In-depth analysis of Java serialization mechanism and principles

Analysis of Java Serialization Algorithm

Serialization is a process of describing an object as a series of bytes; deserialization is a process of reconstructing these bytes into an object. The Java Serialization API provides a standard mechanism for handling object serialization. Here you can learn how to serialize an object, when serialization is required, and the Java serialization algorithm. We use an example to demonstrate how the bytes after serialization describe the information of an object.
The need for serialization

In Java, everything is an object. In a distributed environment, it is often necessary to transfer Objects from one network or device to the other. This requires a protocol that can transmit data on both ends. The Java serialization mechanism was created to solve this problem.
How to serialize an object

The prerequisite for an object to be serializable is to implement the Serializable interface. The Serializable interface has no methods and is more like a marker. Classes with this tag can be processed by the serialization mechanism.

Then we write a program to serialize the object and output it. ObjectOutputStream can output Object into a Byte stream. We temporarily store the Byte stream in the temp.out file.

If you want to read Bytes from a persistent file to reconstruct the object, we can use ObjectInputStream.

The execution result is

100.
The serialization format of the object

What does an object look like after being serialized? Open the temp.out file we just serialized and outputted the object, and display it in hexadecimal. The content should be as follows:

This bunch of bytes is used to describe the TestSerial object after serialization. We noticed that there are only two fields in the TestSerial class:

public byte version = 100;

public byte count = 0;

Both are of byte type. In theory, only 2 bytes are needed to store these two fields, but in fact temp.out occupies 51 bytes, which means that in addition to data, it also includes other descriptions of the serialized object.
Java serialization algorithm

The serialization algorithm generally does the following steps:

◆Output class metadata related to object instances.

◆Recursively output the superclass description of the class until there are no more superclasses.

◆After the class metadata is completed, the actual data values ​​of the object instance are output starting from the top-level superclass.

◆Recursively output instance data from top to bottom

Let’s illustrate with another example that more completely covers all possible situations:

This example is quite straightforward. The SerialTest class implements the Parent superclass and also holds a Container object internally.

The serialized format is as follows:

AC ED 00 05 7372 00 0A 53 65 72 69 61 6C 54 65

73 74 05 52 81 5A AC 66 02 F6 02 00 0249 00 07

76 65 72 73 69 6F 6E4C00 03 63 6F 6E74 00 09

4C63 6F 6E 74 61 69 6E 3B 7872 00 06 70 61 72

65 6E 74 0E DB D2 BD 85 EE 63 7A 02 00 0149 00

0D 70 61 72 65 6E 74 56 65 72 73 69 6F 6E 78 70

0000000A 0000004273 72 00 07 63 6F 6E 74

61 69 6E FC BB E6 0E FB CB 60 C7 02 00 0149 00

0E 63 6F 6E 74 61 69 6E 56 65 72 73 69 6F 6E 78

700000000B

Let's take a closer look at what these bytes represent. Beginning, see color:

1. AC ED: STREAM_MAGIC. Declares that the serialization protocol is used.
2. 00 05: STREAM_VERSION. Serialization protocol version.
3. 0x73: TC_OBJECT. Declare this to be a new object.

The first step in the serialization algorithm is to output a description of the object's related class. The object shown in the example is an instance of the SerialTest class, so the description of the SerialTest class is output next. See colors:

1. 0x72: TC_CLASSDESC. Declare a new Class to start here.
2. 00 0A: The length of the Class name.
3. 53 65 72 69 61 6c 54 65 73 74: SerialTest, Class class name.
4. 05 52 81 5A AC 66 02 F6: SerialVersionUID, serialization ID. If not specified, an 8-byte ID will be randomly generated by the algorithm.
5. 0x02: Tag number. This value declares that the object supports serialization.
6. 00 02: The number of domains included in this class.

Next, the algorithm outputs one of the fields, inversion=66; see color:

1. 0x49: Field type. 49 represents "I", which is Int.
2. 00 07: The length of the domain name.
3. 76 65 72 73 69 6F 6E: version, domain name description.

Then, the algorithm outputs the next domain, contain con = new contain(); this is a bit special, it is an object. When describing object type references, you need to use the JVM's standard object signature notation, see color:

1. 0x4C: Type of domain.
2. 00 03: Domain name length.
3. 63 6F 6E: Domain name description, con
4. 0x74: TC_STRING. Represents a new String. Use String to reference the object.
5. 00 09: The length of the String.
6. 4C 63 6F 6E 74 61 69 6E 3B:Lcontain;, the JVM’s standard object signature notation.
7. 0x78: TC_ENDBLOCKDATA, sign of the end of the object data block

.Then the algorithm will output the description of the super class, which is the Parent class. See the color:

1. 0x72: TC_CLASSDESC. Declare this is a new class.
2. 00 06: Class name length.
3. 70 61 72 65 6E 74: parent, class name description.
4. 0E DB D2 BD 85 EE 63 7A:SerialVersionUID, serialization ID.
5. 0x02: Tag number. This value declares that the object supports serialization.
6. 00 01: The number of fields in the class.

Next, output the domain description of the parent class, intparentVersion=100; see also color:

1. 0x49: Field type. 49 represents "I", which is Int.
2. 00 0D: Domain name length.
3. 70 61 72 65 6E 74 56 65 72 73 69 6F 6E: parentVersion, domain name description.
4. 0x78: TC_ENDBLOCKDATA, sign of the end of the object block.
5. 0x70: TC_NULL, indicating that there is no other super class flag. .

So far, the algorithm has output the descriptions of all classes. The next step is to output the actual value of the instance object. At this time, it starts from the domain of parent Class, see color:

1. 0000000A: 10, the value of the parentVersion field.

There are also fields of the SerialTest class:

1. 00000042: 66, the value of the version field.

The bytes that follow are more interesting. The algorithm needs to describe the information of the contain class. Remember, the contain class has not been described yet. See the color:

1. 0x73: TC_OBJECT, declares that this is a new object.
2. 0x72: TC_CLASSDESC declares a new Class to start here.
3. 00 07: The length of the class name.
4. 63 6F 6E 74 61 69 6E: contain, class name description.
5. FC BB E6 0E FB CB 60 C7:SerialVersionUID, serialization ID.
6. 0x02: Various flags. Tag number. This value declares that the object supports serialization
7. 00 01: Number of domains within the class.

.Output the unique domain description of contain, intcontainVersion=11;

1. 0x49: Domain type. 49 represents "I", which is Int..
2. 00 0E: Domain name length.
3. 63 6F 6E 74 61 69 6E 56 65 72 73 69 6F 6E: containVersion, domain name description.
4. 0x78: TC_ENDBLOCKDATA object block end flag.

At this time, the serialization algorithm will check whether contain has a superclass, and if so, it will output it.

1. 0x70: TC_NULL, there is no super class.

Finally, the actual domain value of the contain class is output.

1. 0000000B: 11, the value of containVersion.

OK, we have discussed the mechanism and principles of java serialization, and we hope it will be helpful to the students.