Re: trySetAccessible​

[Russell Gold]

> On Aug 23, 2017, at 1:49 AM, Alan Bateman <Alan.Bateman at oracle.com> wrote:
> 
> On 16/08/2017 02:09, Russell Gold wrote:
>> :
>> 
>> but:
>> 
>> method.getDeclaringClass().getModule().isOpen("java.io", callingClass.getModule())
>> 		-> true  // which seems to say that it IS open to that particular unnamed module ?!
>> 
>> 
> As Mandy points out, isOpen(String) is used to test if a package is open to all modules. In the example,  java.io is open to all unnamed modules but is not open to all modules.

When you say it is open to all unnamed modules, do you mean open with warnings? How do you declare a module open? I don’t see that in the current module documentation. Why is it only open to unnamed modules, and how can we detect that a warning would be given? Our goal is to avoid the manipulations that will result in warnings (and therefore be forbidden in future versions of Java).

> Is the context CORBA and IIOP deserialization? I'm curious what is interesting in java.io that isn't provided by the updated ReflectionFactory API. As you know, the JDK's java.corba module was updated to use this and so avoids depending on java.io internals.

This is not related to IIOP, but some proprietary deserialization, which was written using some rather nasty manipulations via reflection. The code in question allows us to detect that those tricks won’t work (without warnings), and gracefully degrade to an alternative, albeit slower, implementation. Because of the way it works, ReflectionFactory is insufficient. The goal is to recognize which reflection calls are likely to be permitted, and which are not. It is a step away from the current hack. In practice, it means that it works one way in JDK8 and a different way in JDK9 or later.