RFR: 8287244: Add bound check in indexed memory access var handle
Maurizio Cimadamore
mcimadamore at openjdk.java.net
Tue May 24 14:56:39 UTC 2022
On Tue, 24 May 2022 14:40:56 GMT, Maurizio Cimadamore <mcimadamore at openjdk.org> wrote:
> Constructing indexed var handles using the `MemoryLayout` API produces `VarHandle` which do not check the input indices for out-of-bounds conditions.
> While this can never result in a VM crash (after all the memory segment will protect against "true" OOB access), it is still possible for an access expression to refer to parts of a segment that are logically unrelated.
>
> This patch adds a "logical" bound check to all indexed var handles generated using the layout API.
> Benchmarks are not affected by the check. Users are still able to create custom "unchecked" var handles, using the combinator API in `MethodHandles`.
src/java.base/share/classes/java/lang/foreign/MemoryLayout.java line 537:
> 535: *
> 536: * <ul>
> 537: * <li>if {@code F > 0}, then {@code B = ceilDiv(C - S, F)}</li>
These formulas come from the formula for computing the accessed index A:
`A = S + I * F`
And then deriving the value for I, by equating `A = C` (for F > 0) and `A = -1` (for F < 0) - that is equating the accessed index to the "first" out of bound index. `ceilDiv` ensures there is "some room" between the max/min index and the selected one.
src/java.base/share/classes/jdk/internal/foreign/LayoutPath.java line 109:
> 107: SequenceLayout seq = (SequenceLayout)layout;
> 108: checkSequenceBounds(seq, index);
> 109: long elemSize = seq.elementLayout().bitSize();
I've simplified the code here, as it still had traces of attempts to avoid the call to `bitSize` (this method used to be partial).
-------------
PR: https://git.openjdk.java.net/jdk/pull/8868
More information about the core-libs-dev
mailing list