[foreign-abi] RFR: 8240173: Confusing overflow error when trying to dereference a nothing segment

[Paul Sandoz]

On Thu, 27 Feb 2020 17:09:11 GMT, Maurizio Cimadamore <mcimadamore at openjdk.org> wrote:

>> Looks good. I think making NO_ACCESS explicit rather than depending on size checking is the right thing and glad to see the unused mask argument gone before we actually need it.
>
>> This started to make me wonder whether this ?nothing? segment is really an ?untrusted? segment, which could even have a bound. It does represent something, but that something cannot be fully trusted and as such its contents cannot from be accessed within Java code.
> 
> There is an overlapping between Untrusted and Nothing. In the past we considered having distinction between trusted (or managed) and not trusted. Having the notion of the Nothing segment allowed us to speak about non-trusted addresses in a way which didn't need any other special concepts (and to reuse the 'rebase' operation to trust an untrusted address). In other words, there is a certain appeal in not adding a new kind of segment (untrusted) and simply piggy back on the concepts we already have. At the time, the only way to make a segment inaccessible was to give it zero length - but I'm planning a revamp of the access modes, to expose, instead of a single asReadOnly method a set of orthogonal access modes READ | WRITE | CLOSE - at which an untrusted segment will simply be a segment whose READ | WRITE (and maybe CLOSE) bits are unset.

Re: access modes.  That makes sense.  I was not suggesting that a new segment type be added.  The characteristic of such a segment can be derived from its properties as you indicate.

-------------

PR: https://git.openjdk.java.net/panama-foreign/pull/34