JDK-8353236 : [lworld] Better documentation for Valhalla Unsafe intrinsics
  • Type: Enhancement
  • Component: core-libs
  • Affected Version: repo-valhalla
  • Priority: P4
  • Status: New
  • Resolution: Unresolved
  • Submitted: 2025-03-31
  • Updated: 2025-03-31
Description
Unsafe is inherently unsafe and we need to clearly spell out the restrictions put on the values passed in or returned from Unsafe::makePrivateBuffer and Unsafe::finishPrivateBuffer.

To be more specific, a value returned by Unsafe::makePrivateBuffer should be under similar restrictions as a value returned by the bytecode new. Note that the following points may be a little overly restrictive:

- Each larval object created by the bytecode new has a distinct verification type. As a result, a value returned from Unsafe::makePrivateBuffer can only be assigned to a local variable if it is an effectively final variable and there is no other value that can be assigned to that variable in all control paths.

- Each larval object created by the bytecode new can only be passed to a bytecode putfield, or to pass it to a constructor as the receiver. As a result, it is illegal to use the value returned by Unsafe::makePrivateBuffer in any circumstance except passing to Unsafe::putXXX to set the fields of the object, or to Unsafe::finishPrivateBuffer to finalize the larval object and create a non-larval object from the larval one.

- In non-Unsafe execution, after the constructor invocation, the verifier replaces all the values in the current VM state that have the same type as the receiver with a non-larval value. As a result, after invoking Unsafe::finishPrivateBuffer, the larval value must not be used again, and all operations must be performed on the non-larval value returned by the method instead.

- Value passed to Unsafe::finishPrivateBuffer must be returned by Unsafe::makePrivateBuffer.