RFC (round 1), JEP draft: Low-level Object layout introspection methods

Aleksey Shipilev shade at redhat.com
Mon Aug 17 16:13:40 UTC 2020


On 8/17/20 5:57 PM, Andrew Dinn wrote:
> You are right that this still leaves a wormhole open for abuse in JNI
> code. However, that wormhole is already present for anyone creative
> and/or stupid enough to use it so I don't see that as an argument
> against Aleksey's proposal. One should only guard so far against idiocy
> when the cost is to disable a legitimate (one might even claim pressing)
> need for sensible users to be able to measure how their code is operating.

Indeed.

I see the value in mixing up the cookie to the addressOf: it gives the tangible speed-bump for
unintended uses, while keeping it open for intended uses without a penalty. With a cookie, you try
to pass Runtime.addressOf(new Object()) to JNI, cast jlong to void* there, and then dereference off
it? Here, take this SIGSEGV. As you would have with just about any other jlong.

It is one thing to spell out something in Javadoc, and another thing to actively shake off the
unintended behaviors. Similar example: randomized iteration order in some Collections factory methods.

This is why I liked Peter's suggestion, that's why I implemented it, and that's why I think it makes
address exposure story better!

-- 
Thanks,
-Aleksey



More information about the jdk-dev mailing list