[foreign-memaccess] RFR 8227107: Add missing toString implementation to MemorySegmentImp
John Rose
john.r.rose at oracle.com
Tue Jul 2 20:58:40 UTC 2019
On Jul 2, 2019, at 9:29 AM, Maurizio Cimadamore <maurizio.cimadamore at oracle.com> wrote:
>
> toString() method can't reveal sensitive pointer info
I wonder if there is a way to sanitize the pointer value, into a hash code.
Some JVMs use the raw object address as an input to the identity hash code.
We could do something similar. The hash could be kept small, to (say) 5 hex digits,
and would serve to separate the segments for debugging purposes.
Since the default Object.toString does something like this I'm thinking we could
emulate that.
(How to hash the address? First take a 64-bit address and another 64 bits of
nonce secret to the current JVM instance. Then mix them together, using
xxhash or a similar algorithm. Then throw away all but a few, say 20, bits
of result. The result will provide no useful information to attackers, other than
a likely discrimination between different base pointers.)
More information about the panama-dev
mailing list