Core Java

Teenage Sex and What the sun.misc.Unsafe Misery Teaches Us Generally

Lukas Eder wrote an article about the miseries of the proposed drop off of sun.misc.Unsafe. If you have not heard that Oracle will remove the internal sun.misc.Unsafe class in Java 9 then read the article of Lukas and follow some of the links he provides at your discretion. His article is about what we learn from this happening.

sun.misc.Unsafe is a class available in most of the Java implementations delivering some “unsafe” functionality that are not available in other ways. These functions are not part of the specification and are not guaranteed to be available. They just happen to be there and are available via some nasty reflection hack. In other words: you should not use it, but you can. There are some Java tools that help protect you from using the interface but not too heavily.

Other languages, like Perl do not even have that level of protection. In that language there is no ‘private’, ‘protected’ or other access modifier. What is created in a module it is there. You can use an underscore in front of the method to signal that it is meant to be private but that is more a polite ‘please’ than a harsh ‘though shall not’. The philosophy there says that you won’t come to my bedroom, not because I am standing there with a machine gun, but because going there would not be nice.

What sun.misc.Unsafe misery teaches us is that it does not work. Sorry to say, but it seems you need to have a gun in your hand to prevent library users invading your bedroom. That is also what Lukas suggests: put all your library internal code into a single package and make all package private.

But there are also other approaches. If you look at Jira and Confluence and the extensions you can write you see a different approach. By natural evaluation Jira started small and the designers probably never dreamed about such a huge developer community writing all purpose extensions to their software. They simply did not define an API at all. There were the jar files, the classes in them and extensions were free to invoke any method of any class more or less. The result: every extension had to be tested against each version of the software and when you had an extension working with one of the versions of Jira could not possibly work with the next (minor upgraded) version. Atlassian had a long way to define an API that is stable and is “officially” available for extension modules. Do they put everything else into a single package? I do not think so. Instead they listen to their customers, they have developers forum and they do have empowered employees listening on those channels and understand the needs and their API provides features that are needed by the users.

And this is the more sympathetic approach. If you provide the features that the users of the library need, they won’t bother to go into the bedroom.

If you do not provide the features, they WILL come in. You can not prevent them doing that, just like you can not prevent teenage sex. If you do provide what they need, they will not use forbidden calls no non API classes.

This is actually that Sun and later ORACLE failed to do properly (imho). They did not provide the features and “unsafe” was just there. They warned us many times not to use that, but they failed to tell what to use instead. And now all this falling apart. What will be the consequences?

What I see as most probably scenario is the following:

  • Java 9 will come out without unsafe.
  • Because many libraries use unsafe implementation of Java 9 in the industry will be delayed or skipped totally. The enterprise standard Java version remains 8 (or 7 or 6 in some enterprises) for prolonged time.
  • There will be signs of possible market loss for Java that will drive Oracle to give some solution.
  • There will be some API developed by Oracle providing a limited set of features (most commonly used features) of the current unsafe feature set.
  • Libraries will be modified within few months using the new API.
  • Enterprises will skip to the version that supports the new API.

What I do not expect to change is the attitude of Oracle to customers.

We will see how accurate it was in … two to three years?

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Back to top button