On Mon, 10 Apr 2023 04:28:34 GMT, Chen Liang <li...@openjdk.org> wrote:
> nobody actually trusts this contract I guess not every place should not trust this contract. Where should we distrust contracts and use defensive programming? For example, the constructor of `ArrayList` that accepts `Collection` should not trust the `toArray` method of unknown collections. Because if the implementation of toArray is incorrect, trusting its return value will cause errors may occur in other subsequent places, rather than during the call to the constructor. But this dangerous situation does not occur with the join method, as it does not leak the results of `toArray` to other places. If the implementation of `toArray` is incorrect, then the `join` method is not correct for it. This phenomenon is reasonable and acceptable, as long as the error does not occur outside of the join method. ------------- PR Comment: https://git.openjdk.org/jdk/pull/13383#issuecomment-1501384516
