[foreign-memaccess] RFR 8227107: Add missing toString implementation to MemorySegmentImp
Maurizio Cimadamore
maurizio.cimadamore at oracle.com
Tue Jul 2 21:08:39 UTC 2019
On 02/07/2019 21:58, John Rose wrote:
> On Jul 2, 2019, at 9:29 AM, Maurizio Cimadamore
> <maurizio.cimadamore at oracle.com
> <mailto:maurizio.cimadamore at oracle.com>> wrote:
>>
>> toString() method can't reveal sensitive pointer info
>
> I wonder if there is a way to sanitize the pointer value, into a hash
> code.
> Some JVMs use the raw object address as an input to the identity hash
> code.
> We could do something similar. The hash could be kept small, to (say)
> 5 hex digits,
> and would serve to separate the segments for debugging purposes.
> Since the default Object.toString does something like this I'm
> thinking we could
> emulate that.
>
> (How to hash the address? First take a 64-bit address and another 64
> bits of
> nonce secret to the current JVM instance. Then mix them together, using
> xxhash or a similar algorithm. Then throw away all but a few, say 20,
> bits
> of result. The result will provide no useful information to
> attackers, other than
> a likely discrimination between different base pointers.)
>
That's a nice suggestion!
Maurizio
>
>
>
More information about the panama-dev
mailing list