Java UNSAFE class, does it make Java unsafe?

Photo by iMattSmart on Unsplash

Java, released in 1995, has evolved widely in the past 2-centuries. Currently, Java follows two types of release cycles:- (1) a 6-month rapid release cycle (since Java 10) and (2) a new LTS release cycle every two years that brings us updates and performance improvements.

All the changes carried out by Java are by default of a safe nature i.e. they are designed in such a way that all the operations follow several aspects of the Java programming environment and its runtime environment. That includes, and, is not limited to, safe usage for Memory Management, Type Safety, Security, exception handling, concurrency control, and no explicit pointer.

UNSAFE is a class in Java that provides access to underlying low-level operations that are not provided by the Java APIs. It bypasses the checks that make Java of a safe nature. The below figure shows us a high-level workflow of using standard Java APIs vs using Unsafe.

fig (a) Using standard Java APIs vs Using Unsafe

Unsafe class is widely being used by developers across the world to access internal data structures and improve application performance. As the name suggests, although there are benefits, it comes with its own potential drawbacks.

As per Oracle “Just because you can break the rules, doesn’t mean you should break the rules — unless you have a good reason.”

So let’s discuss some of its benefits and drawbacks.

Benefits:-

1. It can be used to access off-heap memory i.e. outside Java heap and this helps to achieve more fine-grained control as the off-heap memory is never garbage collected.
2. Can be used to get access to a class object without running its constructor. (Yes you hear it right!)
3. Has direct access to the memory and can be used for read and write operations.
4. As we can manipulate the memory it can be therefore be used to fine-grain the data structures and improve its performance.

Drawbacks:-

1. As we are controlling the memory, it can lead to memory leaks.
2. It can be used for serialization and deserialization.
3. Memory corruption
4. Security vulnerabilities

There are other countless benefits and drawbacks of using UNSAFE.

Oracle itself doesn’t promote usage of unsafe classes, In fact, UNSAFE when it was first available in Java 1.4(sun.misc.Unsafe), was just released as a part of internal usage. Over time, developers began utilizing it, and now many Java applications rely on it. Discussions have highlighted concerns about potential misuse and its impact on Java application stability and security. In Java 11, Oracle made changes and deprecated some methods, moving them to two separate classes: jdk.internal.misc.Unsafe (in java.base) and sun.misc.Unsafe (in jdk.unsupported). Removing the Unsafe class currently poses challenges as it would affect the functionality of numerous Java applications.

Thanks for reading this article so far. If you liked the article then please share it with your friends and colleagues(especially the Java nerds ;p). If you have any questions please feel free to shoot them in the comments section below.