JDK 14 RFR of JDK-8231202: Suppress warnings on non-serializable non-transient instance fields in serializable classes
Peter Levart
peter.levart at gmail.com
Mon Sep 23 07:23:11 UTC 2019
Hi Joe,
I've been thinking of this example:
83 final class Ser implements Externalizable {
84
...
99 /** The object being serialized. */
100 @SuppressWarnings("serial") // Not statically typed as
Serializable
101 private Object object;
Externalizable does extend Serializable, but the serialization
infrastructure delegates all work to writeExternal/readExternal methods
which implement the (de)serialization logic. They may deconstruct
otherwise non-Serializable objects into Serializable parts before
handing them to ObjectOutputStream / construct otherwise
non-Serializable objects from Serializable parts read from
ObjectInputStream. @SuppressWarnings in such cases is maybe not
suitable. Perhaps the intent would be better expressed by marking the
field as transient. What do you think?
Regards, Peter
On 9/18/19 11:38 PM, Joe Darcy wrote:
> Hello,
>
> As background, I'm working on a number of serialization-related
> compile-time checks with the goal of enabling stricter javac lint
> checking in the JDK build (and elsewhere).
>
> One check is tracked by
>
> JDK-8160675: Issue lint warning for non-serializable non-transient
> instance fields in serializable type
>
> As summarized in the bug description, it may be concerning if a
> serializable class has non-transient instance fields whose types are
> not Serializable. This can cause a serialization failure at runtime.
> (Classes using the serialPersistentFields mechanism are excluded from
> this check.)
>
> A common example is an exception type -- all Throwable's are
> Serializable -- which has a non-serializable field. If the fields
> cannot be marked as transient, one approach to handle this robustly is
> to have a writeObject method which null outs the field in question
> when serializing and make the other methods in the exception
> null-tolerant.
>
> In other cases, the object pointed to by the non-serializable field
> are conditionally serializable at runtime. This is the case for many
> collection types. For example, a class may have a field of type
> List<Foo> with the field set to an ArrayList<Foo> at runtime. While
> the List interface does not extent Serializable, the ArrayList class
> does implement Serializable and the class would serialize fine in
> practice, assuming the Foo's were serialazable.
>
> As a precursor to the adding a compile-time check to the build, please
> review adding @SuppressWarnings("serial") to document the
> non-serializable fields in the core libraries:
>
> JDK-8231202: Suppress warnings on non-serializable non-transient
> instance fields in serializable classes
> http://cr.openjdk.java.net/~darcy/8231202.0/
>
> Bugs for similar changes to client libs and security libs will be
> filed and reviewed separately.
>
> A more complete fix would add readObject/writeObject null handling to
> AnnotationTypeMismatchExceptionProxy, but since this hasn't seemed to
> be an issue since the type was introduced back in JDK 5.0, I just
> added the annotation, as done elsewhere.
>
> Thanks,
>
> -Joe
>
More information about the core-libs-dev
mailing list