Lambdas and serialization

Tue Oct 19 08:41:07 PDT 2010

On 19/10/10 16:44, Rémi Forax wrote:
> Le 19/10/2010 16:10, Maurizio Cimadamore a écrit :
>    
>> On 19/10/10 14:41, Alessio Stalla wrote:
>>
>>      
>>> On Tue, Oct 19, 2010 at 3:30 PM, Paul Benedict<pbenedict at apache.org>    wrote:
>>>
>>>
>>>        
>>>> Will the wrapper be serializable if the SAM interface is? That's a
>>>> good question, but I imagine it has to be because it is implementing
>>>> the interface.
>>>>
>>>> public interface MySamType extends Serializable {
>>>>     void doSomething(int x);
>>>> }
>>>>
>>>>
>>>>          
>>> Sorry, I was unclear with the expression "be serializable": what I
>>> really meant is not if it will merely implement java.io.Serializable,
>>> rather if it will actually be serialized by an ObjectOutputStream
>>> without any exception in all cases where a "regular" instance of the
>>> SAM would have been serialized without exceptions, and deserialized in
>>> the same conditions as well. That's imho a desirable feature to have,
>>> but it places a possibly non-trivial burden on the implementation.
>>>
>>>
>>>
>>>        
>> Good point. The short answer to this question is: it depends on how
>> lambda expressions are translated by the compiler. If the compiler uses
>> anonymous inner classes to translate away lambda expression, then the
>> answer is yes. If lambda expressions are to be translated away by using
>> method handles, then I *guess* the answer is no, as it seems like
>> MethodHandle are not serializable (Remi or John might know more about
>> this though).
>>
>> Maurizio
>>
>>      
> Lambda are not serializable, like java.lang.reflect.Method
> because it will create tons of security holes.
>    
You mean method handles are not serializable? What are the security 
holes deriving from serializable lambda (assuming latest Brian's document) ?

Maurizio
> BTW, inner classes have some trouble with serialUID.
>
> Rémi
>
>