
<html><head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body>

    <br>

    <blockquote type="cite" cite="mid:CANSoFxvr6Y5oOoeY57Vq936eU4-p9qfz_FvWHq3Nx7dQ9jAwqw@mail.gmail.com">

      <div dir="ltr">

        <div class="gmail_quote">

          <div>So with the FilteredSet example:</div>

          <div>

            <ul>

              <li><span style="font-family:monospace">FilteredSet</span>'s

                constructor should generate warning A for not assigning

                <span style="font-family:monospace">this.filter</span>

                prior to <span style="font-family:monospace">super()</span></li>

              <li><span style="font-family:monospace">HashSet</span>'s

                constructor should generate warning B for invoking the

                potentially this-leaking method <span style="font-family:monospace">addAll()</span><br>

              </li>

            </ul>

          </div>

        </div>

      </div>

    </blockquote>

    <br>

    I'm not about that direction for the FilteredSet example.  The basic

    problem is that HashSet's constructor calls an overridable method,

    addAll, which in turn invokes the add override in FilteredSet.  This

    is a this-escape (even if filter is initialized before super,

    because FilteredSet could be subclassed and override add.)  <br>

    <br>

    The conclusion that "the problem would go away if we could set the

    filter first" merely moves the problem around.  <br>

    <br>

    <br>

    <br>

    <br>

    <blockquote type="cite" cite="mid:CANSoFxvr6Y5oOoeY57Vq936eU4-p9qfz_FvWHq3Nx7dQ9jAwqw@mail.gmail.com">

      <div dir="ltr">

        <div class="gmail_quote">

          <div>This sounds like the right logical separation. One

            confirmation is that correcting <i>either one</i> of the

            warnings would fix the bug. So each class must be

            independently contributing to the overall danger level.<br>

          </div>

          <div> <br>

          </div>

          <blockquote class="gmail_quote" style="margin:0px 0px 0px

            0.8ex;border-left:1px solid

            rgb(204,204,204);padding-left:1ex">

            <div><font size="4"><font face="monospace">To your point

                  about "the superclass might downcast", this is

                  something you can check for as something questionable

                  to do with `this`.<br>

                </font></font></div>

          </blockquote>

          <div><br>

          </div>

          Agreed - this should also generate warning B, because it

          represents a possible route for 'this' to escape.<br>

        </div>

        <div class="gmail_quote"><br>

        </div>

        <div class="gmail_quote">-Archie<br clear="all">

        </div>

        <br>

        -- <br>

        <div dir="ltr" class="gmail_signature">Archie L. Cobbs<br>

        </div>

      </div>

    </blockquote>

    <br>

  </body>

</html>