Replacement for sun.misc.Unsafe.allocateInstance(Class<?>) ?
Andrew Haley
aph at redhat.com
Sat Aug 1 08:57:22 UTC 2015
On 31/07/15 18:33, Jörg Schaible wrote:
> there's a lot of talk about making sun.misc.Unsafe unaccessible in JDK 9 ...
> however, there seems no replacement for the allocateInstance method.
>
> XStream is relying heavily on this functionality and without it the library
> will no longer be able to deserialize a lot of objects from XML. What are
> the long-term options?
In the long term we're going to need a more official way for non-core
serialization to create uninitialized objects. I suspect it's more
likely to look like sun.reflect.ReflectionFactory than
Unsafe.allocateInstance.
However, the security problems are great. I haven't heard any
suggestion about how to expose this feature to user-created libraries
without breaking Java security, and I suspect there may be none.
Andrew.
More information about the core-libs-dev
mailing list