The code generated by jextract requires to use --enable-native-access where it should not

Maurizio Cimadamore maurizio.cimadamore at oracle.com
Thu Sep 19 10:29:12 UTC 2024 

(adding jextract-dev)

Hi Remi,
you bring up a good point, one we were also thinking ourselves.

Currently, jextract assumes that you want "loose" safety when working 
with pointers. That is, say you call a binding for a native function 
returning a `char*`. You can immediately call `MemorySegment::getString` 
on the segment returned by that binding, because jextract automatically 
resize all pointer segments to `Long.MAX_VALUE`.

Then, since the "unsafe" address layout is saved into a static final 
field of the main header class, the restricted operation required to 
create such layout will be called no matter what. This is why you get 
the restricted warnings.

So, there's really two questions here:

* should jextract assume that developers want "unsafe" behavior by 
default? This seemed a good assumption at first (to avoid too many 
reinterpret calls from clients), but I can some developers being happy 
with being "more in control" of where/how resizes occur;
* assuming we want to preserve the existing "loose" behavior, should we 
tweak the generated code so that an unsafe pointer layout is only 
created when needed (as opposed to always, like now) ?

Of these, I think the first question is more interesting than the second 
(which seems small matter of e.g. "making initialization of the unsafe 
layout more lazy").

What do people think?

Maurizio


On 18/09/2024 22:01, Remi Forax wrote:
> Hello,
> the code generated by jextract should be re-arranged so it only requires to use --enable-native-access when the user uses a function that can violate the integrity.
>
> Currently, if a .h only contains a simple struct, like
>    struct point {
>      int x;
>      int y;
>    };
>
> jextract generates two java classes, point and point_h, point describe the structures and point_h the library,
> but because point has a runtime dependency on point_h, a code like
>
>    import point;
>    import point_h;
>
>    try(var arena = Arena.ofConfined()) {
>      var p = point.allocate(arena);
>      point.x(p, 42);
>      System.out.println(point.x(p));
>    }
>
> requires to use --enable-native-access even if using a layout does not violate the integrity of the application/platform.
>
> regards,
> Rémi

More information about the jextract-dev mailing list