JDK 14 RFR of JDK-8202385: Annotation to mark serial-related fields and methods

Roger Riggs Roger.Riggs at oracle.com
Thu Aug 8 14:13:21 UTC 2019 

Hi Joe,

Looks good, thanks for the updates.

Roger


On 8/6/19 4:04 PM, Joe Darcy wrote:
> Hi Roger,
>
> Revised webev
>
>     http://cr.openjdk.java.net/~darcy/8202385.5/
>
> Diff of last two versions below. To ease review, I elected not to 
> reflow the paragraphs at this time to reduce the number of lines of 
> differences between the two versions.
>
> Several platform annotation types start there javadoc with 
> "Indicates..." so I kept that pattern.
>
> It is true the serialization-defined fields and methods are accessed 
> reflectively and may not be otherwise accessed. That seems more 
> relevant to emphasize in the serialization spec itself, but it may be 
> helpful to note here so I added one as requested.
>
> Cheers,
>
> -Joe
>
> 31c31
> <  * Indicates that a field or method is related to the {@linkplain
> ---
> >  * Indicates that an annotated field or method is part of the 
> {@linkplain
> 37c37,40
> <  * validate method overriding.
> ---
> >  * validate method overriding. {@code Serializable} classes are 
> encouraged to
> >  * use <code>@Serial</code> annotations to help a compiler catch
> >  * mis-declared serialization-related fields and methods,
> >  * mis-declarations that my otherwise be difficult to detect.
> 39c42
> <  * <p>Specifically, annotations of this type are intended to be
> ---
> >  * <p>Specifically, annotations of this type should be
> 59c62
> <  * A compiler can validate that a method or field marked with a
> ---
> >  * Compilers are encouraged to validate that a method or field 
> marked with a
> 61c64,65
> <  * methods or fields declared in a meaningful context.
> ---
> >  * methods or fields declared in a meaningful context and issue a 
> warning
> >  * if that is not the case.
> 86a91,94
> >  *
> >  * Note that serialization mechanism accesses its designated fields
> >  * and methods reflectively and those fields and methods may appear
> >  * otherwise unused in a {@code Serializable} class.
>
> On 8/1/2019 2:40 PM, Roger Riggs wrote:
>> Hi Joe,
>>
>> It would be good to more closely define the semantics of the @Serial 
>> annotation.
>>
>> Suggestion for the first sentence:
>>
>> "@Serial annotates each field or method specified by the <cite>Java 
>> Object Serialization Specification</cite> of a {@linkplain 
>> Serializable serializable} class."
>>
>> This annotation type is intended to allow compile-time checking of 
>> serialization-related declarations, analogous to the checking enabled 
>> by the {@link java.lang.Override} annotation type to validate method 
>> overriding.
>>
>> It would be useful to describe that reflection is used to access and 
>> use the fields and methods and they may  otherwise appear to be unused.
>>
>> A recommendation could be added in an @impleNote to apply @Serial to 
>> each serialization defined method or field.
>>
>> $02, Roger
>>
>> On 7/13/19 1:16 PM, Joe Darcy wrote:
>>> PS I've uploaded an updated an iteration of the webrev
>>>
>>> http://cr.openjdk.java.net/~darcy/8202385.4/
>>>
>>> to address. the syntactic concerns previously raised. I added
>>>
>>>     ...defined by the  <cite>Java Object Serialization 
>>> Specification</cite>...
>>>
>>> which is the current name of the document and is similar to the 
>>> style of reference made in java.io.Serializable. Offhand, I didn't 
>>> know of the correct idiom to refer to the document as a working 
>>> hyperlink, but would be switch to that idiom.
>>>
>>> Cheers,
>>>
>>> -Joe
>>>
>>> On 7/12/2019 8:19 PM, Joe Darcy wrote:
>>>> Hi Roger,
>>>>
>>>> On 7/12/2019 1:31 PM, Roger Riggs wrote:
>>>>> Hi Joe,
>>>>>
>>>>> As an annotation on a field or method, this is a use site annotation.
>>>>
>>>>
>>>> It is an annotation intended for the declarations of fields and 
>>>> methods of Serializable types.
>>>>
>>>>
>>>>> From the description, the checks that could be added would only be 
>>>>> done
>>>>> if the annotation was present and the annotation is a tag for 
>>>>> existing
>>>>> fields and methods that are part of the serialization spec.
>>>>
>>>>
>>>> Right; the annotation is semantically only applicable to the fields 
>>>> and methods associated with the serialization system.
>>>>
>>>>
>>>>>
>>>>> The signatures of the fields and methods can be known to the 
>>>>> compiler independent
>>>>> of the annotation and produce the same warnings.
>>>>> So this looks like a case of trying to have belt and suspenders.
>>>>>
>>>>> If the checks are not done when the annotation is not present, 
>>>>> then it will still be
>>>>> the case that incorrect or misused fields and methods will still 
>>>>> escape detection.
>>>>>
>>>>> Though the details of the compiler check are outside of the scope 
>>>>> of this annotation,
>>>>> it seems unclear whether the annotation is necessary.
>>>>
>>>> I have a prototype annotation processor to implement checks for
>>>>
>>>>     JDK-8202056: Expand serial warning to check for bad overloads 
>>>> of serial-related methods and ineffectual fields
>>>>
>>>> The current version of the processor does not assume the presence 
>>>> of java.io.Serial. The summarize the existing checking methodology:
>>>>
>>>>     If a type is Serialiazable and a field or method has a name 
>>>> matching the names of one of the special fields or methods to 
>>>> serialization, check that the field or method has the required 
>>>> modifiers, type, and, the the case of methods, parameter types and 
>>>> exception types.
>>>>
>>>> That is all well and good and represents a large fraction of the 
>>>> checking of interest. However, it does not catch a mis-declaration 
>>>> like "readobject" instead of "readObject". One could argue that 
>>>> sufficiently thorough testing should catch that kind of error; 
>>>> however, my impression is that thoroughness of testing is rare in 
>>>> practice. I don't think it would be reasonable for javac to have 
>>>> some kind of Hamming distance 
>>>> (https://en.wikipedia.org/wiki/Hamming_distance) check between the 
>>>> name of fields/methods and the name of the serialization related 
>>>> fields methods to try to catch such mis-declarations. An annotation 
>>>> like java.io.Serial is intended to allow the programmer to indicate 
>>>> "yes, this is supposed to be one of the serialization related 
>>>> fields or methods" and enable the compile to perform checks against 
>>>> that category of error.
>>>>
>>>>
>>>>>
>>>>> Can the name of the annotation be more descriptive?
>>>>> Just "Serial" seems a bit too simple and does not have a strong 
>>>>> binding to the Serialization classes and specification.
>>>>> Alternatives:
>>>>>    SerialMetadata
>>>>>    SerialControl
>>>>>    SerialFunction
>>>>
>>>> From the earlier design iterations "Serial" was chosen to be 
>>>> evocative of the "@serial" javadoc tag.
>>>>
>>>> Thanks,
>>>>
>>>> -Joe
>>>>
>>>>>
>>>>>
>>>>> 39:  There should be a reference to the serialization 
>>>>> specification for the definition
>>>>> of the fields and methods to make it clear where the authoritative 
>>>>> identification is spec'd.
>>>>>
>>>>> 73-75:  Please align the <ul> and </ul> tags on separate lines 
>>>>> with matching indentation.
>>>>>
>>>>> 77: Extra leading space.
>>>>>
>>>>> Regards, Roger
>>>>>
>>>>> On 7/9/19 7:14 PM, Joe Darcy wrote:
>>>>>> Hello,
>>>>>>
>>>>>> Returning to some old work [1], please review the addition of a 
>>>>>> java.io.Serial annotation type for JDK 14 to mark serial-related 
>>>>>> fields and methods:
>>>>>>
>>>>>>     webrev: http://cr.openjdk.java.net/~darcy/8202385.3/
>>>>>>     CSR: https://bugs.openjdk.java.net/browse/JDK-8217698
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> -Joe
>>>>>>
>>>>>> [1] Previous review threads:
>>>>>>
>>>>>> http://mail.openjdk.java.net/pipermail/core-libs-dev/2018-May/053055.html 
>>>>>>
>>>>>>
>>>>>> http://mail.openjdk.java.net/pipermail/core-libs-dev/2018-August/054801.html 
>>>>>>
>>>>>>
>>>>>
>>

More information about the core-libs-dev mailing list