<div dir="ltr"><div dir="ltr"><br></div>On Tue, Nov 8, 2022 at 3:00 PM Brian Goetz <<a href="mailto:brian.goetz@oracle.com">brian.goetz@oracle.com</a>> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_quote">The goal is to close off all routes by
which 'this' could end up being passed to code in any
subclass.
</div></div>
</blockquote>
any other class outside this compilation unit: subclass, superclass,
random class. This is sometimes called "alien" code -- code this
class does not control. (Note that inner classes in the current
class are OK; it's under this classes control.)</div></blockquote><div><br></div><div>Yes I think we're saying the same thing - passing 'this' to any "alien" code is a leak.</div><div><br></div><div>I'm just pointing out that the damage doesn't actually occur until if/when the 'this' is actually used to access state in a subclass. But that's just a technical point and doesn't ultimately change the kinds of expressions we have to watch out for.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_quote">A 'this' escape is when, in a non-final class <span style="font-family:monospace">MyClass</span> constructor,
after a <span style="font-family:monospace">super()</span>
call, a reference to the 'this' instance is used, explicitly
or implicitly, in any expression that (as far as the
compiler can tell) might possibly:<br>
<div>
<ol>
<li>Invoke a non-static method declared in any strict
supertype of <span style="font-family:monospace">MyClass</span></li>
</ol>
</div>
</div>
</div>
</blockquote>
<br>
Declared outside the compilation unit of MyClass<br></div></blockquote><div><br></div><div>Agreed... that formulation is simpler. But of course it would need a caveat for subclasses within the same compilation unit, e.g.:</div><div style="margin-left:40px"><span style="font-family:monospace"><br></span></div><div style="margin-left:40px"><span style="font-family:monospace">public class Example {<br><br> public static abstract class A {<br><br> public A() {<br> System.out.println(this.foo());<br> }<br><br> public abstract int foo();<br> }<br><br> public static class B extends A {<br><br> private final int x;<br><br> public B(int x) {<br> this.x = x;<br> }<br><br> public int foo() {<br> return this.x;<br> }<br> }<br><br> public static void main(String[] args) {<br> new B(123); // prints "0"<br> }<br>}</span><br></div> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
Here's a more advanced case that would require more sophisticated
data flow analysis, but might not be so bad: <br>
<br>
public class X { <br>
public X() { foo(this); }<br>
<br>
private static void foo(X x) { }<br>
}<br>
<br>
Here, you pass `this` to foo(), but it doesn't do anything bad with
it.<br>
</div>
</blockquote></div><div><br></div><div>Yeah, that would be harder to track but feasible. I'd need to think about how to do that properly.<br></div><div><br></div><div>However I should be able to come up with an initial prototype for the basic 'this' escape warning without too much work. I'll email when I have something.<br></div><div><br></div><div>Thanks,<br></div><div>-Archie<br></div><br>-- <br><div dir="ltr" class="gmail_signature">Archie L. Cobbs<br></div></div>