JLS 17.5

Looking at JLS13, I noticed the following example 17.5.2:

Example 17.5-2. final Fields For Security
final fields are designed to allow for necessary security guarantees.
Consider the

following program. One thread (which we shall refer to as thread 1)
executes:

Global.s = "/tmp/usr".substring(4);

while another thread (thread 2) executes

String myS = Global.s;
if (myS.equals("/tmp"))System.out.println(myS);

String objects are intended to be immutable and string operations do not
perform synchronization. While the String implementation does not have
any data races, other code could have data races involving the use of
String objects, and the memory model makes weak guarantees for programs
that have data races. In particular, if the fields of the String class
were not final, then it would be possible (although unlikely) that
thread 2 could initially see the default value of 0 for the offset of
the string object, allowing it to compare as equal to "/tmp". A later
operation on the String object might see the correct offset of 4, so
that the String object is perceived as being "/usr". Many security
features of the Java programming language depend upon String objects
being perceived as truly immutable, even if malicious code is using data
races to pass String references between threads.


It assumes that String has an "offset" field and when we make a
substring.  However, this was changed in Java 7 already, thus the JLS
should be updated.

Regards

Heinz
--
Dr Heinz M. Kabutz (PhD CompSci)
Author of "The Java™ Specialists' Newsletter" - www.javaspecialists.eu
Java Champion - www.javachampions.org
JavaOne Rock Star Speaker
Tel: +30 69 75 595 262
Skype: kabutz

_______________________________________________
Concurrency-interest mailing list
[hidden email]
http://cs.oswego.edu/mailman/listinfo/concurrency-interest

On 2/26/20 1:58 PM, Dr Heinz M. Kabutz via Concurrency-interest wrote:
>
> It assumes that String has an "offset" field and when we make a
> substring.  However, this was changed in Java 7 already, thus the JLS
> should be updated.

Isn't this just a "for example," though? The JLS doesn't specify how a
String is implemented.

--
Andrew Haley  (he/him)
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
https://keybase.io/andrewhaley
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671

_______________________________________________
Concurrency-interest mailing list
[hidden email]
http://cs.oswego.edu/mailman/listinfo/concurrency-interest

On 2020/02/28 10:38, Andrew Haley wrote:
> On 2/26/20 1:58 PM, Dr Heinz M. Kabutz via Concurrency-interest wrote:
>> It assumes that String has an "offset" field and when we make a
>> substring.  However, this was changed in Java 7 already, thus the JLS
>> should be updated.
> Isn't this just a "for example," though? The JLS doesn't specify how a
> String is implemented.
Correct, but it's confusing to someone trying to understand what is
meant. This of course originates from the JMM which has the same example.
_______________________________________________
Concurrency-interest mailing list
[hidden email]
http://cs.oswego.edu/mailman/listinfo/concurrency-interest

I'm sure everybody has mentally replaced "offset" by "coder".

https://hg.openjdk.java.net/jdk/jdk/file/27e301f90b3a/src/java.base/share/classes/java/lang/String.java#l163

Rémi

----- Mail original -----
> De: "concurrency-interest" <[hidden email]>
> À: "Dr Heinz M. Kabutz" <[hidden email]>, "concurrency-interest" <[hidden email]>
> Envoyé: Vendredi 28 Février 2020 10:38:50
> Objet: Re: [concurrency-interest] JLS 17.5
_______________________________________________
Concurrency-interest mailing list
[hidden email]
http://cs.oswego.edu/mailman/listinfo/concurrency-interest