RawData ?

Thu Apr 10 15:41:00 GMT 2003

Michael Koch writes:
 > -----BEGIN PGP SIGNED MESSAGE-----
 > Hash: SHA1
 > 
 > Am Dienstag, 8. April 2003 21:08 schrieb Andrew Haley:
 > >
 > > I'm wondering if it might be a good idea to have a type which is
 > > the equivalent of "integer attribute ((mode(pointer)))" or
 > > somesuch. However, it wouldn't need to be an arithmetic type.
 > >
 > > We could then replace all instances of RawData with that. We
 > > wouldn't be able to use it for an IdentityHashmap key, which would
 > > be a shame.
 > >
 > > > If Classpath does continue with this, we could consider
 > > > changing. A patch to do this would also have to change the
 > > > compiler (that's easy in this case though).
 > >
 > > Seems reasonable.
 > 
 > It is possible to use long instead of RawData.
The problem is that the reader will find it hard to understand the
code. When you see long, do you think "pointer"? 
 > But then we need conversion methods I think (void* -> jlong, jlong
 > -> void*). With RawData we can just use a <reinterpret_cast> which
 > has more ore less no cost at runtime.
Well, the cost of long isn't high. There's no cost at all for jlong->void*.
 > As I understand it using long is in general more safe in regard to 
 > security holes, right ?
Well, I don't know. If we expose some code that uses a pointer, and
we can fabricate a pointer to it, then we have a security hole. So
the only solution, as Per said, is to make very sure that methods
which take a pointer in whatever form are private or protected.
("friend" would be nice here...)
 > We will have to do a lot of work to make sure we are on the safe
 > side when we use RawData overall.
Yes. It would be nice to get rid of RawData, but it is a good
solution to some problems.
Andrew.