JDK 14 RFR of JDK-8232234: Suppress warnings on non-serializable non-transient instance fields in java.rmi
Joe Darcy
joe.darcy at oracle.com
Tue Oct 15 18:21:55 UTC 2019
PS Updated webrev omitting changes to UnicastRef
http://cr.openjdk.java.net/~darcy/8232234.1/
Cheers,
-Joe
On 10/15/2019 10:35 AM, Joe Darcy wrote:
> Hi Roger,
>
> In rough statistics, there are well over 1,000 serializable classes in
> the JDK. There are closer to a dozen classes that are also
> externalizable (java.io.Externalizable extends java.io.Serializable ).
>
> As such, the new checks have had much more tuning against
> serializable-but-not-externalizable classes compared to externalizable
> ones.
>
> With any analysis, there is a balance between reporting false
> positives (as in this case due to {read, write}External) with false
> negatives (not reporting on a situation of actual concern).
>
> It would be a small matter of programming to guard the field
> serializability checks with a " ... && notExternalizable()" clause.
> That would eliminate the warning in cases like LiveRef, at the risk of
> not reporting on possible logic errors or omissions.
>
> Clearly the case for these checks is less strong for externalizable
> than serializable-but-not-externalizable ones. On balance, do you
> think these checks should be skipped for externalizable classes?
>
> Cheers,
>
> -Joe
>
> On 10/15/2019 8:28 AM, Roger Riggs wrote:
>> Hi Joe,
>>
>> In the case of UnicastRef, I think the warning on LiveRef ref is too
>> aggresive.
>> Since UnicastRef inherits Externalizable and has writeExternal and
>> readExternal
>> methods there is no static indication of which fields of the class
>> are serialized or in what form.
>> All of the logic for what and how the fields are serialized is in the
>> code of those methods.
>>
>> What's the rationale for requiring developers to suppress warning on
>> fields that
>> are not known to be serialized/externalized.
>>
>> Roger
>>
>>
>> On 10/15/19 1:12 AM, Joe Darcy wrote:
>>> Hello,
>>>
>>> Please review the changes for serial review now extending to the
>>> java.rmi module:
>>>
>>> JDK-8232234: Suppress warnings on non-serializable non-transient
>>> instance fields in java.rmi
>>> http://cr.openjdk.java.net/~darcy/8232234.0/
>>>
>>> Patch below.
>>>
>>> For
>>> src/java.rmi/share/classes/sun/rmi/server/ActivatableServerRef.java,
>>> the absence of no-arg constructor prevents the Externalizable class
>>> from being deserialized (de-externalized?), but as it hasn't seemed
>>> to cause problems in the 16 years since the file was last modified,
>>> I didn't think it was worthwhile to add a constructor at this point.
>>>
>>> Thanks,
>>>
>>> -Joe
>>>
>>> ---
>>> old/src/java.rmi/share/classes/java/rmi/activation/ActivationGroup.java
>>> 2019-10-14 21:49:08.305824614 -0700
>>> +++
>>> new/src/java.rmi/share/classes/java/rmi/activation/ActivationGroup.java
>>> 2019-10-14 21:49:08.117824614 -0700
>>> @@ -1,5 +1,5 @@
>>> /*
>>> - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All
>>> rights reserved.
>>> + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All
>>> rights reserved.
>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>> *
>>> * This code is free software; you can redistribute it and/or
>>> modify it
>>> @@ -107,6 +107,7 @@
>>> /**
>>> * @serial the group's monitor
>>> */
>>> + @SuppressWarnings("serial") // Not statically typed as
>>> Serializable
>>> private ActivationMonitor monitor;
>>>
>>> /**
>>> ---
>>> old/src/java.rmi/share/classes/java/rmi/activation/ActivationGroupID.java
>>> 2019-10-14 21:49:08.845824614 -0700
>>> +++
>>> new/src/java.rmi/share/classes/java/rmi/activation/ActivationGroupID.java
>>> 2019-10-14 21:49:08.641824614 -0700
>>> @@ -1,5 +1,5 @@
>>> /*
>>> - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All
>>> rights reserved.
>>> + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All
>>> rights reserved.
>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>> *
>>> * This code is free software; you can redistribute it and/or
>>> modify it
>>> @@ -49,6 +49,7 @@
>>> /**
>>> * @serial The group's activation system.
>>> */
>>> + @SuppressWarnings("serial") // Not statically typed as
>>> Serializable
>>> private ActivationSystem system;
>>>
>>> /**
>>> ---
>>> old/src/java.rmi/share/classes/java/rmi/server/UnicastRemoteObject.java
>>> 2019-10-14 21:49:09.333824614 -0700
>>> +++
>>> new/src/java.rmi/share/classes/java/rmi/server/UnicastRemoteObject.java
>>> 2019-10-14 21:49:09.133824614 -0700
>>> @@ -1,5 +1,5 @@
>>> /*
>>> - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All
>>> rights reserved.
>>> + * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All
>>> rights reserved.
>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>> *
>>> * This code is free software; you can redistribute it and/or
>>> modify it
>>> @@ -189,12 +189,14 @@
>>> /**
>>> * @serial client-side socket factory (if any)
>>> */
>>> + @SuppressWarnings("serial") // Not statically typed as
>>> Serializable
>>> private RMIClientSocketFactory csf = null;
>>>
>>> /**
>>> * @serial server-side socket factory (if any) to use when
>>> * exporting object
>>> */
>>> + @SuppressWarnings("serial") // Not statically typed as
>>> Serializable
>>> private RMIServerSocketFactory ssf = null;
>>>
>>> /* indicate compatibility with JDK 1.1.x version of class */
>>> ---
>>> old/src/java.rmi/share/classes/sun/rmi/server/ActivatableServerRef.java
>>> 2019-10-14 21:49:09.837824614 -0700
>>> +++
>>> new/src/java.rmi/share/classes/sun/rmi/server/ActivatableServerRef.java
>>> 2019-10-14 21:49:09.645824614 -0700
>>> @@ -1,5 +1,5 @@
>>> /*
>>> - * Copyright (c) 1997, 2003, Oracle and/or its affiliates. All
>>> rights reserved.
>>> + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All
>>> rights reserved.
>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>> *
>>> * This code is free software; you can redistribute it and/or
>>> modify it
>>> @@ -38,6 +38,7 @@
>>> *
>>> * @author Ann Wollrath
>>> */
>>> + at SuppressWarnings("serial") // Externalizable class w/o no-arg c'tor
>>> public class ActivatableServerRef extends UnicastServerRef2 {
>>>
>>> private static final long serialVersionUID = 2002967993223003793L;
>>> --- old/src/java.rmi/share/classes/sun/rmi/server/Activation.java
>>> 2019-10-14 21:49:10.413824614 -0700
>>> +++ new/src/java.rmi/share/classes/sun/rmi/server/Activation.java
>>> 2019-10-14 21:49:10.173824614 -0700
>>> @@ -1,5 +1,5 @@
>>> /*
>>> - * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All
>>> rights reserved.
>>> + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All
>>> rights reserved.
>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>> *
>>> * This code is free software; you can redistribute it and/or
>>> modify it
>>> @@ -145,9 +145,11 @@
>>> private static boolean debugExec;
>>>
>>> /** maps activation id to its respective group id */
>>> + @SuppressWarnings("serial") // Conditionally serializable
>>> private Map<ActivationID,ActivationGroupID> idTable =
>>> new ConcurrentHashMap<>();
>>> /** maps group id to its GroupEntry groups */
>>> + @SuppressWarnings("serial") // Conditionally serializable
>>> private Map<ActivationGroupID,GroupEntry> groupTable =
>>> new ConcurrentHashMap<>();
>>>
>>> @@ -297,6 +299,7 @@
>>>
>>> private static final String NAME =
>>> ActivationSystem.class.getName();
>>> private static final long serialVersionUID =
>>> 4877330021609408794L;
>>> + @SuppressWarnings("serial") // Not statically typed as
>>> Serializable
>>> private ActivationSystem systemStub = null;
>>>
>>> SystemRegistryImpl(int port,
>>> @@ -498,6 +501,7 @@
>>> * with RegistryImpl.checkAccess().
>>> * The kind of access is retained for an exception if one is
>>> thrown.
>>> */
>>> + @SuppressWarnings("serial") // Externalizable class w/o no-arg
>>> c'tor
>>> static class SameHostOnlyServerRef extends UnicastServerRef {
>>> private static final long serialVersionUID = 1234L;
>>> private String accessKind; // an exception message
>>> @@ -873,7 +877,9 @@
>>> ActivationGroupDesc desc = null;
>>> ActivationGroupID groupID = null;
>>> long incarnation = 0;
>>> + @SuppressWarnings("serial") // Conditionally serializable
>>> Map<ActivationID,ObjectEntry> objects = new HashMap<>();
>>> + @SuppressWarnings("serial") // Conditionally serializable
>>> Set<ActivationID> restartSet = new HashSet<>();
>>>
>>> transient ActivationInstantiator group = null;
>>> ---
>>> old/src/java.rmi/share/classes/sun/rmi/server/ActivationGroupImpl.java
>>> 2019-10-14 21:49:11.057824614 -0700
>>> +++
>>> new/src/java.rmi/share/classes/sun/rmi/server/ActivationGroupImpl.java
>>> 2019-10-14 21:49:10.841824614 -0700
>>> @@ -1,5 +1,5 @@
>>> /*
>>> - * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All
>>> rights reserved.
>>> + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All
>>> rights reserved.
>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>> *
>>> * This code is free software; you can redistribute it and/or
>>> modify it
>>> @@ -69,6 +69,7 @@
>>> new Hashtable<>();
>>> private boolean groupInactive = false;
>>> private final ActivationGroupID groupID;
>>> + @SuppressWarnings("serial") // Conditionally serializable
>>> private final List<ActivationID> lockedIDs = new ArrayList<>();
>>>
>>> /**
>>> --- old/src/java.rmi/share/classes/sun/rmi/server/UnicastRef.java
>>> 2019-10-14 21:49:11.701824614 -0700
>>> +++ new/src/java.rmi/share/classes/sun/rmi/server/UnicastRef.java
>>> 2019-10-14 21:49:11.445824614 -0700
>>> @@ -1,5 +1,5 @@
>>> /*
>>> - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All
>>> rights reserved.
>>> + * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All
>>> rights reserved.
>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>> *
>>> * This code is free software; you can redistribute it and/or
>>> modify it
>>> @@ -67,6 +67,7 @@
>>> Boolean.getBoolean("sun.rmi.client.logCalls")));
>>> private static final long serialVersionUID = 8258372400816541186L;
>>>
>>> + @SuppressWarnings("serial") // Not statically typed as
>>> Serializable
>>> protected LiveRef ref;
>>>
>>> /**
>>>
>>
More information about the core-libs-dev
mailing list