对象序列化和持久化课件

1、对象序列化和持久化Object Serialization and Persistence2022/7/26Institute of Computer SoftwareNanjing University1摘要对象序列化对象持久化Language levelDatabasesHibernate2022/7/26Institute of Computer SoftwareNanjing University2摘要对象序列化对象持久化Language levelDatabasesHibernate2022/7/26Institute of Computer SoftwareNanjing Univ

2、ersity3摘要对象序列化对象持久化Language levelDatabasesHibernate2022/7/26Institute of Computer SoftwareNanjing University4Object SerializationWhyWhatHow 2022/7/26Institute of Computer SoftwareNanjing University5Java Object Serialization - WhySerialization is used for lightweight persistence and for communication

3、 via sockets or Remote Method Invocation (RMI). 2022/7/26Institute of Computer SoftwareNanjing University6Java Object Serialization - Examplepublic class Client public static void main(String args) try / Create a socket Socket soc = new Socket(InetAddress.getLocalHost(), 8020); OutputStream o = soc.

4、getOutputStream(); ObjectOutput s = new ObjectOutputStream(o); s.writeObject(Todays date); s.writeObject(new Date(); s.flush(); s.close(); catch (Exception e) System.out.println(e.getMessage(); System.out.println(Error during serialization); System.exit(1); 2022/7/26Institute of Computer SoftwareNan

5、jing University7Java Object Serialization - Examplepublic class Server public static void main(String args) ServerSocket ser = null; Socket soc = null; String str = null; Date d = null; try ser = new ServerSocket(8020);soc = ser.accept();InputStream o = soc.getInputStream();ObjectInput s = new Objec

6、tInputStream(o);str = (String) s.readObject();d = (Date) s.readObject();s.close();System.out.println(str);System.out.println(d); catch (Exception e) System.out.println(e.getMessage(); System.out.println(Error during serialization); System.exit(1); 2022/7/26Institute of Computer SoftwareNanjing Unive

7、rsity8Java Object Serialization - ExampleWriting to an object stream2022/7/26Institute of Computer SoftwareNanjing University9 / Serialize todays date to a file. FileOutputStream f = new FileOutputStream(tmp); ObjectOutput s = new ObjectOutputStream(f); s.writeObject(Today); s.writeObject(new Date()

8、; s.flush();Java Object Serialization - ExampleReading from an object stream2022/7/26Institute of Computer SoftwareNanjing University10 / Deserialize a string and date from a file. FileInputStream in = new FileInputStream(tmp); ObjectInputStream s = new ObjectInputStream(in); String today = (String)

9、s.readObject(); Date date = (Date)s.readObject();Java Object Serialization - WhatObject Serialization extends the core Java Input/Output classes with support for objects.Object Serialization supports the encoding of objects, and the objects reachable from them, into a stream of bytes; and it support

10、s the complementary reconstruction of the object graph from the stream. 2022/7/26Institute of Computer SoftwareNanjing University11Java Object Serialization - GoalHave a simple yet extensible mechanism. Maintain the Java object type and safety properties in the serialized form. Be extensible to supp

11、ort marshaling and unmarshaling as needed for remote objects. Be extensible to support simple persistence of Java objects. Require per class implementation only for customization. Allow the object to define its external format. 2022/7/26Institute of Computer SoftwareNanjing University12Java Object S

12、erialization - HowObjects to be saved in the stream may support either the Serializable or the Externalizable interface. For Serializable objects, the stream includes sufficient information to restore the fields in the stream to a compatible version of the class. For Externalizable objects, the clas

13、s is solely responsible for the external format of its contents. 2022/7/26Institute of Computer SoftwareNanjing University13The Serializable Interfacepublic interface java.io.Serializable ; A Serializable class must do the following:Implement the java.io.Serializable interface Identify the fields th

14、at should be serializableHave access to the no-arg constructor of its first nonserializable superclass 2022/7/26Institute of Computer SoftwareNanjing University14The Serializable InterfaceThe class can optionally define the following methods:writeObject (ObjectOutputStream)readObject (ObjectInputStr

15、eam)writeReplace ()readResolve ()2022/7/26Institute of Computer SoftwareNanjing University15思考：如果一个可序列化的类实现了以上四个方法，那么在序列化和反序列化的过程中，这几个方法的调用次序如何？The Externalizable Interfacepublic interface Externalizable extends Serializable public void writeExternal(ObjectOutput out) throws IOException; public void

16、 readExternal(ObjectInput in) throws IOException, java.lang.ClassNotFoundException; 2022/7/26Institute of Computer SoftwareNanjing University16The Externalizable InterfaceThe class of an Externalizable object must do the following: Implement the java.io.Externalizable interface Implement a writeExte

17、rnal method to save the state of the objectImplement a readExternal method to read the data written by the writeExternal method from the stream and restore the state of the object Have the writeExternal and readExternal methods be solely responsible for the format, if an externally defined format is

18、 written Have a public no-arg constructor 2022/7/26Institute of Computer SoftwareNanjing University17The Externalizable InterfaceAn Externalizable class can optionally define the following methods: writeReplacereadResolve2022/7/26Institute of Computer SoftwareNanjing University18Note: 声明类实现Externali

19、zable接口会有重大的安全风险。writeExternal()与readExternal()方法声明为public，恶意类可以用这些方法读取和写入对象数据。如果对象包含敏感信息，则要格外小心。区别Serializable自动存储必要信息，用以反序列化被存储的实例优点内建支持易于实现缺点占用空间过大速度慢Externalizable只保存被存储的类的标识，完全由程序员完成读取和写入工作优点开销较少可能的速度提升缺点虚拟机不提供帮助，程序员负担重2022/7/2619Institute of Computer SoftwareNanjing UniversityserialVersionUIDp

20、rivate static final long serialVersionUIDFor compabilityInvalidClassException It is strongly recommended that all serializable classes explicitly declare serialVersionUID valuesserialver；eclipse2022/7/26Institute of Computer SoftwareNanjing University20Serialization Principles如果该类有父类如果父类实现了可序列化接口，则O

21、K如果父类没有实现可序列化接口，则父类所有字段的属性默认情况下不会被序列化如果该类的某个属性标识为static类型的，则该属性不能序列化；如果该类的某个属性采用transient关键字标识，则该属性不能序列化；2022/7/26Institute of Computer SoftwareNanjing University21Serialization Principles在我们标注一个类可以序列化的时候，其以下属性应该设置为transient来避免序列化：线程相关的属性；需要访问IO、本地资源、网络资源等的属性；没有实现可序列化接口的属性； 2022/7/26Institute of Com

22、puter SoftwareNanjing University22Some Items from Effective Java2022/7/26Institute of Computer SoftwareNanjing University23Effective Java for Serialization1. Implement Serializable judiciously 谨慎地实现Serializable代价1：一旦一个类被发布，则“改变这个类的实现”的灵活性将大大降低。序列化会使类的演化受到限制。代价2：增加了错误和安全漏洞的可能性。序列化机制是一种语言之外的对象创建机制。代价3

23、：随着一个类的新版本的发行，相关的测试负担增加了。可序列化类的变化越大，它就越需要测试。2022/7/26Institute of Computer SoftwareNanjing University24Effective Java for SerializationNotes: 为了继承而设计的类应该很少实现Serializable，接口也应该很少会扩展它。对于为继承而设计的不可序列化的类，应该考虑提供一个无参数的构造函数。内部类应该很少实现Serializable。2022/7/26Institute of Computer SoftwareNanjing University25Eff

24、ective Java for Serialization2. Consider using a custom serialized form 考虑使用自定义的序列化形式如果一个对象的物理表示等同于它的逻辑内容，则默认的序列化形式可能是合适的。即使确定了默认序列化形式是合适的，通常仍然要提供一个readObject方法以保证约束关系和安全性。2022/7/26Institute of Computer SoftwareNanjing University26Effective Java for Serialization2022/7/26Institute of Computer Softwa

25、reNanjing University27Effective Java for Serialization2022/7/26Institute of Computer SoftwareNanjing University28Effective Java for Serialization当一个对象的物理表示与它的逻辑数据内容有实质性的区别时，使用默认序列化形式有4个缺点:它使这个类的导出API永久地束缚在该类的内部表示上。它要消耗过多的空间。它要消耗过多的时间。它会引起栈溢出。2022/7/26Institute of Computer SoftwareNanjing University2

26、92022/7/26Institute of Computer SoftwareNanjing University30Effective Java for Serialization2022/7/26Institute of Computer SoftwareNanjing University31Effective Java for Serialization如果所有的实例域都是transient的，那么省去调用defaultWriteObject和defaultReadObject也是允许的，但是不推荐这样做。在决定将一个域做成非transient之前，请一定要确信它的值将是该对象逻辑状

27、态的一部分。不管你选择了哪种序列化形式，你都要为自己编写的每个序列化的类声明一个显式的序列化版本UID。2022/7/26Institute of Computer SoftwareNanjing University32private static final long serialVersionID = randomLongValueEffective Java for Serialization3. Write readObject methods defensively 保护性地编写readObject方法readObject方法实际上相当于另一个共有的构造函数，如同其他构造函数一样，

28、它也要求所有同样的注意事项：检查实参的有效性，并且必要时对参数进行保护性拷贝。2022/7/26Institute of Computer SoftwareNanjing University33VersioningVersioning raises some fundamental questions about the identity of a class, including what constitutes a compatible change. A compatible change is a change that does not affect the contract be

29、tween the class and its callers.2022/7/26Institute of Computer SoftwareNanjing University34Incompatible changesDeleting fieldsMoving classes up or down the hierarchyChanging a nonstatic field to static or a nontransient field to transientChanging the declared type of a primitive fieldChanging the wr

30、iteObject or readObject method so that it no longer writes or reads the default field data or changing it so that it attempts to write it or read it when the previous version did not.2022/7/26Institute of Computer SoftwareNanjing University35Incompatible changesChanging a class from Serializable to

31、Externalizable or vice versaChanging a class from a non-enum type to an enum type or vice versaRemoving either Serializable or ExternalizableAdding the writeReplace or readResolve method to a class is incompatible if the behavior would produce an object that is incompatible with any older version of

32、 the class.2022/7/26Institute of Computer SoftwareNanjing University36Compatible changesAdding fieldsAdding classesRemoving classesAdding writeObject/readObject methodsRemoving writeObject/readObject methodsAdding java.io.SerializableChanging the access to a fieldChanging a field from static to nons

33、tatic or transient to nontransient2022/7/26Institute of Computer SoftwareNanjing University37摘要对象序列化对象持久化Language levelDatabasesHibernate2022/7/26Institute of Computer SoftwareNanjing University38摘要对象序列化对象持久化Language levelDatabasesHibernate2022/7/26Institute of Computer SoftwareNanjing University39O

34、bject PersistenceDuring execution of application: objects are created and manipulatedWhat happens to objects after termination?Various kinds of objectsTransient objects:Disappear with current sessionPersistent objects:Stay around from session to sessionMay be shared with other applications (e.g. dat

35、abases)2022/7/26Institute of Computer SoftwareNanjing University40Approaches to manipulate persistent objectsPersistence mechanisms from programming languagesRelational databasesObject-oriented databases2022/7/26Institute of Computer SoftwareNanjing University41Persistence from programming languages

36、Mechanisms for storing objects in files and retrieving themSimple objects:e.g. integers, charactersconventional methods usableComposite objects:contain references to other objectsPersistence Closure principle:Any storage and retrieval mechanism must handle the object and all its dependents. otherwis

37、e: dangling references2022/7/26Institute of Computer SoftwareNanjing University42对象结构的存储与提取对象持久化的难点之一：对象之间的引用2022/7/26Institute of Computer SoftwareNanjing University43对象结构的存储与提取需持久化整个对象引用闭包Persistence closureJava的serialization规则缺省规则：非static 非transient 的数据成员用户定义class List implements Serializable Lis

38、t next; private static final ObjectStreamField serialPersistentFields = new ObjectStreamField(next, List.class); 2022/7/26Institute of Computer SoftwareNanjing University44对象结构的存储与提取闭包可能太大小对象引用（共享的）大对象2022/7/26Institute of Computer SoftwareNanjing University45对象结构的存储与提取Java 的 transient 修饰子Transient

39、fields 不被序列化Static fields 也不被序列化开发者负责维护2022/7/26Institute of Computer SoftwareNanjing University46Schema evolutionFact: Classes changeProblem: Objects are stored of which class descriptions have changedSchema evolution:At least one class used by the retrieving system differs from its counterpart sto

40、red by the storing system.Object retrieval mismatch (Object mismatch):The retrieving system retrieves a particular object whose own generating class was different in the storing system.No fully satisfactory solution2022/7/26Institute of Computer SoftwareNanjing University47Different approachesNaive,

41、 extreme approaches:Forsake previously stored objectsOver a migration path from old format to newa one-time, en masse conversion of old objectsnot applicable to a large persistent store or to one that must be available continuouslyMost general solution: On-the-fly conversionNote: We cover only the r

42、etrieval part. Whether to write back the converted object is a separate issue.2022/7/26Institute of Computer SoftwareNanjing University48On-the-fly object conversionThree separate issues:Detection:Catch object mismatchNotification:Make retrieving system aware of object mismatchCorrection:Bring misma

43、tched object to a consistent stateMake it a correct instance of the new class version2022/7/26Institute of Computer SoftwareNanjing University49DetectionDetect a mismatch between two versions of an objects generating classTwo categories of detection policy:Nominal approach:Each class version has a v

44、ersion nameCentral registration mechanism necessaryStructural approach:Deduce class descriptor from actual class structureStore class descriptorSimple detection: compare class descriptors of retrieved object with new class descriptor2022/7/26Institute of Computer SoftwareNanjing University50Detectio

45、n: Structural ApproachWhat does the class descriptor need to contain?Trade-off between efficiency and reliabilityTwo extreme approaches:C1: class nameC2: entire class text (e.g. abstract syntax tree)Reasonable approaches:C3: class name, list of attributes (name and type)C4: in addition to C3: class

46、invariant2022/7/26Institute of Computer SoftwareNanjing University51NotificationWhat happens when the detection mechanism has caught an object mismatch?Language level mechanism Class ANY could include a procedure:correct_mismatch is- Handle object retrieval mismatch.localexception: EXCEPTIONSdocreat

47、e exceptionexception.raise ( Routine failure: Object mismatch during retrieval )end2022/7/26Institute of Computer SoftwareNanjing University52CorrectionHow do we correct an object that caused a mismatch?Current situation:Retrieval mechanism has created a new object (deduced from a stored object with

48、 same generating class)A mismatch has been detected new object is in temporary (maybe inconsistent) state2022/7/26Institute of Computer SoftwareNanjing University53Correction增加attribute删除attribute2022/7/26Institute of Computer SoftwareNanjing University540.0Attribute was not in stored version.Field

49、is initialized to default value of attribute typeStored version had a field.New version has removed attribute.Attributes have not changed.Correctioncorrect_mismatch is- Handle object retrieval mismatch- by correctly setting up balance.dobalance := deposits.total - withdrawals.totalensureconsistent:

50、balance = deposits.total - withdrawals.totalend2022/7/26Institute of Computer SoftwareNanjing University55 deposits withdrawalsbalance 0.0900100200240300new field (initialized to default value)old fieldsWrong!维护不变式自动对象转换：JavaserialVersionUID 自动定义 （根据类文件生成）1. Class name 2. The class modifiers 3. The

51、name of each interface 4. For each field of the class (except private static and private transient fields): The name of the field The modifiers of the field The descriptor of the field 5. For each method including constructors, except private methods and constructors: The name of the method The modi

52、fiers of the method The descriptor of the method 2022/7/26Institute of Computer SoftwareNanjing University56自动对象转换：Java手工指定ANY-ACCESS-MODIFIER static final long serialVersionUID = 42L; 类改变时仍然能够反序列化Java定义了一些“兼容”条件，符合条件的自动转换可以容忍的：adding fields, etc.太糟糕的: “Changing the type of a field”, deleting fields

53、, etc2022/7/26Institute of Computer SoftwareNanjing University57对于实在“糟糕”的类修改可以定制序列化和反序列化方法 private void readObject(ObjectInputStream in) private void writeObject(ObjectOutputStream out) 2022/7/26Institute of Computer SoftwareNanjing University58摘要对象序列化对象持久化Language levelDatabasesHibernate2022/7/26In

54、stitute of Computer SoftwareNanjing University59对象持久化与数据库Deficiency of language level mechanismsthere is only one entry object; there is no support for content-based queries; each call to retrieved re-creates the entire structure, with no sharing of objects between successive calls;there is no suppo

55、rt for letting different client applications access the same persistent data simultaneouslya full-fledged solution requires taking advantage of database technology2022/7/26Institute of Computer SoftwareNanjing University60对象持久化与数据库A set of mechanisms for storing and retrieving data items is a DBMS i

56、f it supports the following items:PersistenceProgrammable structureArbitrary sizeAccess controlProperty-based queryingIntegrity constraintsAdministrationSharingLockingTransactions2022/7/26Institute of Computer SoftwareNanjing University61自然地，要用数据库来存储持久化对象对象持久化与数据库关系型数据库：数据库的主流A relational database i

57、s a set of relations, each containing a set of tuples (or records).关系代数Selection, Projection , Join2022/7/26Institute of Computer SoftwareNanjing University62对象持久化与数据库Operations: relational algebra: selection, projection, joinQueries: standardized language (SQL)Usually “normalized”: every field is a

58、 simple value; it cannot be a reference2022/7/26Institute of Computer SoftwareNanjing University63“The Carterhouse of Parma”“The Red and the Black”Title“Madame Bovary”“Eugnie Grandet”date1830183918561833pages341307425346author“Stendahl”“Stendahl”“Flaubert”“Balzac”Relation books:fieldfield name (= at

59、tribute)columntuple(= row)OperationsSelection: date 1833ProjectionJoin2022/7/26Institute of Computer SoftwareNanjing University64“The Carterhouse of Parma”Title“Madame Bovary”date18391856pages307425author“Stendahl”“Flaubert”OperationsSelectionProjection: on authorJoin2022/7/26Institute of Computer S

60、oftwareNanjing University65author“Stendahl”“Flaubert”“Balzac”OperationsSelectionProjectionJoin: books authors2022/7/26Institute of Computer SoftwareNanjing University66“The Carterhouse of Parma”“The Red and the Black”Title“Madame Bovary”“Eugnie Grandet”date1830183918561833pages341307425346author“Ste