RFR: 8311906: Improve robustness of String constructors with mutable array inputs [v10]

Mon Nov 20 22:32:15 UTC 2023

On Mon, 20 Nov 2023 19:35:27 GMT, Roger Riggs <rriggs at openjdk.org> wrote:

>> Strings, after construction, are immutable but may be constructed from mutable arrays of bytes, characters, or integers.
>> The string constructors should guard against the effects of mutating the arrays during construction that might invalidate internal invariants for the correct behavior of operations on the resulting strings. In particular, a number of operations have optimizations for operations on pairs of latin1 strings and pairs of non-latin1 strings, while operations between latin1 and non-latin1 strings use a more general implementation. 
>> 
>> The changes include:
>> 
>> - Adding a warning to each constructor with an array as an argument to indicate that the results are indeterminate 
>>   if the input array is modified before the constructor returns. 
>>   The resulting string may contain any combination of characters sampled from the input array.
>> 
>> - Ensure that strings that are represented as non-latin1 contain at least one non-latin1 character.
>>   For latin1 inputs, whether the arrays contain ASCII, ISO-8859-1, UTF8, or another encoding decoded to latin1 the scanning and compression is unchanged.
>>   If a non-latin1 character is found, the string is represented as non-latin1 with the added verification that a non-latin1 character is present at the same index.
>>   If that character is found to be latin1, then the input array has been modified and the result of the scan may be incorrect.
>>   Though a ConcurrentModificationException could be thrown, the risk to an existing application of an unexpected exception should be avoided.
>>   Instead, the non-latin1 copy of the input is re-scanned and compressed; that scan determines whether the latin1 or the non-latin1 representation is returned.
>> 
>> - The methods that scan for non-latin1 characters and their intrinsic implementations are updated to return the index of the non-latin1 character.
>> 
>> - String construction from StringBuilder and CharSequence must also be guarded as their contents may be modified during construction.
>
> Roger Riggs has updated the pull request incrementally with one additional commit since the last revision:
> 
>   undo noise chars

Looks good.
Maybe use `StringUTF16.coderFromArrayLen()` where suggested in the comments before integrating.

src/java.base/share/classes/java/lang/String.java line 359:

> 357:         if (COMPACT_STRINGS) {
> 358:             byte[] val = StringUTF16.compress(codePoints, offset, count);
> 359:             this.coder = (val.length == count) ? LATIN1 : UTF16;

Maybe worth using `StringUTF16.coderFromArrayLen()` even here.

src/java.base/share/classes/java/lang/String.java line 4845:

> 4843:             if (COMPACT_STRINGS && asb.maybeLatin1) {
> 4844:                 this.value = StringUTF16.compress(val, 0, length);
> 4845:                 this.coder = (this.value.length == length) ? LATIN1 : UTF16;

`StringUTF16.coderFromArrayLen()`?

-------------

Marked as reviewed by rgiulietti (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/16425#pullrequestreview-1740808291
PR Review Comment: https://git.openjdk.org/jdk/pull/16425#discussion_r1399824712
PR Review Comment: https://git.openjdk.org/jdk/pull/16425#discussion_r1399825374