Should System.exit be controlled by a Scope Local?
Andrew Haley
aph-open at littlepinkcloud.com
Tue Mar 1 11:45:44 UTC 2022
On 2/28/22 15:32, Andrew Haley wrote:
>
> I think all we'd need is a set of capabilities bound to a scope local
> at thread startup, and I guess it'd default to "all capabilities".
> Trusted code could then override any of those capabilities.
>
> We'd have to make sure that capabilities were inherited by threads,
> and we'd have to think very carefully about thread pools. The problem
> there is that while it would (I guess) make sense to prevent all code
> executing in thread pools from calling System.exit(), there's an
> obvious compatibility problem if it can't.
Although... there certainly is some potential profit in restricted thread
pools, which have no compatibility problems because it'd be a new feature.
I think this solves the problem Alan Bateman raised too. Sure, you wouldn't
be able to use the default thread pool, but that's no big deal, I would have
thought.
--
Andrew Haley (he/him)
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
https://keybase.io/andrewhaley
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
More information about the core-libs-dev
mailing list