Replacement for sun.misc.Unsafe.allocateInstance(Class<?>) ?

Andrew Haley aph at redhat.com
Sat Aug 1 08:57:22 UTC 2015


On 31/07/15 18:33, Jörg Schaible wrote:
> there's a lot of talk about making sun.misc.Unsafe unaccessible in JDK 9 ... 
> however, there seems no replacement for the allocateInstance method.
> 
> XStream is relying heavily on this functionality and without it the library 
> will no longer be able to deserialize a lot of objects from XML. What are 
> the long-term options? 

In the long term we're going to need a more official way for non-core
serialization to create uninitialized objects.  I suspect it's more
likely to look like sun.reflect.ReflectionFactory than
Unsafe.allocateInstance.

However, the security problems are great. I haven't heard any
suggestion about how to expose this feature to user-created libraries
without breaking Java security, and I suspect there may be none.

Andrew.




More information about the core-libs-dev mailing list