LUCENE-9109: Use stack walker to implement TestSecurityManager's detection of JVM exit (#1114)

Use stack walker (Java 11 on master only) to implement TestSecurityManager's detection of test JVM exit

lucene/CHANGES.txt

@@ -62,6 +62,9 @@ Improvements
   previously treated as beginning a line-ending comment (Satoshi Kato and Masaru Hasegawa via
   Michael Sokolov)
 
+* LUCENE-9109: Use StackWalker to implement TestSecurityManager's detection
+  of JVM exit (Uwe Schindler)
+
 Bug fixes
 
 * LUCENE-8663: NRTCachingDirectory.slowFileExists may open a file while 
@@ -90,6 +93,9 @@ Improvements
 
 * LUCENE-9091: UnifiedHighlighter HTML escaping should only escape essentials (Nándor Mátravölgyi)
 
+* LUCENE-9109: Backport some changes from master (except StackWalker) to improve
+  TestSecurityManager (Uwe Schindler)
+
 Optimizations
 ---------------------
 (No changes)

lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java

@@ -16,8 +16,9 @@
  */
 package org.apache.lucene.util;
 
-import java.security.AccessController;
+import java.lang.StackWalker.StackFrame;
-import java.security.PrivilegedAction;
+import java.util.Locale;
+import java.util.function.Predicate;
 
 /**
  * A {@link SecurityManager} that prevents tests calling {@link System#exit(int)}.
@@ -28,10 +29,13 @@ import java.security.PrivilegedAction;
  */ 
 public final class TestSecurityManager extends SecurityManager {
   
-  static final String JUNIT4_TEST_RUNNER_PACKAGE = "com.carrotsearch.ant.tasks.junit4.";
+  private static final String JUNIT4_TEST_RUNNER_PACKAGE = "com.carrotsearch.ant.tasks.junit4.";
-  static final String ECLIPSE_TEST_RUNNER_PACKAGE = "org.eclipse.jdt.internal.junit.runner.";
+  private static final String ECLIPSE_TEST_RUNNER_PACKAGE = "org.eclipse.jdt.internal.junit.runner.";
-  static final String IDEA_TEST_RUNNER_PACKAGE = "com.intellij.rt.execution.junit.";
+  private static final String IDEA_TEST_RUNNER_PACKAGE = "com.intellij.rt.execution.junit.";
-  static final String GRADLE_TEST_RUNNER_PACKAGE = "worker.org.gradle.process.internal.worker";
+  private static final String GRADLE_TEST_RUNNER_PACKAGE = "worker.org.gradle.process.internal.worker.";
+
+  private static final String SYSTEM_CLASS_NAME = System.class.getName();
+  private static final String RUNTIME_CLASS_NAME = Runtime.class.getName();
   
   /**
    * Creates a new TestSecurityManager. This ctor is called on JVM startup,
@@ -50,46 +54,27 @@ public final class TestSecurityManager extends SecurityManager {
    */
   @Override
   public void checkExit(final int status) {
-    AccessController.doPrivileged(new PrivilegedAction<Void>() {
+    if (StackWalker.getInstance().walk(s -> s
-      @Override
+        .dropWhile(Predicate.not(TestSecurityManager::isExitStackFrame)) // skip all internal stack frames
-      public Void run() {
+        .dropWhile(TestSecurityManager::isExitStackFrame)                // skip all exit()/halt() stack frames
-        final String systemClassName = System.class.getName(),
+        .limit(1)                                                        // only look at one more frame (caller of exit)
-            runtimeClassName = Runtime.class.getName();
+        .map(StackFrame::getClassName)
-        String exitMethodHit = null;
+        .noneMatch(c -> c.startsWith(JUNIT4_TEST_RUNNER_PACKAGE) || 
-        for (final StackTraceElement se : Thread.currentThread().getStackTrace()) {
+            c.startsWith(ECLIPSE_TEST_RUNNER_PACKAGE) ||
-          final String className = se.getClassName(), methodName = se.getMethodName();
+            c.startsWith(IDEA_TEST_RUNNER_PACKAGE) ||
-          if (
+            c.startsWith(GRADLE_TEST_RUNNER_PACKAGE)))) {
-            ("exit".equals(methodName) || "halt".equals(methodName)) &&
+      throw new SecurityException(String.format(Locale.ENGLISH,
-            (systemClassName.equals(className) || runtimeClassName.equals(className))
+          "System/Runtime.exit(%1$d) or halt(%1$d) calls are not allowed because they terminate the test runner's JVM.",
-          ) {
+          status));
-            exitMethodHit = className + '#' + methodName + '(' + status + ')';
-            continue;
     }
-          
-          if (exitMethodHit != null) {
-            if (className.startsWith(JUNIT4_TEST_RUNNER_PACKAGE) || 
-                className.startsWith(ECLIPSE_TEST_RUNNER_PACKAGE) ||
-                className.startsWith(IDEA_TEST_RUNNER_PACKAGE) ||
-                className.startsWith(GRADLE_TEST_RUNNER_PACKAGE)) {
-              // this exit point is allowed, we return normally from closure:
-              return /*void*/ null;
-            } else {
-              // anything else in stack trace is not allowed, break and throw SecurityException below:
-              break;
-            }
-          }
-        }
-        
-        if (exitMethodHit == null) {
-          // should never happen, only if JVM hides stack trace - replace by generic:
-          exitMethodHit = "JVM exit method";
-        }
-        throw new SecurityException(exitMethodHit + " calls are not allowed because they terminate the test runner's JVM.");
-      }
-    });
-    
     // we passed the stack check, delegate to super, so default policy can still deny permission:
     super.checkExit(status);
   }
 
+  private static boolean isExitStackFrame(StackFrame f) {
+    final String methodName = f.getMethodName(), className = f.getClassName();
+    return ("exit".equals(methodName) || "halt".equals(methodName)) &&
+        (SYSTEM_CLASS_NAME.equals(className) || RUNTIME_CLASS_NAME.equals(className));
+  }
+  
 }