RFR: 8248862: Implement Enhanced Pseudo-Random Number Generators [v3]
Rémi Forax
github.com+828220+forax at openjdk.java.net
Wed Nov 25 13:54:05 UTC 2020
On Wed, 25 Nov 2020 13:09:03 GMT, Jim Laskey <jlaskey at openjdk.org> wrote:
>> This PR is to introduce a new random number API for the JDK. The primary API is found in RandomGenerator and RandomGeneratorFactory. Further description can be found in the JEP https://openjdk.java.net/jeps/356 .
>>
>> javadoc can be found at http://cr.openjdk.java.net/~jlaskey/prng/doc/api/java.base/java/util/random/package-summary.html
>>
>> old PR: https://github.com/openjdk/jdk/pull/1273
>
> Jim Laskey has updated the pull request incrementally with one additional commit since the last revision:
>
> 8248862: Implement Enhanced Pseudo-Random Number Generators
>
> Changes to RandomGeneratorFactory requested by @PaulSandoz
src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 151:
> 149: if (fm == null) {
> 150: synchronized (RandomGeneratorFactory.class) {
> 151: if (RandomGeneratorFactory.factoryMap == null) {
if `RandomGeneratorFactory.factoryMap` is not null, it returns null because the value is not stored in fm.
Please use the class holder idiom (cf Effective Java) instead of using the double-check locking pattern.
src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 157:
> 155: .stream()
> 156: .filter(p -> !p.type().isInterface())
> 157: .collect(Collectors.toMap(p -> p.type().getSimpleName().toUpperCase(),
toUpperCase() depends on the Locale !
src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 175:
> 173: if (props == null) {
> 174: synchronized (provider) {
> 175: if (properties == null) {
same issue with the double check locking
src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 177:
> 175: if (properties == null) {
> 176: try {
> 177: Method getProperties = provider.type().getDeclaredMethod("getProperties");
Is it not a better way than using reflection here ?
src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 180:
> 178: PrivilegedExceptionAction<Map<RandomGeneratorProperty, Object>> getAction = () -> {
> 179: getProperties.setAccessible(true);
> 180: return (Map<RandomGeneratorProperty, Object>)getProperties.invoke(null);
Given that we have no control over the fact that the method properties() doesn't return a Map of something else, this unsafe cast seems dangerous (from the type system POV).
Having a type representing a reified version of the Map may be a better idea
-------------
PR: https://git.openjdk.java.net/jdk/pull/1292
More information about the security-dev
mailing list