RFR: 8305734+8311905: "BitSet.get(int, int) always returns the empty BitSet when the Integer.MAX VALUE is set" + "BitSet.valueOf(...) allows bitsets to be created that behave incorrectly."

[Andy-Tatman]

On Fri, 7 Apr 2023 12:22:03 GMT, Andy-Tatman <duke at openjdk.org> wrote:

> See https://bugs.java.com/bugdatabase/view_bug?bug_id=8305734 and https://bugs.java.com/bugdatabase/view_bug?bug_id=JDK-8311905

Hi everyone,

Apologies for not being very active recently. 
I have been looking at the BitSet class for my bachelor's thesis. As part of that I, together with drs. Hans-Dieter A. Hiep & dr. Stijn de Gouw, wrote an article on the 2 bugs we discovered, namely the one in get(int,int) discussed here as well as a bug in the `valueOf(..)` methods. We found these bugs while trying to make a formal specification of the class.
As part of this, we also laid out 2 main solution directions, one allowing and one banning setting the `Integer.MAX_VALUE` bit. Both directions include a suggested fix for the `get(int,int)` method and for the `valueOf(..)` methods. 
The allowing `Int.MAX` direction would involve the change in `get(int,int)` as suggested in this PR, as well as a specification change in `valueOf(..)` as well as length().
The banning `Int.MAX` direction would involve a larger set of changes in specification, but the bug in `get(int,int)` itself would no longer be possible and so the bug fix in this PR would not be necessary. 
Following this, we also discuss pro's and con's of each approach. 

Both approaches would probably require a CSR, as the issue in the `valueOf(..)` methods is related to the specification, rather than the actual implementation, of the methods.

We look forward to hearing any thoughts you might have.
I have posted the article on Google Drive, as it has not officially been published yet: https://drive.google.com/file/d/1Ja0UHq8eLTGDKCPtbB_GWAc8D5y-krDE/view?usp=drive_link

-------------

PR Comment: https://git.openjdk.org/jdk/pull/13388#issuecomment-1632142207