[foreign] RFR: 8229857: scope inference on pointer to pointer is not friendly
Maurizio Cimadamore
maurizio.cimadamore at oracle.com
Wed Aug 28 19:56:05 UTC 2019
On 28/08/2019 18:23, Maurizio Cimadamore wrote:
> Do we agree on the description of the issue here? Then we can talk on
> how to fix it.
Since we agree on the problem statement, let's dissect the problem a
little more.
In my view this discussion raises the issue that there are two (very
different) kind of pointer - I'll be using the terminology
managed/unmanaged.
* managed pointers are created in Java code, typically via a
Scope::allocate operation. They always have a finite region size, and a
finite temporal range.
* unmanaged pointers are created by native code (or synthesized by the
Panama runtime e.g. during struct access). They have an unknown region
size and unknown range.
To me, this suggests (at least a design level) that this distinction
between managed and unmanaged should perhaps be surfaced in the API.
That is, there should be a top type Pointer<X> which is the common root
for all pointers, both managed and unmanaged. As such it will NOT
feature a scope() method.
Unmanaged or UncheckedPointer will only be available in the binder
internals, but not available outside. They are not attached to any scope.
Then you have a ManagedPointer underneath, which does have a scope()
method. These are the pointers returned by the Scope allocation methods.
As long as you remain in the ManagedPointer realm, you are safe -
ownership keeps your pointer in check and so forth. We could even apply
scope inference, if a struct's return type is ManagedPointer<X>, and get
same strict semantics we have now. But, in the general case, jextracted
types will be unmanaged (e.g. just Pointer<X>), meaning that to go from
an unmanaged pointer to a managed one some magic trick is needed (there
could be an API point for this... or not), in which case all safety
guarantees are abandoned (e.g. it will be possible to crash the VM by
assigning the wrong scope to an unmanaged pointer and then dereferencing
it at the wrong time).
Now, in terms of implementation - we could do exactly as I describe, and
add a 'managed pointer' interface that extends from pointer (and, I
guess, same for arrays?).
Or, we could do a lump move, and use same interface for both managed and
unmanaged case, plus a predicate which tells us if this is a managed
pointer/array (or infer the managed-ness from the fact that there's no
owning scope). And then add a projection which attaches some scope/size
to an unmanaged pointer, therefore making it managed (but this would be
an unsafe operation in general).
Maurizio
More information about the panama-dev
mailing list