Serialization, Value Types, And Effective Java
CodeFX Occasionally #65 — 12th of September 2018
summer is over — back to work! 🌞 Here are some random tidbits I picked up in the last couple of weeks.
I send this newsletter out some Fridays. Or other days. Sometimes not for weeks. But as an actual email. So, subscribe!
The vision for Java Serialization
At Devoxx UK, Mark Reinhold did an Ask The Architect session, where he talked about Java serialization and the vision for it. Here’s my summary (most infos are lifted from that interview, all errors are mine).
We call serialization the gift that keeps on giving.
Mark’s informed guess: It is involved in one third to one half of Java’s security vulnerabilities. It’s brittle, pokes into private fields, ignores constructors. Many JVM features interact with it, typically badly, increasing complexity.
Side note: Don’t expose serialization endpoints to untrusted networks (like, the Internet). If you absolutely have to, look into serialization filters (new in Java 9).
Removing serialization is one of the long-term goals of Project Amber. A stepping stone are data classes aka records, which can be deconstructed into their constituting fields. The vision is to create a new serialization framework in the JDK that operates on a graph of records, decostructs it, and passes constituting data to an engine. Engines can write XML/JSON/YAML/whatever (even current serialization format).
When this will be released, you ask? When it’s ready. (All hail the new release cadence!) My uninformed guess: early 20ies.
Discarding value updates
(JDK-issue #8199429 covers this and does a great job at explaining the problem as well as possible solutions. Instead of rephrasing it, I simply copy-pasted the text.)
Lost updates are a practical problem with primitives and will be a practical problem with value types, more so than with object types. Solutions to this problem for primitives need to be carefully cross-applied from primitives to value types, in order to fulfill the promise that value types “work like an int”.
A value type constructor creates a new value. A value type reconstructor creates a new value derived by adjusting a previous value. A reconstructor may be a “wither” method analogous to a “setter” method on a stateful object.
Setter methods are usually void returning (sometimes they return
this). Wither methods must return the updated value, which is distinct from the original value.
Value types “code like a class but work like an int”. Ints and other primitives also have constructs which update them, returning a new value.
It is a common programming error to update a value and forget to store the updated value back to the variable which is tracking it. Java prevents this from happening in the case of int and other primitives:
int x = 0
x + 1; // bad code
x = x + 1; // good code
Java does not prevent this from happening with object APIs:
Iterator i = l.iterator();
i.next(); // bad code
x = i.next(); // good code
Java should take care to avoid this class of errors with value types:
Cursor c = Cursor(array, 0, 10);
c.next(); // bad code
c = c.next(); // good code
One simple approach to this problem would be to create some warnings, where value-type reconstructors, if used as expression statements, were diagnosed to the user. We assume that the value returned from a reconstructor is unique, and should not be discarded (at least implicitly).
A stronger approach is to treat discards as errors. This is preferable, because it delivers more “like an int” user experience. We can do this with the first non-preview release of value types, but not later.
The gentler advisory approach could be applied to existing Java APIs and object APIs, using an annotation. Possible spellings:
@Precious. Such proposals have been made before; they are more urgent with values.
This design relates to, but is distinct from, the need for syntax sugar to express updates. “Works like an int” makes us consider whether to abbreviate the value-type analogues of “i += 1” and “i++”, which provide various concise combinations of reading a variable, operating on its value, writing an updated value, and returning a related value (either the new or the old value of the variable). See also “a[i++]” which produces two results: It reads, operates, and writes to “i” and also returns a derived value.
Class-like APIs for the int-like usage patterns should be expressible (syntax is just an example):
A rant that starts with conferences and ends with Effective Java
Yesterday, on my way to the airport, I caught myself daydreaming. Of my ideal day. Of a routine that allows me to lead a productive and balanced life.
The conference lifestyle
Instead I was stuck in the first of a long series of metal tubes, bringing me to Mannheim, then Frankfurt Airport, then Oslo Airport, then Oslo downtown. The day before yesterday I told my daughter that I would drop her off at kindergarten at 0900 and wouldn’t arrive in my room in Oslo until she gets picked up at 1700. Eight hours — easily wasted and so tough to use productively.
Don’t get me wrong, a day at a conference like JavaZone (where I’m heading now) is great: Listening to one or two handpicked talks, talking to lots of knowledgeable people, some fun and games, and great food. Also, travel costs are reimbursed, conference entry is free, and the speaker dinner will be freaking awesome. Most importantly, I love giving talks! (Well, I’m a bit of a narcissist and a lot of a smartass, so that figures.)
But I grew weary of planning trips, of making the way there and back. It’s not so much traveling itself — if I could spend that time with a good book and without bad conscience, then everything would be fine. The thing is, traveling is not my job. Unlike developer advocates, technology evangelist, and a lot of other international speakers you will meet at a conference, I don’t get paid while traveling, while being at a conference, while giving a talk. It’s also hard to be creative enough to code or write when all you’ve got are half-hour slices in crowded environments.
Consequently, when I get home, I’m behind on everything: writing, coding, earning money, doing paperwork, family time. The latter is particularly galling because traveling cuts both ways: I don’t get to be around my family, but I also don’t do my share, so when I’m back it’s my time to be in charge of childcare and chores. (My wife also works full-time and has to burn overtime every time I’m on the road.)
Combine that with having to catch up with all kinds of work and you’ve got a perfect storm: Nothing got done and there’s no time to catch up.
The dingleberry on top of this shit sundae is that, without a rhythm, I have a hard time being productive. I’m an absolute procrastination pro and given the slightest excuse will slack off for hours at a time (I mean, I could be writing a blog post right now). Having a set routine helps me a lot in combating that tendency, but when a conference takes three to four days out of my week, the remaining days are not exactly routine — they’re a mixture of putting out fires, playing catch-up, and, well, procrastination.
Conferences are the main ingredient in my growing unhappiness with what starts to feel like a pretty unproductive year. It’s September, for crying out loud, and the freaking book is still not out (although, that’s not all my fault), I wrote only six new blog posts, published zero YouTube videos, and am barely making progress on courses.codefx.org. Where did all the fucking time go?!
Online Java courses at CodeFX
Online courses about Java core features like lambdas, streams (Java 8), the module system (Java 9), local-variable type…
Effective Java on CodeFX on YouTube
Out of frustration, I thought up a ludicrously random plan: On every conference trip, record and cut a YouTube video about an item in Effective Java, third edition. I did that in BED-Con/Berlin last week (on static factory methods, publication pending) and, on the train to the airport, I already researched my topic for JavaZone/Oslo (item 2, builder pattern).
Turns out that making videos is fairly amenable to a traveling lifestyle. I can record in small scenes and pretty much everywhere; commentary that is not centered around a specific code snippet even on the go. Sifting through material, composing, and cutting does not require particular creativity and can well be done in small increments.
More than anything else, it gives me a goal to focus on. With just a few days to reach it, I am energized to not slack off in my hotel room and instead either find a proper evening activity (like, meeting other humanoids) or work towards said goal.
BED-Con was a cool conference and, particularly with the feeling of being behind on everything, I was incredibly happy when on two occasions a developer came up to me to tell me how much they liked my blog. But what really blew it out of the water was the feeling of accomplishment with which I came home. I hope to keep this up.