It is mandatory to handle checked exceptions in Java. The compiler enforces this rule by making sure that every possible checked exception is either declared using the throws clause or handled within a try-catch block. Unfortunately, this guarantee does not carry over to the JVM runtime environment, depriving the caller from gleaning critical information about the exceptions that the callee is capable of throwing.
Checked exceptions can be thought of as a checklist of unusual events that can be handled during program execution whereas unchecked exceptions involve programming mistakes that should be caught early, without relying on expecting the Java runtime to make stage a recovery. Undeclared checked exceptions resemble the latter in behavior since as the compiler does not force the programmer to handle them.
...
Clients or callers are expected to know the exceptions that the underlying code can throw. For this reason, developers must sufficiently document all possible checked exceptions. Undeclared checked exceptions are a special class of exceptions that need diligent documentation. Security critical software must almost always make this contract explicit. Yet another difficulty in dealing with them is that sensitive exceptions cannot be sanitized before delivery, in the absence of a dedicated exception reporter. Ideally, undeclared checked exceptions should be avoided.
...
This noncompliant code example uses the sun.misc.Unsafe class. All sun.* classes are not documented on purpose since because using them can cause portability and backward compatibility issues. This noncompliant code fragment example proves risky not only from this standpoint; its malevolence is aggravated with the capability of throwing by its capacity to throw undeclared checked exceptions.
A class that is loaded by the bootstrap class loader has the authority to call the static factory method Unsafe.getUnsafe(). An average developer would not may be able unable to fulfill this requirement unless the sun.boot.class.path system property is modified. One alternative is to change the accessibility of the field that holds an instance of Unsafe using reflection. This is only possible if the current security manager allows it (by violating ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks). To throw an undeclared checked exception, the caller just needs to use the Unsafe.throwException() method.
...
Any checked exception that is thrown by the default constructor of Class.NewInstance() gets propagated even if it is not declared explicitly. On the contrary, the java.lang.reflect.Constructor.NewInstance() method wraps any exceptions thrown from within the constructor into a checked exception called InvocationTargetException.
...
Compliant Solution
| Wiki Markup |
|---|
Prefer the method {{Constructor.newInstance()}} over {{Class.newInstance()}}. An alternative is to use the builder interface recommended by \[[Bloch 08|AA. Java References#Bloch 08]\]. |
...
For further details on implementing the builder pattern, refer to OBJ32-J. Do not allow partially initialized objects to be accessed. In the example describe described in that rule, the Currency.Builder class must implement the Builder interface highlighted in this recommendation.
...
Noncompliant Code Example
| Wiki Markup |
|---|
According to the Java \[[API 06|AA. Java References#API 06]\], class {{Thread}} documentation, |
...
| Wiki Markup |
|---|
It is also possible to disassemble a class, remove any declared checked exceptions and reassemble the class so that checked exceptions are thrown at runtime when this class is used \[[Roubtsov 03|AA. Java References#Roubtsov 03]\]. Simply, compiling against a class that declares the checked exception and supplying one at runtime that doesn't, also suffices. Similarly, a different compiler than {{javac}} might handle checked exceptions differently. Yet another way is to furtively use the {{sun.corba.Bridge}} class. All these methods are strongly discouraged. |
...
Failure to document undeclared checked exceptions can lead to result in checked exceptions that the caller is unprepared to handle.
...