Fwd: Re: JDK 9 pre-review of JDK-6850612: Deprecate Class.newInstance since it violates the checked exception language contract

joe darcy joe.darcy at oracle.com
Thu Apr 21 16:31:32 UTC 2016 

Security libs team,

Over on core-libs, the Class.newInstance method is up for deprecation 
since it does not obey the general checked exceptions contract.

Please review the security-libs portion of

     http://cr.openjdk.java.net/~darcy/6850612.0/

Generally a new variable was introduced to host the Class.newInstance 
call so that the minimal-size region would be affected by the 
@SuppressWarnings("deprecation") annotation.

Thanks,

-Joe


-------- Forwarded Message --------
Subject: 	Re: JDK 9 pre-review of JDK-6850612: Deprecate 
Class.newInstance since it violates the checked exception language contract
Date: 	Thu, 21 Apr 2016 09:25:27 -0700
From: 	joe darcy <joe.darcy at oracle.com>
Organization: 	Oracle Corporation
To: 	core-libs-dev <core-libs-dev at openjdk.java.net>



Hello,

After a generally positive reception, please review the webrev to
implement the deprecation of Class.newInstance and the suppression of
the resulting warnings:

     http://cr.openjdk.java.net/~darcy/6850612.0/

There are also some changes in the langtools repo; I'll send a separate
review request for those changes to compiler-dev.

I'll also forward this review request to other areas with affected code.

Thanks,

-Joe

On 4/17/2016 10:31 AM, joe darcy wrote:
> Hello,
>
> With talk of deprecation in the air [1], I thought it would be a fine
> time to examine one of the bugs on my list
>
>     JDK-6850612: Deprecate Class.newInstance since it violates the
> checked exception language contract
>
> As the title of the bug implies, The Class.newInstance method
> knowingly violates the checking exception contract. This has long been
> documented in its specification:
>
>> Note that this method propagates any exception thrown by the nullary
>> constructor, including a checked exception. Use of this method
>> effectively bypasses the compile-time exception checking that would
>> otherwise be performed by the compiler. The Constructor.newInstance
>> method avoids this problem by wrapping any exception thrown by the
>> constructor in a (checked) InvocationTargetException.
>
> Roughly, the fix would be to turn the text of this note into the
> @deprecated text and to add a @Deprecated(since="9") annotation to the
> method. There are a few dozen uses of the method in the JDK that would
> have to be @SuppressWarning-ed or otherwise updated.
>
> Thoughts on the appropriateness of deprecating this method at this time?
>
> Comments on the bug have suggested that besides deprecating the
> method, a new method on Class could be introduced,
> newInstanceWithProperExceptionBehavior, that had the same signature
> but wrapped exceptions thrown by the constructor call in the same way
> Constructor.newInstance does.
>
> Thanks,
>
> -Joe
>
> [1]
> http://mail.openjdk.java.net/pipermail/core-libs-dev/2016-April/040192.html



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20160421/f5cecffa/attachment.htm>

More information about the security-dev mailing list