RFR [9] 8138978: Examine usages of sun.misc.IOUtils

Sean Mullan sean.mullan at oracle.com
Thu Oct 8 12:34:00 UTC 2015

Looks fine to me, though I have one question below.

On 10/7/15 2:19 PM, Chris Hegarty wrote:
> This primary motivation behind this bug [1] is the clearing out of
> sun.misc, in preparation for JEP 260 [2].
> sun.misc.IOUtils is a JDK internal convenience utility class that
> provides a single method that offers bulk blocking InputStream read
> semantics. In 9, java.io.InputStream has been retrofitted with two
> methods that provide similar, but not quite the same, functionality,
> readNBytes and readAllBytes, see JDK-8080835 [3].
> There are a number of places where IOUtils can be replaced with the
> appropriate supported API, readNBytes or readAllBytes.
> There are a number of places, mainly in the security implementation,
> that required to read a specific number of bytes ( not to end of
> stream ), where it is preferable to not preallocate the byte[] and
> allow it to "grow" lazily, to be defensive against protocol errors.
> These cases cannot use read[N|All]Bytes, so it makes sense to retain
> IOUtils but locate it in a package, sun.security.util, that makes it
> clear who its primary consumer is.

Would it make sense to add a method to InputStream that provides that 
functionality the security classes need?


> http://cr.openjdk.java.net/~chegar/8138978/webrev.00/jdk/
> http://cr.openjdk.java.net/~chegar/8138978/webrev.00/hotspot/
> -Chris.
> [1] https://bugs.openjdk.java.net/browse/JDK-8138978
> [2] https://bugs.openjdk.java.net/browse/JDK-8132928
> [3] https://bugs.openjdk.java.net/browse/JDK-8080835

More information about the security-dev mailing list