Funneling Objects through void*

Maurizio Cimadamore maurizio.cimadamore at oracle.com
Thu Jun 15 23:50:03 UTC 2023 

On 16/06/2023 00:29, Johannes Kuhn wrote:
> The value to return would be specified when the upcall is created, and 
> should also be kept alive as long as the upcall is alive. 

Keeping alive here is probably not a great idea, given that the upcall 
can live for a very long time.

But enforcing some lifetime well-formedness might be a possible way to 
attack this - e.g. prove that the lifetime of the upcall is contained 
inside the lifetime of the fallback value.

Right now, as we don't have structured (nested) arenas [1], the only way 
to ensure that is simply to check that e.g. the scope of the fallback 
segment and the scope with which the arena is created are the same. When 
the FFM will support structured arenas, we will be able to check for 
lifetime containment as well, opening up more options.

All this said, while I agree that the "fallback value" policy is a good 
option to have, it's just that: an option. As in "your mileage might 
vary", which means that treating it as the one and only silver bullet to 
the problem of exception handling in upcalls is, likely, a siren song.

For instance, if an upcall returns a pointer, and the only fallback 
pointer I can provide at creation is NULL, it is extremely likely that 
such a fallback value would cause a crash in the native library, and a 
"disorderly" one at that (e.g. one where there's little sign that the 
underlying problem comes from the Java upcall code). In such cases the 
current policy would be preferrable, as that at least shows a Java stack 
trace back to the user, before terminating the JVM (in a more orderly 
fashion).

Same thing for frame popping - while that can be great if we just care 
about propagating the exception to the nearest piece of Java code around 
(e.g. so that we can log the failure somewhere before exiting the VM), 
in the general case this might not be optimal (e.g. if the client 
intends to keep using the library more).

Each of the choices I described has its pros and cons, cases where it 
works well, and cases where it doesn't.

Maurizio

[1] - https://cr.openjdk.org/~mcimadamore/panama/session_arenas.html

More information about the panama-dev mailing list