[PATCH] 4851444: Exposing sun.reflect.Reflection#getCallerClass as a public API in Java 8
Mandy Chung
mandy.chung at oracle.com
Mon Sep 9 02:34:04 UTC 2013
On 9/4/2013 6:02 PM, David M. Lloyd wrote:
>
> This seems reasonable on the surface but falls over once you capture
> the caller for more than one purpose. For example, say a logging
> framework captures the caller for the purpose of supplementing log
> information. But you call this logging framework from another
> framework which uses caller information for another purpose, for
> example locating resources. The intent here might be to show
> information from the second framework in the log, however with one
> universal @CallerSensitive annotation you cannot distinguish which
> "capture" you want to grab - the second framework, or the caller who
> called the second framework. However by traversing the stack to a
> fixed depth, you can do so very definitively (as long as you always
> know that your internal code does *not* directly call the sensitive
> method - an easy thing to design for in most frameworks).
>
It would need to detect if the intermediate frames don't call any
"sensitive" method.
@sun.reflect.CallerSensitive is primarily defined for the security issue
and specifically for JEP 176. As you said, the current form of @CS
doesn't satisfy other purposes.
> In fact you can usually traverse the stack to a fixed depth for this
> kind of thing, with one key exception that comes up in log frameworks.
> When you have one log API which forwards to another, you want to
> capture the "first" caller of any log API. Pursuant to this, most log
> frameworks have log method variants which accept the fully-qualified
> class name of that first logger. The moral equivalent to this
> scenario would likely be to provide an API variant which accepts a
> Class or ClassLoader (depending on the usage) and a variant which does
> not and uses a fixed-depth "reach" into the stack instead.
> This IMO blows a hole in the whole idea of a single *public* @CS
> annotation, and in fact in public framework code, a depth indicator
> seems to be adequate and more or less problem-free for any purpose
> I've run across.
I'm not sure if we can be very certainabout the depth in a runtime
environment (non-debugging) unless it requires all VM implementation to
support a reliable way to return a frame at a given depth.
The stack trace is not guaranteed to contain all stack frames. E.g. in
the spec of Throwable.getStackTrace():
Some virtual machines may, under some circumstances, omit one or more
stack frames from the stack trace. In the extreme case, a virtual machine
that has no stack trace information concerning this throwable is
permitted to return a zero-length array from this method.
Mandy
More information about the core-libs-dev
mailing list