Oracle's OpenJDK Cleanup of "Unsafe" Implementation
As Java 9 approaches general availability, now scheduled for Q2 2017, many of the defining JEPs are starting to take their final shape. The keystone feature is arguably JEP 261 (Module System), which proposes the implementation of a Java Platform Module System, as specified in JSR 376. The Module System JEP depends on JEP 260 (Encapsulate Most Internal APIs), the result of which will expose the functionality of the controversial sun.misc.Unsafe class via variable handles, as defined and targeted by JEP 193. InfoQ previously covered community concerns on sun.misc.Unsafe's handling (prior to JEP 260): and featured detailed coverage of the possible post migration plan (after JEP 260 has been implemented).
Bug 8149159 has recently been posted to the JDK Bug System, proposing optimizations and cleanups for Unsafe, including moving argument checking out of the native layer and into Java (thereby simplifying JIT), the unification of sun.misc.Unsafe with jdk.internal.misc.Unsafe, and a general cleanup of the native code.
On February 18th, Oracle engineer, Mikael Vidstedt submitted two patches (one for OpenJDK and another for OpenJDK HotSpot VM) for review to the OpenJDK developer community.
Vidstedt summarized the patches as follows:
- To avoid code duplication sun.misc.Unsafe now delegates all work to jdk.internal.misc.Unsafe. This also means that the VM - and unsafe.cpp specifically - no longer needs to know or care about s.m.Unsafe.
- The s.m.Unsafe delegation methods have all been decorated with @ForceInline to minimize the risk of performance regressions, though it is highly likely that they will be inlined even without the annotations.
- The documentation has been updated to reflect that it is the responsibility of the user of Unsafe to make sure arguments are valid.
- The argument checking has, to the extent possible, been moved from unsafe.cpp up to Java to simplify the native code and allow the JIT to optimize it.
- Some of the argument checks have been relaxed. For example, the recently introduced U.copySwapMemory does not check for null pointers anymore. See docs for j.i.m.U.checkPointer for the complete reasoning behind this. Note that the Unsafe methods today, apart from U.copySwapMemory, do not perform the NULL related check(s).
- A test was added for j.i.m.U.copyMemory, based on U.copySwapMemory. Feel free to point out that I should merge them (because I should).
According to Vidstedt, the cleanup to Unsafe was "rather dramatic" and he highlighted the following:
- Unsafe_ functions are now declared static, as are the other unsafe.cpp local functions.
- Created unsafe.hpp and moved some functions used in other parts of the VM to that. Removed some "extern" function declarations (extern is bad, kittens die when extern is (over-)used).
- Remove scary looking comment about UNSAFE_LEAF not being possible to use - there's nothing special about it, it's just a JVM_LEAF.
- Used UNSAFE_LEAF for a few simple leaf methods
- Added helpful braces around UNSAFE_ENTRY/UNSAFE_END to help auto-indent
- Removed unused Unsafe_<...>##140 functions/macros
- Updated macro argument names to be consistent throughout unsafe.cpp macro definitions
- Replaced some checks with asserts - as per above the checks are now performed in j.i.m.Unsafe instead.
- Removed all the s.m.Unsafe related code