Understanding of FindBugs warning about serialVersionUID field

Question

I have the following class signature and ClientEventSourc implements Serializable :

public class Grid extends ClientEventSource implements Focusable, FramingBlockWrapper,LIMSEditableField

Now FindBugs is listing this as dodgy :

Class is Serializable, but doesn't define serialVersionUID

This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (eg, adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

Can some explain what it means and what is the best possible way to fix this ?

Answer 1

the serialVersionUID is used to deserialize your class. it is auto-generated by default.
but changing anything in your class would generate a different serialVersionUID and you cannot deserialise "old" objects.
so you define your own serialVersionUID to help deserialisation find the right class.

add a variable like this to your code:

private static final long serialVersionUID = 6106269076155338045L;

for reference on generating your UID:

Does it matter what I choose for serialVersionUID when extending Serializable classes in Java?

Answer 2

Can some explain what it means

Minor changes to the class change the serialVersionUID which you don't want as this can prevent deserialization for no good reason.

and what is the best possible way to fix this ?

Set it as it suggests.

private static final long serialVersionUID = 1;

is there any algorithm/program that generates this number

Yes. This is the algorithm you are attempting to bypass, not recreate. Just start at 1 .

I mean can it be anything or it needs to follow certain best practices

I would suggest using 1 is best practice because it makes it clear this was an overriden value arbitrarily chosen. Using a large value like 6106269076155338045L could look a like a generated number or chose this number of a reason.

Answer 3

This value is used at deserialization. Its purpose is to maintain compatibility between classes and their corresponding serialized objects. If you serialize an object of type A and then change A somehow, then this mechanism prevents you from deserializing the object; the object and its class wouldn't match and you would get runtime errors.

There is a serialver.exe in the JDK. If you give it a .class file as parameter, it will spit out a serialVersionUID . Most IDEs have this functionality built in.

Example of input:

> serialver MyClass

(there already exists a file MyClass.class and MyClass must implement Serializable )

Example of output:

> MyClass: static final long serialVersionUID = -8174364448753809256L;

If you hate doing things at the command line, then executing the program like this:

> serialver -show

will display this GUI:

You can then type the class's name and click "Show".

I recommend you read about the serialization process if it interests you. You would find out exactly why this version ID is needed, what fields/methods are taken into account when generating it and much more.