RFR: 8351443: Improve robustness of StringBuilder [v6]

Chen Liang liach at openjdk.org
Tue May 6 22:57:15 UTC 2025 

On Tue, 6 May 2025 15:23:39 GMT, Roger Riggs <rriggs at openjdk.org> wrote:

>> Refactor AbstractStringBuilder to maintain consistency among count, coder, and value buffers while the buffer capacity is being expanded and/or inflated from Latin1 to UTF16 representations. 
>> The refactoring pattern is to read and write AbstractStringBuilder fields once using locals for all intermediate values. 
>> Support methods are static, designed to pass all values as arguments and return a value.
>> 
>> The value byte array is reallocated under 3 conditions:
>> - Increasing the capacity with the same encoder
>> - Increasing the capacity and inflation to change the coder from LATIN1 to UTF16
>> - Inflation with the same capacity
>> 
>> Added StressSBTest to exercise public instance methods of StringBuilder.
>
> Roger Riggs has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Apply reviewer suggestions for typos, javadoc, and copyright dates.

Some of the new methods in ASB are still unsafe; I need to spend more time to verify each of their use cases.

src/java.base/share/classes/java/lang/AbstractStringBuilder.java line 270:

> 268:     private static byte[] ensureCapacityNewCoder(byte[] value, byte coder, int count,
> 269:                                                  int minimumCapacity, byte newCoder) {
> 270:         assert coder == newCoder || newCoder == UTF16 : "bad new coder UTF16 -> LATIN1";

I recommend an additional assertion `count <= minimumCapacity`; even though all callers ensure this currently, in case this is accidentally violated, we are sending dangerous arguments to `StringLatin1.inflate`.

Also, the message string of assertion can include the `coder` and `newCoder` values. Same for the other assertions we add.

src/java.base/share/classes/java/lang/AbstractStringBuilder.java line 321:

> 319:      */
> 320:     private static byte[] inflateToUTF16(byte[] value, int count) {
> 321:         byte[] newValue = StringUTF16.newBytesFor(value.length);

Same value.length vs count assertion recommendation

-------------

PR Review: https://git.openjdk.org/jdk/pull/24967#pullrequestreview-2818880544
PR Review Comment: https://git.openjdk.org/jdk/pull/24967#discussion_r2075825884
PR Review Comment: https://git.openjdk.org/jdk/pull/24967#discussion_r2075827576

More information about the core-libs-dev mailing list