RFR: 8188055: (ref) Add Reference.refersTo predicate

Erik Österlund erik.osterlund at oracle.com
Wed Apr 8 14:56:19 UTC 2020 

Hi Gil,

Lifting out my reply to you from the JIRA issue:

In terms of breaking existing logic, I am not worried. This is a new 
API, that nobody is using yet. People that write new code that uses it, 
will have to pay attention that they are doing the right thing. We are 
still not exposing the phantom referent with this change. In terms of 
security, you can only use this API to figure out what the referent is, 
if you already have access to it. So that isn't really helpful for 
building exploits. What it could do is allow you to check which one of N 
objects that you already have access to is the one referred to from the 
PhantomReference. But in terms of security, you could also have just 
guessed that without this API, as you already have full access to the 
objects. Sounds like a classic case of "I have an exploit. Given a 
compromised system... X". Or have I missed something?

Thanks,
/Erik

On 2020-04-08 16:25, Gil Tene wrote:
> A very welcome change overall. However, I have concerns about
> the semantic change to the PhantomReference specification. I propose
> that PhantomReference semantics remain unchanged, and that
> PhantomReference:RefersTo should return true only for null.
>
> See more in comment at https://bugs.openjdk.java.net/browse/JDK-8188055?focusedCommentId=14329319&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-14329319
>
>> On Apr 7, 2020, at 5:25 PM, Kim Barrett <kim.barrett at oracle.com> wrote:
>>
>> [Note review on both core-libs and hotspot-gc-dev lists; try not to lose
>> either when replying.]
>>
>> Please review a new function: java.lang.ref.Reference.refersTo.
>>
>> This function is needed to test the referent of a Reference object
>> without artificially extending the lifetime of the referent object, as
>> may happen when calling Reference.get.  Some garbage collectors
>> require extending the lifetime of a weak referent when accessed, in
>> order to maintain collector invariants.  Lifetime extension may occur
>> with any collector when the Reference is a SoftReference, as calling
>> get indicates recent access.  This new function also allows testing
>> the referent of a PhantomReference, which can't be accessed by calling
>> get.
>>
>> The new function uses a native method whose implementation is in the
>> VM so it can use the Access API.  It is the intent that this function
>> will be intrinsified by optimizing compilers like C2 or graal, but
>> that hasn't been implemented yet.  Bear that in mind before rushing
>> off to change existing uses of Reference.get.
>>
>> CR:
>> https://bugs.openjdk.java.net/browse/JDK-8188055
>> https://bugs.openjdk.java.net/browse/JDK-8241029 (CSR)
>>
>> Webrev:
>> https://cr.openjdk.java.net/~kbarrett/8188055/open.04/
>>
>> Testing:
>> mach5 tier1
>>
>> Locally (linux-x64) verified the new test passes with various garbage
>> collectors.

More information about the hotspot-gc-dev mailing list