New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Fixes for recent JDK support (eg JDK 17) #1361
Comments
Hi @ian-arkver I just wanted to make it clear that while I've found my way around OpenPnP, I'm in no way a Java expert. I'm clueless as to how one would identify and resolve these issues. So help is greatly appreciated. To make it clear: Don't hold your breath for me to fix this. _Mark |
Thanks Mark, understood. Me neither. However if we have a place where we can collate what's broken then those with some coding time and the necessary knowhow will have a place to start. I don't know whether it's just a matter of a few missing accessors or an explicit serialiser/deserialiser for some data type or whether something more fundamental will break like maybe "beans bindings won't work and the whole subsystem needs replaced" [Not saying beans bindings are broken, just an example]. For java.awt.Color there's some information here and some maybe relevant code here, though we'd need to make sure backward compatability with existing machine.xml files was preserved, i.e. the color was serialised to/from the existing format. |
I would be happy to help with this. @ian-arkver if you are willing to start tracking down some of the broken things and noting them here than I can jump into the code and try to get them fixed. |
Thanks Jason, I'll see what I can do. |
Interestingly there's already a custom serialiser in the code for awt.Color, eg. in CvStage/DrawCircles:
And this ColorConverter class uses getRed etc. as the example code I linked to does, so we end up with
So either the |
The only Color I could see that might end up in XML that didn't have the I fired the UI up under the debugger in VSCode and it works since VSCode uses the JDK that's specified in the pom.xml for the maven compiler plugin. This was set to 1.8 so I changed it to 17 (requires this without the 1. now) and rebuilt the package (by disabling the tests). Now both openpnp.sh and VSCode launcher give the same error, but it's a different error...
The tests still fail with the same problem writing machine.xml, so I guess they're run without invoking the monkeyPatch. Maybe they don't call Main. For example BasicJobTest can be run:
VSCode shows 18 errors during compile, all in EagleLoader.java for some reason. It also shows > 1300 warnings and 5 critical vulnerabilities in packages in pom.xml. I've not looked at any of these yet. I've pushed the few changes I made so far to the jdk17_hack branch in my repo. |
I commented out the test serialization before the machine.xml file write so we get the partially written file before the exception is thrown. Comparing the Java 17 version with the Java 8 version we can see that the next element to be written would have been:
which is an element with the custom serializer. So I guess this isn't working with 17, at least when run by the testbench. |
I'm re-reading through this and the other related tickets and one thing occoured to me: We do already support Java up to 15. We're not limited to 8. The only reason we ship the installers with 8 is because I've been lazy about updating those. We could update them to Java 15 today with no changes. You can see the list of versions officially supported here: https://github.com/openpnp/openpnp/blob/develop/.github/workflows/build_and_deploy.yml#L13 So, if the goal is just to get on a more recent version of the bundled JRE in the installers, that can be done now just by updating the installer. |
Defaulting to 15 in the pom and installer would be an improvement in my opinion, assuming that 15 is a more up-to-date and secure JRE than 8. I'm not sure whether this would break upgrades for people with only JRE 8 installed. I don't use the installers though so maybe they sidestep this problem for most people. Note also comments by Niclas here which imply getting rid of all illegal reflective accesses may be non-trivial. |
Recent discussion in the group... This brought to my attention --add-opens java commandline flag which can be used to open up the private internals of selected modules, thereby defeating the illegal reflective access restrictions. If you add the following two flags: Perhaps this is a solution to getting JDK17+ supported, though disabling the new restrictions in this way seems a little dubious. If there's interest I can submit a PR with my pom changes. The flags would need added to the shell and .bat launchers too. |
@ian-arkver, thanks for keeping an eye on this! This is all way above my Java knowledge. The question is: What's the harm? I see no harm.
So IMHO, I would happily accept a PR. Perhaps @vonnieda can assess this too? _Mark |
It's fine with me. Eventually we will need to modernize the codebase a bit but I see no problem with kicking the can down the road a little further. |
I think the --add-opens option was added in Java 9, so we can't add it for the default packaged Java 8. We'd need to change the target version in the pom, the bundled JRE version in the installers and probably the launch scripts - all at the same time. I'm also not sure how this would work with the installer and upgrading from a previous bundled JRE. I'd hope Install4j would handle it. I also don't really know how the installer launches it? Does it use the sh/bat or does it create its own launchers? I've never personally used a prebuilt version. A last bit of paranoia... is JRE 17 even available for all the supported platforms and OSes? OpenPnP users run it on quite a range of kit. |
The installer launches it directly, and you can specify additional command line arguments to it, so we can change it there eventually too, if we need to. But for now we could just leave the bundled version at JVM 8 and we don't need to worry about it. In other words, I'd focus on addressing specifically the users that are having the issue, and not worry about the ones who aren't. The people using the bundled JVM should be fine. Alternately, if you really want to dig into this, I'd support updating the installers and everything else to the latest JVM, and making whatever changes we need to support it first class. |
ok, well maybe a 2 phase approach then?
I'll do a PR for the first phase shortly. |
See #1398 though it clearly needs some more work. I'm unsure how the GH actions set up their JRE's. Perhaps there should only be one Java 17 one? Did this only work in the past because the target was lower than all the tested JRE versions? |
Hi Jason, Hi Mark! |
"Works For Me" with the latest test branch and OpenJDK 21 on Linux... [INFO] Results: java --version Which branch did you check out and build? |
latest: git status java --version |
Oh and it is Windows 11 |
I don't think the JDK fixes are on develop yet. Try the test branch. |
oh, test branch works |
Just wanted to reconfirm: developer branch does not work (yet) when using openjdk 17.0.10 2024-01-16 (debian 12) but test branch does indeed seem to work. |
@vonnieda @markmaker The "add-opens" workarounds have been on the test branch for a while and people seem to be using them successfully. These are just a sticky-plaster over actually fixing the library dependencies to work without the "opening". However they're most likely the best we're going to get any time soon. I think it might be time to merge them onto the develop branch. Are you planning another test->develop merge Mark? |
We could, after properly announcing it and calling for extended testing. We would have to freeze features, though, and only allow for fixing bugs. |
Absolutely, bringing test down onto develop is a lot of work, and I don't think it's worth that just for these JDK workarounds. I was really only asking to see if you were planning one anyway for other reasons. I haven't been following closely what all has landed in test recently. In the meantime anyone needing new JDK can use test. |
Feature Request / Request for Comment
Update dependencies and other fixes to allow OpenPnP to run with a recent Java VM.
I didn't find an online list, or any open Issues describing the current blockers for running with a more recent JDK,
so thought I'd create this as a place to collect the information and discussion.
Currently OpenPnP requires an old, insecure JDK version to work properly due to illegal reflective access failures in various places, for example when trying to write java.awt.Color to machine.xml. There are probably other places, possibly within package dependencies. These may be harder to work around than the java.awt.Color one.
Since JEP403 was implemented in Java 17, there's now no command line option to re-enable illegal reflective accesses.
How Will It Look?
There should hopefully be no changes to the user experience, unless some UI element dependencies are badly broken by Java 17.
Why Do We Need It?
Fixing this would avoid a common problem where new users try to run OpenPnP on a too recent Java version and report that it doesn't work.
Presumably the driver behind JEP403 and its predecessors was to improve security of the Java VM.
This could be useful to many people, especially new users installing it on a new machine.
Provide Examples
N/A
The text was updated successfully, but these errors were encountered: