RFR: 8156071: List.of: reduce array copying during creation
Tagir F.Valeev
tvaleev at openjdk.java.net
Tue Oct 6 05:10:42 UTC 2020
On Tue, 6 Oct 2020 03:10:34 GMT, Tagir F. Valeev <tvaleev at openjdk.org> wrote:
>> Looks good, i wondered why the performance results were so slow then i looked more closely and saw "-Xint" was used. I
>> usually don't ascribe much value to micro benchmarks run in interpreter only mode, but hey any shaving off startup time
>> is welcome. Less allocation is definitely welcome (although i do wish C2 was better at eliding redundant array
>> initialization and allocation).
>
> Sorry to be late to the party. I thought that all reviews labeled with core-libs should be mirrored to core-libs-dev
> mailing list but I haven't seen it there :(
> Please note that the integrated implementation exposes listFromTrustedArray to everybody. No dirty unsafe reflection is
> necessary, only single unchecked cast:
> static <T> List<T> untrustedArrayToList(T[] array) {
> @SuppressWarnings("unchecked")
> Function<List<T>, List<T>> finisher =
> (Function<List<T>, List<T>>) Collectors.<T>toUnmodifiableList().finisher();
> ArrayList<T> list = new ArrayList<>() {
> @Override
> public Object[] toArray() {
> return array;
> }
> };
> return finisher.apply(list);
> }
>
> This might be qualified as a security issue.
This could be fixed by adding a classword check to the finisher, like this:
list -> {
if (list.getClass() != ArrayList.class) {
throw new IllegalArgumentException();
}
return (List<T>) SharedSecrets.getJavaUtilCollectionAccess()
.listFromTrustedArray(list.toArray());
},
-------------
PR: https://git.openjdk.java.net/jdk/pull/449
More information about the security-dev
mailing list