[External] : Re: New candidate JEP: 471: Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal
Alan Bateman
Alan.Bateman at oracle.com
Tue May 14 14:02:04 UTC 2024
On 14/05/2024 14:42, David Lloyd wrote:
> :
>
> I'm well aware of these arguments, as I was present when they were
> devised (and have the scars - and jpms-spec-experts membership - to
> prove it). As I said, I fully support the goal of integrity by default.
>
> However neither of these points really addresses the problem at hand.
> In particular, ReflectionFactory does not relate specifically to
> serializing JDK classes; it presently provides access to serialization
> constructors and (lately) the non-public serialization spec methods
> for *all* classes. It does not address the problem of field access in
> any way.
>
> :
>
> ReflectionFactory allows access to serialization facilities without
> any access checking (other than the defunct SecurityManager checks).
> Perhaps this class could gain some more methods, like this:
>
> * `newGetterForSerialization(Field field)` - includes ability to
> access `objectStreamFields` and `serialVersionUID`, or these could be
> separate methods
> * `newSetterForSerialziation(Field field)`
>
> Does this seem workable?
>
The intention with ReflectionFactory is that serialization libraries go
through the readObject/writeObject and other magic methods, to avoid
field access.
Probably best to being this to core-libs-dev for further discussion.
-Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/jdk-dev/attachments/20240514/062cb3b7/attachment.htm>
More information about the jdk-dev
mailing list