(15) RFR: JDK-8247444: Trust final fields in records
Aleksey Shipilev
shade at redhat.com
Thu Jun 18 12:43:20 UTC 2020
On 6/17/20 6:50 PM, Mandy Chung wrote:
> On 6/17/20 8:11 AM, Aleksey Shipilev wrote:
>> On 6/15/20 11:58 PM, Mandy Chung wrote:
>> Amusingly, with the rest of Unsafe available the barn is still full open. Here's the sketch for the
>> workaround: get the field list with getDeclaredFields, optionally guess the VM layout (the rules are
>> not that hard, and JOL does it routinely), instantiate a Record with whatever arguments, poke the
>> test patterns with Unsafe.put*, read them back from record components to verify. It would get me the
>> same objectFieldOffset in a round-about way.
>
> I'm aware of these workarounds in the wild. As sun.misc.Unsafe is JDK unsupported API, this patch
> does not attempt to implement a complete solution but adds an obvious notification informing the
> frameworks that `sun.misc.Unsafe::objectFieldOffset` and `sun.misc.Unsafe::staticField{Offset/Base}`
> not to support records.
I understand the intent. My point is that intent is mistimed during this time. I understand this
tripwire needs to be put while Records are still in preview. My point is that it cannot be put in
before Records serialization story has the preview-proven answer.
The intent also looks rather opaque. The intent is to notify maintainers, fine. I am one of the
maintainers (although not of serialization library, but still heavy-Unsafe one), so hear me out. I
came up with the workaround above in about 15 minutes after someone pointed out the exception to me.
Have it crossed my mind that maybe JDK developers want some help here? No. It looks like another
impediment that should be solved on the spot. Does that exception communicate any intent at all? The
message is generic. There is no comment. How would you expect to push maintainers to think along the
"we should be collaborating to find a proper way to do this", instead of "this is set in stone; let
me hack this around too"?
This is the actionable bit:
At very least the exception message should say something about the intent. And maybe even the
comment in Unsafe.java should point to the discussion about this intent and maybe even provide the
breadcrumbs to follow, e.g. to ObjectInputStream.readRecord().
>> Are we absolutely sure that what ObjectInputStream.readRecord() does fits the 3rd party
>> serialization libraries? Does it work for them performance-wise?
>
> There should be performance improvement opportunity (see Peter Levart's good work - JDK-8247532 [1])
>
>> (Are we even sure about that for JDK itself?)
>
> Java serialization support for records use its canonical constructor. (I'm not sure what you tried
> to point out by this).
Let me try again.
The existence of JDK-8247532 solidifies my concern: the JDK code itself had not yet figured out how
to do Record serialization fast! Now put yourself in the shoes of the 3rd party lib maintainer:
Unsafe is forbidden, JDK code itself is slow. Asking 3rd party lib maintainer to find whatever
intricate incantation they should use to get decent performance -- while JDK itself is still working
on it! -- puts them into weird position, from where the *sane* way out is to hack around the Unsafe
restriction. I mean, it is as enticing as hacking the JDK code itself, with the added benefit of
working across the JDK releases.
This is time and again the core of Unsafe discussion, which boils down to a very simple request: if
JDK developers take away some Unsafe APIs, 3rd party developers need to have the known good
replacement for it. If that does not happen, 3rd party developers would invest in doing more Unsafe
hacks.
Record serialization seems to fall into the same trap. To reiterate: the non-Unsafe code should be
proven as the viable alternative before breaking Unsafe. Otherwise, we only deepen the dependency on
Unsafe.
>> Because if it is not, 3rd party lib maintainers would proceed to hacking in the
>> "objectFieldOffset workaround" and we would get the cobra-effect-like strengthening of dependency on
>> Unsafe quirks.
>
> This is exactly why we request this for 15 so that 3rd-party lib maintainers can prototype and send
> feedback. We love to understand any stumbling block and work together to resolve any issue before
> records exit preview.
Again, JDK-8247532 is the writing on the wall: we don't need 3rd party developers to tell if Record
serialization works fast in 15 -- we already know it does not.
>> It is fun to consider JNI to be more powerful than Unsafe. This seems backwards. The intent to break
>> Unsafe users might be defensible, but this power oddity is still quite odd.
>
> I think you misread the message. There is no claim whether JNI or Unsafe is more powerful.
I don't think I did. Disallowing Unsafe to do something that JNI is allowed to do is making Unsafe
less powerful. This was nothing to do with what API is supported or not.
--
Thanks,
-Aleksey
More information about the core-libs-dev
mailing list