Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2057

"Serializable" classes should have a "serialVersionUID"

    Details

    • Message:
      Hide
      * Add a "static final long serialVersionUID" field to this class.
      * Make this "serialVersionUID" field "(static|final|long)".
      Show
      * Add a "static final long serialVersionUID" field to this class. * Make this "serialVersionUID" field "(static|final|long)".
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Covered Languages:
      Java
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • Analysis Scope:
      Main Sources, Test Sources
    • CERT:
      SER00-J.
    • FindBugs:
      SE_NO_SERIALVERSIONID, SE_NONFINAL_SERIALVERSIONID, SE_NONLONG_SERIALVERSIONID, SE_NONSTATIC_SERIALVERSIONID
    • PMD:
      MissingSerialVersionUID

      Description

      A serialVersionUID field is strongly recommended in all Serializable classes. If you do not provide one, one will be calculated for you by the compiler. The danger in not explicitly choosing the value is that when the class changes, the compiler will generate an entirely new id, and you will be suddenly unable to deserialize (read from file) objects that were serialized with the previous version of the class.

      serialVersionUID's should be declared with all of these modifiers: static final long.

      Noncompliant Code Example

      public class Raspberry extends Fruit  // Noncompliant; no serialVersionUID. 
              implements Serializable {
        private String variety;
      
        public Raspberry(Season ripe, String variety) { ...}
        public void setVariety(String variety) {...}
        public String getVarity() {...}
      }
      
      public class Raspberry extends Fruit
              implements Serializable {
        private final int serialVersionUID = 1; // Noncompliant; not static & int rather than long
      

      Compliant Solution

      public class Raspberry extends Fruit
              implements Serializable {
        private static final long serialVersionUID = 1;
        private String variety;
      
        public Raspberry(Season ripe, String variety) { ...}
        public void setVariety(String variety) {...}
        public String getVarity() {...}
      }
      

      Exceptions

      Swing and AWT classes, abstract classes, Throwable and its subclasses (Exception}}s and {{Error}}s), and classes marked with {{@SuppressWarnings("serial") are ignored.

      See

      • CERT, SER00-J. - Enable serialization compatibility during class evolution

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ann.campbell.2 Ann Campbell
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: