RFR: 8301220: Return value of toArray() of Сollection types from java.base should be trusted [v2]
Glavo
duke at openjdk.org
Sat Jan 28 14:49:15 UTC 2023
On Fri, 27 Jan 2023 21:02:25 GMT, Glavo <duke at openjdk.org> wrote:
> I think the simplest solution is to have a non public interface declared inside java.util. Like java.util.RandomAccess, but non public. The main advantage to use an interface is that you can document it and it's easy to find all the implementations.
I think again that using interfaces may not be a good choice. "Trusted" should be specific to specific classes and cannot be inherited, because trusted methods can be overwritten by untrusted implementations in subclasses.
I think maybe annotation is a better choice, but the cost needs to be tested.
-------------
PR: https://git.openjdk.org/jdk/pull/12212
More information about the core-libs-dev
mailing list