[GR-66019] [GR-65487] Symbol encoder fixes and refactor preserve module selector

PullRequest: graal/21253

Author: rudsberg

docs/reference-manual/native-image/BuildOutput.md

@@ -277,14 +277,28 @@ Unassociated types are displayed when certain types (such as classes, interfaces
 If these types contain vulnerabilities, SBOM scanning will not detect them.
 To fix this, ensure that proper GAV coordinates (Group ID, Artifact ID, and Version) are defined in the project POM's properties or in _MANIFEST.MF_ using standard formats.
 
+Use the [build report](BuildReport.md) to view included components, their dependencies, and any unassociated types.
 For more information, see [Software Bill of Materials](../../security/native-image.md).
 
-#### <a name="glossary-obfuscation"></a>Obfuscation
-This section indicates whether obfuscation was applied and provides related statistics.
-Obfuscation is applied to your application code and third-party dependencies, but not to the JDK or [Substrate VM](https://github.com/oracle/graal/tree/master/substratevm) code.
-The following elements are obfuscated: module, package, and class names; method and source file names in stack traces; and field names in heap dumps.
-The following elements are not obfuscated: symbols affected by registrations in reachability metadata; modules and packages that contain a class which loads a resource; annotations; lambdas; and proxies.
-Use `-H:EnableObfuscation=export-mapping` to export a build artifact containing the mappings from original to obfuscated names.
+#### <a name="glossary-obfuscation"></a>Advanced Obfuscation
+This section indicates whether advanced obfuscation was applied.
+Advanced obfuscation is applied to your application code and third-party dependencies, but not to the JDK or [Substrate VM](https://github.com/oracle/graal/tree/master/substratevm) code.
+
+**Obfuscated elements include:**
+* Module, package, and class names
+* Method and source file names (as seen in stack traces)
+* Field names (as seen in heap dumps)
+
+**Elements that are _not_ obfuscated:**
+* Names affected by registrations in reachability metadata
+* Names in preserved code (via `-H:Preserve`)
+* Module and package names containing a class that loads a resource
+* Names of annotations, lambdas, and proxies
+
+To export a mapping from original to obfuscated names, use `-H:AdvancedObfuscation=export-mapping`. 
+See the [build report](BuildReport.md) for summary statistics, such as the percentage of class and method names that were obfuscated. 
+
+> Native Image obfuscates binaries by removing class files, applying aggressive optimizations, and eliminating dead code. The advanced obfuscation feature also obfuscates symbol names.
 
 #### <a name="glossary-backwards-edge-cfi"></a>Backwards-Edge Control-Flow Integrity (CFI)
 Control-Flow Integrity (CFI) can be enforced with the experimental `-H:CFI=HW` option.

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/NativeImageClassLoaderSupport.java

@@ -135,12 +135,10 @@ public final class NativeImageClassLoaderSupport {
     private final IncludeSelectors preserveSelectors = new IncludeSelectors(SubstrateOptions.Preserve);
     private final IncludeSelectors dynamicAccessSelectors = new IncludeSelectors(SubstrateOptions.TrackDynamicAccess);
     private boolean includeConfigSealed;
-    private boolean preserveAll;
     private ValueWithOrigin<String> preserveAllOrigin;
 
     public void clearPreserveSelectors() {
         preserveSelectors.clear();
-        preserveAll = false;
         preserveAllOrigin = null;
     }
 
@@ -149,7 +147,31 @@ public void clearDynamicAccessSelectors() {
     }
 
     public boolean isPreserveMode() {
-        return !preserveSelectors.classpathEntries.isEmpty() || !preserveSelectors.moduleNames.isEmpty() || !preserveSelectors.packages.isEmpty() || preserveAll;
+        return !preserveSelectors.classpathEntries.isEmpty() || !preserveSelectors.moduleNames.isEmpty() || !preserveSelectors.packages.isEmpty() || preserveAll();
+    }
+
+    /**
+     * @return true if {@link PreserveOptionsSupport#PRESERVE_ALL preserve all} is enabled.
+     */
+    private boolean preserveAll() {
+        return preserveAllOrigin().isPresent();
+    }
+
+    /**
+     * Returns the {@link PreserveOptionsSupport#PRESERVE_ALL preserve all} selector's
+     * {@link ValueWithOrigin} if it was set.
+     */
+    public Optional<ValueWithOrigin<?>> preserveAllOrigin() {
+        return Optional.ofNullable(preserveAllOrigin);
+    }
+
+    /**
+     * Returns the {@link NativeImageClassLoaderSupport#ALL_UNNAMED module} selector's
+     * {@link ValueWithOrigin} if it was set. If set, all elements from all class-path entries are
+     * preserved.
+     */
+    public Optional<ValueWithOrigin<?>> preserveClassPathOrigin() {
+        return Optional.ofNullable(preserveSelectors.preserveClassPathOrigin);
     }
 
     public IncludeSelectors getPreserveSelectors() {
@@ -290,7 +312,7 @@ private ModuleFinder getModulePathsFinder() {
     public void loadAllClasses(ForkJoinPool executor, ImageClassLoader imageClassLoader) {
         VMError.guarantee(!includeConfigSealed, "This method should be executed only once.");
 
-        if (preserveAll) {
+        if (preserveAll()) {
             String msg = """
                             This image build includes all classes from the classpath and the JDK via the %s option. This will lead to noticeably bigger images and increased startup times.
                             If you notice '--initialize-at-build-time' related errors during the build, this is because unanticipated types ended up in the image heap.\
@@ -1154,8 +1176,6 @@ public Set<String> getClassNamesToPreserve() {
 
     public void setPreserveAll(ValueWithOrigin<String> valueWithOrigin) {
         this.preserveAllOrigin = valueWithOrigin;
-        preserveAll = true;
-
     }
 
     public void setTrackAllDynamicAccess(ValueWithOrigin<String> valueWithOrigin) {
@@ -1183,6 +1203,12 @@ public Stream<Class<?>> getClassesToPreserve() {
     public class IncludeSelectors {
         private static final String CLASS_INCLUSION_SEALED_MSG = "Class inclusion configuration is already sealed.";
 
+        /**
+         * This is non-null if {@link NativeImageClassLoaderSupport#ALL_UNNAMED} is used as a module
+         * preserve selector. With this enabled, all elements from all class-path entries are
+         * preserved.
+         */
+        private ValueWithOrigin<?> preserveClassPathOrigin;
         private final Map<String, IncludeOptionsSupport.ExtendedOptionWithOrigin> moduleNames = new LinkedHashMap<>();
         private final Map<IncludeOptionsSupport.PackageOptionValue, IncludeOptionsSupport.ExtendedOptionWithOrigin> packages = new LinkedHashMap<>();
         private final Map<Path, IncludeOptionsSupport.ExtendedOptionWithOrigin> classpathEntries = new LinkedHashMap<>();
@@ -1283,9 +1309,9 @@ private String originatingOptionString(IncludeOptionsSupport.ExtendedOptionWithO
         public void addModule(String moduleName, IncludeOptionsSupport.ExtendedOptionWithOrigin extendedOptionWithOrigin) {
             VMError.guarantee(!includeConfigSealed, CLASS_INCLUSION_SEALED_MSG);
             if (moduleName.equals(ALL_UNNAMED)) {
-                IncludeOptionsSupport.ExtendedOptionWithOrigin includeOptionsSupport = extendedOptionWithOrigin == null ? null
-                                : new IncludeOptionsSupport.ExtendedOptionWithOrigin(extendedOptionWithOrigin.option(),
-                                                extendedOptionWithOrigin.valueWithOrigin());
+                preserveClassPathOrigin = extendedOptionWithOrigin.valueWithOrigin();
+                IncludeOptionsSupport.ExtendedOptionWithOrigin includeOptionsSupport = new IncludeOptionsSupport.ExtendedOptionWithOrigin(extendedOptionWithOrigin.option(),
+                                extendedOptionWithOrigin.valueWithOrigin());
                 for (Path path : applicationClassPath()) {
                     classpathEntries.put(path, includeOptionsSupport);
                 }
@@ -1308,6 +1334,7 @@ public void clear() {
             packages.clear();
             moduleNames.clear();
             classpathEntries.clear();
+            preserveClassPathOrigin = null;
         }
 
         public Set<Path> classpathEntries() {

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/analysis/DynamicHubInitializer.java

@@ -29,6 +29,8 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
+import com.oracle.svm.core.encoder.IdentitySymbolEncoder;
+import com.oracle.svm.core.encoder.SymbolEncoder;
 import org.graalvm.nativeimage.c.function.CFunctionPointer;
 
 import com.oracle.graal.pointsto.BigBang;
@@ -70,6 +72,7 @@ public class DynamicHubInitializer {
     private final SVMHost hostVM;
     private final AnalysisMetaAccess metaAccess;
     private final ConstantReflectionProvider constantReflection;
+    private final SymbolEncoder symbolEncoder;
 
     private final Map<InterfacesEncodingKey, DynamicHub[]> interfacesEncodings;
 
@@ -84,6 +87,7 @@ public DynamicHubInitializer(BigBang bb) {
         this.metaAccess = bb.getMetaAccess();
         this.hostVM = (SVMHost) bb.getHostVM();
         this.constantReflection = bb.getConstantReflectionProvider();
+        this.symbolEncoder = SymbolEncoder.singleton();
 
         this.interfacesEncodings = new ConcurrentHashMap<>();
 
@@ -175,7 +179,7 @@ private boolean shouldRescanHub(ImageHeapScanner heapScanner, DynamicHub hub) {
     /**
      * For reachable classes, register class's package in appropriate class loader.
      */
-    private static void registerPackage(ImageHeapScanner heapScanner, Class<?> javaClass, DynamicHub hub) {
+    private void registerPackage(ImageHeapScanner heapScanner, Class<?> javaClass, DynamicHub hub) {
         /*
          * Due to using {@link NativeImageSystemClassLoader}, a class's ClassLoader during runtime
          * may be different from the class used to load it during native-image generation.
@@ -190,7 +194,9 @@ private static void registerPackage(ImageHeapScanner heapScanner, Class<?> javaC
             ClassLoader runtimeClassLoader = ClassLoaderFeature.getRuntimeClassLoader(classloader);
             VMError.guarantee(runtimeClassLoader != null, "Class loader missing for class %s", hub.getName());
             String packageName = hub.getPackageName();
-            assert packageName.equals(packageValue.getName()) : Assertions.errorMessage("Package name mismatch:", packageName, packageValue.getName());
+            if (symbolEncoder instanceof IdentitySymbolEncoder) {
+                assert packageName.equals(packageValue.getName()) : Assertions.errorMessage("Package name mismatch:", packageName, packageValue.getName());
+            }
             HostedClassLoaderPackageManagement.singleton().registerPackage(runtimeClassLoader, packageName, packageValue, heapScanner::rescanObject);
         }
     }