We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Serialization: A New Hope by Viktor Klang, Brian Goetz
Serialization experts Viktor Klang and Brian Goetz discuss Java's long-standing challenges with serialization and propose a new approach using marshalling and records.
-
Java serialization added in 1997 has fundamental design flaws - it bypasses language features for maintaining object integrity, making it difficult to use correctly and secure
-
Main problems with current serialization:
- Extra-linguistic (doesn’t use normal Java language features)
- Monolithic design combining multiple concerns
- Hard to maintain and review
- Security vulnerabilities from maliciously constructed streams
- Difficult to reason about object state
- Complex versioning and compatibility issues
-
Proposed new approach using “marshalling”:
- Separates concerns into structure extraction, wire format, and reconstruction
- Uses standard language features like constructors and patterns
- Class authors control external representation
- Wire format agnostic - supports JSON, XML etc.
- Built on parameter lists and schemas rather than direct field access
- Validates object state through constructors
-
Records provide a good model for serialization:
- Components go through constructor validation
- Clear external contract through deconstruction patterns
- Safe reconstruction through constructor
-
Migration strategy:
- Gradual transition supporting both old and new formats
- Eventually deprecate current serialization
- Clear separation between marshalling and wire format concerns
- Leverages existing Java features rather than inventing new mechanisms
-
Focus on simplicity and correctness:
- Small API surface area
- Hard to use incorrectly
- Clear responsibilities and separation of concerns
- Built on familiar language constructs
- Better security through constructor validation