1 /* 2 * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.io; 27 28 import java.lang.invoke.MethodHandle; 29 import java.lang.invoke.MethodHandles; 30 import java.lang.invoke.MethodType; 31 import java.lang.reflect.Constructor; 32 import java.lang.reflect.Field; 33 import java.lang.reflect.InaccessibleObjectException; 34 import java.lang.reflect.InvocationTargetException; 35 import java.lang.reflect.RecordComponent; 36 import java.lang.reflect.UndeclaredThrowableException; 37 import java.lang.reflect.Member; 38 import java.lang.reflect.Method; 39 import java.lang.reflect.Modifier; 40 import java.lang.reflect.Proxy; 41 import java.security.AccessControlContext; 42 import java.security.AccessController; 43 import java.security.MessageDigest; 44 import java.security.NoSuchAlgorithmException; 45 import java.security.PermissionCollection; 46 import java.security.Permissions; 47 import java.security.PrivilegedAction; 48 import java.security.PrivilegedActionException; 49 import java.security.PrivilegedExceptionAction; 50 import java.security.ProtectionDomain; 51 import java.util.ArrayList; 52 import java.util.Arrays; 53 import java.util.Collections; 54 import java.util.Comparator; 55 import java.util.HashSet; 56 import java.util.Map; 57 import java.util.Set; 58 import java.util.concurrent.ConcurrentHashMap; 59 60 import jdk.internal.MigratedValueClass; 61 import jdk.internal.event.SerializationMisdeclarationEvent; 62 import jdk.internal.misc.Unsafe; 63 import jdk.internal.reflect.CallerSensitive; 64 import jdk.internal.reflect.Reflection; 65 import jdk.internal.reflect.ReflectionFactory; 66 import jdk.internal.access.SharedSecrets; 67 import jdk.internal.access.JavaSecurityAccess; 68 import jdk.internal.util.ByteArray; 69 import sun.reflect.misc.ReflectUtil; 70 71 /** 72 * Serialization's descriptor for classes. It contains the name and 73 * serialVersionUID of the class. The ObjectStreamClass for a specific class 74 * loaded in this Java VM can be found/created using the lookup method. 75 * 76 * <p>The algorithm to compute the SerialVersionUID is described in 77 * <a href="{@docRoot}/../specs/serialization/class.html#stream-unique-identifiers"> 78 * <cite>Java Object Serialization Specification</cite>, Section 4.6, "Stream Unique Identifiers"</a>. 79 * 80 * @spec serialization/index.html Java Object Serialization Specification 81 * @author Mike Warres 82 * @author Roger Riggs 83 * @see ObjectStreamField 84 * @see <a href="{@docRoot}/../specs/serialization/class.html"> 85 * <cite>Java Object Serialization Specification,</cite> Section 4, "Class Descriptors"</a> 86 * @since 1.1 87 */ 88 public final class ObjectStreamClass implements Serializable { 89 90 /** serialPersistentFields value indicating no serializable fields */ 91 public static final ObjectStreamField[] NO_FIELDS = 92 new ObjectStreamField[0]; 93 94 @java.io.Serial 95 private static final long serialVersionUID = -6120832682080437368L; 96 /** 97 * {@code ObjectStreamClass} has no fields for default serialization. 98 */ 99 @java.io.Serial 100 private static final ObjectStreamField[] serialPersistentFields = 101 NO_FIELDS; 102 103 /** reflection factory for obtaining serialization constructors */ 104 @SuppressWarnings("removal") 105 private static final ReflectionFactory reflFactory = 106 AccessController.doPrivileged( 107 new ReflectionFactory.GetReflectionFactoryAction()); 108 109 private static class Caches { 110 /** cache mapping local classes -> descriptors */ 111 static final ClassCache<ObjectStreamClass> localDescs = 112 new ClassCache<>() { 113 @Override 114 protected ObjectStreamClass computeValue(Class<?> type) { 115 return new ObjectStreamClass(type); 116 } 117 }; 118 119 /** cache mapping field group/local desc pairs -> field reflectors */ 120 static final ClassCache<Map<FieldReflectorKey, FieldReflector>> reflectors = 121 new ClassCache<>() { 122 @Override 123 protected Map<FieldReflectorKey, FieldReflector> computeValue(Class<?> type) { 124 return new ConcurrentHashMap<>(); 125 } 126 }; 127 } 128 129 /** class associated with this descriptor (if any) */ 130 private Class<?> cl; 131 /** name of class represented by this descriptor */ 132 private String name; 133 /** serialVersionUID of represented class (null if not computed yet) */ 134 private volatile Long suid; 135 136 /** true if represents dynamic proxy class */ 137 private boolean isProxy; 138 /** true if represents enum type */ 139 private boolean isEnum; 140 /** true if represents record type */ 141 private boolean isRecord; 142 /** true if represents a value class */ 143 private boolean isValue; 144 /** true if represented class implements Serializable */ 145 private boolean serializable; 146 /** true if represented class implements Externalizable */ 147 private boolean externalizable; 148 /** true if desc has data written by class-defined writeObject method */ 149 private boolean hasWriteObjectData; 150 /** 151 * true if desc has externalizable data written in block data format; this 152 * must be true by default to accommodate ObjectInputStream subclasses which 153 * override readClassDescriptor() to return class descriptors obtained from 154 * ObjectStreamClass.lookup() (see 4461737) 155 */ 156 private boolean hasBlockExternalData = true; 157 158 /** 159 * Contains information about InvalidClassException instances to be thrown 160 * when attempting operations on an invalid class. Note that instances of 161 * this class are immutable and are potentially shared among 162 * ObjectStreamClass instances. 163 */ 164 private static class ExceptionInfo { 165 private final String className; 166 private final String message; 167 168 ExceptionInfo(String cn, String msg) { 169 className = cn; 170 message = msg; 171 } 172 173 /** 174 * Returns (does not throw) an InvalidClassException instance created 175 * from the information in this object, suitable for being thrown by 176 * the caller. 177 */ 178 InvalidClassException newInvalidClassException() { 179 return new InvalidClassException(className, message); 180 } 181 } 182 183 /** exception (if any) thrown while attempting to resolve class */ 184 private ClassNotFoundException resolveEx; 185 /** exception (if any) to throw if non-enum deserialization attempted */ 186 private ExceptionInfo deserializeEx; 187 /** exception (if any) to throw if non-enum serialization attempted */ 188 private ExceptionInfo serializeEx; 189 /** exception (if any) to throw if default serialization attempted */ 190 private ExceptionInfo defaultSerializeEx; 191 192 /** serializable fields */ 193 private ObjectStreamField[] fields; 194 /** aggregate marshalled size of primitive fields */ 195 private int primDataSize; 196 /** number of non-primitive fields */ 197 private int numObjFields; 198 /** reflector for setting/getting serializable field values */ 199 private FieldReflector fieldRefl; 200 /** data layout of serialized objects described by this class desc */ 201 private volatile ClassDataSlot[] dataLayout; 202 203 /** serialization-appropriate constructor, or null if none */ 204 private Constructor<?> cons; 205 /** record canonical constructor (shared among OSCs for same class), or null */ 206 private MethodHandle canonicalCtr; 207 /** cache of record deserialization constructors per unique set of stream fields 208 * (shared among OSCs for same class), or null */ 209 private DeserializationConstructorsCache deserializationCtrs; 210 /** session-cache of record deserialization constructor 211 * (in de-serialized OSC only), or null */ 212 private MethodHandle deserializationCtr; 213 /** protection domains that need to be checked when calling the constructor */ 214 private ProtectionDomain[] domains; 215 216 /** class-defined writeObject method, or null if none */ 217 private Method writeObjectMethod; 218 /** class-defined readObject method, or null if none */ 219 private Method readObjectMethod; 220 /** class-defined readObjectNoData method, or null if none */ 221 private Method readObjectNoDataMethod; 222 /** class-defined writeReplace method, or null if none */ 223 private Method writeReplaceMethod; 224 /** class-defined readResolve method, or null if none */ 225 private Method readResolveMethod; 226 227 /** local class descriptor for represented class (may point to self) */ 228 private ObjectStreamClass localDesc; 229 /** superclass descriptor appearing in stream */ 230 private ObjectStreamClass superDesc; 231 232 /** true if, and only if, the object has been correctly initialized */ 233 private boolean initialized; 234 235 /** 236 * Initializes native code. 237 */ 238 private static native void initNative(); 239 static { 240 initNative(); 241 } 242 243 /** 244 * Find the descriptor for a class that can be serialized. Creates an 245 * ObjectStreamClass instance if one does not exist yet for class. Null is 246 * returned if the specified class does not implement java.io.Serializable 247 * or java.io.Externalizable. 248 * 249 * @param cl class for which to get the descriptor 250 * @return the class descriptor for the specified class 251 */ 252 public static ObjectStreamClass lookup(Class<?> cl) { 253 return lookup(cl, false); 254 } 255 256 /** 257 * Returns the descriptor for any class, regardless of whether it 258 * implements {@link Serializable}. 259 * 260 * @param cl class for which to get the descriptor 261 * @return the class descriptor for the specified class 262 * @since 1.6 263 */ 264 public static ObjectStreamClass lookupAny(Class<?> cl) { 265 return lookup(cl, true); 266 } 267 268 /** 269 * Returns the name of the class described by this descriptor. 270 * This method returns the name of the class in the format that 271 * is used by the {@link Class#getName} method. 272 * 273 * @return a string representing the name of the class 274 */ 275 public String getName() { 276 return name; 277 } 278 279 /** 280 * Return the serialVersionUID for this class. The serialVersionUID 281 * defines a set of classes all with the same name that have evolved from a 282 * common root class and agree to be serialized and deserialized using a 283 * common format. NonSerializable classes have a serialVersionUID of 0L. 284 * 285 * @return the SUID of the class described by this descriptor 286 */ 287 @SuppressWarnings("removal") 288 public long getSerialVersionUID() { 289 // REMIND: synchronize instead of relying on volatile? 290 if (suid == null) { 291 if (isRecord) 292 return 0L; 293 294 suid = AccessController.doPrivileged( 295 new PrivilegedAction<Long>() { 296 public Long run() { 297 return computeDefaultSUID(cl); 298 } 299 } 300 ); 301 } 302 return suid.longValue(); 303 } 304 305 /** 306 * Return the class in the local VM that this version is mapped to. Null 307 * is returned if there is no corresponding local class. 308 * 309 * @return the {@code Class} instance that this descriptor represents 310 */ 311 @SuppressWarnings("removal") 312 @CallerSensitive 313 public Class<?> forClass() { 314 if (cl == null) { 315 return null; 316 } 317 requireInitialized(); 318 if (System.getSecurityManager() != null) { 319 Class<?> caller = Reflection.getCallerClass(); 320 if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) { 321 ReflectUtil.checkPackageAccess(cl); 322 } 323 } 324 return cl; 325 } 326 327 /** 328 * Return an array of the fields of this serializable class. 329 * 330 * @return an array containing an element for each persistent field of 331 * this class. Returns an array of length zero if there are no 332 * fields. 333 * @since 1.2 334 */ 335 public ObjectStreamField[] getFields() { 336 return getFields(true); 337 } 338 339 /** 340 * Get the field of this class by name. 341 * 342 * @param name the name of the data field to look for 343 * @return The ObjectStreamField object of the named field or null if 344 * there is no such named field. 345 */ 346 public ObjectStreamField getField(String name) { 347 return getField(name, null); 348 } 349 350 /** 351 * Return a string describing this ObjectStreamClass. 352 */ 353 public String toString() { 354 return name + ": static final long serialVersionUID = " + 355 getSerialVersionUID() + "L;"; 356 } 357 358 /** 359 * Looks up and returns class descriptor for given class, or null if class 360 * is non-serializable and "all" is set to false. 361 * 362 * @param cl class to look up 363 * @param all if true, return descriptors for all classes; if false, only 364 * return descriptors for serializable classes 365 */ 366 static ObjectStreamClass lookup(Class<?> cl, boolean all) { 367 if (!(all || Serializable.class.isAssignableFrom(cl))) { 368 return null; 369 } 370 return Caches.localDescs.get(cl); 371 } 372 373 /** 374 * Creates local class descriptor representing given class. 375 */ 376 @SuppressWarnings("removal") 377 private ObjectStreamClass(final Class<?> cl) { 378 this.cl = cl; 379 name = cl.getName(); 380 isProxy = Proxy.isProxyClass(cl); 381 isEnum = Enum.class.isAssignableFrom(cl); 382 isRecord = cl.isRecord(); 383 isValue = cl.isValue(); 384 serializable = Serializable.class.isAssignableFrom(cl); 385 externalizable = Externalizable.class.isAssignableFrom(cl); 386 387 Class<?> superCl = cl.getSuperclass(); 388 superDesc = (superCl != null) ? lookup(superCl, false) : null; 389 localDesc = this; 390 391 if (serializable) { 392 AccessController.doPrivileged(new PrivilegedAction<>() { 393 public Void run() { 394 if (isEnum) { 395 suid = 0L; 396 fields = NO_FIELDS; 397 return null; 398 } 399 if (cl.isArray()) { 400 fields = NO_FIELDS; 401 return null; 402 } 403 404 suid = getDeclaredSUID(cl); 405 try { 406 fields = getSerialFields(cl); 407 computeFieldOffsets(); 408 } catch (InvalidClassException e) { 409 serializeEx = deserializeEx = 410 new ExceptionInfo(e.classname, e.getMessage()); 411 fields = NO_FIELDS; 412 } 413 414 if (isRecord) { 415 canonicalCtr = canonicalRecordCtr(cl); 416 deserializationCtrs = new DeserializationConstructorsCache(); 417 } else if (isValue) { 418 // Value object instance creation is specialized in newInstance() 419 cons = null; 420 } else if (externalizable) { 421 cons = getExternalizableConstructor(cl); 422 } else { 423 cons = getSerializableConstructor(cl); 424 writeObjectMethod = getPrivateMethod(cl, "writeObject", 425 new Class<?>[] { ObjectOutputStream.class }, 426 Void.TYPE); 427 readObjectMethod = getPrivateMethod(cl, "readObject", 428 new Class<?>[] { ObjectInputStream.class }, 429 Void.TYPE); 430 readObjectNoDataMethod = getPrivateMethod( 431 cl, "readObjectNoData", null, Void.TYPE); 432 hasWriteObjectData = (writeObjectMethod != null); 433 } 434 domains = getProtectionDomains(cons, cl); 435 writeReplaceMethod = getInheritableMethod( 436 cl, "writeReplace", null, Object.class); 437 readResolveMethod = getInheritableMethod( 438 cl, "readResolve", null, Object.class); 439 return null; 440 } 441 }); 442 } else { 443 suid = 0L; 444 fields = NO_FIELDS; 445 } 446 447 try { 448 fieldRefl = getReflector(fields, this); 449 } catch (InvalidClassException ex) { 450 // field mismatches impossible when matching local fields vs. self 451 throw new InternalError(ex); 452 } 453 454 if (deserializeEx == null) { 455 if (isEnum) { 456 deserializeEx = new ExceptionInfo(name, "enum type"); 457 } else if (cons == null && !(isRecord | isValue)) { 458 deserializeEx = new ExceptionInfo(name, "no valid constructor"); 459 } 460 } 461 if (isRecord && canonicalCtr == null) { 462 deserializeEx = new ExceptionInfo(name, "record canonical constructor not found"); 463 } else { 464 for (int i = 0; i < fields.length; i++) { 465 if (fields[i].getField() == null) { 466 defaultSerializeEx = new ExceptionInfo( 467 name, "unmatched serializable field(s) declared"); 468 } 469 } 470 } 471 initialized = true; 472 473 if (SerializationMisdeclarationEvent.enabled() && serializable) { 474 SerializationMisdeclarationChecker.checkMisdeclarations(cl); 475 } 476 } 477 478 /** 479 * Creates blank class descriptor which should be initialized via a 480 * subsequent call to initProxy(), initNonProxy() or readNonProxy(). 481 */ 482 ObjectStreamClass() { 483 } 484 485 /** 486 * Creates a PermissionDomain that grants no permission. 487 */ 488 private ProtectionDomain noPermissionsDomain() { 489 PermissionCollection perms = new Permissions(); 490 perms.setReadOnly(); 491 return new ProtectionDomain(null, perms); 492 } 493 494 /** 495 * Aggregate the ProtectionDomains of all the classes that separate 496 * a concrete class {@code cl} from its ancestor's class declaring 497 * a constructor {@code cons}. 498 * 499 * If {@code cl} is defined by the boot loader, or the constructor 500 * {@code cons} is declared by {@code cl}, or if there is no security 501 * manager, then this method does nothing and {@code null} is returned. 502 * 503 * @param cons A constructor declared by {@code cl} or one of its 504 * ancestors. 505 * @param cl A concrete class, which is either the class declaring 506 * the constructor {@code cons}, or a serializable subclass 507 * of that class. 508 * @return An array of ProtectionDomain representing the set of 509 * ProtectionDomain that separate the concrete class {@code cl} 510 * from its ancestor's declaring {@code cons}, or {@code null}. 511 */ 512 @SuppressWarnings("removal") 513 private ProtectionDomain[] getProtectionDomains(Constructor<?> cons, 514 Class<?> cl) { 515 ProtectionDomain[] domains = null; 516 if (cons != null && cl.getClassLoader() != null 517 && System.getSecurityManager() != null) { 518 Class<?> cls = cl; 519 Class<?> fnscl = cons.getDeclaringClass(); 520 Set<ProtectionDomain> pds = null; 521 while (cls != fnscl) { 522 ProtectionDomain pd = cls.getProtectionDomain(); 523 if (pd != null) { 524 if (pds == null) pds = new HashSet<>(); 525 pds.add(pd); 526 } 527 cls = cls.getSuperclass(); 528 if (cls == null) { 529 // that's not supposed to happen 530 // make a ProtectionDomain with no permission. 531 // should we throw instead? 532 if (pds == null) pds = new HashSet<>(); 533 else pds.clear(); 534 pds.add(noPermissionsDomain()); 535 break; 536 } 537 } 538 if (pds != null) { 539 domains = pds.toArray(new ProtectionDomain[0]); 540 } 541 } 542 return domains; 543 } 544 545 /** 546 * Initializes class descriptor representing a proxy class. 547 */ 548 void initProxy(Class<?> cl, 549 ClassNotFoundException resolveEx, 550 ObjectStreamClass superDesc) 551 throws InvalidClassException 552 { 553 ObjectStreamClass osc = null; 554 if (cl != null) { 555 osc = lookup(cl, true); 556 if (!osc.isProxy) { 557 throw new InvalidClassException( 558 "cannot bind proxy descriptor to a non-proxy class"); 559 } 560 } 561 this.cl = cl; 562 this.resolveEx = resolveEx; 563 this.superDesc = superDesc; 564 isProxy = true; 565 serializable = true; 566 suid = 0L; 567 fields = NO_FIELDS; 568 if (osc != null) { 569 localDesc = osc; 570 name = localDesc.name; 571 externalizable = localDesc.externalizable; 572 writeReplaceMethod = localDesc.writeReplaceMethod; 573 readResolveMethod = localDesc.readResolveMethod; 574 deserializeEx = localDesc.deserializeEx; 575 domains = localDesc.domains; 576 cons = localDesc.cons; 577 } 578 fieldRefl = getReflector(fields, localDesc); 579 initialized = true; 580 } 581 582 /** 583 * Initializes class descriptor representing a non-proxy class. 584 */ 585 void initNonProxy(ObjectStreamClass model, 586 Class<?> cl, 587 ClassNotFoundException resolveEx, 588 ObjectStreamClass superDesc) 589 throws InvalidClassException 590 { 591 long suid = model.getSerialVersionUID(); 592 ObjectStreamClass osc = null; 593 if (cl != null) { 594 osc = lookup(cl, true); 595 if (osc.isProxy) { 596 throw new InvalidClassException( 597 "cannot bind non-proxy descriptor to a proxy class"); 598 } 599 if (model.isEnum != osc.isEnum) { 600 throw new InvalidClassException(model.isEnum ? 601 "cannot bind enum descriptor to a non-enum class" : 602 "cannot bind non-enum descriptor to an enum class"); 603 } 604 605 if (model.serializable == osc.serializable && 606 !cl.isArray() && !cl.isRecord() && 607 suid != osc.getSerialVersionUID()) { 608 throw new InvalidClassException(osc.name, 609 "local class incompatible: " + 610 "stream classdesc serialVersionUID = " + suid + 611 ", local class serialVersionUID = " + 612 osc.getSerialVersionUID()); 613 } 614 615 if (!classNamesEqual(model.name, osc.name)) { 616 throw new InvalidClassException(osc.name, 617 "local class name incompatible with stream class " + 618 "name \"" + model.name + "\""); 619 } 620 621 if (!model.isEnum) { 622 if ((model.serializable == osc.serializable) && 623 (model.externalizable != osc.externalizable)) { 624 throw new InvalidClassException(osc.name, 625 "Serializable incompatible with Externalizable"); 626 } 627 628 if ((model.serializable != osc.serializable) || 629 (model.externalizable != osc.externalizable) || 630 !(model.serializable || model.externalizable)) { 631 deserializeEx = new ExceptionInfo( 632 osc.name, "class invalid for deserialization"); 633 } 634 } 635 } 636 637 this.cl = cl; 638 this.resolveEx = resolveEx; 639 this.superDesc = superDesc; 640 name = model.name; 641 this.suid = suid; 642 isProxy = false; 643 isEnum = model.isEnum; 644 serializable = model.serializable; 645 externalizable = model.externalizable; 646 hasBlockExternalData = model.hasBlockExternalData; 647 hasWriteObjectData = model.hasWriteObjectData; 648 fields = model.fields; 649 primDataSize = model.primDataSize; 650 numObjFields = model.numObjFields; 651 652 if (osc != null) { 653 localDesc = osc; 654 isRecord = localDesc.isRecord; 655 isValue = localDesc.isValue; 656 // canonical record constructor is shared 657 canonicalCtr = localDesc.canonicalCtr; 658 // cache of deserialization constructors is shared 659 deserializationCtrs = localDesc.deserializationCtrs; 660 writeObjectMethod = localDesc.writeObjectMethod; 661 readObjectMethod = localDesc.readObjectMethod; 662 readObjectNoDataMethod = localDesc.readObjectNoDataMethod; 663 writeReplaceMethod = localDesc.writeReplaceMethod; 664 readResolveMethod = localDesc.readResolveMethod; 665 if (deserializeEx == null) { 666 deserializeEx = localDesc.deserializeEx; 667 } 668 domains = localDesc.domains; 669 assert cl.isRecord() ? localDesc.cons == null : true; 670 cons = localDesc.cons; 671 } 672 673 fieldRefl = getReflector(fields, localDesc); 674 // reassign to matched fields so as to reflect local unshared settings 675 fields = fieldRefl.getFields(); 676 677 initialized = true; 678 } 679 680 /** 681 * Reads non-proxy class descriptor information from given input stream. 682 * The resulting class descriptor is not fully functional; it can only be 683 * used as input to the ObjectInputStream.resolveClass() and 684 * ObjectStreamClass.initNonProxy() methods. 685 */ 686 void readNonProxy(ObjectInputStream in) 687 throws IOException, ClassNotFoundException 688 { 689 name = in.readUTF(); 690 suid = in.readLong(); 691 isProxy = false; 692 693 byte flags = in.readByte(); 694 hasWriteObjectData = 695 ((flags & ObjectStreamConstants.SC_WRITE_METHOD) != 0); 696 hasBlockExternalData = 697 ((flags & ObjectStreamConstants.SC_BLOCK_DATA) != 0); 698 externalizable = 699 ((flags & ObjectStreamConstants.SC_EXTERNALIZABLE) != 0); 700 boolean sflag = 701 ((flags & ObjectStreamConstants.SC_SERIALIZABLE) != 0); 702 if (externalizable && sflag) { 703 throw new InvalidClassException( 704 name, "serializable and externalizable flags conflict"); 705 } 706 serializable = externalizable || sflag; 707 isEnum = ((flags & ObjectStreamConstants.SC_ENUM) != 0); 708 if (isEnum && suid.longValue() != 0L) { 709 throw new InvalidClassException(name, 710 "enum descriptor has non-zero serialVersionUID: " + suid); 711 } 712 713 int numFields = in.readShort(); 714 if (isEnum && numFields != 0) { 715 throw new InvalidClassException(name, 716 "enum descriptor has non-zero field count: " + numFields); 717 } 718 fields = (numFields > 0) ? 719 new ObjectStreamField[numFields] : NO_FIELDS; 720 for (int i = 0; i < numFields; i++) { 721 char tcode = (char) in.readByte(); 722 String fname = in.readUTF(); 723 String signature = ((tcode == 'L') || (tcode == '[')) ? 724 in.readTypeString() : String.valueOf(tcode); 725 try { 726 fields[i] = new ObjectStreamField(fname, signature, false); 727 } catch (RuntimeException e) { 728 throw new InvalidClassException(name, 729 "invalid descriptor for field " + 730 fname, e); 731 } 732 } 733 computeFieldOffsets(); 734 } 735 736 /** 737 * Writes non-proxy class descriptor information to given output stream. 738 */ 739 void writeNonProxy(ObjectOutputStream out) throws IOException { 740 out.writeUTF(name); 741 out.writeLong(getSerialVersionUID()); 742 743 byte flags = 0; 744 if (externalizable) { 745 flags |= ObjectStreamConstants.SC_EXTERNALIZABLE; 746 int protocol = out.getProtocolVersion(); 747 if (protocol != ObjectStreamConstants.PROTOCOL_VERSION_1) { 748 flags |= ObjectStreamConstants.SC_BLOCK_DATA; 749 } 750 } else if (serializable) { 751 flags |= ObjectStreamConstants.SC_SERIALIZABLE; 752 } 753 if (hasWriteObjectData) { 754 flags |= ObjectStreamConstants.SC_WRITE_METHOD; 755 } 756 if (isEnum) { 757 flags |= ObjectStreamConstants.SC_ENUM; 758 } 759 out.writeByte(flags); 760 761 out.writeShort(fields.length); 762 for (int i = 0; i < fields.length; i++) { 763 ObjectStreamField f = fields[i]; 764 out.writeByte(f.getTypeCode()); 765 out.writeUTF(f.getName()); 766 if (!f.isPrimitive()) { 767 out.writeTypeString(f.getTypeString()); 768 } 769 } 770 } 771 772 /** 773 * Returns ClassNotFoundException (if any) thrown while attempting to 774 * resolve local class corresponding to this class descriptor. 775 */ 776 ClassNotFoundException getResolveException() { 777 return resolveEx; 778 } 779 780 /** 781 * Throws InternalError if not initialized. 782 */ 783 private final void requireInitialized() { 784 if (!initialized) 785 throw new InternalError("Unexpected call when not initialized"); 786 } 787 788 /** 789 * Throws InvalidClassException if not initialized. 790 * To be called in cases where an uninitialized class descriptor indicates 791 * a problem in the serialization stream. 792 */ 793 final void checkInitialized() throws InvalidClassException { 794 if (!initialized) { 795 throw new InvalidClassException("Class descriptor should be initialized"); 796 } 797 } 798 799 /** 800 * Throws an InvalidClassException if object instances referencing this 801 * class descriptor should not be allowed to deserialize. This method does 802 * not apply to deserialization of enum constants. 803 */ 804 void checkDeserialize() throws InvalidClassException { 805 requireInitialized(); 806 if (deserializeEx != null) { 807 throw deserializeEx.newInvalidClassException(); 808 } 809 } 810 811 /** 812 * Throws an InvalidClassException if objects whose class is represented by 813 * this descriptor should not be allowed to serialize. This method does 814 * not apply to serialization of enum constants. 815 */ 816 void checkSerialize() throws InvalidClassException { 817 requireInitialized(); 818 if (serializeEx != null) { 819 throw serializeEx.newInvalidClassException(); 820 } 821 } 822 823 /** 824 * Throws an InvalidClassException if objects whose class is represented by 825 * this descriptor should not be permitted to use default serialization 826 * (e.g., if the class declares serializable fields that do not correspond 827 * to actual fields, and hence must use the GetField API). This method 828 * does not apply to deserialization of enum constants. 829 */ 830 void checkDefaultSerialize() throws InvalidClassException { 831 requireInitialized(); 832 if (defaultSerializeEx != null) { 833 throw defaultSerializeEx.newInvalidClassException(); 834 } 835 } 836 837 /** 838 * Returns superclass descriptor. Note that on the receiving side, the 839 * superclass descriptor may be bound to a class that is not a superclass 840 * of the subclass descriptor's bound class. 841 */ 842 ObjectStreamClass getSuperDesc() { 843 requireInitialized(); 844 return superDesc; 845 } 846 847 /** 848 * Returns the "local" class descriptor for the class associated with this 849 * class descriptor (i.e., the result of 850 * ObjectStreamClass.lookup(this.forClass())) or null if there is no class 851 * associated with this descriptor. 852 */ 853 ObjectStreamClass getLocalDesc() { 854 requireInitialized(); 855 return localDesc; 856 } 857 858 /** 859 * Returns arrays of ObjectStreamFields representing the serializable 860 * fields of the represented class. If copy is true, a clone of this class 861 * descriptor's field array is returned, otherwise the array itself is 862 * returned. 863 */ 864 ObjectStreamField[] getFields(boolean copy) { 865 return copy ? fields.clone() : fields; 866 } 867 868 /** 869 * Looks up a serializable field of the represented class by name and type. 870 * A specified type of null matches all types, Object.class matches all 871 * non-primitive types, and any other non-null type matches assignable 872 * types only. Returns matching field, or null if no match found. 873 */ 874 ObjectStreamField getField(String name, Class<?> type) { 875 for (int i = 0; i < fields.length; i++) { 876 ObjectStreamField f = fields[i]; 877 if (f.getName().equals(name)) { 878 if (type == null || 879 (type == Object.class && !f.isPrimitive())) 880 { 881 return f; 882 } 883 Class<?> ftype = f.getType(); 884 if (ftype != null && type.isAssignableFrom(ftype)) { 885 return f; 886 } 887 } 888 } 889 return null; 890 } 891 892 /** 893 * Returns true if class descriptor represents a dynamic proxy class, false 894 * otherwise. 895 */ 896 boolean isProxy() { 897 requireInitialized(); 898 return isProxy; 899 } 900 901 /** 902 * Returns true if class descriptor represents an enum type, false 903 * otherwise. 904 */ 905 boolean isEnum() { 906 requireInitialized(); 907 return isEnum; 908 } 909 910 /** 911 * Returns true if class descriptor represents a record type, false 912 * otherwise. 913 */ 914 boolean isRecord() { 915 requireInitialized(); 916 return isRecord; 917 } 918 919 /** 920 * Returns true if represented class implements Externalizable, false 921 * otherwise. 922 */ 923 boolean isExternalizable() { 924 requireInitialized(); 925 return externalizable; 926 } 927 928 /** 929 * Returns true if represented class implements Serializable, false 930 * otherwise. 931 */ 932 boolean isSerializable() { 933 requireInitialized(); 934 return serializable; 935 } 936 937 /** 938 * {@return {code true} if the class is a value class, {@code false} otherwise} 939 */ 940 boolean isValue() { 941 requireInitialized(); 942 return isValue; 943 } 944 945 /** 946 * Returns true if class descriptor represents externalizable class that 947 * has written its data in 1.2 (block data) format, false otherwise. 948 */ 949 boolean hasBlockExternalData() { 950 requireInitialized(); 951 return hasBlockExternalData; 952 } 953 954 /** 955 * Returns true if class descriptor represents serializable (but not 956 * externalizable) class which has written its data via a custom 957 * writeObject() method, false otherwise. 958 */ 959 boolean hasWriteObjectData() { 960 requireInitialized(); 961 return hasWriteObjectData; 962 } 963 964 /** 965 * Returns true if represented class is serializable/externalizable and can 966 * be instantiated by the serialization runtime--i.e., if it is 967 * externalizable and defines a public no-arg constructor, if it is 968 * non-externalizable and its first non-serializable superclass defines an 969 * accessible no-arg constructor, or if the class is a migrated value class. 970 * Otherwise, returns false. 971 */ 972 boolean isInstantiable() { 973 requireInitialized(); 974 return (cons != null | 975 (isValue && cl != null && cl.isAnnotationPresent(jdk.internal.MigratedValueClass.class))); 976 } 977 978 /** 979 * Returns true if represented class is serializable (but not 980 * externalizable) and defines a conformant writeObject method. Otherwise, 981 * returns false. 982 */ 983 boolean hasWriteObjectMethod() { 984 requireInitialized(); 985 return (writeObjectMethod != null); 986 } 987 988 /** 989 * Returns true if represented class is serializable (but not 990 * externalizable) and defines a conformant readObject method. Otherwise, 991 * returns false. 992 */ 993 boolean hasReadObjectMethod() { 994 requireInitialized(); 995 return (readObjectMethod != null); 996 } 997 998 /** 999 * Returns true if represented class is serializable (but not 1000 * externalizable) and defines a conformant readObjectNoData method. 1001 * Otherwise, returns false. 1002 */ 1003 boolean hasReadObjectNoDataMethod() { 1004 requireInitialized(); 1005 return (readObjectNoDataMethod != null); 1006 } 1007 1008 /** 1009 * Returns true if represented class is serializable or externalizable and 1010 * defines a conformant writeReplace method. Otherwise, returns false. 1011 */ 1012 boolean hasWriteReplaceMethod() { 1013 requireInitialized(); 1014 return (writeReplaceMethod != null); 1015 } 1016 1017 /** 1018 * Returns true if represented class is serializable or externalizable and 1019 * defines a conformant readResolve method. Otherwise, returns false. 1020 */ 1021 boolean hasReadResolveMethod() { 1022 requireInitialized(); 1023 return (readResolveMethod != null); 1024 } 1025 1026 /** 1027 * Creates a new instance of the represented class. If the class is 1028 * externalizable, invokes its public no-arg constructor; otherwise, if the 1029 * class is serializable, invokes the no-arg constructor of the first 1030 * non-serializable superclass. Throws UnsupportedOperationException if 1031 * this class descriptor is not associated with a class, if the associated 1032 * class is non-serializable or if the appropriate no-arg constructor is 1033 * inaccessible/unavailable. 1034 */ 1035 @SuppressWarnings("removal") 1036 Object newInstance() 1037 throws InstantiationException, InvocationTargetException, 1038 UnsupportedOperationException 1039 { 1040 requireInitialized(); 1041 if (cons != null) { 1042 try { 1043 if (domains == null || domains.length == 0) { 1044 return cons.newInstance(); 1045 } else { 1046 JavaSecurityAccess jsa = SharedSecrets.getJavaSecurityAccess(); 1047 PrivilegedAction<?> pea = () -> { 1048 try { 1049 return cons.newInstance(); 1050 } catch (InstantiationException 1051 | InvocationTargetException 1052 | IllegalAccessException x) { 1053 throw new UndeclaredThrowableException(x); 1054 } 1055 }; // Can't use PrivilegedExceptionAction with jsa 1056 try { 1057 return jsa.doIntersectionPrivilege(pea, 1058 AccessController.getContext(), 1059 new AccessControlContext(domains)); 1060 } catch (UndeclaredThrowableException x) { 1061 Throwable cause = x.getCause(); 1062 if (cause instanceof InstantiationException ie) 1063 throw ie; 1064 if (cause instanceof InvocationTargetException ite) 1065 throw ite; 1066 if (cause instanceof IllegalAccessException iae) 1067 throw iae; 1068 // not supposed to happen 1069 throw x; 1070 } 1071 } 1072 } catch (IllegalAccessException ex) { 1073 // should not occur, as access checks have been suppressed 1074 throw new InternalError(ex); 1075 } catch (InvocationTargetException ex) { 1076 Throwable cause = ex.getCause(); 1077 if (cause instanceof Error err) 1078 throw err; 1079 else 1080 throw ex; 1081 } catch (InstantiationError err) { 1082 var ex = new InstantiationException(); 1083 ex.initCause(err); 1084 throw ex; 1085 } 1086 } else if (isValue) { 1087 // Start with a buffered default value. 1088 return FieldReflector.newValueInstance(cl); 1089 } else { 1090 throw new UnsupportedOperationException(); 1091 } 1092 } 1093 1094 /** 1095 * Finish the initialization of a value object. 1096 * @param obj an object (larval if a value object) 1097 * @return the finished object 1098 */ 1099 Object finishValue(Object obj) { 1100 return (isValue) ? FieldReflector.finishValueInstance(obj) : obj; 1101 } 1102 1103 /** 1104 * Invokes the writeObject method of the represented serializable class. 1105 * Throws UnsupportedOperationException if this class descriptor is not 1106 * associated with a class, or if the class is externalizable, 1107 * non-serializable or does not define writeObject. 1108 */ 1109 void invokeWriteObject(Object obj, ObjectOutputStream out) 1110 throws IOException, UnsupportedOperationException 1111 { 1112 requireInitialized(); 1113 if (writeObjectMethod != null) { 1114 try { 1115 writeObjectMethod.invoke(obj, new Object[]{ out }); 1116 } catch (InvocationTargetException ex) { 1117 Throwable th = ex.getCause(); 1118 if (th instanceof IOException) { 1119 throw (IOException) th; 1120 } else { 1121 throwMiscException(th); 1122 } 1123 } catch (IllegalAccessException ex) { 1124 // should not occur, as access checks have been suppressed 1125 throw new InternalError(ex); 1126 } 1127 } else { 1128 throw new UnsupportedOperationException(); 1129 } 1130 } 1131 1132 /** 1133 * Invokes the readObject method of the represented serializable class. 1134 * Throws UnsupportedOperationException if this class descriptor is not 1135 * associated with a class, or if the class is externalizable, 1136 * non-serializable or does not define readObject. 1137 */ 1138 void invokeReadObject(Object obj, ObjectInputStream in) 1139 throws ClassNotFoundException, IOException, 1140 UnsupportedOperationException 1141 { 1142 requireInitialized(); 1143 if (readObjectMethod != null) { 1144 try { 1145 readObjectMethod.invoke(obj, new Object[]{ in }); 1146 } catch (InvocationTargetException ex) { 1147 Throwable th = ex.getCause(); 1148 if (th instanceof ClassNotFoundException) { 1149 throw (ClassNotFoundException) th; 1150 } else if (th instanceof IOException) { 1151 throw (IOException) th; 1152 } else { 1153 throwMiscException(th); 1154 } 1155 } catch (IllegalAccessException ex) { 1156 // should not occur, as access checks have been suppressed 1157 throw new InternalError(ex); 1158 } 1159 } else { 1160 throw new UnsupportedOperationException(); 1161 } 1162 } 1163 1164 /** 1165 * Invokes the readObjectNoData method of the represented serializable 1166 * class. Throws UnsupportedOperationException if this class descriptor is 1167 * not associated with a class, or if the class is externalizable, 1168 * non-serializable or does not define readObjectNoData. 1169 */ 1170 void invokeReadObjectNoData(Object obj) 1171 throws IOException, UnsupportedOperationException 1172 { 1173 requireInitialized(); 1174 if (readObjectNoDataMethod != null) { 1175 try { 1176 readObjectNoDataMethod.invoke(obj, (Object[]) null); 1177 } catch (InvocationTargetException ex) { 1178 Throwable th = ex.getCause(); 1179 if (th instanceof ObjectStreamException) { 1180 throw (ObjectStreamException) th; 1181 } else { 1182 throwMiscException(th); 1183 } 1184 } catch (IllegalAccessException ex) { 1185 // should not occur, as access checks have been suppressed 1186 throw new InternalError(ex); 1187 } 1188 } else { 1189 throw new UnsupportedOperationException(); 1190 } 1191 } 1192 1193 /** 1194 * Invokes the writeReplace method of the represented serializable class and 1195 * returns the result. Throws UnsupportedOperationException if this class 1196 * descriptor is not associated with a class, or if the class is 1197 * non-serializable or does not define writeReplace. 1198 */ 1199 Object invokeWriteReplace(Object obj) 1200 throws IOException, UnsupportedOperationException 1201 { 1202 requireInitialized(); 1203 if (writeReplaceMethod != null) { 1204 try { 1205 return writeReplaceMethod.invoke(obj, (Object[]) null); 1206 } catch (InvocationTargetException ex) { 1207 Throwable th = ex.getCause(); 1208 if (th instanceof ObjectStreamException) { 1209 throw (ObjectStreamException) th; 1210 } else { 1211 throwMiscException(th); 1212 throw new InternalError(th); // never reached 1213 } 1214 } catch (IllegalAccessException ex) { 1215 // should not occur, as access checks have been suppressed 1216 throw new InternalError(ex); 1217 } 1218 } else { 1219 throw new UnsupportedOperationException(); 1220 } 1221 } 1222 1223 /** 1224 * Invokes the readResolve method of the represented serializable class and 1225 * returns the result. Throws UnsupportedOperationException if this class 1226 * descriptor is not associated with a class, or if the class is 1227 * non-serializable or does not define readResolve. 1228 */ 1229 Object invokeReadResolve(Object obj) 1230 throws IOException, UnsupportedOperationException 1231 { 1232 requireInitialized(); 1233 if (readResolveMethod != null) { 1234 try { 1235 return readResolveMethod.invoke(obj, (Object[]) null); 1236 } catch (InvocationTargetException ex) { 1237 Throwable th = ex.getCause(); 1238 if (th instanceof ObjectStreamException) { 1239 throw (ObjectStreamException) th; 1240 } else { 1241 throwMiscException(th); 1242 throw new InternalError(th); // never reached 1243 } 1244 } catch (IllegalAccessException ex) { 1245 // should not occur, as access checks have been suppressed 1246 throw new InternalError(ex); 1247 } 1248 } else { 1249 throw new UnsupportedOperationException(); 1250 } 1251 } 1252 1253 /** 1254 * Class representing the portion of an object's serialized form allotted 1255 * to data described by a given class descriptor. If "hasData" is false, 1256 * the object's serialized form does not contain data associated with the 1257 * class descriptor. 1258 */ 1259 static class ClassDataSlot { 1260 1261 /** class descriptor "occupying" this slot */ 1262 final ObjectStreamClass desc; 1263 /** true if serialized form includes data for this slot's descriptor */ 1264 final boolean hasData; 1265 1266 ClassDataSlot(ObjectStreamClass desc, boolean hasData) { 1267 this.desc = desc; 1268 this.hasData = hasData; 1269 } 1270 } 1271 1272 /** 1273 * Returns array of ClassDataSlot instances representing the data layout 1274 * (including superclass data) for serialized objects described by this 1275 * class descriptor. ClassDataSlots are ordered by inheritance with those 1276 * containing "higher" superclasses appearing first. The final 1277 * ClassDataSlot contains a reference to this descriptor. 1278 */ 1279 ClassDataSlot[] getClassDataLayout() throws InvalidClassException { 1280 // REMIND: synchronize instead of relying on volatile? 1281 if (dataLayout == null) { 1282 dataLayout = getClassDataLayout0(); 1283 } 1284 return dataLayout; 1285 } 1286 1287 private ClassDataSlot[] getClassDataLayout0() 1288 throws InvalidClassException 1289 { 1290 ArrayList<ClassDataSlot> slots = new ArrayList<>(); 1291 Class<?> start = cl, end = cl; 1292 1293 // locate closest non-serializable superclass 1294 while (end != null && Serializable.class.isAssignableFrom(end)) { 1295 end = end.getSuperclass(); 1296 } 1297 1298 HashSet<String> oscNames = new HashSet<>(3); 1299 1300 for (ObjectStreamClass d = this; d != null; d = d.superDesc) { 1301 if (oscNames.contains(d.name)) { 1302 throw new InvalidClassException("Circular reference."); 1303 } else { 1304 oscNames.add(d.name); 1305 } 1306 1307 // search up inheritance hierarchy for class with matching name 1308 String searchName = (d.cl != null) ? d.cl.getName() : d.name; 1309 Class<?> match = null; 1310 for (Class<?> c = start; c != end; c = c.getSuperclass()) { 1311 if (searchName.equals(c.getName())) { 1312 match = c; 1313 break; 1314 } 1315 } 1316 1317 // add "no data" slot for each unmatched class below match 1318 if (match != null) { 1319 for (Class<?> c = start; c != match; c = c.getSuperclass()) { 1320 slots.add(new ClassDataSlot( 1321 ObjectStreamClass.lookup(c, true), false)); 1322 } 1323 start = match.getSuperclass(); 1324 } 1325 1326 // record descriptor/class pairing 1327 slots.add(new ClassDataSlot(d.getVariantFor(match), true)); 1328 } 1329 1330 // add "no data" slot for any leftover unmatched classes 1331 for (Class<?> c = start; c != end; c = c.getSuperclass()) { 1332 slots.add(new ClassDataSlot( 1333 ObjectStreamClass.lookup(c, true), false)); 1334 } 1335 1336 // order slots from superclass -> subclass 1337 Collections.reverse(slots); 1338 return slots.toArray(new ClassDataSlot[slots.size()]); 1339 } 1340 1341 /** 1342 * Returns aggregate size (in bytes) of marshalled primitive field values 1343 * for represented class. 1344 */ 1345 int getPrimDataSize() { 1346 return primDataSize; 1347 } 1348 1349 /** 1350 * Returns number of non-primitive serializable fields of represented 1351 * class. 1352 */ 1353 int getNumObjFields() { 1354 return numObjFields; 1355 } 1356 1357 /** 1358 * Fetches the serializable primitive field values of object obj and 1359 * marshals them into byte array buf starting at offset 0. It is the 1360 * responsibility of the caller to ensure that obj is of the proper type if 1361 * non-null. 1362 */ 1363 void getPrimFieldValues(Object obj, byte[] buf) { 1364 fieldRefl.getPrimFieldValues(obj, buf); 1365 } 1366 1367 /** 1368 * Sets the serializable primitive fields of object obj using values 1369 * unmarshalled from byte array buf starting at offset 0. It is the 1370 * responsibility of the caller to ensure that obj is of the proper type if 1371 * non-null. 1372 */ 1373 void setPrimFieldValues(Object obj, byte[] buf) { 1374 fieldRefl.setPrimFieldValues(obj, buf); 1375 } 1376 1377 /** 1378 * Fetches the serializable object field values of object obj and stores 1379 * them in array vals starting at offset 0. It is the responsibility of 1380 * the caller to ensure that obj is of the proper type if non-null. 1381 */ 1382 void getObjFieldValues(Object obj, Object[] vals) { 1383 fieldRefl.getObjFieldValues(obj, vals); 1384 } 1385 1386 /** 1387 * Checks that the given values, from array vals starting at offset 0, 1388 * are assignable to the given serializable object fields. 1389 * @throws ClassCastException if any value is not assignable 1390 */ 1391 void checkObjFieldValueTypes(Object obj, Object[] vals) { 1392 fieldRefl.checkObjectFieldValueTypes(obj, vals); 1393 } 1394 1395 /** 1396 * Sets the serializable object fields of object obj using values from 1397 * array vals starting at offset 0. It is the responsibility of the caller 1398 * to ensure that obj is of the proper type if non-null. 1399 */ 1400 void setObjFieldValues(Object obj, Object[] vals) { 1401 fieldRefl.setObjFieldValues(obj, vals); 1402 } 1403 1404 /** 1405 * Calculates and sets serializable field offsets, as well as primitive 1406 * data size and object field count totals. Throws InvalidClassException 1407 * if fields are illegally ordered. 1408 */ 1409 private void computeFieldOffsets() throws InvalidClassException { 1410 primDataSize = 0; 1411 numObjFields = 0; 1412 int firstObjIndex = -1; 1413 1414 for (int i = 0; i < fields.length; i++) { 1415 ObjectStreamField f = fields[i]; 1416 switch (f.getTypeCode()) { 1417 case 'Z', 'B' -> f.setOffset(primDataSize++); 1418 case 'C', 'S' -> { 1419 f.setOffset(primDataSize); 1420 primDataSize += 2; 1421 } 1422 case 'I', 'F' -> { 1423 f.setOffset(primDataSize); 1424 primDataSize += 4; 1425 } 1426 case 'J', 'D' -> { 1427 f.setOffset(primDataSize); 1428 primDataSize += 8; 1429 } 1430 case '[', 'L' -> { 1431 f.setOffset(numObjFields++); 1432 if (firstObjIndex == -1) { 1433 firstObjIndex = i; 1434 } 1435 } 1436 default -> throw new InternalError(); 1437 } 1438 } 1439 if (firstObjIndex != -1 && 1440 firstObjIndex + numObjFields != fields.length) 1441 { 1442 throw new InvalidClassException(name, "illegal field order"); 1443 } 1444 } 1445 1446 /** 1447 * If given class is the same as the class associated with this class 1448 * descriptor, returns reference to this class descriptor. Otherwise, 1449 * returns variant of this class descriptor bound to given class. 1450 */ 1451 private ObjectStreamClass getVariantFor(Class<?> cl) 1452 throws InvalidClassException 1453 { 1454 if (this.cl == cl) { 1455 return this; 1456 } 1457 ObjectStreamClass desc = new ObjectStreamClass(); 1458 if (isProxy) { 1459 desc.initProxy(cl, null, superDesc); 1460 } else { 1461 desc.initNonProxy(this, cl, null, superDesc); 1462 } 1463 return desc; 1464 } 1465 1466 /** 1467 * Returns public no-arg constructor of given class, or null if none found. 1468 * Access checks are disabled on the returned constructor (if any), since 1469 * the defining class may still be non-public. 1470 */ 1471 private static Constructor<?> getExternalizableConstructor(Class<?> cl) { 1472 try { 1473 Constructor<?> cons = cl.getDeclaredConstructor((Class<?>[]) null); 1474 cons.setAccessible(true); 1475 return ((cons.getModifiers() & Modifier.PUBLIC) != 0) ? 1476 cons : null; 1477 } catch (NoSuchMethodException | InaccessibleObjectException ex) { 1478 return null; 1479 } 1480 } 1481 1482 /** 1483 * Returns subclass-accessible no-arg constructor of first non-serializable 1484 * superclass, or null if none found. Access checks are disabled on the 1485 * returned constructor (if any). 1486 */ 1487 private static Constructor<?> getSerializableConstructor(Class<?> cl) { 1488 return reflFactory.newConstructorForSerialization(cl); 1489 } 1490 1491 /** 1492 * Returns the canonical constructor for the given record class, or null if 1493 * the not found ( which should never happen for correctly generated record 1494 * classes ). 1495 */ 1496 @SuppressWarnings("removal") 1497 private static MethodHandle canonicalRecordCtr(Class<?> cls) { 1498 assert cls.isRecord() : "Expected record, got: " + cls; 1499 PrivilegedAction<MethodHandle> pa = () -> { 1500 Class<?>[] paramTypes = Arrays.stream(cls.getRecordComponents()) 1501 .map(RecordComponent::getType) 1502 .toArray(Class<?>[]::new); 1503 try { 1504 Constructor<?> ctr = cls.getDeclaredConstructor(paramTypes); 1505 ctr.setAccessible(true); 1506 return MethodHandles.lookup().unreflectConstructor(ctr); 1507 } catch (IllegalAccessException | NoSuchMethodException e) { 1508 return null; 1509 } 1510 }; 1511 return AccessController.doPrivileged(pa); 1512 } 1513 1514 /** 1515 * Returns the canonical constructor, if the local class equivalent of this 1516 * stream class descriptor is a record class, otherwise null. 1517 */ 1518 MethodHandle getRecordConstructor() { 1519 return canonicalCtr; 1520 } 1521 1522 /** 1523 * Returns non-static, non-abstract method with given signature provided it 1524 * is defined by or accessible (via inheritance) by the given class, or 1525 * null if no match found. Access checks are disabled on the returned 1526 * method (if any). 1527 */ 1528 private static Method getInheritableMethod(Class<?> cl, String name, 1529 Class<?>[] argTypes, 1530 Class<?> returnType) 1531 { 1532 Method meth = null; 1533 Class<?> defCl = cl; 1534 while (defCl != null) { 1535 try { 1536 meth = defCl.getDeclaredMethod(name, argTypes); 1537 break; 1538 } catch (NoSuchMethodException ex) { 1539 defCl = defCl.getSuperclass(); 1540 } 1541 } 1542 1543 if ((meth == null) || (meth.getReturnType() != returnType)) { 1544 return null; 1545 } 1546 meth.setAccessible(true); 1547 int mods = meth.getModifiers(); 1548 if ((mods & (Modifier.STATIC | Modifier.ABSTRACT)) != 0) { 1549 return null; 1550 } else if ((mods & (Modifier.PUBLIC | Modifier.PROTECTED)) != 0) { 1551 return meth; 1552 } else if ((mods & Modifier.PRIVATE) != 0) { 1553 return (cl == defCl) ? meth : null; 1554 } else { 1555 return packageEquals(cl, defCl) ? meth : null; 1556 } 1557 } 1558 1559 /** 1560 * Returns non-static private method with given signature defined by given 1561 * class, or null if none found. Access checks are disabled on the 1562 * returned method (if any). 1563 */ 1564 private static Method getPrivateMethod(Class<?> cl, String name, 1565 Class<?>[] argTypes, 1566 Class<?> returnType) 1567 { 1568 try { 1569 Method meth = cl.getDeclaredMethod(name, argTypes); 1570 meth.setAccessible(true); 1571 int mods = meth.getModifiers(); 1572 return ((meth.getReturnType() == returnType) && 1573 ((mods & Modifier.STATIC) == 0) && 1574 ((mods & Modifier.PRIVATE) != 0)) ? meth : null; 1575 } catch (NoSuchMethodException ex) { 1576 return null; 1577 } 1578 } 1579 1580 /** 1581 * Returns true if classes are defined in the same runtime package, false 1582 * otherwise. 1583 */ 1584 private static boolean packageEquals(Class<?> cl1, Class<?> cl2) { 1585 return cl1.getClassLoader() == cl2.getClassLoader() && 1586 cl1.getPackageName() == cl2.getPackageName(); 1587 } 1588 1589 /** 1590 * Compares class names for equality, ignoring package names. Returns true 1591 * if class names equal, false otherwise. 1592 */ 1593 private static boolean classNamesEqual(String name1, String name2) { 1594 int idx1 = name1.lastIndexOf('.') + 1; 1595 int idx2 = name2.lastIndexOf('.') + 1; 1596 int len1 = name1.length() - idx1; 1597 int len2 = name2.length() - idx2; 1598 return len1 == len2 && 1599 name1.regionMatches(idx1, name2, idx2, len1); 1600 } 1601 1602 /** 1603 * Returns JVM type signature for given list of parameters and return type. 1604 */ 1605 private static String getMethodSignature(Class<?>[] paramTypes, 1606 Class<?> retType) 1607 { 1608 StringBuilder sb = new StringBuilder(); 1609 sb.append('('); 1610 for (int i = 0; i < paramTypes.length; i++) { 1611 sb.append(paramTypes[i].descriptorString()); 1612 } 1613 sb.append(')'); 1614 sb.append(retType.descriptorString()); 1615 return sb.toString(); 1616 } 1617 1618 /** 1619 * Convenience method for throwing an exception that is either a 1620 * RuntimeException, Error, or of some unexpected type (in which case it is 1621 * wrapped inside an IOException). 1622 */ 1623 private static void throwMiscException(Throwable th) throws IOException { 1624 if (th instanceof RuntimeException) { 1625 throw (RuntimeException) th; 1626 } else if (th instanceof Error) { 1627 throw (Error) th; 1628 } else { 1629 throw new IOException("unexpected exception type", th); 1630 } 1631 } 1632 1633 /** 1634 * Returns ObjectStreamField array describing the serializable fields of 1635 * the given class. Serializable fields backed by an actual field of the 1636 * class are represented by ObjectStreamFields with corresponding non-null 1637 * Field objects. Throws InvalidClassException if the (explicitly 1638 * declared) serializable fields are invalid. 1639 */ 1640 private static ObjectStreamField[] getSerialFields(Class<?> cl) 1641 throws InvalidClassException 1642 { 1643 if (!Serializable.class.isAssignableFrom(cl)) 1644 return NO_FIELDS; 1645 1646 ObjectStreamField[] fields; 1647 if (cl.isRecord()) { 1648 fields = getDefaultSerialFields(cl); 1649 Arrays.sort(fields); 1650 } else if (!Externalizable.class.isAssignableFrom(cl) && 1651 !Proxy.isProxyClass(cl) && 1652 !cl.isInterface()) { 1653 if ((fields = getDeclaredSerialFields(cl)) == null) { 1654 fields = getDefaultSerialFields(cl); 1655 } 1656 Arrays.sort(fields); 1657 } else { 1658 fields = NO_FIELDS; 1659 } 1660 return fields; 1661 } 1662 1663 /** 1664 * Returns serializable fields of given class as defined explicitly by a 1665 * "serialPersistentFields" field, or null if no appropriate 1666 * "serialPersistentFields" field is defined. Serializable fields backed 1667 * by an actual field of the class are represented by ObjectStreamFields 1668 * with corresponding non-null Field objects. For compatibility with past 1669 * releases, a "serialPersistentFields" field with a null value is 1670 * considered equivalent to not declaring "serialPersistentFields". Throws 1671 * InvalidClassException if the declared serializable fields are 1672 * invalid--e.g., if multiple fields share the same name. 1673 */ 1674 private static ObjectStreamField[] getDeclaredSerialFields(Class<?> cl) 1675 throws InvalidClassException 1676 { 1677 ObjectStreamField[] serialPersistentFields = null; 1678 try { 1679 Field f = cl.getDeclaredField("serialPersistentFields"); 1680 int mask = Modifier.PRIVATE | Modifier.STATIC | Modifier.FINAL; 1681 if ((f.getModifiers() & mask) == mask) { 1682 f.setAccessible(true); 1683 serialPersistentFields = (ObjectStreamField[]) f.get(null); 1684 } 1685 } catch (Exception ex) { 1686 } 1687 if (serialPersistentFields == null) { 1688 return null; 1689 } else if (serialPersistentFields.length == 0) { 1690 return NO_FIELDS; 1691 } 1692 1693 ObjectStreamField[] boundFields = 1694 new ObjectStreamField[serialPersistentFields.length]; 1695 Set<String> fieldNames = HashSet.newHashSet(serialPersistentFields.length); 1696 1697 for (int i = 0; i < serialPersistentFields.length; i++) { 1698 ObjectStreamField spf = serialPersistentFields[i]; 1699 1700 String fname = spf.getName(); 1701 if (fieldNames.contains(fname)) { 1702 throw new InvalidClassException( 1703 "multiple serializable fields named " + fname); 1704 } 1705 fieldNames.add(fname); 1706 1707 try { 1708 Field f = cl.getDeclaredField(fname); 1709 if ((f.getType() == spf.getType()) && 1710 ((f.getModifiers() & Modifier.STATIC) == 0)) 1711 { 1712 boundFields[i] = 1713 new ObjectStreamField(f, spf.isUnshared(), true); 1714 } 1715 } catch (NoSuchFieldException ex) { 1716 } 1717 if (boundFields[i] == null) { 1718 boundFields[i] = new ObjectStreamField( 1719 fname, spf.getType(), spf.isUnshared()); 1720 } 1721 } 1722 return boundFields; 1723 } 1724 1725 /** 1726 * Returns array of ObjectStreamFields corresponding to all non-static 1727 * non-transient fields declared by given class. Each ObjectStreamField 1728 * contains a Field object for the field it represents. If no default 1729 * serializable fields exist, NO_FIELDS is returned. 1730 */ 1731 private static ObjectStreamField[] getDefaultSerialFields(Class<?> cl) { 1732 Field[] clFields = cl.getDeclaredFields(); 1733 ArrayList<ObjectStreamField> list = new ArrayList<>(); 1734 int mask = Modifier.STATIC | Modifier.TRANSIENT; 1735 1736 for (int i = 0; i < clFields.length; i++) { 1737 if ((clFields[i].getModifiers() & mask) == 0) { 1738 list.add(new ObjectStreamField(clFields[i], false, true)); 1739 } 1740 } 1741 int size = list.size(); 1742 return (size == 0) ? NO_FIELDS : 1743 list.toArray(new ObjectStreamField[size]); 1744 } 1745 1746 /** 1747 * Returns explicit serial version UID value declared by given class, or 1748 * null if none. 1749 */ 1750 private static Long getDeclaredSUID(Class<?> cl) { 1751 try { 1752 Field f = cl.getDeclaredField("serialVersionUID"); 1753 int mask = Modifier.STATIC | Modifier.FINAL; 1754 if ((f.getModifiers() & mask) == mask) { 1755 f.setAccessible(true); 1756 return f.getLong(null); 1757 } 1758 } catch (Exception ex) { 1759 } 1760 return null; 1761 } 1762 1763 /** 1764 * Computes the default serial version UID value for the given class. 1765 */ 1766 private static long computeDefaultSUID(Class<?> cl) { 1767 if (!Serializable.class.isAssignableFrom(cl) || Proxy.isProxyClass(cl)) 1768 { 1769 return 0L; 1770 } 1771 1772 try { 1773 ByteArrayOutputStream bout = new ByteArrayOutputStream(); 1774 DataOutputStream dout = new DataOutputStream(bout); 1775 1776 dout.writeUTF(cl.getName()); 1777 1778 int classMods = cl.getModifiers() & 1779 (Modifier.PUBLIC | Modifier.FINAL | 1780 Modifier.INTERFACE | Modifier.ABSTRACT); 1781 1782 /* 1783 * compensate for javac bug in which ABSTRACT bit was set for an 1784 * interface only if the interface declared methods 1785 */ 1786 Method[] methods = cl.getDeclaredMethods(); 1787 if ((classMods & Modifier.INTERFACE) != 0) { 1788 classMods = (methods.length > 0) ? 1789 (classMods | Modifier.ABSTRACT) : 1790 (classMods & ~Modifier.ABSTRACT); 1791 } 1792 dout.writeInt(classMods); 1793 1794 if (!cl.isArray()) { 1795 /* 1796 * compensate for change in 1.2FCS in which 1797 * Class.getInterfaces() was modified to return Cloneable and 1798 * Serializable for array classes. 1799 */ 1800 Class<?>[] interfaces = cl.getInterfaces(); 1801 String[] ifaceNames = new String[interfaces.length]; 1802 for (int i = 0; i < interfaces.length; i++) { 1803 ifaceNames[i] = interfaces[i].getName(); 1804 } 1805 Arrays.sort(ifaceNames); 1806 for (int i = 0; i < ifaceNames.length; i++) { 1807 dout.writeUTF(ifaceNames[i]); 1808 } 1809 } 1810 1811 Field[] fields = cl.getDeclaredFields(); 1812 MemberSignature[] fieldSigs = new MemberSignature[fields.length]; 1813 for (int i = 0; i < fields.length; i++) { 1814 fieldSigs[i] = new MemberSignature(fields[i]); 1815 } 1816 Arrays.sort(fieldSigs, new Comparator<>() { 1817 public int compare(MemberSignature ms1, MemberSignature ms2) { 1818 return ms1.name.compareTo(ms2.name); 1819 } 1820 }); 1821 for (int i = 0; i < fieldSigs.length; i++) { 1822 MemberSignature sig = fieldSigs[i]; 1823 int mods = sig.member.getModifiers() & 1824 (Modifier.PUBLIC | Modifier.PRIVATE | Modifier.PROTECTED | 1825 Modifier.STATIC | Modifier.FINAL | Modifier.VOLATILE | 1826 Modifier.TRANSIENT); 1827 if (((mods & Modifier.PRIVATE) == 0) || 1828 ((mods & (Modifier.STATIC | Modifier.TRANSIENT)) == 0)) 1829 { 1830 dout.writeUTF(sig.name); 1831 dout.writeInt(mods); 1832 dout.writeUTF(sig.signature); 1833 } 1834 } 1835 1836 if (hasStaticInitializer(cl)) { 1837 dout.writeUTF("<clinit>"); 1838 dout.writeInt(Modifier.STATIC); 1839 dout.writeUTF("()V"); 1840 } 1841 1842 Constructor<?>[] cons = cl.getDeclaredConstructors(); 1843 MemberSignature[] consSigs = new MemberSignature[cons.length]; 1844 for (int i = 0; i < cons.length; i++) { 1845 consSigs[i] = new MemberSignature(cons[i]); 1846 } 1847 Arrays.sort(consSigs, new Comparator<>() { 1848 public int compare(MemberSignature ms1, MemberSignature ms2) { 1849 return ms1.signature.compareTo(ms2.signature); 1850 } 1851 }); 1852 for (int i = 0; i < consSigs.length; i++) { 1853 MemberSignature sig = consSigs[i]; 1854 int mods = sig.member.getModifiers() & 1855 (Modifier.PUBLIC | Modifier.PRIVATE | Modifier.PROTECTED | 1856 Modifier.STATIC | Modifier.FINAL | 1857 Modifier.SYNCHRONIZED | Modifier.NATIVE | 1858 Modifier.ABSTRACT | Modifier.STRICT); 1859 if ((mods & Modifier.PRIVATE) == 0) { 1860 dout.writeUTF("<init>"); 1861 dout.writeInt(mods); 1862 dout.writeUTF(sig.signature.replace('/', '.')); 1863 } 1864 } 1865 1866 MemberSignature[] methSigs = new MemberSignature[methods.length]; 1867 for (int i = 0; i < methods.length; i++) { 1868 methSigs[i] = new MemberSignature(methods[i]); 1869 } 1870 Arrays.sort(methSigs, new Comparator<>() { 1871 public int compare(MemberSignature ms1, MemberSignature ms2) { 1872 int comp = ms1.name.compareTo(ms2.name); 1873 if (comp == 0) { 1874 comp = ms1.signature.compareTo(ms2.signature); 1875 } 1876 return comp; 1877 } 1878 }); 1879 for (int i = 0; i < methSigs.length; i++) { 1880 MemberSignature sig = methSigs[i]; 1881 int mods = sig.member.getModifiers() & 1882 (Modifier.PUBLIC | Modifier.PRIVATE | Modifier.PROTECTED | 1883 Modifier.STATIC | Modifier.FINAL | 1884 Modifier.SYNCHRONIZED | Modifier.NATIVE | 1885 Modifier.ABSTRACT | Modifier.STRICT); 1886 if ((mods & Modifier.PRIVATE) == 0) { 1887 dout.writeUTF(sig.name); 1888 dout.writeInt(mods); 1889 dout.writeUTF(sig.signature.replace('/', '.')); 1890 } 1891 } 1892 1893 dout.flush(); 1894 1895 MessageDigest md = MessageDigest.getInstance("SHA"); 1896 byte[] hashBytes = md.digest(bout.toByteArray()); 1897 long hash = 0; 1898 for (int i = Math.min(hashBytes.length, 8) - 1; i >= 0; i--) { 1899 hash = (hash << 8) | (hashBytes[i] & 0xFF); 1900 } 1901 return hash; 1902 } catch (IOException ex) { 1903 throw new InternalError(ex); 1904 } catch (NoSuchAlgorithmException ex) { 1905 throw new SecurityException(ex.getMessage()); 1906 } 1907 } 1908 1909 /** 1910 * Returns true if the given class defines a static initializer method, 1911 * false otherwise. 1912 */ 1913 private static native boolean hasStaticInitializer(Class<?> cl); 1914 1915 /** 1916 * Class for computing and caching field/constructor/method signatures 1917 * during serialVersionUID calculation. 1918 */ 1919 private static final class MemberSignature { 1920 1921 public final Member member; 1922 public final String name; 1923 public final String signature; 1924 1925 public MemberSignature(Field field) { 1926 member = field; 1927 name = field.getName(); 1928 signature = field.getType().descriptorString(); 1929 } 1930 1931 public MemberSignature(Constructor<?> cons) { 1932 member = cons; 1933 name = cons.getName(); 1934 signature = getMethodSignature( 1935 cons.getParameterTypes(), Void.TYPE); 1936 } 1937 1938 public MemberSignature(Method meth) { 1939 member = meth; 1940 name = meth.getName(); 1941 signature = getMethodSignature( 1942 meth.getParameterTypes(), meth.getReturnType()); 1943 } 1944 } 1945 1946 /** 1947 * Class for setting and retrieving serializable field values in batch. 1948 */ 1949 // REMIND: dynamically generate these? 1950 private static final class FieldReflector { 1951 1952 /** handle for performing unsafe operations */ 1953 private static final Unsafe UNSAFE = Unsafe.getUnsafe(); 1954 1955 /** fields to operate on */ 1956 private final ObjectStreamField[] fields; 1957 /** number of primitive fields */ 1958 private final int numPrimFields; 1959 /** unsafe field keys for reading fields - may contain dupes */ 1960 private final long[] readKeys; 1961 /** unsafe fields keys for writing fields - no dupes */ 1962 private final long[] writeKeys; 1963 /** field data offsets */ 1964 private final int[] offsets; 1965 /** field type codes */ 1966 private final char[] typeCodes; 1967 /** field types */ 1968 private final Class<?>[] types; 1969 1970 /** 1971 * Return a new instance of the class using Unsafe.uninitializedDefaultValue 1972 * and buffer it. 1973 * @param clazz The value class 1974 * @return a buffered default value 1975 */ 1976 static Object newValueInstance(Class<?> clazz) throws InstantiationException{ 1977 assert clazz.isValue() : "Should be a value class"; 1978 // may not be implicitly constructible; so allocate with Unsafe 1979 Object obj = UNSAFE.uninitializedDefaultValue(clazz); 1980 return UNSAFE.makePrivateBuffer(obj); 1981 } 1982 1983 /** 1984 * Finish a value object, clear the larval state and returning the value object. 1985 * @param obj a buffered value object in a larval state 1986 * @return the finished value object 1987 */ 1988 static Object finishValueInstance(Object obj) { 1989 assert (obj.getClass().isValue()) : "Should be a value class"; 1990 return UNSAFE.finishPrivateBuffer(obj); 1991 } 1992 1993 /** 1994 * Constructs FieldReflector capable of setting/getting values from the 1995 * subset of fields whose ObjectStreamFields contain non-null 1996 * reflective Field objects. ObjectStreamFields with null Fields are 1997 * treated as filler, for which get operations return default values 1998 * and set operations discard given values. 1999 */ 2000 FieldReflector(ObjectStreamField[] fields) { 2001 this.fields = fields; 2002 int nfields = fields.length; 2003 readKeys = new long[nfields]; 2004 writeKeys = new long[nfields]; 2005 offsets = new int[nfields]; 2006 typeCodes = new char[nfields]; 2007 ArrayList<Class<?>> typeList = new ArrayList<>(); 2008 Set<Long> usedKeys = new HashSet<>(); 2009 2010 2011 for (int i = 0; i < nfields; i++) { 2012 ObjectStreamField f = fields[i]; 2013 Field rf = f.getField(); 2014 long key = (rf != null) ? 2015 UNSAFE.objectFieldOffset(rf) : Unsafe.INVALID_FIELD_OFFSET; 2016 readKeys[i] = key; 2017 writeKeys[i] = usedKeys.add(key) ? 2018 key : Unsafe.INVALID_FIELD_OFFSET; 2019 offsets[i] = f.getOffset(); 2020 typeCodes[i] = f.getTypeCode(); 2021 if (!f.isPrimitive()) { 2022 typeList.add((rf != null) ? rf.getType() : null); 2023 } 2024 } 2025 2026 types = typeList.toArray(new Class<?>[typeList.size()]); 2027 numPrimFields = nfields - types.length; 2028 } 2029 2030 /** 2031 * Returns list of ObjectStreamFields representing fields operated on 2032 * by this reflector. The shared/unshared values and Field objects 2033 * contained by ObjectStreamFields in the list reflect their bindings 2034 * to locally defined serializable fields. 2035 */ 2036 ObjectStreamField[] getFields() { 2037 return fields; 2038 } 2039 2040 /** 2041 * Fetches the serializable primitive field values of object obj and 2042 * marshals them into byte array buf starting at offset 0. The caller 2043 * is responsible for ensuring that obj is of the proper type. 2044 */ 2045 void getPrimFieldValues(Object obj, byte[] buf) { 2046 if (obj == null) { 2047 throw new NullPointerException(); 2048 } 2049 /* assuming checkDefaultSerialize() has been called on the class 2050 * descriptor this FieldReflector was obtained from, no field keys 2051 * in array should be equal to Unsafe.INVALID_FIELD_OFFSET. 2052 */ 2053 for (int i = 0; i < numPrimFields; i++) { 2054 long key = readKeys[i]; 2055 int off = offsets[i]; 2056 switch (typeCodes[i]) { 2057 case 'Z' -> ByteArray.setBoolean(buf, off, UNSAFE.getBoolean(obj, key)); 2058 case 'B' -> buf[off] = UNSAFE.getByte(obj, key); 2059 case 'C' -> ByteArray.setChar(buf, off, UNSAFE.getChar(obj, key)); 2060 case 'S' -> ByteArray.setShort(buf, off, UNSAFE.getShort(obj, key)); 2061 case 'I' -> ByteArray.setInt(buf, off, UNSAFE.getInt(obj, key)); 2062 case 'F' -> ByteArray.setFloat(buf, off, UNSAFE.getFloat(obj, key)); 2063 case 'J' -> ByteArray.setLong(buf, off, UNSAFE.getLong(obj, key)); 2064 case 'D' -> ByteArray.setDouble(buf, off, UNSAFE.getDouble(obj, key)); 2065 default -> throw new InternalError(); 2066 } 2067 } 2068 } 2069 2070 /** 2071 * Sets the serializable primitive fields of object obj using values 2072 * unmarshalled from byte array buf starting at offset 0. The caller 2073 * is responsible for ensuring that obj is of the proper type. 2074 */ 2075 void setPrimFieldValues(Object obj, byte[] buf) { 2076 if (obj == null) { 2077 throw new NullPointerException(); 2078 } 2079 for (int i = 0; i < numPrimFields; i++) { 2080 long key = writeKeys[i]; 2081 if (key == Unsafe.INVALID_FIELD_OFFSET) { 2082 continue; // discard value 2083 } 2084 int off = offsets[i]; 2085 switch (typeCodes[i]) { 2086 case 'Z' -> UNSAFE.putBoolean(obj, key, ByteArray.getBoolean(buf, off)); 2087 case 'B' -> UNSAFE.putByte(obj, key, buf[off]); 2088 case 'C' -> UNSAFE.putChar(obj, key, ByteArray.getChar(buf, off)); 2089 case 'S' -> UNSAFE.putShort(obj, key, ByteArray.getShort(buf, off)); 2090 case 'I' -> UNSAFE.putInt(obj, key, ByteArray.getInt(buf, off)); 2091 case 'F' -> UNSAFE.putFloat(obj, key, ByteArray.getFloat(buf, off)); 2092 case 'J' -> UNSAFE.putLong(obj, key, ByteArray.getLong(buf, off)); 2093 case 'D' -> UNSAFE.putDouble(obj, key, ByteArray.getDouble(buf, off)); 2094 default -> throw new InternalError(); 2095 } 2096 } 2097 } 2098 2099 /** 2100 * Fetches the serializable object field values of object obj and 2101 * stores them in array vals starting at offset 0. The caller is 2102 * responsible for ensuring that obj is of the proper type. 2103 */ 2104 void getObjFieldValues(Object obj, Object[] vals) { 2105 if (obj == null) { 2106 throw new NullPointerException(); 2107 } 2108 /* assuming checkDefaultSerialize() has been called on the class 2109 * descriptor this FieldReflector was obtained from, no field keys 2110 * in array should be equal to Unsafe.INVALID_FIELD_OFFSET. 2111 */ 2112 for (int i = numPrimFields; i < fields.length; i++) { 2113 Field f = fields[i].getField(); 2114 vals[offsets[i]] = switch (typeCodes[i]) { 2115 case 'L', '[' -> 2116 UNSAFE.isFlatField(f) 2117 ? UNSAFE.getValue(obj, readKeys[i], f.getType()) 2118 : UNSAFE.getReference(obj, readKeys[i]); 2119 default -> throw new InternalError(); 2120 }; 2121 } 2122 } 2123 2124 /** 2125 * Checks that the given values, from array vals starting at offset 0, 2126 * are assignable to the given serializable object fields. 2127 * @throws ClassCastException if any value is not assignable 2128 */ 2129 void checkObjectFieldValueTypes(Object obj, Object[] vals) { 2130 setObjFieldValues(obj, vals, true); 2131 } 2132 2133 /** 2134 * Sets the serializable object fields of object obj using values from 2135 * array vals starting at offset 0. The caller is responsible for 2136 * ensuring that obj is of the proper type; however, attempts to set a 2137 * field with a value of the wrong type will trigger an appropriate 2138 * ClassCastException. 2139 */ 2140 void setObjFieldValues(Object obj, Object[] vals) { 2141 setObjFieldValues(obj, vals, false); 2142 } 2143 2144 private void setObjFieldValues(Object obj, Object[] vals, boolean dryRun) { 2145 if (obj == null) { 2146 throw new NullPointerException(); 2147 } 2148 for (int i = numPrimFields; i < fields.length; i++) { 2149 long key = writeKeys[i]; 2150 if (key == Unsafe.INVALID_FIELD_OFFSET) { 2151 continue; // discard value 2152 } 2153 switch (typeCodes[i]) { 2154 case 'L', '[' -> { 2155 Field f = fields[i].getField(); 2156 Object val = vals[offsets[i]]; 2157 if (val != null && 2158 !types[i - numPrimFields].isInstance(val)) 2159 { 2160 throw new ClassCastException( 2161 "cannot assign instance of " + 2162 val.getClass().getName() + " to field " + 2163 f.getDeclaringClass().getName() + "." + 2164 f.getName() + " of type " + 2165 f.getType().getName() + " in instance of " + 2166 obj.getClass().getName()); 2167 } 2168 if (!dryRun) { 2169 if (UNSAFE.isFlatField(f)) { 2170 UNSAFE.putValue(obj, key, f.getType(), val); 2171 } else { 2172 UNSAFE.putReference(obj, key, val); 2173 } 2174 } 2175 } 2176 default -> throw new InternalError(); 2177 } 2178 } 2179 } 2180 } 2181 2182 /** 2183 * Matches given set of serializable fields with serializable fields 2184 * described by the given local class descriptor, and returns a 2185 * FieldReflector instance capable of setting/getting values from the 2186 * subset of fields that match (non-matching fields are treated as filler, 2187 * for which get operations return default values and set operations 2188 * discard given values). Throws InvalidClassException if unresolvable 2189 * type conflicts exist between the two sets of fields. 2190 */ 2191 private static FieldReflector getReflector(ObjectStreamField[] fields, 2192 ObjectStreamClass localDesc) 2193 throws InvalidClassException 2194 { 2195 // class irrelevant if no fields 2196 Class<?> cl = (localDesc != null && fields.length > 0) ? 2197 localDesc.cl : Void.class; 2198 2199 var clReflectors = Caches.reflectors.get(cl); 2200 var key = new FieldReflectorKey(fields); 2201 var reflector = clReflectors.get(key); 2202 if (reflector == null) { 2203 reflector = new FieldReflector(matchFields(fields, localDesc)); 2204 var oldReflector = clReflectors.putIfAbsent(key, reflector); 2205 if (oldReflector != null) { 2206 reflector = oldReflector; 2207 } 2208 } 2209 return reflector; 2210 } 2211 2212 /** 2213 * FieldReflector cache lookup key. Keys are considered equal if they 2214 * refer to equivalent field formats. 2215 */ 2216 private static class FieldReflectorKey { 2217 2218 private final String[] sigs; 2219 private final int hash; 2220 2221 FieldReflectorKey(ObjectStreamField[] fields) 2222 { 2223 sigs = new String[2 * fields.length]; 2224 for (int i = 0, j = 0; i < fields.length; i++) { 2225 ObjectStreamField f = fields[i]; 2226 sigs[j++] = f.getName(); 2227 sigs[j++] = f.getSignature(); 2228 } 2229 hash = Arrays.hashCode(sigs); 2230 } 2231 2232 public int hashCode() { 2233 return hash; 2234 } 2235 2236 public boolean equals(Object obj) { 2237 return obj == this || 2238 obj instanceof FieldReflectorKey other && 2239 Arrays.equals(sigs, other.sigs); 2240 } 2241 } 2242 2243 /** 2244 * Matches given set of serializable fields with serializable fields 2245 * obtained from the given local class descriptor (which contain bindings 2246 * to reflective Field objects). Returns list of ObjectStreamFields in 2247 * which each ObjectStreamField whose signature matches that of a local 2248 * field contains a Field object for that field; unmatched 2249 * ObjectStreamFields contain null Field objects. Shared/unshared settings 2250 * of the returned ObjectStreamFields also reflect those of matched local 2251 * ObjectStreamFields. Throws InvalidClassException if unresolvable type 2252 * conflicts exist between the two sets of fields. 2253 */ 2254 private static ObjectStreamField[] matchFields(ObjectStreamField[] fields, 2255 ObjectStreamClass localDesc) 2256 throws InvalidClassException 2257 { 2258 ObjectStreamField[] localFields = (localDesc != null) ? 2259 localDesc.fields : NO_FIELDS; 2260 2261 /* 2262 * Even if fields == localFields, we cannot simply return localFields 2263 * here. In previous implementations of serialization, 2264 * ObjectStreamField.getType() returned Object.class if the 2265 * ObjectStreamField represented a non-primitive field and belonged to 2266 * a non-local class descriptor. To preserve this (questionable) 2267 * behavior, the ObjectStreamField instances returned by matchFields 2268 * cannot report non-primitive types other than Object.class; hence 2269 * localFields cannot be returned directly. 2270 */ 2271 2272 ObjectStreamField[] matches = new ObjectStreamField[fields.length]; 2273 for (int i = 0; i < fields.length; i++) { 2274 ObjectStreamField f = fields[i], m = null; 2275 for (int j = 0; j < localFields.length; j++) { 2276 ObjectStreamField lf = localFields[j]; 2277 if (f.getName().equals(lf.getName())) { 2278 if ((f.isPrimitive() || lf.isPrimitive()) && 2279 f.getTypeCode() != lf.getTypeCode()) 2280 { 2281 throw new InvalidClassException(localDesc.name, 2282 "incompatible types for field " + f.getName()); 2283 } 2284 if (lf.getField() != null) { 2285 m = new ObjectStreamField( 2286 lf.getField(), lf.isUnshared(), false); 2287 } else { 2288 m = new ObjectStreamField( 2289 lf.getName(), lf.getSignature(), lf.isUnshared()); 2290 } 2291 } 2292 } 2293 if (m == null) { 2294 m = new ObjectStreamField( 2295 f.getName(), f.getSignature(), false); 2296 } 2297 m.setOffset(f.getOffset()); 2298 matches[i] = m; 2299 } 2300 return matches; 2301 } 2302 2303 /** 2304 * A LRA cache of record deserialization constructors. 2305 */ 2306 @SuppressWarnings("serial") 2307 private static final class DeserializationConstructorsCache 2308 extends ConcurrentHashMap<DeserializationConstructorsCache.Key, MethodHandle> { 2309 2310 // keep max. 10 cached entries - when the 11th element is inserted the oldest 2311 // is removed and 10 remains - 11 is the biggest map size where internal 2312 // table of 16 elements is sufficient (inserting 12th element would resize it to 32) 2313 private static final int MAX_SIZE = 10; 2314 private Key.Impl first, last; // first and last in FIFO queue 2315 2316 DeserializationConstructorsCache() { 2317 // start small - if there is more than one shape of ObjectStreamClass 2318 // deserialized, there will typically be two (current version and previous version) 2319 super(2); 2320 } 2321 2322 MethodHandle get(ObjectStreamField[] fields) { 2323 return get(new Key.Lookup(fields)); 2324 } 2325 2326 synchronized MethodHandle putIfAbsentAndGet(ObjectStreamField[] fields, MethodHandle mh) { 2327 Key.Impl key = new Key.Impl(fields); 2328 var oldMh = putIfAbsent(key, mh); 2329 if (oldMh != null) return oldMh; 2330 // else we did insert new entry -> link the new key as last 2331 if (last == null) { 2332 last = first = key; 2333 } else { 2334 last = (last.next = key); 2335 } 2336 // may need to remove first 2337 if (size() > MAX_SIZE) { 2338 assert first != null; 2339 remove(first); 2340 first = first.next; 2341 if (first == null) { 2342 last = null; 2343 } 2344 } 2345 return mh; 2346 } 2347 2348 // a key composed of ObjectStreamField[] names and types 2349 abstract static class Key { 2350 abstract int length(); 2351 abstract String fieldName(int i); 2352 abstract Class<?> fieldType(int i); 2353 2354 @Override 2355 public final int hashCode() { 2356 int n = length(); 2357 int h = 0; 2358 for (int i = 0; i < n; i++) h = h * 31 + fieldType(i).hashCode(); 2359 for (int i = 0; i < n; i++) h = h * 31 + fieldName(i).hashCode(); 2360 return h; 2361 } 2362 2363 @Override 2364 public final boolean equals(Object obj) { 2365 if (!(obj instanceof Key other)) return false; 2366 int n = length(); 2367 if (n != other.length()) return false; 2368 for (int i = 0; i < n; i++) if (fieldType(i) != other.fieldType(i)) return false; 2369 for (int i = 0; i < n; i++) if (!fieldName(i).equals(other.fieldName(i))) return false; 2370 return true; 2371 } 2372 2373 // lookup key - just wraps ObjectStreamField[] 2374 static final class Lookup extends Key { 2375 final ObjectStreamField[] fields; 2376 2377 Lookup(ObjectStreamField[] fields) { this.fields = fields; } 2378 2379 @Override 2380 int length() { return fields.length; } 2381 2382 @Override 2383 String fieldName(int i) { return fields[i].getName(); } 2384 2385 @Override 2386 Class<?> fieldType(int i) { return fields[i].getType(); } 2387 } 2388 2389 // real key - copies field names and types and forms FIFO queue in cache 2390 static final class Impl extends Key { 2391 Impl next; 2392 final String[] fieldNames; 2393 final Class<?>[] fieldTypes; 2394 2395 Impl(ObjectStreamField[] fields) { 2396 this.fieldNames = new String[fields.length]; 2397 this.fieldTypes = new Class<?>[fields.length]; 2398 for (int i = 0; i < fields.length; i++) { 2399 fieldNames[i] = fields[i].getName(); 2400 fieldTypes[i] = fields[i].getType(); 2401 } 2402 } 2403 2404 @Override 2405 int length() { return fieldNames.length; } 2406 2407 @Override 2408 String fieldName(int i) { return fieldNames[i]; } 2409 2410 @Override 2411 Class<?> fieldType(int i) { return fieldTypes[i]; } 2412 } 2413 } 2414 } 2415 2416 /** Record specific support for retrieving and binding stream field values. */ 2417 static final class RecordSupport { 2418 /** 2419 * Returns canonical record constructor adapted to take two arguments: 2420 * {@code (byte[] primValues, Object[] objValues)} 2421 * and return 2422 * {@code Object} 2423 */ 2424 @SuppressWarnings("removal") 2425 static MethodHandle deserializationCtr(ObjectStreamClass desc) { 2426 // check the cached value 1st 2427 MethodHandle mh = desc.deserializationCtr; 2428 if (mh != null) return mh; 2429 mh = desc.deserializationCtrs.get(desc.getFields(false)); 2430 if (mh != null) return desc.deserializationCtr = mh; 2431 2432 // retrieve record components 2433 RecordComponent[] recordComponents; 2434 try { 2435 Class<?> cls = desc.forClass(); 2436 PrivilegedExceptionAction<RecordComponent[]> pa = cls::getRecordComponents; 2437 recordComponents = AccessController.doPrivileged(pa); 2438 } catch (PrivilegedActionException e) { 2439 throw new InternalError(e.getCause()); 2440 } 2441 2442 // retrieve the canonical constructor 2443 // (T1, T2, ..., Tn):TR 2444 mh = desc.getRecordConstructor(); 2445 2446 // change return type to Object 2447 // (T1, T2, ..., Tn):TR -> (T1, T2, ..., Tn):Object 2448 mh = mh.asType(mh.type().changeReturnType(Object.class)); 2449 2450 // drop last 2 arguments representing primValues and objValues arrays 2451 // (T1, T2, ..., Tn):Object -> (T1, T2, ..., Tn, byte[], Object[]):Object 2452 mh = MethodHandles.dropArguments(mh, mh.type().parameterCount(), byte[].class, Object[].class); 2453 2454 for (int i = recordComponents.length-1; i >= 0; i--) { 2455 String name = recordComponents[i].getName(); 2456 Class<?> type = recordComponents[i].getType(); 2457 // obtain stream field extractor that extracts argument at 2458 // position i (Ti+1) from primValues and objValues arrays 2459 // (byte[], Object[]):Ti+1 2460 MethodHandle combiner = streamFieldExtractor(name, type, desc); 2461 // fold byte[] privValues and Object[] objValues into argument at position i (Ti+1) 2462 // (..., Ti, Ti+1, byte[], Object[]):Object -> (..., Ti, byte[], Object[]):Object 2463 mh = MethodHandles.foldArguments(mh, i, combiner); 2464 } 2465 // what we are left with is a MethodHandle taking just the primValues 2466 // and objValues arrays and returning the constructed record instance 2467 // (byte[], Object[]):Object 2468 2469 // store it into cache and return the 1st value stored 2470 return desc.deserializationCtr = 2471 desc.deserializationCtrs.putIfAbsentAndGet(desc.getFields(false), mh); 2472 } 2473 2474 /** Returns the number of primitive fields for the given descriptor. */ 2475 private static int numberPrimValues(ObjectStreamClass desc) { 2476 ObjectStreamField[] fields = desc.getFields(); 2477 int primValueCount = 0; 2478 for (int i = 0; i < fields.length; i++) { 2479 if (fields[i].isPrimitive()) 2480 primValueCount++; 2481 else 2482 break; // can be no more 2483 } 2484 return primValueCount; 2485 } 2486 2487 /** 2488 * Returns extractor MethodHandle taking the primValues and objValues arrays 2489 * and extracting the argument of canonical constructor with given name and type 2490 * or producing default value for the given type if the field is absent. 2491 */ 2492 private static MethodHandle streamFieldExtractor(String pName, 2493 Class<?> pType, 2494 ObjectStreamClass desc) { 2495 ObjectStreamField[] fields = desc.getFields(false); 2496 2497 for (int i = 0; i < fields.length; i++) { 2498 ObjectStreamField f = fields[i]; 2499 String fName = f.getName(); 2500 if (!fName.equals(pName)) 2501 continue; 2502 2503 Class<?> fType = f.getField().getType(); 2504 if (!pType.isAssignableFrom(fType)) 2505 throw new InternalError(fName + " unassignable, pType:" + pType + ", fType:" + fType); 2506 2507 if (f.isPrimitive()) { 2508 // (byte[], int):fType 2509 MethodHandle mh = PRIM_VALUE_EXTRACTORS.get(fType); 2510 if (mh == null) { 2511 throw new InternalError("Unexpected type: " + fType); 2512 } 2513 // bind offset 2514 // (byte[], int):fType -> (byte[]):fType 2515 mh = MethodHandles.insertArguments(mh, 1, f.getOffset()); 2516 // drop objValues argument 2517 // (byte[]):fType -> (byte[], Object[]):fType 2518 mh = MethodHandles.dropArguments(mh, 1, Object[].class); 2519 // adapt return type to pType 2520 // (byte[], Object[]):fType -> (byte[], Object[]):pType 2521 if (pType != fType) { 2522 mh = mh.asType(mh.type().changeReturnType(pType)); 2523 } 2524 return mh; 2525 } else { // reference 2526 // (Object[], int):Object 2527 MethodHandle mh = MethodHandles.arrayElementGetter(Object[].class); 2528 // bind index 2529 // (Object[], int):Object -> (Object[]):Object 2530 mh = MethodHandles.insertArguments(mh, 1, i - numberPrimValues(desc)); 2531 // drop primValues argument 2532 // (Object[]):Object -> (byte[], Object[]):Object 2533 mh = MethodHandles.dropArguments(mh, 0, byte[].class); 2534 // adapt return type to pType 2535 // (byte[], Object[]):Object -> (byte[], Object[]):pType 2536 if (pType != Object.class) { 2537 mh = mh.asType(mh.type().changeReturnType(pType)); 2538 } 2539 return mh; 2540 } 2541 } 2542 2543 // return default value extractor if no field matches pName 2544 return MethodHandles.empty(MethodType.methodType(pType, byte[].class, Object[].class)); 2545 } 2546 2547 private static final Map<Class<?>, MethodHandle> PRIM_VALUE_EXTRACTORS; 2548 static { 2549 var lkp = MethodHandles.lookup(); 2550 try { 2551 PRIM_VALUE_EXTRACTORS = Map.of( 2552 byte.class, MethodHandles.arrayElementGetter(byte[].class), 2553 short.class, lkp.findStatic(ByteArray.class, "getShort", MethodType.methodType(short.class, byte[].class, int.class)), 2554 int.class, lkp.findStatic(ByteArray.class, "getInt", MethodType.methodType(int.class, byte[].class, int.class)), 2555 long.class, lkp.findStatic(ByteArray.class, "getLong", MethodType.methodType(long.class, byte[].class, int.class)), 2556 float.class, lkp.findStatic(ByteArray.class, "getFloat", MethodType.methodType(float.class, byte[].class, int.class)), 2557 double.class, lkp.findStatic(ByteArray.class, "getDouble", MethodType.methodType(double.class, byte[].class, int.class)), 2558 char.class, lkp.findStatic(ByteArray.class, "getChar", MethodType.methodType(char.class, byte[].class, int.class)), 2559 boolean.class, lkp.findStatic(ByteArray.class, "getBoolean", MethodType.methodType(boolean.class, byte[].class, int.class)) 2560 ); 2561 } catch (NoSuchMethodException | IllegalAccessException e) { 2562 throw new InternalError("Can't lookup " + ByteArray.class.getName() + ".getXXX", e); 2563 } 2564 } 2565 } 2566 }