[Proj] New proposal of JNI bindings for Proj.4

Eric Miller EMiller at dfg.ca.gov
Mon Aug 29 10:41:21 EST 2011


>>> On 8/25/2011 at 6:05 PM, Martin Desruisseaux
<martin.desruisseaux at geomatys.fr>
wrote:
> Le 26/08/11 01:19, Eric Miller a écrit :
>> I had a good laugh about the C code doing array bounds checking. 
Really, if 
> you're wrapping a native library, you should be doing some argument 
> validation before passing it along.
> This is true that array bound checkings is not part of C/C++
tradition. 
> However 
> the JNI bindings are just a facade for Java applications - ignored by
C/C++ 
> applications -, and array bound checkings are part of Java tradition.
As a 
> rule, 
> it should be impossible (in theory) for a user to crash the Java
Virtual 
> Machine 
> even if he misuses a method. The fact that the method is native
rather than 
> pure 
> Java is invisible from an API point of view (this details does not
appear in 
> the 
> generated javadoc), so the user expects those methods to behave like
any 
> ordinary Java method.

It's not so much an issue of "tradition" as the ANSI C language has no
mechanism to determine an array's length at runtime.  So, in C, you can
check that the pointer is not NULL, and you can check that the array
size parameter is not negative.  However, you cannot verify that the
size parameter is actually correct.  If you could, you wouldn't need it.
 But, what is the correct behavior if a pointer argument is null or an
array size is negative?  Call abort()?  Would that still crash the JVM?
-- 

Eric G. Miller
Staff Programmer
CA Dept. of Fish & Game




More information about the Proj mailing list