On Wed, May 8, 2013 at 5:30 PM, Mike Duigou <mike.dui...@oracle.com> wrote:
> AbstractStringBuilder:: > > - The impls like insert(int dstOffset, CharSequence s) makes me slightly > uneasy because the private value field escapes to an unknown class. Who > knows what evil (or foolishness) could result? > There is an eternal debate about how much trust to put into these APIs. We have the analogous issue on input where we e.g. call someCollection.toArray() and depend on the collection not to retain a pointer to the array. We do not in general try to protect all of our objects against such abuse, with the exception of String, for which guarantee iron immutability (not counting reflection or Unsafe). Otherwise, we'd have to do the usual do-we-trust-them dance with: if no security manager or caller class is trusted boot class then do the fast thing. But I'd prefer to keep the code as I have it.
