<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Security libs team,<br>
<br>
Over on core-libs, the Class.newInstance method is up for
deprecation since it does not obey the general checked exceptions
contract.<br>
<br>
Please review the security-libs portion of<br>
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~darcy/6850612.0/">http://cr.openjdk.java.net/~darcy/6850612.0/</a><br>
<br>
Generally a new variable was introduced to host the
Class.newInstance call so that the minimal-size region would be
affected by the @SuppressWarnings("deprecation") annotation.<br>
<br>
Thanks,<br>
<br>
-Joe<br>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>Re: JDK 9 pre-review of JDK-6850612: Deprecate
Class.newInstance since it violates the checked exception
language contract</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Thu, 21 Apr 2016 09:25:27 -0700</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>joe darcy <a class="moz-txt-link-rfc2396E" href="mailto:joe.darcy@oracle.com"><joe.darcy@oracle.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Organization:
</th>
<td>Oracle Corporation</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td>core-libs-dev <a class="moz-txt-link-rfc2396E" href="mailto:core-libs-dev@openjdk.java.net"><core-libs-dev@openjdk.java.net></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>Hello,
After a generally positive reception, please review the webrev to
implement the deprecation of Class.newInstance and the suppression of
the resulting warnings:
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~darcy/6850612.0/">http://cr.openjdk.java.net/~darcy/6850612.0/</a>
There are also some changes in the langtools repo; I'll send a separate
review request for those changes to compiler-dev.
I'll also forward this review request to other areas with affected code.
Thanks,
-Joe
On 4/17/2016 10:31 AM, joe darcy wrote:
> Hello,
>
> With talk of deprecation in the air [1], I thought it would be a fine
> time to examine one of the bugs on my list
>
> JDK-6850612: Deprecate Class.newInstance since it violates the
> checked exception language contract
>
> As the title of the bug implies, The Class.newInstance method
> knowingly violates the checking exception contract. This has long been
> documented in its specification:
>
>> Note that this method propagates any exception thrown by the nullary
>> constructor, including a checked exception. Use of this method
>> effectively bypasses the compile-time exception checking that would
>> otherwise be performed by the compiler. The Constructor.newInstance
>> method avoids this problem by wrapping any exception thrown by the
>> constructor in a (checked) InvocationTargetException.
>
> Roughly, the fix would be to turn the text of this note into the
> @deprecated text and to add a @Deprecated(since="9") annotation to the
> method. There are a few dozen uses of the method in the JDK that would
> have to be @SuppressWarning-ed or otherwise updated.
>
> Thoughts on the appropriateness of deprecating this method at this time?
>
> Comments on the bug have suggested that besides deprecating the
> method, a new method on Class could be introduced,
> newInstanceWithProperExceptionBehavior, that had the same signature
> but wrapped exceptions thrown by the constructor call in the same way
> Constructor.newInstance does.
>
> Thanks,
>
> -Joe
>
> [1]
> <a class="moz-txt-link-freetext" href="http://mail.openjdk.java.net/pipermail/core-libs-dev/2016-April/040192.html">http://mail.openjdk.java.net/pipermail/core-libs-dev/2016-April/040192.html</a>
</pre>
<br>
</div>
<br>
</body>
</html>