Not sure about the safety of the computeIfAbsent/computeIfPresent approach, as I don't have any experience with it, but doesn't CHMV8 use unsafe operations that prevent us from using in SecurityManager scenarios?

I'll have to check.

It does use Unsafe. This isn't really a security manager problem though because you just need the permission to access a protected field, which we usually always need anyway. The bigger problem is portability, although all known JDKs have these Unsafe classes, because they all use the same concurrent impl code. That said, you can be 100% sure by simply making a version that uses AtomicFieldUpdaterXXX, extending AtomicXXX, and using other constructs and using that as the fall back version. That's what I do anyway :)