Fwd: Re: JDK 9 pre-review of JDK-6850612: Deprecate Class.newInstance since it violates the checked exception language contract
joe.darcy at oracle.com
Thu Apr 21 16:31:32 UTC 2016
Security libs team,
Over on core-libs, the Class.newInstance method is up for deprecation
since it does not obey the general checked exceptions contract.
Please review the security-libs portion of
Generally a new variable was introduced to host the Class.newInstance
call so that the minimal-size region would be affected by the
-------- Forwarded Message --------
Subject: Re: JDK 9 pre-review of JDK-6850612: Deprecate
Class.newInstance since it violates the checked exception language contract
Date: Thu, 21 Apr 2016 09:25:27 -0700
From: joe darcy <joe.darcy at oracle.com>
Organization: Oracle Corporation
To: core-libs-dev <core-libs-dev at openjdk.java.net>
After a generally positive reception, please review the webrev to
implement the deprecation of Class.newInstance and the suppression of
the resulting warnings:
There are also some changes in the langtools repo; I'll send a separate
review request for those changes to compiler-dev.
I'll also forward this review request to other areas with affected code.
On 4/17/2016 10:31 AM, joe darcy wrote:
> With talk of deprecation in the air , I thought it would be a fine
> time to examine one of the bugs on my list
> JDK-6850612: Deprecate Class.newInstance since it violates the
> checked exception language contract
> As the title of the bug implies, The Class.newInstance method
> knowingly violates the checking exception contract. This has long been
> documented in its specification:
>> Note that this method propagates any exception thrown by the nullary
>> constructor, including a checked exception. Use of this method
>> effectively bypasses the compile-time exception checking that would
>> otherwise be performed by the compiler. The Constructor.newInstance
>> method avoids this problem by wrapping any exception thrown by the
>> constructor in a (checked) InvocationTargetException.
> Roughly, the fix would be to turn the text of this note into the
> @deprecated text and to add a @Deprecated(since="9") annotation to the
> method. There are a few dozen uses of the method in the JDK that would
> have to be @SuppressWarning-ed or otherwise updated.
> Thoughts on the appropriateness of deprecating this method at this time?
> Comments on the bug have suggested that besides deprecating the
> method, a new method on Class could be introduced,
> newInstanceWithProperExceptionBehavior, that had the same signature
> but wrapped exceptions thrown by the constructor call in the same way
> Constructor.newInstance does.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security-dev