JDK 14 RFR of JDK-8231202: Suppress warnings on non-serializable non-transient instance fields in serializable classes
Joe Darcy
joe.darcy at oracle.com
Thu Sep 19 19:39:54 UTC 2019
Hi Roger,
I think the Object -> Serializable type changes you suggest are fine
improvements.
Would you like to push them first ahead of applying @SuppressWarnings to
the remaining locations?
Thanks,
-Joe
On 9/19/2019 12:13 PM, Roger Riggs wrote:
> Hi Joe,
>
> The addition of @SuppressWarnings(serial) hides a number of instances of
> poor choices of types. Before they dissappear behind the suppress
> warnings,
> the fix should be to correct the types used.
>
> For example, in the serialization proxies for java.time, the Ser class
> carelessly
> has a field of type Object when it could/should be using Serializable.
> The types being serialized and deserialized are known to be Serializable.
> See the attach patches for details and a suggested fix.
>
> Thanks, Roger
>
> (p.s. the patch is attached twice, once as .patch and the other .txt.
> I'd like to see if they both get through the mail).
>
> On 9/18/19 5:38 PM, Joe Darcy wrote:
>> Hello,
>>
>> As background, I'm working on a number of serialization-related
>> compile-time checks with the goal of enabling stricter javac lint
>> checking in the JDK build (and elsewhere).
>>
>> One check is tracked by
>>
>> JDK-8160675: Issue lint warning for non-serializable
>> non-transient instance fields in serializable type
>>
>> As summarized in the bug description, it may be concerning if a
>> serializable class has non-transient instance fields whose types are
>> not Serializable. This can cause a serialization failure at runtime.
>> (Classes using the serialPersistentFields mechanism are excluded from
>> this check.)
>>
>> A common example is an exception type -- all Throwable's are
>> Serializable -- which has a non-serializable field. If the fields
>> cannot be marked as transient, one approach to handle this robustly
>> is to have a writeObject method which null outs the field in question
>> when serializing and make the other methods in the exception
>> null-tolerant.
>>
>> In other cases, the object pointed to by the non-serializable field
>> are conditionally serializable at runtime. This is the case for many
>> collection types. For example, a class may have a field of type
>> List<Foo> with the field set to an ArrayList<Foo> at runtime. While
>> the List interface does not extent Serializable, the ArrayList class
>> does implement Serializable and the class would serialize fine in
>> practice, assuming the Foo's were serialazable.
>>
>> As a precursor to the adding a compile-time check to the build,
>> please review adding @SuppressWarnings("serial") to document the
>> non-serializable fields in the core libraries:
>>
>> JDK-8231202: Suppress warnings on non-serializable non-transient
>> instance fields in serializable classes
>> http://cr.openjdk.java.net/~darcy/8231202.0/
>>
>> Bugs for similar changes to client libs and security libs will be
>> filed and reviewed separately.
>>
>> A more complete fix would add readObject/writeObject null handling to
>> AnnotationTypeMismatchExceptionProxy, but since this hasn't seemed to
>> be an issue since the type was introduced back in JDK 5.0, I just
>> added the annotation, as done elsewhere.
>>
>> Thanks,
>>
>> -Joe
>>
>
More information about the core-libs-dev
mailing list