JDK 14 RFR of JDK-8232234: Suppress warnings on non-serializable non-transient instance fields in java.rmi

Joe Darcy joe.darcy at oracle.com
Tue Oct 15 17:35:40 UTC 2019


Hi Roger,

In rough statistics, there are well over 1,000 serializable classes in 
the JDK. There are closer to a dozen classes that are also 
externalizable (java.io.Externalizable extends java.io.Serializable ).

As such, the new checks have had much more tuning against 
serializable-but-not-externalizable classes compared to externalizable ones.

With any analysis, there is a balance between reporting false positives 
(as in this case due to {read, write}External) with false negatives (not 
reporting on a situation of actual concern).

It would be a small matter of programming to guard the field 
serializability checks with a " ... && notExternalizable()" clause. That 
would eliminate the warning in cases like LiveRef, at the risk of not 
reporting on possible logic errors or omissions.

Clearly the case for these checks is less strong for externalizable than 
serializable-but-not-externalizable ones. On balance, do you think these 
checks should be skipped for externalizable classes?

Cheers,

-Joe

On 10/15/2019 8:28 AM, Roger Riggs wrote:
> Hi Joe,
>
> In the case of UnicastRef, I think the warning on LiveRef ref is too 
> aggresive.
> Since UnicastRef inherits Externalizable and has writeExternal and 
> readExternal
> methods there is no static indication of which fields of the class are 
> serialized or in what form.
> All of the logic for what and how the fields are serialized is in the 
> code of those methods.
>
> What's the rationale for requiring developers to suppress warning on 
> fields that
> are not known to be serialized/externalized.
>
> Roger
>
>
> On 10/15/19 1:12 AM, Joe Darcy wrote:
>> Hello,
>>
>> Please review the changes for serial review now extending to the 
>> java.rmi module:
>>
>>     JDK-8232234: Suppress warnings on non-serializable non-transient 
>> instance fields in java.rmi
>> http://cr.openjdk.java.net/~darcy/8232234.0/
>>
>> Patch below.
>>
>> For 
>> src/java.rmi/share/classes/sun/rmi/server/ActivatableServerRef.java, 
>> the absence of no-arg constructor prevents the Externalizable class 
>> from being deserialized (de-externalized?), but as it hasn't seemed 
>> to cause problems in the 16 years since the file was last modified, I 
>> didn't think it was worthwhile to add a constructor at this point.
>>
>> Thanks,
>>
>> -Joe
>>
>> --- 
>> old/src/java.rmi/share/classes/java/rmi/activation/ActivationGroup.java 
>> 2019-10-14 21:49:08.305824614 -0700
>> +++ 
>> new/src/java.rmi/share/classes/java/rmi/activation/ActivationGroup.java 
>> 2019-10-14 21:49:08.117824614 -0700
>> @@ -1,5 +1,5 @@
>>  /*
>> - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All 
>> rights reserved.
>> + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All 
>> rights reserved.
>>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>   *
>>   * This code is free software; you can redistribute it and/or modify it
>> @@ -107,6 +107,7 @@
>>      /**
>>       * @serial the group's monitor
>>       */
>> +    @SuppressWarnings("serial") // Not statically typed as Serializable
>>      private ActivationMonitor monitor;
>>
>>      /**
>> --- 
>> old/src/java.rmi/share/classes/java/rmi/activation/ActivationGroupID.java 
>> 2019-10-14 21:49:08.845824614 -0700
>> +++ 
>> new/src/java.rmi/share/classes/java/rmi/activation/ActivationGroupID.java 
>> 2019-10-14 21:49:08.641824614 -0700
>> @@ -1,5 +1,5 @@
>>  /*
>> - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All 
>> rights reserved.
>> + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All 
>> rights reserved.
>>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>   *
>>   * This code is free software; you can redistribute it and/or modify it
>> @@ -49,6 +49,7 @@
>>      /**
>>       * @serial The group's activation system.
>>       */
>> +    @SuppressWarnings("serial") // Not statically typed as Serializable
>>      private ActivationSystem system;
>>
>>      /**
>> --- 
>> old/src/java.rmi/share/classes/java/rmi/server/UnicastRemoteObject.java 
>> 2019-10-14 21:49:09.333824614 -0700
>> +++ 
>> new/src/java.rmi/share/classes/java/rmi/server/UnicastRemoteObject.java 
>> 2019-10-14 21:49:09.133824614 -0700
>> @@ -1,5 +1,5 @@
>>  /*
>> - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All 
>> rights reserved.
>> + * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All 
>> rights reserved.
>>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>   *
>>   * This code is free software; you can redistribute it and/or modify it
>> @@ -189,12 +189,14 @@
>>      /**
>>       * @serial client-side socket factory (if any)
>>       */
>> +    @SuppressWarnings("serial") // Not statically typed as Serializable
>>      private RMIClientSocketFactory csf = null;
>>
>>      /**
>>       * @serial server-side socket factory (if any) to use when
>>       * exporting object
>>       */
>> +    @SuppressWarnings("serial") // Not statically typed as Serializable
>>      private RMIServerSocketFactory ssf = null;
>>
>>      /* indicate compatibility with JDK 1.1.x version of class */
>> --- 
>> old/src/java.rmi/share/classes/sun/rmi/server/ActivatableServerRef.java 
>> 2019-10-14 21:49:09.837824614 -0700
>> +++ 
>> new/src/java.rmi/share/classes/sun/rmi/server/ActivatableServerRef.java 
>> 2019-10-14 21:49:09.645824614 -0700
>> @@ -1,5 +1,5 @@
>>  /*
>> - * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All 
>> rights reserved.
>> + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All 
>> rights reserved.
>>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>   *
>>   * This code is free software; you can redistribute it and/or modify it
>> @@ -38,6 +38,7 @@
>>   *
>>   * @author Ann Wollrath
>>   */
>> + at SuppressWarnings("serial") // Externalizable class w/o no-arg c'tor
>>  public class ActivatableServerRef extends UnicastServerRef2 {
>>
>>      private static final long serialVersionUID = 2002967993223003793L;
>> --- old/src/java.rmi/share/classes/sun/rmi/server/Activation.java 
>> 2019-10-14 21:49:10.413824614 -0700
>> +++ new/src/java.rmi/share/classes/sun/rmi/server/Activation.java 
>> 2019-10-14 21:49:10.173824614 -0700
>> @@ -1,5 +1,5 @@
>>  /*
>> - * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All 
>> rights reserved.
>> + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All 
>> rights reserved.
>>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>   *
>>   * This code is free software; you can redistribute it and/or modify it
>> @@ -145,9 +145,11 @@
>>      private static boolean debugExec;
>>
>>      /** maps activation id to its respective group id */
>> +    @SuppressWarnings("serial") // Conditionally serializable
>>      private Map<ActivationID,ActivationGroupID> idTable =
>>          new ConcurrentHashMap<>();
>>      /** maps group id to its GroupEntry groups */
>> +    @SuppressWarnings("serial") // Conditionally serializable
>>      private Map<ActivationGroupID,GroupEntry> groupTable =
>>          new ConcurrentHashMap<>();
>>
>> @@ -297,6 +299,7 @@
>>
>>          private static final String NAME = 
>> ActivationSystem.class.getName();
>>          private static final long serialVersionUID = 
>> 4877330021609408794L;
>> +        @SuppressWarnings("serial") // Not statically typed as 
>> Serializable
>>          private ActivationSystem systemStub = null;
>>
>>          SystemRegistryImpl(int port,
>> @@ -498,6 +501,7 @@
>>       * with RegistryImpl.checkAccess().
>>       * The kind of access is retained for an exception if one is 
>> thrown.
>>       */
>> +    @SuppressWarnings("serial") // Externalizable class w/o no-arg 
>> c'tor
>>      static class SameHostOnlyServerRef extends UnicastServerRef {
>>          private static final long serialVersionUID = 1234L;
>>          private String accessKind;      // an exception message
>> @@ -873,7 +877,9 @@
>>          ActivationGroupDesc desc = null;
>>          ActivationGroupID groupID = null;
>>          long incarnation = 0;
>> +        @SuppressWarnings("serial") // Conditionally serializable
>>          Map<ActivationID,ObjectEntry> objects = new HashMap<>();
>> +        @SuppressWarnings("serial") // Conditionally serializable
>>          Set<ActivationID> restartSet = new HashSet<>();
>>
>>          transient ActivationInstantiator group = null;
>> --- 
>> old/src/java.rmi/share/classes/sun/rmi/server/ActivationGroupImpl.java 
>> 2019-10-14 21:49:11.057824614 -0700
>> +++ 
>> new/src/java.rmi/share/classes/sun/rmi/server/ActivationGroupImpl.java 
>> 2019-10-14 21:49:10.841824614 -0700
>> @@ -1,5 +1,5 @@
>>  /*
>> - * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All 
>> rights reserved.
>> + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All 
>> rights reserved.
>>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>   *
>>   * This code is free software; you can redistribute it and/or modify it
>> @@ -69,6 +69,7 @@
>>          new Hashtable<>();
>>      private boolean groupInactive = false;
>>      private final ActivationGroupID groupID;
>> +    @SuppressWarnings("serial")  // Conditionally serializable
>>      private final List<ActivationID> lockedIDs = new ArrayList<>();
>>
>>      /**
>> --- old/src/java.rmi/share/classes/sun/rmi/server/UnicastRef.java 
>> 2019-10-14 21:49:11.701824614 -0700
>> +++ new/src/java.rmi/share/classes/sun/rmi/server/UnicastRef.java 
>> 2019-10-14 21:49:11.445824614 -0700
>> @@ -1,5 +1,5 @@
>>  /*
>> - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All 
>> rights reserved.
>> + * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All 
>> rights reserved.
>>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>   *
>>   * This code is free software; you can redistribute it and/or modify it
>> @@ -67,6 +67,7 @@
>> Boolean.getBoolean("sun.rmi.client.logCalls")));
>>      private static final long serialVersionUID = 8258372400816541186L;
>>
>> +    @SuppressWarnings("serial") // Not statically typed as Serializable
>>      protected LiveRef ref;
>>
>>      /**
>>
>


More information about the core-libs-dev mailing list