Checker Serialization   as of Julia version 2.6.0 (built on 6 Sep 2018)

belongs to group Basic

Identify serialization problems


Serialization allows one to dump an object into a file and recover (deserialize) it later. For this to work, Java requires the class of the object to implement the java.io.Serializable interface. Moreover, all instance non-transient fields of the class must be serializable themselves. For inner non-static classes, also the outer class must be serializable. In order to distinguish dumps of objects for distinct versions of the same class, it is required that serializable classes define a static field containing the serial version of the class.

Action: Guarantee that all instance non-transient fields of a serializable class are themselves serializable. Make inner serializable classes have a serializable outer class, or make them static. Add a long serialVersionUID field to serializable classes.

Examples


Consider the following classes:

import java.io.Serializable;

public class SerializationTest implements Serializable {
  private static final long serialVersionUID = -8282042466563875052L;
  private final Object f;
  private final C.Inner inner;
	
  public SerializationTest(Object f) {
    this.f = f;
    this.inner = new C().new Inner();
  }
}

and

import java.io.Serializable;

class C {
  public class Inner implements Serializable {}
}

This checker issues the following warnings:

C.java:4: [Serialization: MissingSerialVersionUIDWarning] Serializable class C$Inner should have a final static long serialVersionUID field
C.java:4: [Serialization: NonSerializableOuterClassWarning] Serializable non-static inner class C$Inner has a non-serializable outer class
SerializationTest.java: [Serialization: NonSerializableFieldWarning] Field SerializationTest.f might possibly hold a non-serializable value

since the inner serializable class C.Inner misses the serialVersionUID field and has a non-serializable outer class. Moreover, field SerializationTest.f might hold any object, also non-serializable objects, which is not correct for an instance field of a serializable class.

In this example, the programmer should add the missing serialVersionUID field, make the inner class static and restrict the possible values for field SerializationTest.f, as follows:

import java.io.Serializable;

public class SerializationTest implements Serializable {
  private static final long serialVersionUID = -8282042466563875052L;
  private final Object f;
  private final C.Inner inner;
	
  public SerializationTest(Serializable f) {
    this.f = f;
    this.inner = new C.Inner();
  }
}
import java.io.Serializable;

class C {
  public static class Inner implements Serializable {
    private static final long serialVersionUID = 7979349187288425675L;
  }
}