderProvider/java/io/opentelemetry/exporter/internal/unsafe/ProtobufWorkaroundSecurityManager.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.exporter.internal.unsafe;
+
+import java.security.Permission;
+
+public class ProtobufWorkaroundSecurityManager extends SecurityManager {
+
+  @Override
+  public void checkPermission(Permission perm) {
+    // Block access to sun.misc.Unsafe fields
+    if (perm instanceof java.lang.reflect.ReflectPermission) {
+      if ("suppressAccessChecks".equals(perm.getName())) {
+        // Get the stack trace to see what's trying to access
+        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+        for (StackTraceElement element : stack) {
+          if (element.getClassName().contains("UnsafeUtil")
+              && element.getMethodName().contains("getUnsafe")) {
+            throw new SecurityException("Access to sun.misc.Unsafe denied");
+          }
+        }
+      }
+    }
+    // Allow everything else
+  }
+
+  @Override
+  public void checkPermission(Permission perm, Object context) {
+    checkPermission(perm);
+  }
+}
diff --git a/exporters/common/src/testHttpSenderProvider/java/io/opentelemetry/exporter/internal/unsafe/ProtobufWorkaroundSecurityManager.java b/exporters/common/src/testHttpSenderProvider/java/io/opentelemetry/exporter/internal/unsafe/ProtobufWorkaroundSecurityManager.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.exporter.internal.unsafe;
+
+import java.security.Permission;
+
+public class ProtobufWorkaroundSecurityManager extends SecurityManager {
+
+  @Override
+  public void checkPermission(Permission perm) {
+    // Block access to sun.misc.Unsafe fields
+    if (perm instanceof java.lang.reflect.ReflectPermission) {
+      if ("suppressAccessChecks".equals(perm.getName())) {
+        // Get the stack trace to see what's trying to access
+        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+        for (StackTraceElement element : stack) {
+          if (element.getClassName().contains("UnsafeUtil")
+              && element.getMethodName().contains("getUnsafe")) {
+            throw new SecurityException("Access to sun.misc.Unsafe denied");
+          }
+        }
+      }
+    }
+    // Allow everything else
+  }
+
+  @Override
+  public void checkPermission(Permission perm, Object context) {
+    checkPermission(perm);
+  }
+}
diff --git a/exporters/common/src/testWithoutUnsafe/java/io/opentelemetry/exporter/internal/unsafe/ProtobufWorkaroundSecurityManager.java b/exporters/common/src/testWithoutUnsafe/java/io/opentelemetry/exporter/internal/unsafe/ProtobufWorkaroundSecurityManager.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.exporter.internal.unsafe;
+
+import java.security.Permission;
+
+public class ProtobufWorkaroundSecurityManager extends SecurityManager {
+
+  @Override
+  public void checkPermission(Permission perm) {
+    // Block access to sun.misc.Unsafe fields
+    if (perm instanceof java.lang.reflect.ReflectPermission) {
+      if ("suppressAccessChecks".equals(perm.getName())) {
+        // Get the stack trace to see what's trying to access
+        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+        for (StackTraceElement element : stack) {
+          if (element.getClassName().contains("UnsafeUtil")
+              && element.getMethodName().contains("getUnsafe")) {
+            throw new SecurityException("Access to sun.misc.Unsafe denied");
+          }
+        }
+      }
+    }
+    // Allow everything else
+  }
+
+  @Override
+  public void checkPermission(Permission perm, Object context) {
+    checkPermission(perm);
+  }
+}
diff --git a/exporters/otlp/common/build.gradle.kts b/exporters/otlp/common/build.gradle.kts
@@ -41,6 +41,16 @@ dependencies {
   jmhImplementation("io.grpc:grpc-netty")
 }
 
+tasks.withType<Test>().configureEach {
+  val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
+  if (denyUnsafe) {
+    // Use a custom Security Manager to force proper fallback from protobuf under --sun-misc-unsafe-memory-access=deny
+    // Workaround for https://github.com/protocolbuffers/protobuf/issues/20760
+    // Note: protobuf is only a test dependency, so this issue does not affect users
+    jvmArgs("-Djava.security.manager=io.opentelemetry.exporter.internal.otlp.unsafe.ProtobufWorkaroundSecurityManager")
+  }
+}
+
 testing {
   suites {
     register<JvmTestSuite>("testIncubating") {
diff --git a/exporters/otlp/common/src/test/java/io/opentelemetry/exporter/internal/otlp/unsafe/ProtobufWorkaroundSecurityManager.java b/exporters/otlp/common/src/test/java/io/opentelemetry/exporter/internal/otlp/unsafe/ProtobufWorkaroundSecurityManager.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.exporter.internal.otlp.unsafe;
+
+import java.security.Permission;
+
+public class ProtobufWorkaroundSecurityManager extends SecurityManager {
+
+  @Override
+  public void checkPermission(Permission perm) {
+    // Block access to sun.misc.Unsafe fields
+    if (perm instanceof java.lang.reflect.ReflectPermission) {
+      if ("suppressAccessChecks".equals(perm.getName())) {
+        // Get the stack trace to see what's trying to access
+        StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+        for (StackTraceElement element : stack) {
+          if (element.getClassName().contains("UnsafeUtil")
+              && element.getMethodName().contains("getUnsafe")) {
+            throw new SecurityException("Access to sun.misc.Unsafe denied");
+          }
+        }
+      }
+    }
+    // Allow everything else
+  }
+
+  @Override
+  public void checkPermission(Permission perm, Object context) {
+    checkPermission(perm);
+  }
+}
diff --git a/exporters/prometheus/build.gradle.kts b/exporters/prometheus/build.gradle.kts
@@ -34,6 +34,14 @@ dependencies {
 }
 
 tasks {
+  named<Test>("test") {
+    val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
+    if (denyUnsafe) {
+      // These tests use Armeria which uses Unsafe via JCTools
+      jvmArgs("--sun-misc-unsafe-memory-access=allow")
+    }
+  }
+
   check {
     dependsOn(testing.suites)
   }
diff --git a/exporters/zipkin/build.gradle.kts b/exporters/zipkin/build.gradle.kts
@@ -24,3 +24,11 @@ dependencies {
   testImplementation("com.linecorp.armeria:armeria")
   testImplementation("org.testcontainers:junit-jupiter")
 }
+
+tasks.named<Test>("test") {
+  val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
+  if (denyUnsafe) {
+    // These tests use Armeria which uses Unsafe via JCTools
+    jvmArgs("--sun-misc-unsafe-memory-access=allow")
+  }
+}
diff --git a/integration-tests/build.gradle.kts b/integration-tests/build.gradle.kts
@@ -14,3 +14,11 @@ dependencies {
   testImplementation("org.junit.jupiter:junit-jupiter-params")
   testImplementation("org.testcontainers:junit-jupiter")
 }
+
+tasks.named<Test>("test") {
+  val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
+  if (denyUnsafe) {
+    // These tests use Armeria which uses Unsafe via JCTools
+    jvmArgs("--sun-misc-unsafe-memory-access=allow")
+  }
+}
diff --git a/integration-tests/otlp/build.gradle.kts b/integration-tests/otlp/build.gradle.kts
@@ -33,6 +33,14 @@ testing {
 }
 
 tasks {
+  named<Test>("test") {
+    val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
+    if (denyUnsafe) {
+      // These tests use Armeria which uses Unsafe via JCTools
+      jvmArgs("--sun-misc-unsafe-memory-access=allow")
+    }
+  }
+
   // Don't need javadoc.
   javadoc {
     isEnabled = false
diff --git a/opencensus-shim/build.gradle.kts b/opencensus-shim/build.gradle.kts
@@ -30,4 +30,10 @@ tasks.named<Test>("test") {
   // methods available.
   setForkEvery(1)
   maxParallelForks = 3
+
+  val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
+  if (denyUnsafe) {
+    // OpenCensus uses LMAX Disruptor 3.4.2 which uses Unsafe
+    jvmArgs("--sun-misc-unsafe-memory-access=allow")
+  }
 }
diff --git a/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/JcToolsTest.java b/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/JcToolsTest.java
@@ -43,7 +43,7 @@ void drain_ArrayBlockingQueue() {
   void drain_MessagePassingQueue() {
     // Arrange
     batch.add("Test3");
-    Queue<String> queue = new MpscArrayQueue<>(10);
+    Queue<String> queue = JcTools.newFixedSizeQueue(10);
     queue.add("Test1");
     queue.add("Test2");
 
@@ -58,7 +58,7 @@ void drain_MessagePassingQueue() {
   @Test
   void drain_MaxBatch() {
     // Arrange
-    Queue<String> queue = new MpscArrayQueue<>(10);
+    Queue<String> queue = JcTools.newFixedSizeQueue(10);
     queue.add("Test1");
     queue.add("Test2");
 
@@ -79,7 +79,10 @@ void newFixedSize_MpscQueue() {
     Queue<Object> objects = JcTools.newFixedSizeQueue(capacity);
 
     // Assert
-    assertThat(objects).isInstanceOf(MpscArrayQueue.class);
+    assertThat(objects)
+        .satisfiesAnyOf(
+            queue -> assertThat(queue).isInstanceOf(MpscArrayQueue.class),
+            queue -> assertThat(queue).isInstanceOf(ArrayBlockingQueue.class));
   }
 
   @Test
@@ -92,7 +95,7 @@ void capacity_MpscQueue() {
     long queueSize = JcTools.capacity(queue);
 
     // Assert
-    assertThat(queueSize).isGreaterThan(capacity);
+    assertThat(queueSize).isGreaterThanOrEqualTo(capacity);
   }
 
   @Test

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,7 @@ dependencyCheck {`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`val testJavaVersion = gradle.startParameter.projectProperties.get("testJavaVersion")?.let(JavaVersion::toVersion)`
	`73`	`+val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false`
`73`	`74`
`74`	`75`	`tasks {`
`75`	`76`	`withType<JavaCompile>().configureEach {`
`@@ -114,6 +115,11 @@ tasks {`
`114`	`115`	`)`
`115`	`116`	`}`
`116`	`117`
	`118`	`+ // Add JVM arguments when denyUnsafe property is set`
	`119`	`+ if (denyUnsafe) {`
	`120`	`+ jvmArgs("--sun-misc-unsafe-memory-access=deny")`
	`121`	`+ }`
	`122`	`+`
`117`	`123`	`val defaultMaxRetries = if (System.getenv().containsKey("CI")) 2 else 0`
`118`	`124`	`val maxTestRetries = gradle.startParameter.projectProperties["maxTestRetries"]?.toInt() ?: defaultMaxRetries`
`119`	`125`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,14 @@ dependencies {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`tasks {`
	`37`	`+ named<Test>("test") {`
	`38`	`+ val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false`
	`39`	`+ if (denyUnsafe) {`
	`40`	`+ // These tests use Armeria which uses Unsafe via JCTools`
	`41`	`+ jvmArgs("--sun-misc-unsafe-memory-access=allow")`
	`42`	`+ }`
	`43`	`+ }`
	`44`	`+`
`37`	`45`	`check {`
`38`	`46`	`dependsOn(testing.suites)`
`39`	`47`	`}`