Re: JavaMemoryModel: Deserializing transient final fields (was: Will String be secure?)

From: Joel Jones (jones@cs.ua.edu)
Date: Thu Mar 04 2004 - 08:41:05 EST


At 7:56 -0500 3/4/04, Doug Lea wrote:
>...
>
>Also, doing it via reflection rather than special rules for
>assignments would convey that this is not usually a cheap operation
>like normal assignments are. Deserialization is itself usually not all
>that cheap, so the performance can probably be tolerated here,
>considering the alternative of not being able to do this at all.
>
>...
>
>Given the encouraging replies I've gotten by people needing something
>like this, I'm going to further investigate whether and how this can
>be done.

Given the work done by HotSpot to improve the performance of
serialization and deserialization, the incremental work to support
this change would probably be minimal. In particular, the calling
context is already being checked to ensure the security of the use of
"special" features of HotSpot used to improve performance. I would
assume that other JVMs that care about performance of serialization
would have similar features.

-- 
Joel Jones                                         jones@cs.ua.edu
Department of Computer Science             http://cs.ua.edu/~jones
University of Alabama                               (205) 348-1618
-------------------------------
JavaMemoryModel mailing list - http://www.cs.umd.edu/~pugh/java/memoryModel



This archive was generated by hypermail 2b29 : Thu Oct 13 2005 - 07:00:59 EDT