[code-reflection] RFR: Model verifier [v2]
Adam Sotona
asotona at openjdk.org
Mon Oct 14 07:33:23 UTC 2024
On Fri, 11 Oct 2024 17:36:52 GMT, Paul Sandoz <psandoz at openjdk.org> wrote:
>> Example is provided by the test: https://github.com/openjdk/babylon/blob/104ef7dda29d8f580b6f3f330436365764d0b3c7/test/jdk/java/lang/reflect/code/bytecode/TestLiftCustomBytecode.java#L74
>>
>> Yes, it can impact also other areas and more similar Interpreter corrections might be necessary.
>>
>> I'm aware of the impact of "erasing" int sub-types. We have to make a decision if all int sub-types are freely assignable (according to JVMS) or their assignability is strictly specified (as in JLS). This PR is a step toward the first option, where Interpreter should not fail on an attempt to call a method with short parameter when passing a boolean as an argument.
>>
>> A transformation inserting explicit type conversions is the option if we decide to go the assignability-strict way.
>>
>> Exactly the same issue is with objects assignability. Should we allow to pass an argument declared as of j.l.Object type to a method with other specific type parameter or should we inject explicit casts?
>
> The interpreter is indeed "relaxed" about references and boxing conversions, opting to use Method/VarHandle.invoke rather than invokeExact etc, guarding at runtime with casts and boxing/unboxing conversions.
>
> This does mean there is some possible ambiguity when building code models explicitly and invoking say method `m(int )` when the method's argument's type is unintentionally declared to be symbolically an `Integer`. We don't differentiate because all runtime values are boxed and it is simpler not to track in more detail.
>
> e.g.,
>
> CoreOp.FuncOp f = CoreOp.func("f", FunctionType.functionType(JavaType.VOID, JavaType.J_L_INTEGER))
> .body(b -> {
> Block.Parameter i = b.parameters().get(0);
> b.op(CoreOp.invoke(MethodRef.method(T.class, "m", void.class, int.class), i));
> b.op(CoreOp._return());
> });
> System.out.println(f.toText());
>
> // Works, the Integer parameter is unboxed to an int argument
> Interpreter.invoke(MethodHandles.lookup(),
> f, 1);
>
>
> Change to:
>
> CoreOp.FuncOp f = CoreOp.func("f", FunctionType.functionType(JavaType.VOID, JavaType.J_L_STRING))
> .body(b -> {
> Block.Parameter i = b.parameters().get(0);
> b.op(CoreOp.invoke(MethodRef.method(T.class, "m", void.class, int.class), i));
> b.op(CoreOp._return());
> });
> System.out.println(f.toText());
>
> And the interpreter will rightly fail in MethodHandle.asType conversion when interpreting the invoke operation.
>
> We could make the interpreter perform stronger runtime checks according to the symbolic types thereby identify issues closer to the problem. Although perhaps that is a validation step? So far though I like the simplicity and using reflection to catch the issues.
>
> However, I think basic narrowing primitive conversions (int to short etc) are a little different because they can in general be lossy and there is no failure, by design, in such cases. This strongly suggests to me that such implicit and lossy primitive conversions should be something that is not the default behaviour and we should opt in. Then that behaviour can be used for models lifted from bytecode that operate on basic primitive types.
>
> In effect what we have now is this kind of transformation pipeline
>
> Java source -> Model-high -> Model-low -> bytecode -> Model-low-basic
>
> Then ideally we round trip on:
>
> b...
OK, I think I understand the direction, relaxed rules have ugly side effects. I'll change this PR the other way - lift will insert explicit int conversions to the identified places where Interpreter would clearly fail. Interpreter stay more strict and Verifier follow the Interpreter.
-------------
PR Review Comment: https://git.openjdk.org/babylon/pull/247#discussion_r1798896902
More information about the babylon-dev
mailing list