Summary

Constructing indexed var handles using the MemoryLayout API produces var handles which do not check the input indices for out-of-bounds conditions.

Problem

Consider the following var handle creation using the MemoryLayout API:

MemoryLayout layout = MemoryLayout.sequenceLayout(5, JAVA_INT);
VarHandle VH = layout.varHandle(PathElement.sequenceLayout());

And consider the following access expression:

MemorySegment segment = MemorySegment.allocateNative(100);
VH.get(segment, 10);

Clearly, the index provided by the client (10) is outside the bounds of the sequence layout used to construct the var handle (0 to 4).

Currently the API does not report this as an access error. Instead it allows access, which then will succeed or fail depending on the segment size. For instance, in this case access will succeed, because the segment being accessed has size 100.

This behavior can lead to subtle issues: if the above expression is used to dereference a portion of a bigger segment (as in this case), not detecting the out-of-bounds access might result in corrupting unrelated parts of the memory segment.

Solution

When constructing var handles using the memory layout API, the implementation should keep track of constraints associated to the indices of the var handle being generated.

For instance, in the above example, the implementation would keep track (upon var handle construction) of the fact that only indices between 0 and 4 (included) are allowed, and consequently reject any out-of-bounds index, by throwing an IndexOutOfBounds exception.

Specification

A javadoc including the proposed changes can be found here:

http://cr.openjdk.java.net/~mcimadamore/8287244/v1/javadoc/java.base/module-summary.html

A specdiff including the proposed changes can be found here:

http://cr.openjdk.java.net/~mcimadamore/8287244/v1/specdiff_out/overview-summary.html

Both are attached in this CSR (see v1.zip).