[GR-53803] Only allow Unsafe.allocateInstance for types registered explicitly in the configuration. #8869
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oracle-contributor-agreement
bot
added
the
OCA Verified
|
Is it possible to introduce flag that preserve old behavior for allocation objects via Unsafe at least in debug mode? We use such kind allocation for expression evaluation in plugin for graalvm in intelij ide. |
graalvmbot
force-pushed
the
cwi/GR-51974-unsafe-allocation
branch
from
ffb2ce3
to
1b2a31d
Compare
graalvmbot
changed the title
Unsafe.allocateInstance for types registered explicitly in the configuration.
graalvmbot
changed the title
Unsafe.allocateInstance for types registered explicitly in the configuration.
graalvmbot
force-pushed
the
cwi/GR-51974-unsafe-allocation
branch
2 times, most recently
from
b7256b4
to
9ca8bdb
Compare
graalvmbot
force-pushed
the
cwi/GR-51974-unsafe-allocation
branch
2 times, most recently
from
c3ee3cd
to
1d0e620
Compare
graalvmbot
force-pushed
the
cwi/GR-51974-unsafe-allocation
branch
from
1d0e620
to
6a20275
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR tightens the rule
Unsafe.allocateInstancein the strict reflection configuration mode (whenThrowMissingRegistrationErrorsis enabled): now only types explicitly registered for Unsafe allocation can be allocated that way, i.e., without running a constructor.The reflection configuration files always had the
unsafeAllocatedproperty for types, but we were not enforcing that. Instead, it was possible to allocate all types that the static analysis identified as instantiated. Since there was not a programmatic way to register a type in aFeature, this PR addsregisterAsUnsafeAllocatedtoFeature.BeforeAnalysisAccess.The JNI method
AllocObjectdoes the same asUnsafe.allocateInstance, and is actually implemented exactly like that in SVM. While the preferred way to allocate new instances is to use the JNI function that allocates a new instance and invokes the constructor in the same function, it is also possible to useAllocObjectfirst to allocate an uninitizalized instance, and then via a separate JNI function invoke a constructor on this already existing instance. Since JNI usage is rare, all types that have a constructor registered for JNI are automatically also registered for unsafe allocation. In addition,AllocObjectis now tracked by the tracing agent so that such types have theunsafeAllocatedproperty set.Why tighten the rules? The static analysis can find out which instance fields are never
null, and remove unnecessarynullchecks. But such an optimization is only safe when we know that types are never instantiated without running a constructor, in which case all fields always remain uninitialized. With this new enforcement, the few types explicitly registered for unsafe allocation can easily be excluded from the optimization.