RFR: 8307575: Migrate the serialization constructor accessors to Method Handles [v2]
Chen Liang
liach at openjdk.org
Sun May 7 13:36:16 UTC 2023
> Apparently method handle linking doesn't impose extra checks on constructor invocation, so the special logic for the serialization constructor to call superclass constructor in MagicAccessorImpl can be removed altogether with old core reflection implementation.
>
> Serialization and sun.reflect.ReflectionFactory tests pass. May be worth to think about the long-term treatment of ReflectionFactory.newConstructorForSerialization, as creating partial object is inherently unsafe, and behavior of `newConstructorForSerialization(ArrayList.class, String.class.getDeclaredConstructor(String.class))` etc. (which is accepted for now) may have unpredictable side effects.
>
> #1830 has a similar patch; this one doesn't touch proxies and updates to the new post-JEP 416 reflection implementation.
Chen Liang has updated the pull request incrementally with one additional commit since the last revision:
Remove invalid assertion (via sun.reflect.ReflectionFactory)
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/13853/files
- new: https://git.openjdk.org/jdk/pull/13853/files/64a8f518..3a0393a9
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=13853&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=13853&range=00-01
Stats: 2 lines in 1 file changed: 0 ins; 1 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/13853.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/13853/head:pull/13853
PR: https://git.openjdk.org/jdk/pull/13853
More information about the security-dev
mailing list