对象序列化和持久化.ppt

《对象序列化和持久化.ppt》由会员分享，可在线阅读，更多相关《对象序列化和持久化.ppt（95页珍藏版）》请在三一办公上搜索。

1、对象序列化和持久化,Object Serialization and Persistence,2023/5/22,Institute of Computer SoftwareNanjing University,1,摘要,对象序列化对象持久化Language levelDatabasesHibernate,2023/5/22,Institute of Computer SoftwareNanjing University,2,摘要,对象序列化对象持久化Language levelDatabasesHibernate,2023/5/22,Institute of Computer Softwar

2、eNanjing University,3,摘要,对象序列化对象持久化Language levelDatabasesHibernate,2023/5/22,Institute of Computer SoftwareNanjing University,4,Object Serialization,WhyWhatHow,2023/5/22,Institute of Computer SoftwareNanjing University,5,Java Object Serialization-Why,Serialization is used for lightweight persistenc

3、e and for communication via sockets or Remote Method Invocation(RMI).,2023/5/22,Institute of Computer SoftwareNanjing University,6,Java Object Serialization-Example,public class Client public static void main(String args)try/Create a socket Socket soc=new Socket(InetAddress.getLocalHost(),8020);Outp

4、utStream o=soc.getOutputStream();ObjectOutput s=new ObjectOutputStream(o);s.writeObject(Todays date);s.writeObject(new Date();s.flush();s.close();catch(Exception e)System.out.println(e.getMessage();System.out.println(Error during serialization);System.exit(1);,2023/5/22,Institute of Computer Softwar

5、eNanjing University,7,Java Object Serialization-Example,public class Server public static void main(String args)ServerSocket ser=null;Socket soc=null;String str=null;Date d=null;try ser=new ServerSocket(8020);soc=ser.accept();InputStream o=soc.getInputStream();ObjectInput s=new ObjectInputStream(o);

6、str=(String)s.readObject();d=(Date)s.readObject();s.close();System.out.println(str);System.out.println(d);catch(Exception e)System.out.println(e.getMessage();System.out.println(Error during serialization);System.exit(1);,2023/5/22,Institute of Computer SoftwareNanjing University,8,Java Object Serial

7、ization-Example,Writing to an object stream,2023/5/22,Institute of Computer SoftwareNanjing University,9,/Serialize todays date to a file.FileOutputStream f=new FileOutputStream(tmp);ObjectOutput s=new ObjectOutputStream(f);s.writeObject(Today);s.writeObject(new Date();s.flush();,Java Object Seriali

8、zation-Example,Reading from an object stream,2023/5/22,Institute of Computer SoftwareNanjing University,10,/Deserialize a string and date from a file.FileInputStream in=new FileInputStream(tmp);ObjectInputStream s=new ObjectInputStream(in);String today=(String)s.readObject();Date date=(Date)s.readOb

9、ject();,Java Object Serialization-What,Object Serialization extends the core Java Input/Output classes with support for objects.Object Serialization supports the encoding of objects,and the objects reachable from them,into a stream of bytes;and it supports the complementary reconstruction of the obj

10、ect graph from the stream.,2023/5/22,Institute of Computer SoftwareNanjing University,11,Java Object Serialization-Goal,Have a simple yet extensible mechanism.Maintain the Java object type and safety properties in the serialized form.Be extensible to support marshaling and unmarshaling as needed for

11、 remote objects.Be extensible to support simple persistence of Java objects.Require per class implementation only for customization.Allow the object to define its external format.,2023/5/22,Institute of Computer SoftwareNanjing University,12,Java Object Serialization-How,Objects to be saved in the s

12、tream may support either the Serializable or the Externalizable interface.For Serializable objects,the stream includes sufficient information to restore the fields in the stream to a compatible version of the class.For Externalizable objects,the class is solely responsible for the external format of

13、 its contents.,2023/5/22,Institute of Computer SoftwareNanjing University,13,The Serializable Interface,public interface java.io.Serializable;A Serializable class must do the following:Implement the java.io.Serializable interface Identify the fields that should be serializableHave access to the no-a

14、rg constructor of its first nonserializable superclass,2023/5/22,Institute of Computer SoftwareNanjing University,14,The Serializable Interface,The class can optionally define the following methods:writeObject(ObjectOutputStream)readObject(ObjectInputStream)writeReplace()readResolve(),2023/5/22,Inst

15、itute of Computer SoftwareNanjing University,15,思考：如果一个可序列化的类实现了以上四个方法，那么在序列化和反序列化的过程中，这几个方法的调用次序如何？,The Externalizable Interface,public interface Externalizable extends Serializable public void writeExternal(ObjectOutput out)throws IOException;public void readExternal(ObjectInput in)throws IOExcept

16、ion,java.lang.ClassNotFoundException;,2023/5/22,Institute of Computer SoftwareNanjing University,16,The Externalizable Interface,The class of an Externalizable object must do the following:Implement the java.io.Externalizable interface Implement a writeExternal method to save the state of the object

17、Implement a readExternal method to read the data written by the writeExternal method from the stream and restore the state of the object Have the writeExternal and readExternal methods be solely responsible for the format,if an externally defined format is written Have a public no-arg constructor,20

18、23/5/22,Institute of Computer SoftwareNanjing University,17,The Externalizable Interface,An Externalizable class can optionally define the following methods:writeReplacereadResolve,2023/5/22,Institute of Computer SoftwareNanjing University,18,Note:声明类实现Externalizable接口会有重大的安全风险。writeExternal()与readE

19、xternal()方法声明为public，恶意类可以用这些方法读取和写入对象数据。如果对象包含敏感信息，则要格外小心。,区别,Serializable自动存储必要信息，用以反序列化被存储的实例优点内建支持易于实现缺点占用空间过大速度慢,Externalizable只保存被存储的类的标识，完全由程序员完成读取和写入工作优点开销较少可能的速度提升缺点虚拟机不提供帮助，程序员负担重,2023/5/22,19,Institute of Computer SoftwareNanjing University,serialVersionUID,private static final long seria

20、lVersionUIDFor compabilityInvalidClassException It is strongly recommended that all serializable classes explicitly declare serialVersionUID valuesserialver；eclipse,2023/5/22,Institute of Computer SoftwareNanjing University,20,Serialization Principles,如果该类有父类如果父类实现了可序列化接口，则OK如果父类没有实现可序列化接口，则父类所有字段的属

21、性默认情况下不会被序列化如果该类的某个属性标识为static类型的，则该属性不能序列化；如果该类的某个属性采用transient关键字标识，则该属性不能序列化；,2023/5/22,Institute of Computer SoftwareNanjing University,21,Serialization Principles,在我们标注一个类可以序列化的时候，其以下属性应该设置为transient来避免序列化：线程相关的属性；需要访问IO、本地资源、网络资源等的属性；没有实现可序列化接口的属性；,2023/5/22,Institute of Computer SoftwareNanji

22、ng University,22,Some Items from Effective Java,2023/5/22,Institute of Computer SoftwareNanjing University,23,Effective Java for Serialization,1.Implement Serializable judiciously 谨慎地实现Serializable代价1：一旦一个类被发布，则“改变这个类的实现”的灵活性将大大降低。序列化会使类的演化受到限制。代价2：增加了错误和安全漏洞的可能性。序列化机制是一种语言之外的对象创建机制。代价3：随着一个类的新版本的发行

23、，相关的测试负担增加了。可序列化类的变化越大，它就越需要测试。,2023/5/22,Institute of Computer SoftwareNanjing University,24,Effective Java for Serialization,Notes:为了继承而设计的类应该很少实现Serializable，接口也应该很少会扩展它。对于为继承而设计的不可序列化的类，应该考虑提供一个无参数的构造函数。内部类应该很少实现Serializable。,2023/5/22,Institute of Computer SoftwareNanjing University,25,Effectiv

24、e Java for Serialization,2.Consider using a custom serialized form 考虑使用自定义的序列化形式如果一个对象的物理表示等同于它的逻辑内容，则默认的序列化形式可能是合适的。即使确定了默认序列化形式是合适的，通常仍然要提供一个readObject方法以保证约束关系和安全性。,2023/5/22,Institute of Computer SoftwareNanjing University,26,Effective Java for Serialization,2023/5/22,Institute of Computer Softw

25、areNanjing University,27,Effective Java for Serialization,2023/5/22,Institute of Computer SoftwareNanjing University,28,Effective Java for Serialization,当一个对象的物理表示与它的逻辑数据内容有实质性的区别时，使用默认序列化形式有4个缺点:它使这个类的导出API永久地束缚在该类的内部表示上。它要消耗过多的空间。它要消耗过多的时间。它会引起栈溢出。,2023/5/22,Institute of Computer SoftwareNanjing U

26、niversity,29,2023/5/22,Institute of Computer SoftwareNanjing University,30,Effective Java for Serialization,2023/5/22,Institute of Computer SoftwareNanjing University,31,Effective Java for Serialization,如果所有的实例域都是transient的，那么省去调用defaultWriteObject和defaultReadObject也是允许的，但是不推荐这样做。在决定将一个域做成非transient

27、之前，请一定要确信它的值将是该对象逻辑状态的一部分。不管你选择了哪种序列化形式，你都要为自己编写的每个序列化的类声明一个显式的序列化版本UID。,2023/5/22,Institute of Computer SoftwareNanjing University,32,private static final long serialVersionID=randomLongValue,Effective Java for Serialization,3.Write readObject methods defensively 保护性地编写readObject方法readObject方法实际上相当

28、于另一个共有的构造函数，如同其他构造函数一样，它也要求所有同样的注意事项：检查实参的有效性，并且必要时对参数进行保护性拷贝。,2023/5/22,Institute of Computer SoftwareNanjing University,33,Versioning,Versioning raises some fundamental questions about the identity of a class,including what constitutes a compatible change.A compatible change is a change that does

29、not affect the contract between the class and its callers.,2023/5/22,Institute of Computer SoftwareNanjing University,34,Incompatible changes,Deleting fieldsMoving classes up or down the hierarchyChanging a nonstatic field to static or a nontransient field to transientChanging the declared type of a

30、 primitive fieldChanging the writeObject or readObject method so that it no longer writes or reads the default field data or changing it so that it attempts to write it or read it when the previous version did not.,2023/5/22,Institute of Computer SoftwareNanjing University,35,Incompatible changes,Ch

31、anging a class from Serializable to Externalizable or vice versaChanging a class from a non-enum type to an enum type or vice versaRemoving either Serializable or ExternalizableAdding the writeReplace or readResolve method to a class is incompatible if the behavior would produce an object that is in

32、compatible with any older version of the class.,2023/5/22,Institute of Computer SoftwareNanjing University,36,Compatible changes,Adding fieldsAdding classesRemoving classesAdding writeObject/readObject methodsRemoving writeObject/readObject methodsChanging the access to a fieldChanging a field from

33、static to nonstatic or transient to nontransient,2023/5/22,Institute of Computer SoftwareNanjing University,37,摘要,对象序列化对象持久化Language levelDatabasesHibernate,2023/5/22,Institute of Computer SoftwareNanjing University,38,摘要,对象序列化对象持久化Language levelDatabasesHibernate,2023/5/22,Institute of Computer Sof

34、twareNanjing University,39,Object Persistence,During execution of application:objects are created and manipulatedWhat happens to objects after termination?Various kinds of objectsTransient objects:Disappear with current sessionPersistent objects:Stay around from session to sessionMay be shared with

35、other applications(e.g.databases),2023/5/22,Institute of Computer SoftwareNanjing University,40,Approaches to manipulate persistent objects,Persistence mechanisms from programming languagesRelational databasesObject-oriented databases,2023/5/22,Institute of Computer SoftwareNanjing University,41,Per

36、sistence from programming languages,Mechanisms for storing objects in files and retrieving themSimple objects:e.g.integers,charactersconventional methods usableComposite objects:contain references to other objectsPersistence Closure principle:Any storage and retrieval mechanism must handle the objec

37、t and all its dependents.otherwise:dangling references,2023/5/22,Institute of Computer SoftwareNanjing University,42,对象结构的存储与提取,对象持久化的难点之一：对象之间的引用,2023/5/22,Institute of Computer SoftwareNanjing University,43,对象结构的存储与提取,需持久化整个对象引用闭包Persistence closureJava的serialization规则缺省规则：非static 非transient 的数据成员

38、用户定义class List implements Serializable List next;private static final ObjectStreamField serialPersistentFields=new ObjectStreamField(next,List.class);,2023/5/22,Institute of Computer SoftwareNanjing University,44,对象结构的存储与提取,闭包可能太大小对象引用（共享的）大对象,2023/5/22,Institute of Computer SoftwareNanjing Universi

39、ty,45,对象结构的存储与提取,Java 的 transient 修饰子Transient fields 不被序列化Static fields 也不被序列化开发者负责维护,2023/5/22,Institute of Computer SoftwareNanjing University,46,Schema evolution,Fact:Classes changeProblem:Objects are stored of which class descriptions have changedSchema evolution:At least one class used by the

40、retrieving system differs from its counterpart stored by the storing system.Object retrieval mismatch(Object mismatch):The retrieving system retrieves a particular object whose own generating class was different in the storing system.No fully satisfactory solution,2023/5/22,Institute of Computer Sof

41、twareNanjing University,47,Different approaches,Naive,extreme approaches:Forsake previously stored objectsOver a migration path from old format to newa one-time,en masse conversion of old objectsnot applicable to a large persistent store or to one that must be available continuouslyMost general solu

42、tion:On-the-fly conversionNote:We cover only the retrieval part.Whether to write back the converted object is a separate issue.,2023/5/22,Institute of Computer SoftwareNanjing University,48,On-the-fly object conversion,Three separate issues:Detection:Catch object mismatchNotification:Make retrieving

43、 system aware of object mismatchCorrection:Bring mismatched object to a consistent stateMake it a correct instance of the new class version,2023/5/22,Institute of Computer SoftwareNanjing University,49,Detection,Detect a mismatch between two versions of an objects generating classTwo categories of d

44、etection policy:Nominal approach:Each class version has a version nameCentral registration mechanism necessaryStructural approach:Deduce class descriptor from actual class structureStore class descriptorSimple detection:compare class descriptors of retrieved object with new class descriptor,2023/5/2

45、2,Institute of Computer SoftwareNanjing University,50,Detection:Structural Approach,What does the class descriptor need to contain?Trade-off between efficiency and reliabilityTwo extreme approaches:C1:class nameC2:entire class text(e.g.abstract syntax tree)Reasonable approaches:C3:class name,list of

46、 attributes(name and type)C4:in addition to C3:class invariant,2023/5/22,Institute of Computer SoftwareNanjing University,51,Notification,What happens when the detection mechanism has caught an object mismatch?Language level mechanism Class ANY could include a procedure:correct_mismatch is-Handle ob

47、ject retrieval mismatch.localexception:EXCEPTIONSdocreate exceptionexception.raise(Routine failure:Object mismatch during retrieval)end,2023/5/22,Institute of Computer SoftwareNanjing University,52,Correction,How do we correct an object that caused a mismatch?Current situation:Retrieval mechanism ha

48、s created a new object(deduced from a stored object with same generating class)A mismatch has been detected new object is in temporary(maybe inconsistent)state,2023/5/22,Institute of Computer SoftwareNanjing University,53,Correction,增加attribute删除attribute,2023/5/22,Institute of Computer SoftwareNanj

49、ing University,54,0.0,Attribute was not in stored version.Field is initialized to default value of attribute type,Stored version had a field.New version has removed attribute.,Attributes have not changed.,Correction,correct_mismatch is-Handle object retrieval mismatch-by correctly setting up balance

50、.dobalance:=deposits.total-withdrawals.totalensureconsistent:balance=deposits.total-withdrawals.totalend,2023/5/22,Institute of Computer SoftwareNanjing University,55,deposits,withdrawals,balance 0.0,900,100,200,240,300,new field(initialized to default value),old fields,Wrong!,维护不变式,自动对象转换：Java,seri