Bug ID: JDK-8202056 Expand serial warning to check for bad overloads of serial-related methods and ineffectual fields

JDK-8202056 : Expand serial warning to check for bad overloads of serial-related methods and ineffectual fields

Type: Enhancement
Component: tools
Sub-Component: javac
Affected Version: 11

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2018-04-19
Updated: 2022-02-08
Resolved: 2021-10-21

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 18
18 b21Fixed

Related Reports

CSR :	JDK-8274335 - Expand serial warning to check for bad overloads of serial-related methods and ineffectual fields
Duplicate :	JDK-8002086 - javac should warn if serialVersionUID is present in an enum or anon subclass of an enum
Relates :	JDK-4397681 - MediaTracker serialization spec refer package-protected field MediaEntry
Relates :	JDK-8203263 - Remove unnecessary throws clauses from serialization-related methods
Relates :	JDK-8274255 - Update javac messages to use "enum class" rather than "enum type"
Relates :	JDK-8208782 - Remove extra type in throws clause of SerialClob.writeObject
Relates :	JDK-7019074 - -Xlint serial flag could perform correctness checks on readObject/writeObject
Relates :	JDK-4767441 - new warning: class implements serializable but doesn't define serialVersionUID
Relates :	JDK-8160675 - Issue lint warning for non-serializable non-transient instance fields in serializable type
Relates :	JDK-8229999 - Apply java.io.Serial annotations to security types in java.base
Relates :	JDK-8207816 - Align declaration of SerializedLambda.readResolve with serialization conventions
Relates :	JDK-8275013 - Improve discussion of serialization method declarations in java.io.Object{Input, Output}Stream
Relates :	JDK-8205397 - InetAddress has wrong declaration for readObjectNoData
Relates :	JDK-8207751 - Remove misleading serialVersionUID from JulienFields.Field
Relates :	JDK-8208060 - Additional corrections of serial-related declarations
Relates :	JDK-8209024 - Use SuppressWarnings on serialVersionUID fields in interfaces
Relates :	JDK-8275667 - Refactor serial lint checks to be tree-based
Relates :	JDK-8202385 - Annotation to mark serial-related fields and methods
Relates :	JDK-8241151 - Incorrect lint warning for no definition of serialVersionUID in a record

Sub Tasks

JDK-8281497 :

Release Note: Expand checks of javac's serial lint warning - Resolved

Description

The core check of javac's serial lint warning (JDK-4767441) is to verify the presence of a properly declared serialVersionUID field in serializable classes.

There are other useful checks that could be added, including that serial-involved methods are properly declared rather than being overloads which will get ignored by the serialization system. Those methods include:

 private void writeObject(java.io.ObjectOutputStream stream)
     throws IOException;
 private void readObject(java.io.ObjectInputStream stream)
     throws IOException, ClassNotFoundException;
 private void readObjectNoData()
     throws ObjectStreamException

as discussed in java.io.ObjectInputStream and java.io.ObjectOutputStream. In additional, the serialization spec discusses the methods:

ANY-ACCESS-MODIFIER Object writeReplace()
             throws ObjectStreamException;
ANY-ACCESS-MODIFIER Object readResolve()
            throws ObjectStreamException;

Additional methods are defined for Externalization.

Comments

Changeset: 6a466fe7 Author: Joe Darcy <darcy@openjdk.org> Date: 2021-10-21 21:11:01 +0000 URL: https://git.openjdk.java.net/jdk/commit/6a466fe7ae281967d1cc4c8029b306f2d66567c9
21-10-2021
[~rriggs], the check in question is called for by JDK-7019074.
25-09-2021
A common invalid coding pattern in serialization results in incorrect documentation of the Serial Form in the javadoc and possibly corrupted streams. The serialization specification requires the 'readObject' method to call `defaultReadObject` or `readFields` and the 'writeObject' method to call 'defaultWriteObject' or 'writeFields'. A warning should be generated in these cases.
04-02-2021
Additional requirements from the Serialization spec to check: * A Serializable class must "Have access to the no-arg constructor of its first nonserializable superclass". * An Externalizable class must "Have a public no-arg constructor".
11-09-2019
Attached serialCompilerWarns.md, written by Chris Hegarty, 2015-05-20.
10-05-2018