8339190: Parameter arrays that are capped during annotation processing report incorrect length

[nizarbenalla]

Can I please get reviews for this change.

The regression test creates temporary files in tmpdir to check that the warning is emitted correctly.
I've also added the new warning to example.not-yet.txt as the example would require a very large file.

Here is the truncated result of running javap -c -p -v (before the change) on ClassAnnotationWithLength_65536_RUNTIME.class and ClassAnnotationWithLength_65537_RUNTIME..class respectively.

  static int x;
    descriptor: I
    flags: (0x0008) ACC_STATIC
    RuntimeVisibleAnnotations:
      0: #14(#15=s#16,#17=I#18,#19=[])
        MyCustomAnno(
          value="custom"
          count=42
          arr=[]
        )

  static int x;
    descriptor: I
    flags: (0x0008) ACC_STATIC
    RuntimeVisibleAnnotations:
      0: #14(#15=s#16,#17=I#18,#19=[J#20])
        MyCustomAnno(
          value="custom"
          count=42
          arr=[-1l]
        )

After the change a compile-time error is thrown

javac ClassAnnotationWithLength_65536_RUNTIME.java 
error: Annotation array element too large in "MyCustomAnno"

TIA

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change requires CSR request JDK-8342697 to be approved

Issues

• JDK-8339190: Parameter arrays that are capped during annotation processing report incorrect length (Bug - P3)
• JDK-8342697: Parameter arrays that are capped during annotation processing report incorrect length (CSR)

Reviewers

• Vicente Romero (@vicente-romero-oracle - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/21663/head:pull/21663
$ git checkout pull/21663

Update a local copy of the PR:
$ git checkout pull/21663
$ git pull https://git.openjdk.org/jdk.git pull/21663/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 21663

View PR using the GUI difftool:
$ git pr show -t 21663

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/21663.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back nbenalla! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@nizarbenalla This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8339190: Parameter arrays that are capped during annotation processing report incorrect length

Reviewed-by: vromero

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 140 new commits pushed to the master branch:

• 8b47497: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server
• 0668e18: 8343234: (bf) Move java/nio/Buffer/LimitDirectMemory.java from ProblemList.txt to ProblemList-Virtual.txt
• 774de27: 8343497: Missing DEF_STATIC_JNI_OnLoad in libjimage and libsaproc native libraries
• 1cc3586: 8343551: Missing copyright header update in Charset-X-Coder.java.template
• 1c44834: 8333582: Update CLDR to Version 46.0
• 23fa1a3: 8343484: Remove unnecessary @SuppressWarnings annotations (nio)
• 7f8450c: 8343473: Update copyright year of AddmodsOption.java
• b74652b: 8343167: Unnecessary define checks in InterpreterRuntime after JDK-8199809
• 646d64e: 8340307: Add explanation around MemorySegment:reinterpret regarding arenas
• 8d6cfba: 8336267: Method and Constructor signature parsing can be shared on the root object
• ... and 130 more: https://git.openjdk.org/jdk/compare/b0ac633b2d0076d64b463b2a6ce19abf6b12c50f...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

@nizarbenalla The following label will be automatically applied to this pull request:

• compiler

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[liach]

This can be simplified to Files.newBufferedWriter.

[mlbridge]

Webrevs

• 02: Full - Incremental (35b89ece)
• 01: Full - Incremental (80d25a19)
• 00: Full (e44f23e3)

[lahodaj]

I am sorry, but producing warnings is IMO a wrong solution. While the Java language does not impose limits, the classfile format does, and if we cannot generate a classfile that corresponds to the input Java file, javac should not produce anything and should finish up with a compile-time error. That is what is done for other limits as well. Like, for example, here:

jdk/src/jdk.compiler/share/classes/com/sun/tools/javac/jvm/Gen.java

Line 940 in 964d8d2

log.error(tree.pos(), Errors.LimitParameters);

(Although this check for annotations may need to be done in ClassWriter.)

[nizarbenalla]

I will update this PR and the CSR to fail if we detect an overflow, rather than warn users. Thanks Jan

Though I am not sure why the check would need to be done when writing the classfile, why not do it earlier?

[liach]

Should we use (tree.size & ~0xFFFF) != 0? This is how classfile API checks the value compatibility, and I wonder how other places in javac does so.

[nizarbenalla]

I was trying to chose between this and tree.size & ~0xFFFF, I think javac will sometimes check if an int is larger than 0xFFFF

[liach]

If you use & ~0xFFFF you must use != 0 as the mask includes the sign bit.

[lahodaj]

I think the other checks are implemented as simple value > limit => error checks:

jdk/src/jdk.compiler/share/classes/com/sun/tools/javac/jvm/Code.java

Line 114 in d8430ef

if (cp > ClassFile.MAX_CODE) {

jdk/src/jdk.compiler/share/classes/com/sun/tools/javac/jvm/Gen.java

Line 938 in d8430ef

if (Code.width(types.erasure(env.enclMethod.sym.type).getParameterTypes()) + extras >

True, it may overflow, but if it would overflow once, it might overflow twice (back to positive numbers), so if/when that becomes a problem, we'd probably need something more complex. And it will be easier to find if the pattern is as close to the existing patterns as possible. So, I guess I would suggest to use a simple > ClassFile.MAX_ANNOTATIONS.

[lahodaj]

I will update this PR and the CSR to fail if we detect an overflow, rather than warn users. Thanks Jan

Though I am not sure why the check would need to be done when writing the classfile, why not do it earlier?

Some of the existing similar "limit" errors are basically only detectable when writing the classfile. So, for consistency, I think it would be good to do it at some place close to where the other errors are detected.

In principle, the javac "frontend" should mostly care about JLS, and JLS is not imposing any limits. The backend, when writing, needs to care about JVMS, which imposes limits, and hence that's probably the correct place to report the error.

[nizarbenalla]

I've updated the PR to now generate a compile-time error when the annotation array length exceeds the limit.
Also expanded the test to check type annotations and annotations with class/runtime retention. The test runs in ~4 seconds on my machine.

I can make the test smaller if necessary. Or maybe expand it to include a negative test to check the code runs as intended.

Will update the CSR next.

[vicente-romero-oracle]

general comment. I wonder if we should add a predicate to com.sun.tools.javac.jvm.Target ala: Target::runtimeUseNestAccess() so that we don't generate this error for targets < 24, the rest looks good to me

[nizarbenalla]

general comment. I wonder if we should add a predicate to com.sun.tools.javac.jvm.Target ala: Target::runtimeUseNestAccess() so that we don't generate this error for targets < 24, the rest looks good to me

I can easily add it if you or other Reviewers think it's a good idea. But it might not be worth it? The purpose of this change was to prevent generating classfiles that don't match the input files.

I will bring it up in the CSR comment section.

[vicente-romero-oracle]

general comment. I wonder if we should add a predicate to com.sun.tools.javac.jvm.Target ala: Target::runtimeUseNestAccess() so that we don't generate this error for targets < 24, the rest looks good to me

I can easily add it if you or other Reviewers think it's a good idea. But it might not be worth it? The purpose of this change was to prevent generating classfiles that don't match the input files.

I will bring it up in the CSR comment section.

not sure tbh, probably not necessary

[vicente-romero-oracle]

looks good

[nizarbenalla]

Passes tier 1-3, thanks all for the reviews on this. Here goes

/integrate

[openjdk]

Going to push as commit 4244682.
Since your change was applied there have been 190 commits pushed to the master branch:

• 7620b12: 8323803: ConstantOopReadValue::print_on should print 'null' instead of 'nullptr'
• 592a48b: 8321997: Increase upper limit of LoopOptsCount flag
• c3df050: 8343726: [BACKOUT] NMT should not use ThreadCritical
• 0e1c1b7: 8343452: Incorrect WINDOWS build variable is used in macroAssembler_x86.cpp
• 619b4d5: 8334107: Specification for MemorySegment::get/setString could use some clarification
• a6c85da: 8342945: Replace predicate walking code in get_assertion_predicates() used for Loop Unswitching and cleaning useless Template Assertion Predicates with a predicate visitor
• 97b681e: 8340586: JdkJfrEvent::get_all_klasses stores non-strong oops in JNI handles
• f2316f6: 8343505: Problemlist java/lang/Thread/jni/AttachCurrentThread/AttachTest.java
• 9e31e78: 8342647: [macosx] Clean up the NSInvocation based call to NSProcessInfo.operatingSystemVersion
• e33dc13: 8343343: Misc crash dump improvements on more platforms after JDK-8294160
• ... and 180 more: https://git.openjdk.org/jdk/compare/b0ac633b2d0076d64b463b2a6ce19abf6b12c50f...master

Your commit was automatically rebased without conflicts.

[openjdk]

@nizarbenalla Pushed as commit 4244682.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.