RFR: 8355379: Annotate lazy fields in java.security @Stable
Per Minborg
pminborg at openjdk.org
Wed Jun 4 11:39:18 UTC 2025
On Fri, 23 May 2025 04:54:26 GMT, Koushik Muthukrishnan Thirupattur <duke at openjdk.org> wrote:
> Several classes in the `java.security` package lazily compute their hash value and store it in a field. These fields can typically be annotated with the `@Stable` annotation. Many of the current implementations are using -1 as a flag for not computed, this needs to be refactored away.
>
> Here are some examples of such classes: PKCS12Attribute, Timestamp, Certificate, and URICertStoreParameters.
I think we should add tests that seralizes/deserializes objects several times to make sure the hash code works as expected here.
src/java.base/share/classes/java/security/CodeSigner.java line 172:
> 170: throw new InvalidObjectException("signerCertPath is null");
> 171: }
> 172: myhash = 0;
I do not think we can use `@Stable` for this class, as `readObject()` can be called multiple times on an object.
src/java.base/share/classes/java/security/Timestamp.java line 179:
> 177: throw new InvalidObjectException("Invalid null field(s)");
> 178: }
> 179: myhash = 0;
Same here.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/25405#issuecomment-2939685005
PR Review Comment: https://git.openjdk.org/jdk/pull/25405#discussion_r2126373067
PR Review Comment: https://git.openjdk.org/jdk/pull/25405#discussion_r2126374887
More information about the security-dev
mailing list