<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:77216291;
mso-list-type:hybrid;
mso-list-template-ids:790653838 2026771566 269025283 269025285 269025281 269025283 269025285 269025281 269025283 269025285;}
@list l0:level1
{mso-level-start-at:5;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:DengXian;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1765570190;
mso-list-type:hybrid;
mso-list-template-ids:1233058102 229824032 269025283 269025285 269025281 269025283 269025285 269025281 269025283 269025285;}
@list l1:level1
{mso-level-start-at:5;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:DengXian;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-CA" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hi Jorn,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Correct but these bullets are only intended for the downcall invocation rather than the upcall stub.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">According to the explanation of upcall stub in [1] as follows:<o:p></o:p></p>
<p class="MsoNormal">“When creating upcall stubs the linker runtime....<o:p></o:p></p>
<p class="MsoNormal">Moreover, if the target method handle associated with an upcall stub returns a memory address,<o:p></o:p></p>
<p class="MsoNormal">clients must ensure that this address cannot become invalid after the upcall completes.
<span style="font-family:Wingdings">ß</span>-----------------<o:p></o:p></p>
<p class="MsoNormal">This can lead to unspecified behavior, and even JVM crashes, since an upcall is
<o:p></o:p></p>
<p class="MsoNormal">typically executed in the context of a downcall method handle invocation.”<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I don’t understand how/what clients should do to ensure the address of the upcall stub is alive during the upcall invocation within an implication session.<o:p></o:p></p>
<p class="MsoNormal">Does that mean the implicit session is ALREADY kept alive in the existing implementation of OpenJDK (which I don’t think so) to guarantee the upcall stub works during the upcall invocation based on the explanation in [1]?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Best Regards<o:p></o:p></p>
<p class="MsoNormal">Cheng Jin<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Jorn Vernee <jorn.vernee@oracle.com>
<br>
<b>Sent:</b> January 31, 2023 2:14 PM<br>
<b>To:</b> Cheng Jin <jincheng@ca.ibm.com>; panama-dev@openjdk.org<br>
<b>Subject:</b> [EXTERNAL] Re: Inappropriate use of the implicit session in allocating the upcall stub in SafeFunctionAccessTest.java<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="mso-line-height-alt:.75pt"><span style="font-size:1.0pt;color:white">Hi Cheng Jin, Thanks for the email. In this case it is not a problem since memory sessions (including upcall stubs) are kept alive/reachable for the duration of
a downcall (see the third bullet here: [1]) "The memory session of R is kept <o:p>
</o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-line-height-alt:.75pt"><span style="font-size:1.0pt;color:white">ZjQcmQRYFpfptBannerStart<o:p></o:p></span></p>
</div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-radius:4px">
<tbody>
<tr>
<td style="padding:12.0pt 0cm 12.0pt 0cm">
<table class="MsoNormalTable" border="1" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;background:#D0D8DC;border:none;border-top:solid #90A4AE 3.0pt">
<tbody>
<tr>
<td valign="top" style="border:none;padding:0cm 7.5pt 3.75pt 4.5pt">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" align="left">
<tbody>
<tr>
<td style="padding:3.0pt 6.0pt 3.0pt 6.0pt">
<p class="MsoNormal"><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:black">This Message Is From an External Sender
<o:p></o:p></span></b></p>
</td>
</tr>
<tr>
<td style="padding:3.0pt 6.0pt 3.0pt 6.0pt">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black">This message came from outside your organization.
<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<div>
<p class="MsoNormal" style="mso-line-height-alt:.75pt"><span style="font-size:1.0pt;color:white">ZjQcmQRYFpfptBannerEnd<o:p></o:p></span></p>
</div>
<p>Hi Cheng Jin,<o:p></o:p></p>
<p>Thanks for the email.<br>
<br>
In this case it is not a problem since memory sessions (including upcall stubs) are kept alive/reachable for the duration of a downcall (see the third bullet here: [1])<o:p></o:p></p>
<p> "The memory session of R is kept alive (and cannot be closed) during the invocation."<o:p></o:p></p>
<p>Since we don't store a reference to the upcall stub in native code until after the downcall returns, this is safe to rely on.<o:p></o:p></p>
<p>Cheers,<br>
Jorn<o:p></o:p></p>
<p>[1]: <a href="https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/lang/foreign/Linker.html#safety">https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/lang/foreign/Linker.html#safety</a><o:p></o:p></p>
<div>
<p class="MsoNormal">On 31/01/2023 18:49, Cheng Jin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi there, <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I notice there might be an issue with the allocation of upcall stub under an implicit session at test/jdk/java/foreign/SafeFunctionAccessTest.java in JDK19+ as follows:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">e.g.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> @Test<o:p></o:p></p>
<p class="MsoNormal"> public void testClosedStructCallback() throws Throwable {<o:p></o:p></p>
<p class="MsoNormal"> MethodHandle handle = Linker.nativeLinker().downcallHandle(<o:p></o:p></p>
<p class="MsoNormal"> findNativeOrThrow("addr_func_cb"),<o:p></o:p></p>
<p class="MsoNormal"> FunctionDescriptor.ofVoid(C_POINTER, C_POINTER));<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> try (MemorySession session = MemorySession.openConfined()) {<o:p></o:p></p>
<p class="MsoNormal"> MemorySegment segment = MemorySegment.allocateNative(POINT, session);<o:p></o:p></p>
<p class="MsoNormal"> handle.invoke(segment, sessionChecker(session));
<span style="font-family:Wingdings">ß</span>--------------- the upcall stub is allocated in sessionChecker()<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> MemorySegment sessionChecker(MemorySession session) {<o:p></o:p></p>
<p class="MsoNormal"> try {<o:p></o:p></p>
<p class="MsoNormal"> MethodHandle handle = MethodHandles.lookup().findStatic(SafeFunctionAccessTest.class, "checkSession",<o:p></o:p></p>
<p class="MsoNormal"> MethodType.methodType(void.class, MemorySession.class));<o:p></o:p></p>
<p class="MsoNormal"> handle = handle.bindTo(session);<o:p></o:p></p>
<p class="MsoNormal"> return Linker.nativeLinker().upcallStub(handle, FunctionDescriptor.ofVoid(), MemorySession.openImplicit());
<span style="font-family:Wingdings">ß</span>-----the upcall stub is allocated with an implicit session<o:p></o:p></p>
<p class="MsoNormal"> } catch (Throwable ex) {<o:p></o:p></p>
<p class="MsoNormal"> throw new AssertionError(ex);<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:9.9pt">}<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">It is correct to allocate the upcall stub with a session different from the current session in tests given these tests intend to close the current session in upcall to verify the behavior. But it is problematic to exploit an implicit session
backed by GC, in which case the memory of the upcall stub is more likely to be forced to release by GC (when implicitly closing the session to free memory) especially on the memory-restricted machines, which leads to unexpected behavior in upcall (e.g. crash
which was captured recently). To work around this case, I’d suggest to replace it with a global session or others so as to keep the upcall stub alive during the upcall.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Best Regards<o:p></o:p></p>
<p class="MsoNormal">Cheng Jin<o:p></o:p></p>
</blockquote>
</div>
</body>
</html>