[foreign] RFR 8212987 : Binder should allows negative values for native pointers

Jorn Vernee jbvernee at xs4all.nl
Tue Oct 30 10:26:17 UTC 2018 

You're right about `toUnsignedString`. For some reason I thought 
`toHexString` had the `-` as a prefix if the argument is negative.

About the length constraint; My initial thought was just to trust the 
pointer returned from native, but I guess we should do better. In the 
specific case I'm testing, void *, the length that is being used is 
Long.MAX_VALUE, basically the length is unknown, so I don't think I can 
do a range check on min + length in the constructor in that case.

As far as I can see, the `min` value is only used in a few min + offset 
calculations before passing to Unsafe put/get routines, I think we'd 
want to allow overflow to negative there, but not overflow to positive, 
basically treating the long as if it was unsigned.

I think I will switch BoundedMemoryRegion to having factory methods that 
do the validation, and then have ones where the length is known, which 
do a range check, and ones where the length is unknown, that cap the it 
to where it can not overflow. Then I can use the latter for void *. If a 
bad pointer is passed from native, the known-length case should fail on 
construction of the memory region, and the unknown-length case should 
fail when dereferencing (since there is already a bounds check being 
done).

What do you think?

Thanks,
Jorn

Henry Jen schreef op 2018-10-30 01:59:
> BTW, the change in toString is not needed, as toUnsignedString(l, 16)
> is same as toHexString(l)?
> 
> Cheers,
> Henry
> 
> 
>> On Oct 29, 2018, at 5:56 PM, Henry Jen <henry.jen at oracle.com> wrote:
>> 
>> I am afraid this is not that simple, we need to at least protect 
>> length from overflow the address to >= 0.
>> 
>> I haven’t completely check the implementation, we need to make sure 
>> all other operation will not expand or shift the region, which I 
>> believe is the constraint of the design. If that’s indeed the case, 
>> guard at construction is probably good enough.
>> 
>> Cheers,
>> Henry
>> 
>>> On Oct 29, 2018, at 10:04 AM, Jorn Vernee <jbvernee at xs4all.nl> wrote:
>>> 
>>> Hello,
>>> 
>>> Please review this patch which tweaks the binder to allow negative 
>>> values for native pointers.
>>> 
>>> The problem was previously discussed here: 
>>> http://mail.openjdk.java.net/pipermail/panama-dev/2018-October/002994.html
>>> 
>>> Bug : https://bugs.openjdk.java.net/browse/JDK-8212987
>>> Webrev : http://cr.openjdk.java.net/~jvernee/panama/webrevs/8212987/
>>> 
>>> As a reminder, I'm not a committer, so someone else will have to push 
>>> this.
>>> 
>>> Thanks,
>>> Jorn
>>

More information about the panama-dev mailing list