Bug ID: JDK-4907359 JNI spec should describe functions more strictly

JDK-4907359 : JNI spec should describe functions more strictly

Type: Enhancement
Component: hotspot
Sub-Component: runtime
Affected Version: unknown

Priority: P3
Status: Closed
Resolution: Duplicate
OS: generic
CPU: generic

Submitted: 2003-08-15
Updated: 2015-06-02
Resolved: 2015-06-02

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 9
9Resolved

Related Reports

Duplicate :	JDK-6629681 - JNI Spec cleanup example code
Duplicate :	JDK-7167126 - JNI_GetCreatedJavaVMs spec not clear on whether nVMs can be NULL, also behavior when no VM running
Duplicate :	JDK-8079466 - JNI Specification Update and Clean-up (JDK 8)
Duplicate :	JDK-8038588 - JNI Spec for EnsureLocalCapacity has no throws clause but docs say OOME may be thrown
Relates :	JDK-8038588 - JNI Spec for EnsureLocalCapacity has no throws clause but docs say OOME may be thrown
Relates :	JDK-7167126 - JNI_GetCreatedJavaVMs spec not clear on whether nVMs can be NULL, also behavior when no VM running
Relates :	JDK-8079466 - JNI Specification Update and Clean-up (JDK 8)

Description

Name: vrR10176			Date: 08/15/2003



JNI Spec (http://java.sun.com/docs/books/jni/html/design.html) says:
"11.8.1 No Checking for Programming Errors

The JNI functions do not check for programming errors. Passing illegal 
arguments to JNI functions results in undefined behavior. The reason 
for this design decision is as follows:

* Forcing JNI functions to check for all possible error conditions degrades 
  the performance in all (typically correct) native methods.
* In many cases there is not enough runtime type information to perform 
  such checking. 
..."

But the JNI spec defines rarely which function argument values are
valid and which are invalid. For example:
  Descriptin of GetFieldID says about clazz argument:
"The clazz reference must not be NULL."
or
  Descriptin of DeleteGlobalRef says about gref argument:
"The gref argument must be a global reference, or NULL."

But most of the function descriptions don't define this. So often 
it is not clear from the specification if an argument value is 
valid or invalid and how JNI implementation should processes it.

For example let's consider the RI implementation of functions
 Call<Type>Method(JNIEnv *env, jobject obj, jmethodID methodID, ...);
and 
 CallNonvirtual<Type>Method(JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...);

Description of both functions says nothing about obj or clazz arguments 
set to NULL.
If obj of Call<Type>Method is set to NULL the RI jvm throws NullPointerException.
If obj of CallNonvirtual<Type>Method is set to NULL the RI jvm does not throw 
NullPointerException and may crash.
The argument clazz of CallNonvirtual<Type>Method may be set to NULL 
or any other value since the hotspot silently ignores this argument.
The class information used by hotspot is actually derived from the 
method id.
So this behavior of the functions is not specified and moreover it is 
not clear if the NULL value is valid argument or not. 

======================================================================

Comments

Merged into 8079466
02-06-2015
Missing documentation, in general bring up to the same standard as javadoc for the JDK: * Arguments: what is consider valid, if NULL is valid what does it mean, what is outcome of invalid argument (return code and/or exception). * Throws clauses: Add missing throws clause to function docs: review all functions and their possible exceptions, assume not only missing "throws" clauses, but the existing clauses may be out of date. * Returns and exceptions: The discussion "Parfait complains about JNIEnv_::GetStringChars()" posted to "jdk_confidential_ww_grp@oracle.com" - was about return NULL versus throws, versus both. See also "Issue Links" for concrete problem examples.
03-04-2014
PUBLIC COMMENTS Certainly room for improvement in how parameters are described so that there is no doubt whethere NULL is allowed. Describing things as requiring "a valid pointer/reference to an XXXX" would likely suffice, with cross-references back to the "Reporting Programming Errors" section. Also: The Get/ReleaseCriticalXXXX methods should make it clear that Release need not, and should not, be called if the Get returns zero/NULL (indicating an error). The examnle should be updated to show that Release is not called in the error path. DefineClass makes no mention of whether the "name" pointer can be NULL. Given the name of the class is in the bytestream used to define it, it seems somewhat redundant to actually pass the name. It always means that the two names have to be verified as being the same.
25-05-2012
EVALUATION No doubt the JNI spec could be improved. ###@###.### 2003-08-20
20-08-2003