On Nov 1, 2016, at 12:02 PM, Andrew Dinn <ad...@redhat.com> wrote: > > I did actually suggest a way of avoiding the use of Unsafe. You give > your nominated module full reflective access to java.lang.invoke > allowing it to create Lookup instances (it can actually just create a > single all privileges lookup and use this to clone others). You don't > need to insert a class into java.lang.invoke to do this. You simply add > one exports directive on the command line.
The weak link in this otherwise robust scheme is the use of a command line option to break into the jli package. Breaking in by the back door is awkward and might not deliver the desired Lookup if jli code changes. And it probably will, over time. Using the break-in is a good Proof of concept but the finished product needs to use a real API provided by the JDK, and using a wormhole Lookup actually provided by a cooperating jli. I look forward to such a thing in a future JDK. Perhaps the right surface shape for moderate reflection is Maurizios "reflection manifesto" API, which is completely interface driven. This means a meta-CE with full deep access could mock up a "reflection manifesto" implementation which would expose exactly the right moderate surface area, as negotiated with the target module. Just an idea… – John
