RFR: 8361842: Validate input in both Java and C++ for java.lang.StringCoding intrinsics
Volkan Yazici
vyazici at openjdk.org
Thu Jul 10 12:58:53 UTC 2025
Validate input in `java.lang.StringCoding` intrinsic Java wrappers, improve their documentation, enhance the checks in the associated C++ methods, and adapt them to cause VM crash on invalid input.
## Implementation notes
The goal of the associated umbrella issue [JDK-8156534](https://bugs.openjdk.org/browse/JDK-8156534) is to, for `java.lang.String*` classes,
1. Move `@IntrinsicCandidate`-annotated `public` methods<sup>1</sup> (in Java code) to `private` ones, and wrap them with a `public` ["front door" method](https://github.com/openjdk/jdk/pull/24982#discussion_r2087493446)
2. Since we moved the `@IntrinsicCandidate` annotation to a new method, intrinsic mappings – i.e., associated `do_intrinsic()` calls in `vmIntrinsics.hpp` – need to be updated too
3. Add necessary input validation (range, null, etc.) checks to the newly created public front door method
4. Place all input validation checks in the intrinsic code (add if missing!) behind a `VerifyIntrinsicChecks` VM flag
Following preliminary work needs to be carried out as well:
1. Add a new `VerifyIntrinsicChecks` VM flag
2. Update `generate_string_range_check` to produce a `HaltNode`. That is, crash the VM if `VerifyIntrinsicChecks` is set and a Java wrapper fails to spot an invalid input.
<sup>1</sup> `@IntrinsicCandidate`-annotated constructors are not subject to this change, since they are a special case.
## Functional and performance tests
- `tier1` (which includes `test/hotspot/jtreg/compiler/intrinsics/string`) passes on several platforms. Further tiers will be executed after integrating reviewer feedback.
- Performance impact is still actively monitored using `test/micro/org/openjdk/bench/java/lang/String{En,De}code.java`, among other tests. If you have suggestions on benchmarks, please share in the comments.
## Verification of the VM crash
I've tested the VM crash scenario as follows:
1. Created the following test program:
public class StrIntri {
public static void main(String[] args) {
Exception lastException = null;
for (int i = 0; i < 1_000_000; i++) {
try {
jdk.internal.access.SharedSecrets.getJavaLangAccess().countPositives(new byte[]{1,2,3}, 2, 5);
} catch (Exception exception) {
lastException = exception;
}
}
if (lastException != null) {
lastException.printStackTrace();
} else {
System.out.println("completed");
}
}
}
2. Compiled the JDK and run the test:
$ bash jib.sh configure -p linux-x64-slowdebug
$ CONF=linux-x64-slowdebug make jdk
$ ./build/linux-x64-slowdebug/jdk/bin/java -XX:+VerifyIntrinsicChecks --add-exports java.base/jdk.internal.access=ALL-UNNAMED StrIntri.java
java.lang.ArrayIndexOutOfBoundsException: Range [2, 2 + 5) out of bounds for length 3
Received `AIOOBE` as expected.
3. Removed all checks in `StringCodec.java`, and re-compiled the JDK
4. Set the `countPositives(...)` arguments in the program to `(null, 1, 1)`, run it, and observed the VM crash with `unexpected null in intrinsic`.
5. Set the `countPositives(...)` arguments in the program to `(new byte[]{1,2,3}, 2, 5)`, run it, and observed the VM crash with `unexpected guard failure in intrinsic`.
-------------
Commit messages:
- Merge remote-tracking branch 'upstream/master' into strIntrinCheck
- Fix `EUC_JP.java.template` broken due to `encodeASCII` rename
- Remove `StringCodingCountPositives`, `String{En,De}code` already cover our cases
- Improve intrinsics in `StringCoding`
- Add `StringCodingCountPositives` benchmark
- Apply review feedback
- Move `StringCoding::countPositives` checks from C++ to Java
Changes: https://git.openjdk.org/jdk/pull/25998/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=25998&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8361842
Stats: 271 lines in 18 files changed: 157 ins; 19 del; 95 mod
Patch: https://git.openjdk.org/jdk/pull/25998.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/25998/head:pull/25998
PR: https://git.openjdk.org/jdk/pull/25998
More information about the hotspot-dev
mailing list