On Fri, 20 Sep 2024 22:01:23 GMT, David M. Lloyd <d...@openjdk.org> wrote:
>> Issue [JDK-8164908](https://bugs.openjdk.org/browse/JDK-8164908) added >> support for functionality required to continue to support IIOP and custom >> serializers in light of additional module-based restrictions on reflection. >> It was expected that these libraries would use `sun.misc.Unsafe` in order to >> access fields of serializable classes. However, with JEP 471, the methods >> necessary to do this are being removed. >> >> To allow these libraries to continue to function, it is proposed to add two >> methods to `sun.reflect.ReflectionFactory` which will allow serialization >> libraries to acquire a method handle to generated `readObject`/`writeObject` >> methods which set or get the fields of the serializable class using the >> serialization `GetField`/`PutField` mechanism. These generated methods >> should be used by serialization libraries to serialize and deserialize >> classes which do not have a `readObject`/`writeObject` method or which use >> `ObjectInputStream.defaultReadObject`/`ObjectOutputStream.defaultWriteObject` >> to supplement default serialization. >> >> It is also proposed to add methods which allow for the reading of >> serialization-specific private static final fields from classes which have >> them. >> >> With the addition of these methods, serialization libraries no longer need >> to rely on `Unsafe` for serialization/deserialization activities. >> cc: @AlanBateman > > David M. Lloyd has updated the pull request incrementally with one additional > commit since the last revision: > > Address review feedback src/java.base/share/classes/java/io/ObjectStreamReflection.java line 98: > 96: } > 97: streamClass.setPrimFieldValues(obj, bytes); > 98: streamClass.checkObjFieldValueTypes(obj, objs); Please move to before setting the primitive fields. If an exception occurs, none of the field accesses should have been done. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/19702#discussion_r1771696354
