RFR: JDK-8205549 JDK-8205698 Support of flattened values in Unsafe
Paul Sandoz
paul.sandoz at oracle.com
Fri Jun 29 22:14:47 UTC 2018
> On Jun 29, 2018, at 2:50 PM, Frederic Parain <frederic.parain at oracle.com> wrote:
>
> Breaking the rules even internally is dangerous.
Yes, very :-)
> There’s currently no guarantee at the Java level that the
> value being operated on is not shared with other threads.
> __MakeDefault is not new, you don’t have the guarantee that
> you’ll get a fresh unshared value.In fact, it currently returns
> a shared instance, and modifying it would corrupt all future
> new values. Many other optimizations are already in place in
> the JVM strongly relying on the immutability of values, adding
> sharing and aliasing in many places (arrays, LVT in the
> interpreter). Situation is even worse in JIT compiled code,
> where object_base + offset has no direct meaning because
> of values scalarization.
>
Yes.
Fun fact: did you know that one can subvert the values of boxed ints by changing the contents of the cache used in j.l.Integer? (see Intenger.IntegerCache.cache)
> I like the caveat "as long as the intermediate breaking effects
> are contained and cannot be observed externally”, but I’m
> curious to know how it will be checked or enforced.
>
With great care and good testing. Some of the code in j.l.invoke plays this dangerous game.
I wish there could be a way of more formally marking a block of such internal code beyond clear use of the Unsafe class.
—
I view Unsafe as a far far less formal equivalent of Rust’s unsafe block [1] for us Java Runtime engineers to build a safe and performant platform. I guess the closest formal notion with have currently is JNI :-) soon we will have Panama and that will up-level some unsafe properties of JNI and native wrappers into Java code.
Paul.
[1] https://doc.rust-lang.org/book/second-edition/ch19-01-unsafe-rust.html
https://doc.rust-lang.org/nightly/nomicon/
"Instead of the programs I had hoped for, there came only a shuddering blackness and ineffable loneliness; and I saw at last a fearful truth which no one had ever dared to breathe before — the unwhisperable secret of secrets — The fact that this language of stone and stridor is not a sentient perpetuation of Rust as London is of Old London and Paris of Old Paris, but that it is in fact quite unsafe, its sprawling body imperfectly embalmed and infested with queer animate things which have nothing to do with it as it was in compilation."
More information about the valhalla-dev
mailing list