-
CSR
-
Resolution: Unresolved
-
P4
-
None
-
behavioral
-
low
-
Some users may have already started passing out-of-bounds values and live with latent failures. They will now get exceptions, which is a behavioral change.
-
Java API
-
SE
Summary
In the Class-File API, add IllegalArgumentException to methods that accept user-supplied int to truncate to more narrow data formats.
Problem
The Class-File API has many methods that accept user-supplied int values to construct class-file constructs that store more narrow values as u2/u1 (unsigned 2/1 byte). Users currently can pass in out-of-bound values, such as negative values, and they are silently truncated upon writing. They create live data models that are considered different but would be identical once written to class files, and many of these out of range values indicate silent overflows that should have been caught eagerly for program integrity.
Solution
Convert these APIs so they throw IllegalArgumentException whenever they receive an out-of-bounds input. An exception is made for ClassFileVersion::minorVersion, which has a convention of using -1 for 65535, the minor version with all bits set, to indicate preview class files.
Alternative solutions considered include simply performing active truncation so data models would be identical in the views as read from class files; this approach is rejected because these overflow values overwhelmingly indicate program errors that should have been caught eagerly.
The most common data are flag values and indices into lists. In both cases, eager failure almost always seem better.
Specification
The specification patch is attached. Here is the list of APIs changed, ignoring overloads:
java.lang.classfile:
ClassBuilder::withVersionClassBuilder::withFlagsClassBuilder::withFieldClassBuilder::withMethodClassBuilder::withMethodBodyClassFileVersion::ofCodeBuilder::lineNumberCodeBuilder::characterRangeFieldBuilder::withFlagsMethodBuilder::withFlagsTypeAnnotation.TargetInfo::ofParameterTypeAnnotation.TargetInfo::ofClassTypeParameterTypeAnnotation.TargetInfo::ofMethodTypeParameterTypeAnnotation.TargetInfo::ofClassExtendsTypeAnnotation.TargetInfo::ofTypeParameterBoundTypeAnnotation.TargetInfo::ofClassTypeParameterBoundTypeAnnotation.TargetInfo::ofMethodTypeParameterBoundTypeAnnotation.TargetInfo::ofMethodFormalParameterTypeAnnotation.TargetInfo::ofThrowsTypeAnnotation.TargetInfo::ofExceptionParameterTypeAnnotation.TargetInfo::ofTypeArgumentTypeAnnotation.TargetInfo::ofCastExprTypeAnnotation.TargetInfo::ofConstructorInvocationTypeArgumentTypeAnnotation.TargetInfo::ofMethodInvocationTypeArgumentTypeAnnotation.TargetInfo::ofConstructorReferenceTypeArgumentTypeAnnotation.TargetInfo::ofMethodReferenceTypeArgumentTypeAnnotation.LocalVarTargetInfo::ofTypeAnnotation.TypePathComponent::of
attribute:
CharacterRangeInfo::ofInnerClassInfo::ofLineNumberInfo::ofMethodParameterInfo::ofMethodParameterInfo::ofParameterModuleAttribute::ofModuleAttribute.ModuleAttributeBuilder::moduleFlagsModuleExportInfo::ofModuleOpenInfo::ofModuleRequireInfo::ofModuleResolutionAttribute::of
constantpool:
ConstantPoolBuilder::methodHandleEntry
instruction:
CharacterRange::ofLineNumber::of
- csr of
-
JDK-8361614 Missing sub-int value validation in the Class-File API
-
- In Progress
-