The future of Serialization
Peter Firmstone
peter.firmstone at zeus.net.au
Mon Aug 11 12:06:48 UTC 2014
Thanks Alan, I can relate to time poverty :)
I might be assuming too much, but if there's interest in doing something
with Serialization, I'd be interested in learning about plans or
difficulties involved in deserialization and modules. It can be a
little more difficult to find the correct ClassLoader to resolve classes
during deserialization when ClassLoader relationships aren't
hierarchial. Object streams can be annotated with module information to
assist resolution.
On the subject of isolates, I found Ribbons interesting:
https://www.cs.purdue.edu/homes/peugster/Ribbons/RJ.pdf
https://www.cs.purdue.edu/homes/peugster/Ribbons/
Got any links to info on extending access control rules?
Regards,
Peter.
On 11/08/2014 9:21 PM, Alan Bateman wrote:
> On 09/08/2014 06:56, Peter Firmstone wrote:
>>
>> I've noticed there's not much interest in improving Serialization on
>> these lists. This makes me wonder if java Serialization has lost
>> relevance in recent years with the rise of protocol buffers apache
>> thrift and other means of data transfer over byte streams.
>>
> Just to add to Brian's comments, I think part of it is that many
> people are busy with other things, preparing for JDK 9 for example. So
> I think there is a lot of support for investigation and proposals that
> would improve things, it's just that some people are too busy to respond.
>
>
>>
>> I don't know if isolates will be included with JDK 9 for Jigsaw, or
>> whether ClassLoaders alone will provide isolation for modules.
>>
>> The ability to limit visibility and provide isolation of
>> implementation classes as well as providing limits on memory and
>> threads for isolated modules would also improve platform security.
>>
> If by "isolates" you mean JSR 121 then I think that would be well
> beyond the scope, as would resource management. This isn't really the
> thread to discuss how module boundaries will work but just to say that
> class loaders and visibility can be weak when it comes to module
> boundaries. There are other options available, particularly when the
> ability to extend the access control rules are on the table. So I
> would suggest not making any assumptions here for now.
>
> -Alan.
More information about the core-libs-dev
mailing list