Make "-parameters" enabled by default?
Alex Buckley
alex.buckley at oracle.com
Thu Mar 25 20:43:28 UTC 2021
On 3/25/2021 1:20 PM, Marcin Zajączkowski wrote:
> Tl;TD. JEP 118 has added "-parameters" to Java 8 back in 2014 to
> have parameter names available at runtime. In 2021, backward
> compatibility of the bytecode-related tools should not be a big problem,
> so maybe to simplify the things, it could be enabled by default?
There was never a compatibility problem with including the
MethodParameters attribute in a class file, which is what `javac
-parameters` does.
The attribute was excluded for reasons of policy, which largely still
apply. As I wrote in May 2013 when someone asked "JEP-118: Why are
parameter names not mandatory?" [1]:
"The bottom line is that for every programmer you please by including
parameter names by default, you intensely anger another. Some people
dislike the extra class file size; some dislike the new compatibility
surface; some regard it as exposing sensitive information."
[1]
https://mail.openjdk.java.net/pipermail/enhanced-metadata-spec-discuss/2013-May/000200.html
Quoting from the referenced PDF, now at [2]:
"Oracle believes the ability to retrieve parameter names at run time
loses much of its value if parameters are "opted out" of class file
storage by default, and instead have to "opt in" by some syntactic
means. Unfortunately, the static and dynamic footprint of storing
parameter names will be an unwelcome surprise for many class file
producers and consumers. Also, storing parameter names by default means
that new information will be exposed about security-sensitive methods,
e.g. parameter names like `secret` or `password`. In light of these
concerns, Oracle in Java SE 8 will consider parameter names as "opted
out" of class file storage by default."
[2] https://cr.openjdk.java.net/~abuckley/jep120/8misc.pdf
Alex
More information about the jdk-dev
mailing list