Effective Java

CHAPTER 12
SERIALIZATION
354
Loosely speaking, 
readObject
is a constructor that takes a byte stream as its
sole parameter. In normal use, the byte stream is generated by serializing a
normally constructed instance. The problem arises when 
readObject
is presented
with a byte stream that is artificially constructed to generate an object that violates
the invariants of its class. Such a byte stream can be used to create an 
impossible
object
, which could not have been created using a normal constructor.
Assume that we simply added 
implements
Serializable
to the class
declaration for 
Period
. This ugly program would then generate a 
Period
instance
whose end precedes its start. The casts on 
byte
values whose high-order bit is set
is a consequence of Java’s lack of 
byte
literals combined with the unfortunate
decision to make the 
byte
type signed:
public class BogusPeriod {

Download 2,19 Mb.

Do'stlaringiz bilan baham: