[
https://issues.apache.org/jira/browse/LANG-1705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18061037#comment-18061037
]
Gary D. Gregory edited comment on LANG-1705 at 2/25/26 1:21 PM:
----------------------------------------------------------------
FTR, here's the {{Object#clone()}}
[Javadoc|https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/lang/Object.html#clone()]:
{code:java}
@IntrinsicCandidate
Creates and returns a copy of this object. The precise meaning of "copy" may
depend on the class of the object. The general intent is that, for any object
x, the expression:
x.clone() != x
will be true, and that the expression:
x.clone().getClass() == x.getClass()
will be true, but these are not absolute requirements. While it is typically
the case that:
x.clone().equals(x)
will be true, this is not an absolute requirement.
By convention, the returned object should be obtained by calling super.clone.
If a class and all of its superclasses (except Object) obey this convention, it
will be the case that
x.clone().getClass() == x.getClass().
By convention, the object returned by this method should be independent of this
object (which is being cloned). To achieve this independence, it may be
necessary to modify one or more fields of the object returned by super.clone
before returning it. Typically, this means copying any mutable objects that
comprise the internal "deep structure" of the object being cloned and replacing
the references to these objects with references to the copies. If a class
contains only primitive fields or references to immutable objects, then it is
usually the case that no fields in the object returned by super.clone need to
be modified.
Returns:
a clone of this instance.
Throws:
CloneNotSupportedException - if the object's class does not support the
Cloneable interface. Subclasses that override the clone method can also throw
this exception to indicate that an instance cannot be cloned.
See Also:
java.lang.Cloneable
Impl Spec:
The method clone for class Object performs a specific cloning operation. First,
if the class of this object does not implement the interface Cloneable, then a
CloneNotSupportedException is thrown. Note that all arrays are considered to
implement the interface Cloneable and that the return type of the clone method
of an array type T[] is T[] where T is any reference or primitive type.
Otherwise, this method creates a new instance of the class of this object and
initializes all its fields with exactly the contents of the corresponding
fields of this object, as if by assignment; the contents of the fields are not
themselves cloned. Thus, this method performs a "shallow copy" of this object,
not a "deep copy" operation.
The class Object does not itself implement the interface Cloneable, so calling
the clone method on an object whose class is Object will result in throwing an
exception at run time.
{code}
was (Author: garydgregory):
FTR, here's the {{clone}}
[Javadoc|https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/lang/Object.html#clone()]:
{code:java}
@IntrinsicCandidate
Creates and returns a copy of this object. The precise meaning of "copy" may
depend on the class of the object. The general intent is that, for any object
x, the expression:
x.clone() != x
will be true, and that the expression:
x.clone().getClass() == x.getClass()
will be true, but these are not absolute requirements. While it is typically
the case that:
x.clone().equals(x)
will be true, this is not an absolute requirement.
By convention, the returned object should be obtained by calling super.clone.
If a class and all of its superclasses (except Object) obey this convention, it
will be the case that
x.clone().getClass() == x.getClass().
By convention, the object returned by this method should be independent of this
object (which is being cloned). To achieve this independence, it may be
necessary to modify one or more fields of the object returned by super.clone
before returning it. Typically, this means copying any mutable objects that
comprise the internal "deep structure" of the object being cloned and replacing
the references to these objects with references to the copies. If a class
contains only primitive fields or references to immutable objects, then it is
usually the case that no fields in the object returned by super.clone need to
be modified.
Returns:
a clone of this instance.
Throws:
CloneNotSupportedException - if the object's class does not support the
Cloneable interface. Subclasses that override the clone method can also throw
this exception to indicate that an instance cannot be cloned.
See Also:
java.lang.Cloneable
Impl Spec:
The method clone for class Object performs a specific cloning operation. First,
if the class of this object does not implement the interface Cloneable, then a
CloneNotSupportedException is thrown. Note that all arrays are considered to
implement the interface Cloneable and that the return type of the clone method
of an array type T[] is T[] where T is any reference or primitive type.
Otherwise, this method creates a new instance of the class of this object and
initializes all its fields with exactly the contents of the corresponding
fields of this object, as if by assignment; the contents of the fields are not
themselves cloned. Thus, this method performs a "shallow copy" of this object,
not a "deep copy" operation.
The class Object does not itself implement the interface Cloneable, so calling
the clone method on an object whose class is Object will result in throwing an
exception at run time.
{code}
> commons-lang3:3.13.0 introduces breaking change in SerializationUtils
> ---------------------------------------------------------------------
>
> Key: LANG-1705
> URL: https://issues.apache.org/jira/browse/LANG-1705
> Project: Commons Lang
> Issue Type: Bug
> Components: lang.*
> Affects Versions: 3.13.0
> Reporter: Rico Neubauer
> Priority: Major
> Attachments: SerializationTest.java
>
>
> Want to report a change in behavior, which is not necessarily a
> bug/regression, but might get triggered by crude classes getting serialized.
> With this commit: 357951ff5c28dbd724611e8d41e23686f09a164a released in 3.13.0
> SerializationUtils#clone changed a bit that it now makes a cast to the
> expected type.
> This sounds reasonable, but might break existing code that serializes classes
> that have parent-child dependencies and overwrite #writeObject in a certain
> way.
> I'll provide a standalone test case below with comments that should make it
> clear.
> Issue is in case writeObject changes the type of object that gets serialized,
> then class obtained from in#readObject of the previously serialized object
> will be different from the expected one.
> This most probably is a violation of:
> {noformat}
> "The object returned should be either of the same type as the object passed
> in or an object that when read and resolved will result in an object of a
> type that is compatible with all references to the object."
> https://docs.oracle.com/en/java/javase/11/docs/specs/serialization/output.html{noformat}
> and also the contract of #clone, so could be treated as "told you", anyhow
> such code may exist and then #clone will fail with:
> {code:java}
> java.lang.ClassCastException: Cannot cast SerializationTest$Parent to
> SerializationTest$Child
> at java.base/java.lang.Class.cast(Class.java:3605)
> at
> org.apache.commons.lang3.SerializationUtils.clone(SerializationUtils.java:148)
> {code}
> Standalone test for reproducing the issue with 3.13.0:
> {code:java}
> import static org.junit.Assert.assertEquals;
> import java.io.ObjectStreamException;
> import java.io.Serializable;
> import java.util.Objects;
> import org.apache.commons.lang3.SerializationUtils;
> import org.junit.Test;
> public class SerializationTest
> {
> @Test
> public void serializeParent() throws Exception
> {
> // this test will pass with any version
> Parent parent = new Parent(true);
> Parent clonedParent = SerializationUtils.clone(parent);
> assertEquals(parent, clonedParent);
> }
> @Test
> public void serializeChild() throws Exception
> {
> Child child = new Child(true);
> // this test will pass with org.apache.commons:commons-lang3:3.12.0,
> // but will fail with 3.13.0
> Parent clonedChild = SerializationUtils.clone(child);
> assertEquals(new Parent(true), clonedChild);
> }
> static class Parent implements Serializable
> {
> private static final long serialVersionUID = 1L;
> protected boolean someField;
> Parent(boolean someField)
> {
> this.someField = someField;
> }
> protected Parent(Parent parent)
> {
> this.someField = parent.someField;
> }
> /**
> * protected modifier lets also child's serialization call this
> */
> protected Object writeReplace() throws ObjectStreamException
> {
> return new Parent(this);
> }
> @Override
> public int hashCode()
> {
> return Objects.hash(someField);
> }
> @Override
> public boolean equals(Object obj)
> {
> if (this == obj) return true;
> if (obj == null) return false;
> if (getClass() != obj.getClass()) return false;
> Parent other = (Parent)obj;
> return someField == other.someField;
> }
> }
> static class Child extends Parent
> {
> private static final long serialVersionUID = 2L;
> Child(boolean someField)
> {
> super(someField);
> }
> }
> }
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
