Roman Elizarov, profile picture
Uploaded byRoman Elizarov
PPTX, PDF5,921 views

Java Serialization Facts and Fallacies

The document discusses Java serialization and common myths surrounding it. It summarizes that Java serialization allows for flexible evolution of classes while maintaining backwards compatibility through the use of serialVersionUID. It debunks common myths that Java serialization is slow, inflexible, or that changing private fields breaks compatibility. The document explains that serialization performance depends more on how streams are used rather than the underlying implementation.

Embed presentation

Downloaded 119 times
Java Serialization Facts and Fallacies © 2013, Roman Elizarov, Devexperts
Serialization … is the process of translating data structures or object state into a format that can be stored (for example, in a file or memory buffer, or transmitted across a network connection link) and resurrected later in the same or another computer environment. -- WIkipedia Object Bytes Network/Storage
Use-cases • Transfer data over network between cluster nodes or between servers and clients - Serialization is a key technology behind any RPC/RMI • Serialization if often used for storage - but then data transfer is still often a part of the picture
Java serialization facility (key facts) • Had appeared in 1997 as a part of JDK 1.1 release • Uses java.io.Serializable as a marker interface • Consists of java.io.ObjectInputStream/ObjectOutputStream with related classes and interfaces • Has “Java Object Serialization Specification” that documents both API and object serialization stream protocol • Is part of any Java platform (even Android has it) • Somehow has a lot of myths around it
It is a joke … and the only JEP joke (!) … and it has a big grain of truth: There are lots of folk myths about serialization
Hazelcast Portable Google protobuf Hessian Protostuff Kryo Coherence POF JBoss serialization Apache Avro fast-serialization Apache Thrift Hadoop Writable jserial quickser GridGain serialization msgpack wobly Burlap EclipseLink MOXy Gson Json-lib JAXB XStream FLEXJSON Javolution XML Jackson svenson java.beans.XMLEncoder/XMLDecoder jsonij
The obvious fact of live Real hackers write everything from scratch  Every mature appserver/framework/cache/eventbus/soa/rpc/db/etc must have its own serialization that is better than everybody else’s 
How to choose a serialization lib? • Cross-language or Java-only • Binary or text (XML/JSON/other) format • Custom or automatic object-to-serialized format mapping • Needs format description/mapping/annotation or not • Writes object scheme (e.g. field names) with each object, once per request, once per session, never at all, or some mixed approach • Writes object fields or bean properties • Serializes object graph with shared objects or not • Performance - CPU consumption to serialize/deserialize - Network consumption (bytes per object)
Java built-in serialization lib? • Cross-language or Java-only • Binary or text (XML/JSON/other) format • Custom or automatic object-to-serialized format mapping • Needs format description/mapping/annotation or not • Writes object scheme (e.g. field names) with each object, once per request, once per session, never at all, or some mixed approach • Writes object fields or bean properties • Serializes object graph with shared objects or not • Performance - CPU consumption to serialize/deserialize - Network consumption (bytes per object)
Serious serialization lib choice diagram YES YES Java to JS? Cross-platform data transfer? NO Use built-in Java Serialization YES Jackson/gson/etc do further research NO Do you have problems with it? NO
Serialization myth #1 I’ve found this framework called XYZ… … it has really simple and fast serialization All you have to do is to implement this interface! Easy! I’ve tested it! It is really fast! It outperforms everything else I’ve tried! /* This is almost actual real-life conversation. * Names changed */
In fact this is corollary to “The obvious fact of life” • Of course it is the fastest possible way! But this does not solve the most complex serialization problems - You can implement java.io.Externalizable if you are up to writing a custom serialization code for each object. • Maintenance cost/efforts are often underestimated - How are you planning to evolve your system? Add new fields? New classes? • What will keep you from forgetting to read/write them? • Ah… yes, you write a lot of extra tests in addition to writing your write/read methods to make sure your serialization works - How about on-the-wire compatibility of old code and new one? • But I deploy all of my system with a new version at once! • But how do you work with it during development?
Serialization myth #2 java.io.Serializable … “This interface limits how its implementing classes can change in the future. By implementing Serializable you expose your flexible in-memory implementation details as a rigid binary representation. Simple code changes--like renaming private fields--are not safe when the changed class is serializable.” http://developer.android.com/reference/java/io/Serializable.html
So what about this code evolution? write read got
serialVersionUID • serialVersionUID = crazy hash of your class - If you change your class -> serialVersionUID changes -> incompatible • But you can set serialVersionUID as a “private static final long” field in your class to fix it. • With a fixed serialVersionUID java serialization supports: - Adding/removing fields without any additional hurdles and annotations - Moving fields around in class definition - Extracting/inlining super-classes (but without moving serializable fields up/down class hierarchy). • It basically means you can evolve your class at will, just a you would do with key-value map in json/other-untyped-system
serialver • That’s the tool to compute serialVersionUID as some crazy hash of your class - You only need it when your class is “in the wild” without explicitly assigned serialVersionUID and you want to be backwards compatible with that version of it • DO NOT USE serialver for freshly created classes - It is a pseudo random number that serves no purpose, but to make your gzipped class files and gzipped serial files larger - Just set serialVersionUID = 0 • It is no worse, but better than any other value
So what about this code evolution (2)? wrie got symbol – as written quantity – as written price – as written orderType – null read Profit! It works the other way around, too!
What if I want to make my class incompatible? • You have two choices - serialVersionUID++ - Rename class • So, having serialVersionUID in a modern serialization framework is an optional feature - They just did not have refactorings back then in 1996, so renaming a class was not an option for them - They chose a default of “your changes break serialization” and force you to explicitly declare serialVersionUID if you want “your changes are backwards compatible” • I would have preferred the other default, but having to manually add serialVersionUID is a small price to pay for a serialization facility that you have out-of-the box in Java.
Complex changes made compatible • Java serialization has a bunch of features to support radical evolution of serializable classes in backwards-compatible way: - writeReplace/readResolve • Lets you migrate your code to a completely new class, but still use the old class for serialization. - putFields/writeFields/readFields Lets you completely redo the fields of the object, but still be compatible with the old set of fields for serialization. It really helps if you are working on, evolving, improving, and refactoring really big projects
What about “renaming private fields is unsafe”? • It is just a matter of developer’s choice on what actually constitutes “serial form” of the class: - It’s private fields • like in Java serialization - It’s public API with its getter/setter methods • aka “Bean Serialization” • many serialization frameworks follow this approach • good match when you need to expose public API via serialization - A totally separate code, file, or annotation defines serial form • you have to write it in addition to your class • more work, but the approach is the most flexible and pays of in case of highly heterogeneous system (many platforms/languages)
http://www.organisationscience.com/styled-6/
Serialization myth #3
In practice • It really matters when very verbose text formats like XML are used in a combination with not-so-fast serializer implementations • Most binary formats are fast and compact enough, so that they do not constitute a bottleneck in the system - Data is usually expensive to acquire (compute, fetch from db, etc) - Otherwise (if data is in cache) and the only action of the system is to retrieve it from cache and send, then cache serialized data in binary form, thus making serialization performance irrelevant aka “marshalled object”
Popular myth #4 © Stack Overflow authors, emphasis is mine
A popular way to benchmark serialization https://github.com/eishay/jvm-serializers/blob/master/tpc/src/serializers/JavaBuiltIn.java
The real fact about serialization performance • ObjectOutputStream/ObjectInputStream are expensive to create - >1KB of internal buffers allocated - It matters if you really do a lot of serialization • You can reuse OOS/OIS instances if you need - It is easy when you write a single stream of values • Just keep doing writeObject(!) • That is what it was designed for • The added benefit is that class descriptors are written just once - It is slightly tricky if you want to optimize it for one time writes • The actual gain is modest and depends on the kinds of objects you are serializing (their size, your heap/gc load, etc)
The real fact about serialization performance (2) • Each ObjectOutputStream writes class descriptor on the first encounter - reset() clears internal handles table that keep both written objects (for object graph serialization) and written class descriptors • BEWARE: All written objects are retained until you call reset() • Writing class descriptor is a signification portion of both CPU time consumption and resulting space - That is the price you pay for all the automagic class evolution features without having to manually define field ids, create mappings, or write custom code - The data itself is relatively fast to write and has straightforward binary format (4 bytes per int, etc)
Beware of benchmarks • A typical benchmark compares different serialization frameworks doing tasks of absolutely different complexity • With Java serialization facility you necessary pay for - No hassle object-to-serial format mapping • (no writing of interface descriptions, no code generation) - Support for wide range of class evolution scenarios - Support for object graph writes - Support for machines with different byte-endianness • Most significant performance/size improvements are gained by forfeiting one of these qualities - Be sure to understand what exactly you forfeit
Real cons of Java serialization • Just one reset() to rule them all - No way to “resetObjects()” to clear all message-level object graph info (referenced objects), but keep session-level information (written class descriptors) to avoid repetition when keeping a network session to recipient open • Anyone knows ins-and-outs of JEP process to improve it? • Can use some performance improvement  - Some obviously unnecessary allocations of internal objects can be removed, code simplified, streamlined • I’m looking for help in “contributing to JDK” area - But do remember, that it rarely matters in practice
Summary • Java serialization is there out-of-the box • It handles most Java-to-Java serialization needs well - While providing a wide range of goodies • It provides non-compact, but binary representation - It works especially good, if you have collections of repeated business objects • It covers a wide range of class evolution scenarios - Set serialVersionUID = 0 to be happy • It has decent performance that does not often show on profiler’s radar in practice • We use it in Devexperts for all our Java-to-Java non-market-data
46000 305400 Sent orders in one day Users on-line in one day We create professional financial software for Brokerage and Exchanges since 2002 99.99% Our software index of trouble-free operation 350 Peoples in our team 365 7 24 We support our products around-the-clock
Headquarters 197110, 10/1 Barochnaya st. Saint Petersburg, Russia +7 812 438 16 26 mail@devexperts.com www.devexperts.com
Contact me by email: elizarov at devexperts.com Read my blog: http://elizarov.livejournal.com/

More Related Content

PPTX
Millions quotes per second in pure java
byRoman Elizarov
 
KEY
JavaOne 2011 - JVM Bytecode for Dummies
byCharles Nutter
 
PPTX
Non blocking programming and waiting
byRoman Elizarov
 
PDF
Wait for your fortune without Blocking!
byRoman Elizarov
 
PDF
Objective-C Is Not Java
byChris Adamson
 
PDF
Ruby Performance - The Last Mile - RubyConf India 2016
byCharles Nutter
 
PPTX
DIY Java Profiling
byRoman Elizarov
 
PDF
Why GC is eating all my CPU?
byRoman Elizarov
 
Millions quotes per second in pure java
byRoman Elizarov
 
JavaOne 2011 - JVM Bytecode for Dummies
byCharles Nutter
 
Non blocking programming and waiting
byRoman Elizarov
 
Wait for your fortune without Blocking!
byRoman Elizarov
 
Objective-C Is Not Java
byChris Adamson
 
Ruby Performance - The Last Mile - RubyConf India 2016
byCharles Nutter
 
DIY Java Profiling
byRoman Elizarov
 
Why GC is eating all my CPU?
byRoman Elizarov
 

What's hot

KEY
The Why and How of Scala at Twitter
byAlex Payne
 
PPT
An Introduction to JVM Internals and Garbage Collection in Java
byAbhishek Asthana
 
PDF
Kotlin @ Coupang Backed - JetBrains Day seoul 2018
bySunghyouk Bae
 
PDF
Fast as C: How to Write Really Terrible Java
byCharles Nutter
 
PDF
JVM for Dummies - OSCON 2011
byCharles Nutter
 
PDF
How Scala code is expressed in the JVM
byKoichi Sakata
 
PDF
Introduction of failsafe
bySunghyouk Bae
 
PDF
Kotlin @ Coupang Backend 2017
bySunghyouk Bae
 
PDF
JVM Mechanics: When Does the JVM JIT & Deoptimize?
byDoug Hawkins
 
PDF
The State of Managed Runtimes 2013, by Attila Szegedi
byZeroTurnaround
 
PDF
Down the Rabbit Hole: An Adventure in JVM Wonderland
byCharles Nutter
 
PPTX
Scala Refactoring for Fun and Profit (Japanese subtitles)
byTomer Gabel
 
PPTX
From Ruby to Scala
bytod esking
 
PPTX
Scala Matsuri 2016: Japanese Text Mining with Scala and Spark
byEduardo Gonzalez
 
PDF
The Year of JRuby - RubyC 2018
byCharles Nutter
 
PDF
Weaving Dataflows with Silk - ScalaMatsuri 2014, Tokyo
byTaro L. Saito
 
PDF
Lagergren jvmls-2013-final
byMarcus Lagergren
 
PDF
JRuby and Invokedynamic - Japan JUG 2015
byCharles Nutter
 
PDF
Beyond JVM - YOW! Sydney 2013
byCharles Nutter
 
PPT
iOS Multithreading
byRicha Jain
 
The Why and How of Scala at Twitter
byAlex Payne
 
An Introduction to JVM Internals and Garbage Collection in Java
byAbhishek Asthana
 
Kotlin @ Coupang Backed - JetBrains Day seoul 2018
bySunghyouk Bae
 
Fast as C: How to Write Really Terrible Java
byCharles Nutter
 
JVM for Dummies - OSCON 2011
byCharles Nutter
 
How Scala code is expressed in the JVM
byKoichi Sakata
 
Introduction of failsafe
bySunghyouk Bae
 
Kotlin @ Coupang Backend 2017
bySunghyouk Bae
 
JVM Mechanics: When Does the JVM JIT & Deoptimize?
byDoug Hawkins
 
The State of Managed Runtimes 2013, by Attila Szegedi
byZeroTurnaround
 
Down the Rabbit Hole: An Adventure in JVM Wonderland
byCharles Nutter
 
Scala Refactoring for Fun and Profit (Japanese subtitles)
byTomer Gabel
 
From Ruby to Scala
bytod esking
 
Scala Matsuri 2016: Japanese Text Mining with Scala and Spark
byEduardo Gonzalez
 
The Year of JRuby - RubyC 2018
byCharles Nutter
 
Weaving Dataflows with Silk - ScalaMatsuri 2014, Tokyo
byTaro L. Saito
 
Lagergren jvmls-2013-final
byMarcus Lagergren
 
JRuby and Invokedynamic - Japan JUG 2015
byCharles Nutter
 
Beyond JVM - YOW! Sydney 2013
byCharles Nutter
 
iOS Multithreading
byRicha Jain
 

Viewers also liked

PDF
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
byChristopher Frohoff
 
PDF
Efficient Data Storage for Analytics with Apache Parquet 2.0
byCloudera, Inc.
 
PDF
Java Serialization Deep Dive
byMartijn Dashorst
 
PPT
Serialization/deserialization
byYoung Alista
 
PDF
ACM ICPC 2016 NEERC (Northeastern European Regional Contest) Problems Review
byRoman Elizarov
 
PDF
Derechos de la trabajadora del hogar
byjackelin chincha
 
DOCX
Dia 1
byLaura Esquembri Torrentbó
 
PDF
Black Hat EU 2010 - Attacking Java Serialized Communication
bymsaindane
 
PPTX
The theory of concurrent programming for a seasoned programmer
byRoman Elizarov
 
PDF
Rust samurai lightning talk
byNaruto TAKAHASHI
 
PDF
Statechart modeling of interactive gesture-based applications
byTom Mens
 
PPT
Intervento renza luigi_contratto
byRenza Cambini
 
PDF
Freello | Mobile Marketing 4 Media
byFrancesco Pieragostini
 
PPTX
Module #3a nursing disciplines overview
bygls0006
 
PPT
Intro
byleavesoflanguage
 
PPTX
2.1 ordinal numbers
byJorge Zavarce
 
PPTX
Construcción del blog
byEmmanuelBustos
 
PPTX
En el paradisíaco lago titicaca
byAmarú De Lucca Maye
 
PPTX
Inspire [autosaved]
bykcmom24
 
PPTX
Lineas de producto PHOTOGRAPHY SHOW
byElizabeth Ojeda Marin
 
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
byChristopher Frohoff
 
Efficient Data Storage for Analytics with Apache Parquet 2.0
byCloudera, Inc.
 
Java Serialization Deep Dive
byMartijn Dashorst
 
Serialization/deserialization
byYoung Alista
 
ACM ICPC 2016 NEERC (Northeastern European Regional Contest) Problems Review
byRoman Elizarov
 
Derechos de la trabajadora del hogar
byjackelin chincha
 
Dia 1
byLaura Esquembri Torrentbó
 
Black Hat EU 2010 - Attacking Java Serialized Communication
bymsaindane
 
The theory of concurrent programming for a seasoned programmer
byRoman Elizarov
 
Rust samurai lightning talk
byNaruto TAKAHASHI
 
Statechart modeling of interactive gesture-based applications
byTom Mens
 
Intervento renza luigi_contratto
byRenza Cambini
 
Freello | Mobile Marketing 4 Media
byFrancesco Pieragostini
 
Module #3a nursing disciplines overview
bygls0006
 
Intro
byleavesoflanguage
 
2.1 ordinal numbers
byJorge Zavarce
 
Construcción del blog
byEmmanuelBustos
 
En el paradisíaco lago titicaca
byAmarú De Lucca Maye
 
Inspire [autosaved]
bykcmom24
 
Lineas de producto PHOTOGRAPHY SHOW
byElizabeth Ojeda Marin
 

Similar to Java Serialization Facts and Fallacies

PDF
What is Serialization in Java? | Java Tutorial | Edureka
byEdureka!
 
PPT
22CS307-ADAVANCE JAVA PROGRAMMING UNIT 4
bylogesswarisrinivasan
 
PPT
Java Basics
byshivamgarg_nitj
 
PPTX
Serialization and performance in Java
byStrannik_2013
 
PDF
Persistent Session Storage
byWO Community
 
PDF
.NET Deserialization Attacks
byDharmalingam Ganesan
 
PPTX
Remote object activation &object serialization
bykeerthunarasu
 
PPTX
Gulshan serialization inJava PPT ex.pptx
byPRABHATMISHRA969924
 
PPTX
Java serialization
bySujit Kumar
 
PDF
[Wroclaw #7] Why So Serial?
byOWASP
 
PDF
Java Serialization
byimypraz
 
PPTX
File Handling - Serialization.pptx
byUsamaAshraf55
 
DOC
Serialization in .NET
byAbhi Arya
 
PDF
Serialization & De-serialization in Java
byInnovationM
 
PPT
Java Serialization
byjeslie
 
PPTX
Javasession6
byRajeev Kumar
 
PPTX
Serialization and performance by Sergey Morenets
byAlex Tumanoff
 
PDF
Abusing Java Remote Interfaces
byjuanvazquezslides
 
PPTX
Сергей Моренец. Serialization and performance in Java
byVolha Banadyseva
 
ODP
Science andartofbackwardscompatability
byIan Robertson
 
What is Serialization in Java? | Java Tutorial | Edureka
byEdureka!
 
22CS307-ADAVANCE JAVA PROGRAMMING UNIT 4
bylogesswarisrinivasan
 
Java Basics
byshivamgarg_nitj
 
Serialization and performance in Java
byStrannik_2013
 
Persistent Session Storage
byWO Community
 
.NET Deserialization Attacks
byDharmalingam Ganesan
 
Remote object activation &object serialization
bykeerthunarasu
 
Gulshan serialization inJava PPT ex.pptx
byPRABHATMISHRA969924
 
Java serialization
bySujit Kumar
 
[Wroclaw #7] Why So Serial?
byOWASP
 
Java Serialization
byimypraz
 
File Handling - Serialization.pptx
byUsamaAshraf55
 
Serialization in .NET
byAbhi Arya
 
Serialization & De-serialization in Java
byInnovationM
 
Java Serialization
byjeslie
 
Javasession6
byRajeev Kumar
 
Serialization and performance by Sergey Morenets
byAlex Tumanoff
 
Abusing Java Remote Interfaces
byjuanvazquezslides
 
Сергей Моренец. Serialization and performance in Java
byVolha Banadyseva
 
Science andartofbackwardscompatability
byIan Robertson
 

More from Roman Elizarov

PDF
Lock-free algorithms for Kotlin Coroutines
byRoman Elizarov
 
PPTX
Пишем самый быстрый хеш для кэширования данных
byRoman Elizarov
 
PDF
Kotlin Coroutines in Practice @ KotlinConf 2018
byRoman Elizarov
 
PDF
Introduction to Kotlin coroutines
byRoman Elizarov
 
PDF
Kotlin Coroutines Reloaded
byRoman Elizarov
 
PDF
Introduction to Coroutines @ KotlinConf 2017
byRoman Elizarov
 
PDF
Deep dive into Coroutines on JVM @ KotlinConf 2017
byRoman Elizarov
 
PDF
Теоретический минимум для понимания Java Memory Model (для JPoint 2014)
byRoman Elizarov
 
PDF
ACM ICPC 2015 NEERC (Northeastern European Regional Contest) Problems Review
byRoman Elizarov
 
PPTX
ACM ICPC 2012 NEERC (Northeastern European Regional Contest) Problems Review
byRoman Elizarov
 
PDF
Многопоточное Программирование - Теория и Практика
byRoman Elizarov
 
PDF
ACM ICPC 2014 NEERC (Northeastern European Regional Contest) Problems Review
byRoman Elizarov
 
PDF
Многопоточные Алгоритмы (для BitByte 2014)
byRoman Elizarov
 
PDF
ACM ICPC 2013 NEERC (Northeastern European Regional Contest) Problems Review
byRoman Elizarov
 
PDF
Fresh Async with Kotlin @ QConSF 2017
byRoman Elizarov
 
PDF
Scale Up with Lock-Free Algorithms @ JavaOne
byRoman Elizarov
 
Lock-free algorithms for Kotlin Coroutines
byRoman Elizarov
 
Пишем самый быстрый хеш для кэширования данных
byRoman Elizarov
 
Kotlin Coroutines in Practice @ KotlinConf 2018
byRoman Elizarov
 
Introduction to Kotlin coroutines
byRoman Elizarov
 
Kotlin Coroutines Reloaded
byRoman Elizarov
 
Introduction to Coroutines @ KotlinConf 2017
byRoman Elizarov
 
Deep dive into Coroutines on JVM @ KotlinConf 2017
byRoman Elizarov
 
Теоретический минимум для понимания Java Memory Model (для JPoint 2014)
byRoman Elizarov
 
ACM ICPC 2015 NEERC (Northeastern European Regional Contest) Problems Review
byRoman Elizarov
 
ACM ICPC 2012 NEERC (Northeastern European Regional Contest) Problems Review
byRoman Elizarov
 
Многопоточное Программирование - Теория и Практика
byRoman Elizarov
 
ACM ICPC 2014 NEERC (Northeastern European Regional Contest) Problems Review
byRoman Elizarov
 
Многопоточные Алгоритмы (для BitByte 2014)
byRoman Elizarov
 
ACM ICPC 2013 NEERC (Northeastern European Regional Contest) Problems Review
byRoman Elizarov
 
Fresh Async with Kotlin @ QConSF 2017
byRoman Elizarov
 
Scale Up with Lock-Free Algorithms @ JavaOne
byRoman Elizarov
 

Recently uploaded

PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PPTX
Migrating-Hadoop-to-Databricks-Ebook-FINAL.pptx
byssuserf37fc8
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PDF
Introduction to Linux and Basic Commands
byiDev Semarang
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PDF
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PPTX
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PPTX
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
byKerry Millar
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
Migrating-Hadoop-to-Databricks-Ebook-FINAL.pptx
byssuserf37fc8
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
Introduction to Linux and Basic Commands
byiDev Semarang
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
byKerry Millar
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 

Java Serialization Facts and Fallacies

  • 1.
    Java Serialization Facts andFallacies © 2013, Roman Elizarov, Devexperts
  • 2.
    Serialization … is theprocess of translating data structures or object state into a format that can be stored (for example, in a file or memory buffer, or transmitted across a network connection link) and resurrected later in the same or another computer environment. -- WIkipedia Object Bytes Network/Storage
  • 3.
    Use-cases • Transfer dataover network between cluster nodes or between servers and clients - Serialization is a key technology behind any RPC/RMI • Serialization if often used for storage - but then data transfer is still often a part of the picture
  • 4.
    Java serialization facility(key facts) • Had appeared in 1997 as a part of JDK 1.1 release • Uses java.io.Serializable as a marker interface • Consists of java.io.ObjectInputStream/ObjectOutputStream with related classes and interfaces • Has “Java Object Serialization Specification” that documents both API and object serialization stream protocol • Is part of any Java platform (even Android has it) • Somehow has a lot of myths around it
  • 5.
    It is ajoke … and the only JEP joke (!) … and it has a big grain of truth: There are lots of folk myths about serialization
  • 7.
    Hazelcast Portable Google protobuf Hessian Protostuff Kryo CoherencePOF JBoss serialization Apache Avro fast-serialization Apache Thrift Hadoop Writable jserial quickser GridGain serialization msgpack wobly Burlap EclipseLink MOXy Gson Json-lib JAXB XStream FLEXJSON Javolution XML Jackson svenson java.beans.XMLEncoder/XMLDecoder jsonij
  • 8.
    The obvious factof live Real hackers write everything from scratch  Every mature appserver/framework/cache/eventbus/soa/rpc/db/etc must have its own serialization that is better than everybody else’s 
  • 9.
    How to choosea serialization lib? • Cross-language or Java-only • Binary or text (XML/JSON/other) format • Custom or automatic object-to-serialized format mapping • Needs format description/mapping/annotation or not • Writes object scheme (e.g. field names) with each object, once per request, once per session, never at all, or some mixed approach • Writes object fields or bean properties • Serializes object graph with shared objects or not • Performance - CPU consumption to serialize/deserialize - Network consumption (bytes per object)
  • 10.
    Java built-in serializationlib? • Cross-language or Java-only • Binary or text (XML/JSON/other) format • Custom or automatic object-to-serialized format mapping • Needs format description/mapping/annotation or not • Writes object scheme (e.g. field names) with each object, once per request, once per session, never at all, or some mixed approach • Writes object fields or bean properties • Serializes object graph with shared objects or not • Performance - CPU consumption to serialize/deserialize - Network consumption (bytes per object)
  • 11.
    Serious serialization libchoice diagram YES YES Java to JS? Cross-platform data transfer? NO Use built-in Java Serialization YES Jackson/gson/etc do further research NO Do you have problems with it? NO
  • 12.
    Serialization myth #1 I’vefound this framework called XYZ… … it has really simple and fast serialization All you have to do is to implement this interface! Easy! I’ve tested it! It is really fast! It outperforms everything else I’ve tried! /* This is almost actual real-life conversation. * Names changed */
  • 13.
    In fact thisis corollary to “The obvious fact of life” • Of course it is the fastest possible way! But this does not solve the most complex serialization problems - You can implement java.io.Externalizable if you are up to writing a custom serialization code for each object. • Maintenance cost/efforts are often underestimated - How are you planning to evolve your system? Add new fields? New classes? • What will keep you from forgetting to read/write them? • Ah… yes, you write a lot of extra tests in addition to writing your write/read methods to make sure your serialization works - How about on-the-wire compatibility of old code and new one? • But I deploy all of my system with a new version at once! • But how do you work with it during development?
  • 14.
    Serialization myth #2 java.io.Serializable… “This interface limits how its implementing classes can change in the future. By implementing Serializable you expose your flexible in-memory implementation details as a rigid binary representation. Simple code changes--like renaming private fields--are not safe when the changed class is serializable.” http://developer.android.com/reference/java/io/Serializable.html
  • 15.
    So what aboutthis code evolution? write read got
  • 16.
    serialVersionUID • serialVersionUID =crazy hash of your class - If you change your class -> serialVersionUID changes -> incompatible • But you can set serialVersionUID as a “private static final long” field in your class to fix it. • With a fixed serialVersionUID java serialization supports: - Adding/removing fields without any additional hurdles and annotations - Moving fields around in class definition - Extracting/inlining super-classes (but without moving serializable fields up/down class hierarchy). • It basically means you can evolve your class at will, just a you would do with key-value map in json/other-untyped-system
  • 17.
    serialver • That’s thetool to compute serialVersionUID as some crazy hash of your class - You only need it when your class is “in the wild” without explicitly assigned serialVersionUID and you want to be backwards compatible with that version of it • DO NOT USE serialver for freshly created classes - It is a pseudo random number that serves no purpose, but to make your gzipped class files and gzipped serial files larger - Just set serialVersionUID = 0 • It is no worse, but better than any other value
  • 18.
    So what aboutthis code evolution (2)? wrie got symbol – as written quantity – as written price – as written orderType – null read Profit! It works the other way around, too!
  • 19.
    What if Iwant to make my class incompatible? • You have two choices - serialVersionUID++ - Rename class • So, having serialVersionUID in a modern serialization framework is an optional feature - They just did not have refactorings back then in 1996, so renaming a class was not an option for them - They chose a default of “your changes break serialization” and force you to explicitly declare serialVersionUID if you want “your changes are backwards compatible” • I would have preferred the other default, but having to manually add serialVersionUID is a small price to pay for a serialization facility that you have out-of-the box in Java.
  • 20.
    Complex changes madecompatible • Java serialization has a bunch of features to support radical evolution of serializable classes in backwards-compatible way: - writeReplace/readResolve • Lets you migrate your code to a completely new class, but still use the old class for serialization. - putFields/writeFields/readFields Lets you completely redo the fields of the object, but still be compatible with the old set of fields for serialization. It really helps if you are working on, evolving, improving, and refactoring really big projects
  • 21.
    What about “renamingprivate fields is unsafe”? • It is just a matter of developer’s choice on what actually constitutes “serial form” of the class: - It’s private fields • like in Java serialization - It’s public API with its getter/setter methods • aka “Bean Serialization” • many serialization frameworks follow this approach • good match when you need to expose public API via serialization - A totally separate code, file, or annotation defines serial form • you have to write it in addition to your class • more work, but the approach is the most flexible and pays of in case of highly heterogeneous system (many platforms/languages)
  • 22.
  • 23.
  • 24.
    In practice • Itreally matters when very verbose text formats like XML are used in a combination with not-so-fast serializer implementations • Most binary formats are fast and compact enough, so that they do not constitute a bottleneck in the system - Data is usually expensive to acquire (compute, fetch from db, etc) - Otherwise (if data is in cache) and the only action of the system is to retrieve it from cache and send, then cache serialized data in binary form, thus making serialization performance irrelevant aka “marshalled object”
  • 25.
    Popular myth #4 ©Stack Overflow authors, emphasis is mine
  • 26.
    A popular wayto benchmark serialization https://github.com/eishay/jvm-serializers/blob/master/tpc/src/serializers/JavaBuiltIn.java
  • 27.
    The real factabout serialization performance • ObjectOutputStream/ObjectInputStream are expensive to create - >1KB of internal buffers allocated - It matters if you really do a lot of serialization • You can reuse OOS/OIS instances if you need - It is easy when you write a single stream of values • Just keep doing writeObject(!) • That is what it was designed for • The added benefit is that class descriptors are written just once - It is slightly tricky if you want to optimize it for one time writes • The actual gain is modest and depends on the kinds of objects you are serializing (their size, your heap/gc load, etc)
  • 28.
    The real factabout serialization performance (2) • Each ObjectOutputStream writes class descriptor on the first encounter - reset() clears internal handles table that keep both written objects (for object graph serialization) and written class descriptors • BEWARE: All written objects are retained until you call reset() • Writing class descriptor is a signification portion of both CPU time consumption and resulting space - That is the price you pay for all the automagic class evolution features without having to manually define field ids, create mappings, or write custom code - The data itself is relatively fast to write and has straightforward binary format (4 bytes per int, etc)
  • 30.
    Beware of benchmarks •A typical benchmark compares different serialization frameworks doing tasks of absolutely different complexity • With Java serialization facility you necessary pay for - No hassle object-to-serial format mapping • (no writing of interface descriptions, no code generation) - Support for wide range of class evolution scenarios - Support for object graph writes - Support for machines with different byte-endianness • Most significant performance/size improvements are gained by forfeiting one of these qualities - Be sure to understand what exactly you forfeit
  • 31.
    Real cons ofJava serialization • Just one reset() to rule them all - No way to “resetObjects()” to clear all message-level object graph info (referenced objects), but keep session-level information (written class descriptors) to avoid repetition when keeping a network session to recipient open • Anyone knows ins-and-outs of JEP process to improve it? • Can use some performance improvement  - Some obviously unnecessary allocations of internal objects can be removed, code simplified, streamlined • I’m looking for help in “contributing to JDK” area - But do remember, that it rarely matters in practice
  • 32.
    Summary • Java serializationis there out-of-the box • It handles most Java-to-Java serialization needs well - While providing a wide range of goodies • It provides non-compact, but binary representation - It works especially good, if you have collections of repeated business objects • It covers a wide range of class evolution scenarios - Set serialVersionUID = 0 to be happy • It has decent performance that does not often show on profiler’s radar in practice • We use it in Devexperts for all our Java-to-Java non-market-data
  • 33.
    46000 305400 Sent orders inone day Users on-line in one day We create professional financial software for Brokerage and Exchanges since 2002 99.99% Our software index of trouble-free operation 350 Peoples in our team 365 7 24 We support our products around-the-clock
  • 34.
    Headquarters 197110, 10/1 Barochnayast. Saint Petersburg, Russia +7 812 438 16 26 mail@devexperts.com www.devexperts.com
  • 35.
    Contact me byemail: elizarov at devexperts.com Read my blog: http://elizarov.livejournal.com/