RFR: 8156071: List.of: reduce array copying during creation

Tagir F.Valeev tvaleev at openjdk.java.net
Tue Oct 6 05:10:42 UTC 2020


On Tue, 6 Oct 2020 03:10:34 GMT, Tagir F. Valeev <tvaleev at openjdk.org> wrote:

>> Looks good, i wondered why the performance results were so slow then i looked more closely and saw "-Xint" was used. I
>> usually don't ascribe much value to micro benchmarks run in interpreter only mode, but hey any shaving off startup time
>> is welcome. Less allocation is definitely welcome (although i do wish C2 was better at eliding redundant array
>> initialization and allocation).
>
> Sorry to be late to the party. I thought that all reviews labeled with core-libs should be mirrored to core-libs-dev
> mailing list but I haven't seen it there :(
> Please note that the integrated implementation exposes listFromTrustedArray to everybody. No dirty unsafe reflection is
> necessary, only single unchecked cast:
>   static <T> List<T> untrustedArrayToList(T[] array) {
>     @SuppressWarnings("unchecked")
>     Function<List<T>, List<T>> finisher =
>         (Function<List<T>, List<T>>) Collectors.<T>toUnmodifiableList().finisher();
>     ArrayList<T> list = new ArrayList<>() {
>       @Override
>       public Object[] toArray() {
>         return array;
>       }
>     };
>     return finisher.apply(list);
>   }
> 
> This might be qualified as a security issue.

This could be fixed by adding a classword check to the finisher, like this:

                                   list -> {
                                        if (list.getClass() != ArrayList.class) {
                                            throw new IllegalArgumentException();
                                        }
                                        return (List<T>) SharedSecrets.getJavaUtilCollectionAccess()
                                           .listFromTrustedArray(list.toArray());
                                   },

-------------

PR: https://git.openjdk.java.net/jdk/pull/449



More information about the security-dev mailing list