-
Enhancement
-
Resolution: Unresolved
-
P4
-
9, 11, 17, 21, 24
This issue was reported by Aaron Sheldon (asheldon@amazon.com).
`javac` has always used both, `-classpath` and `-sourcepath` for locating type information (see [Searching for Types](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/javac.html#BHCJJJAJ) for JDK 8 and [Searching for Module, Package and Type Declarations](https://docs.oracle.com/en/java/javase/21/docs/specs/man/javac.html#searching-for-module-package-and-type-declarations) for JDK 9+). The documentation clearly states that:
- *If the `-sourcepath` option is not specified, then the user class path is also searched for source files.* (for JDK 8) and
- *If not compiling code for modules, if the `--source-path` or `-sourcepath` option is not specified, then the user class path is also searched for source files.* (for JDK 9+)
The `javac` documentation (for both JDK and JDK 9+) also clearly warns about class recompilation if the source file for a class is found in addition to it's `.class` file:
> *Note: Classes found through the class path might be recompiled when their source files are also found.*
However, nowadays many Java applications depend on dozens if not hundreds of dependencies which are automatically downloaded from repositories like Maven Central during the build process. If these dependencies (on purpose or accidentally) contain Java source files in addition to the expected `.class` files, then compiled version of these Java source files can silently end up in the local build artifacts and hide/shadow the original classes from the dependencies (or from an upgraded version of the dependencies) when deployed. While this problem can be mitigated by using the `-implicit:none` command line option, the option is not the default and seldomly used:
> *Controls the generation of class files for implicitly loaded source files. To automatically generate class files, use -implicit:class. To suppress class file generation, use -implicit:none. If this option is not specified, then the default is to automatically generate class files.*
I think it would be helpful to issue a warning if source files from the classpath get implicitly compiled to classes on the local class destination directory (i.e. `-d`) with a hint that `-implicit:none` can be used to mitigate the problem. Explicitly setting `-implicit:class` on the command line should disable the warning.
`javac` has always used both, `-classpath` and `-sourcepath` for locating type information (see [Searching for Types](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/javac.html#BHCJJJAJ) for JDK 8 and [Searching for Module, Package and Type Declarations](https://docs.oracle.com/en/java/javase/21/docs/specs/man/javac.html#searching-for-module-package-and-type-declarations) for JDK 9+). The documentation clearly states that:
- *If the `-sourcepath` option is not specified, then the user class path is also searched for source files.* (for JDK 8) and
- *If not compiling code for modules, if the `--source-path` or `-sourcepath` option is not specified, then the user class path is also searched for source files.* (for JDK 9+)
The `javac` documentation (for both JDK and JDK 9+) also clearly warns about class recompilation if the source file for a class is found in addition to it's `.class` file:
> *Note: Classes found through the class path might be recompiled when their source files are also found.*
However, nowadays many Java applications depend on dozens if not hundreds of dependencies which are automatically downloaded from repositories like Maven Central during the build process. If these dependencies (on purpose or accidentally) contain Java source files in addition to the expected `.class` files, then compiled version of these Java source files can silently end up in the local build artifacts and hide/shadow the original classes from the dependencies (or from an upgraded version of the dependencies) when deployed. While this problem can be mitigated by using the `-implicit:none` command line option, the option is not the default and seldomly used:
> *Controls the generation of class files for implicitly loaded source files. To automatically generate class files, use -implicit:class. To suppress class file generation, use -implicit:none. If this option is not specified, then the default is to automatically generate class files.*
I think it would be helpful to issue a warning if source files from the classpath get implicitly compiled to classes on the local class destination directory (i.e. `-d`) with a hint that `-implicit:none` can be used to mitigate the problem. Explicitly setting `-implicit:class` on the command line should disable the warning.
- relates to
-
JDK-8338675 javac shouldn't silently change .jar files on the classpath
-
- Open
-
-
-
- Open
-