On Wed, 11 Jan 2023 22:40:43 GMT, Archie L. Cobbs <d...@openjdk.org> wrote:
> > D'oh, you're right. But if you made `returnMe()` static or private then the > argument would still hold. > > > And, if the method is static, same story - you are passing ref3 somewhere > > else, and ref3 potentially contains this. > > Not true... static methods are safe to "invoke" because they can't be > overridden. When the analyzer "invokes" the method, it will see that all it > does with its parameter is return it. > So, for static methods, it could go down two ways: either we don't even look at referenced method bodies, give up and just declare "sorry, escaping". Or, if we look into method bodies, and see that the relationship between inner and outer parameter is as simple, it's just like assignment again: ref1 -> ref2 -> ref3 -> x -> ref4 > But I don't really have an analysis of all the trade-offs. Really, at a > certain point I stumbled on what I thought was a fairly straightforward way > to achieve a good false negative rate and a very low false positive rate, > without a lot of work. And frankly at that point I stopped caring about the > question you're asking, although I agree it's certainly interesting from an > academic point of view (I'm a practical person). The reason I'm asking these questions is that I'm trying to understand which ingredients went into the analysis and why, in order to try and build a mental problem of what the problem that needs to be solved is, what are the constraints, etc. I'm also a practical person :-) and I often find it easier to understand a piece of code if I know some of the reasoning that went behind it, or what's the behavior supposed to be. I do not know, off-hands, whether there is a simpler solution - I was mostly probing for war stories of the kind "I tried X and I got Y", and I apologize if that came off the wrong way. ------------- PR: https://git.openjdk.org/jdk/pull/11874
