RFR [9] 8138978: Examine usages of sun.misc.IOUtils

Chris Hegarty chris.hegarty at oracle.com
Thu Oct 8 22:18:38 UTC 2015


> On 8 Oct 2015, at 13:34, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> Looks fine to me, though I have one question below.

Thanks for looking at this Sean.

> On 10/7/15 2:19 PM, Chris Hegarty wrote:
>> This primary motivation behind this bug [1] is the clearing out of
>> sun.misc, in preparation for JEP 260 [2].
>> 
>> sun.misc.IOUtils is a JDK internal convenience utility class that
>> provides a single method that offers bulk blocking InputStream read
>> semantics. In 9, java.io.InputStream has been retrofitted with two
>> methods that provide similar, but not quite the same, functionality,
>> readNBytes and readAllBytes, see JDK-8080835 [3].
>> 
>> There are a number of places where IOUtils can be replaced with the
>> appropriate supported API, readNBytes or readAllBytes.
>> 
>> There are a number of places, mainly in the security implementation,
>> that required to read a specific number of bytes ( not to end of
>> stream ), where it is preferable to not preallocate the byte[] and
>> allow it to "grow" lazily, to be defensive against protocol errors.
>> These cases cannot use read[N|All]Bytes, so it makes sense to retain
>> IOUtils but locate it in a package, sun.security.util, that makes it
>> clear who its primary consumer is.
> 
> Would it make sense to add a method to InputStream that provides that functionality the security classes need?

I filed 8139206 to track this.

-Chris.

[1] https://bugs.openjdk.java.net/browse/JDK-8139206

> --Sean
> 
>> 
>> http://cr.openjdk.java.net/~chegar/8138978/webrev.00/jdk/
>> http://cr.openjdk.java.net/~chegar/8138978/webrev.00/hotspot/
>> 
>> -Chris.
>> 
>> [1] https://bugs.openjdk.java.net/browse/JDK-8138978
>> [2] https://bugs.openjdk.java.net/browse/JDK-8132928
>> [3] https://bugs.openjdk.java.net/browse/JDK-8080835
>> 




More information about the security-dev mailing list