SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version 21

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Professor Jane has three tutees, Able, Baker, and Charlie, all of whom have Professor Jane as their tutor. Issues can arise if the writeUnshared() and readUnshared() methods are used with these classes, as demonstrated in the following noncompliant code example.

Noncompliant Code Example

This noncompliant code example attempts to serialize the data from the previous example using writeUnshared(). However, when the data is deserialized using readUnshared(), the checkTutees() method no longer returns true because the tutor objects of the three students are different from the original Professor object.

Code Block
bgColor#FFcccc
String filename = "serial";
try(ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(filename))) {
  // Serializing using writeUnshared
  oos.writeUnshared(jane);
} catch (Exception e) {
    System.out.println("Exception during serialization" + e);
}

// Deserializing using readUnshared
try(ObjectInputStream ois = new ObjectInputStream(new FileInputStream(filename))){
	Professor jane2 = (Professor)ois.readUnshared();
	System.out.println("checkTutees returns: " +
							 jane2.checkTutees());
} catch (Exception e) {
    System.out.println("Exception during deserialization" + e);
}

Compliant Solution

This compliant solution overcomes the problem of the noncompliant code example by using writeObject() and readObject(), ensuring that the tutor object referred to by the three students has a one-to-one mapping with the original Professor object.  So the checkTutees() method correctly returns true.

Code Block
bgColor#ccccff
String filename = "serial";
try(ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(filename))) {
	// Serializing using writeUnshared
	oos.writeObject(jane);
} catch (Exception e) {
  System.out.println("Exception during serialization" + e);
} 

// Deserializing using readUnshared
try(ObjectInputStream ois = new ObjectInputStream(new FileInputStream(filename))) {
Professor jane2 = (Professor)ois.readObject();
System.out.println("checkTutees returns: " +
					 jane2.checkTutees());
} catch (Exception e) {
    System.out.println("Exception during deserialization" + e);
}

Applicability

Using the writeUnshared() and readUnshared() methods may produce unexpected results.

Bibliography

[API 2011]

Class ObjectOutputStream
Class ObjectInputStream

...