StringTemplates deferred evaluation

Justin Spindler justin.spindler at gmail.com
Sun Mar 17 17:39:24 UTC 2024 

> The issue is that deferred evaluation could provide a gapping
vulnerability.

I'd be curious about this vulnerability.

> You can get the effect you want by using Suppler objects as embedded
expressions.

Sure, but that increases the amount of code that the developer needs to
write pretty substantially, especially since there are no natural types for
lambdas so the developer would have to assign that to a typed variable
ahead of time or cast explicitly to a Supplier in the embedded expression.

FOO."This is a test: \{(Supplier<Integer>) () -> calc(x, y, z)}"

It's fine if this isn't a scenario that the team hasn't considered, or
believes that there are sufficient workarounds.  I will say that it's
not that uncommon that I find logging code at trace or debug levels
that ends up calculating complex strings (even stacktraces) which is
noticeable enough to cause performance regressions.  We do try to
emphasize using the Supplier overloads of log4j methods to avoid that
calculation, but it's certainly not a pit of success.


On Sun, Mar 17, 2024 at 1:28 PM Jim Laskey <james.laskey at oracle.com> wrote:

> There was a discussion about this on this list a while back. The issue is
> that deferred evaluation could provide a gapping vulnerability.
>
> You can get the effect you want by using Suppler objects as embedded
> expressions. I posted a logging example using a timestamp Supplier. The
> Suppler was evaluated by the processor.
>
> In the new world we are working on, the same thing can done. The plan is
> to provide a mapValues method as in st.mapValues(v -> v instanceof Supplier
> S ? S.get() : v).
>
> — Jim
>
> 📱
>
> > On Mar 17, 2024, at 12:14 PM, Justin Spindler <justin.spindler at gmail.com>
> wrote:
> >
> > 
> > I was toying around with the second preview of StringTemplates and I had
> a question regarding their design.  I was wondering if it had been
> considered for the embedded expressions to be evaluated lazily?
> >
> > One of the first use cases that came to mind when I was exploring
> StringTemplates is logging.  That is an extremely common case where we want
> to produce a form of interpolated value, and the current syntax generally
> has the same concerns that a formatted string would, in that the inputs are
> removed from where they are defined within the message format.  However, if
> the log message is below the log level threshold you generally don't want
> to incur the cost of building the message, including evaluating those
> embedded expressions.  Log libraries typically offer a mechanism to defer
> evaluation via Suppliers, but that feels like it would be a challenge to
> use within StringTemplate.
> >
> > C# is an example of a language that offers this functionality via
> FormattableString, which gives a method the ability to choose whether or
> not to interpret the template or evaluate the expressions.  That allows
> logging below threshold to be more or less a no-op.
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/amber-dev/attachments/20240317/7e6ecbb7/attachment-0001.htm>

More information about the amber-dev mailing list