Gap Buffer based AbstractStringBuilder implementation

Osvaldo Pinali Doederlein opinali at gmail.com
Sun Nov 22 19:23:59 UTC 2009


Em 22/11/2009 05:55, Thomas Hawtin escreveu:
> Osvaldo Doederlein wrote:
>
>> Looks like good stuff. And it remembers me from another old issue: 
>> patterns of code that demand data copying that could often be 
>> avoided. Every StringBuffer/StringBuilder is ultimately consumed by a 
>> toString() invocation to produce the result String, and in 99% of all 
>> uses, only one such String is produced and the buffer object is 
>> immediately discarded. So, toString() could pass the internal char[] 
>> to the String constructor, instead of forcing its copy. The API is 
>> coded conservatively to always do that copy, because in 1% of cases 
>> people 
>
> There is a security issue there. When multiple threads are involved, 
> it is possible (though not necessily easy) to create a mutable String 
> if the backing char[] is shared.
>
> Tom Hawtin

That's true. But there's apparently a simple solution

     public String toStringShared() {
         // createShared() is a package-protected helper/ctor
         String ret = String.createShared(value, 0, count);
         // Reset value, so evil user can't abuse the buffer to change 
the String.
         value = EMPTY;
         count = 0;
         return ret;
     }
     private static final char[] EMPTY = new char[0];

This solution should be safe, without need of escape/alias analysis, 
because StringBuilder and StringBuffer don't have any methods that 
return a new mutable object that shares the same char[]. The only APIs 
that aliases the buffer is subSequence(), but this returns a 
CharSequence which is a read-only object.

A+
Osvaldo



More information about the core-libs-dev mailing list