Serialization of object identity

Remi Forax forax at
Wed Jun 12 19:55:19 UTC 2019

----- Mail original -----
> De: "Brian Goetz" <brian.goetz at>
> À: "Nir Lisker" <nlisker at>, "amber-dev" <amber-dev at>
> Envoyé: Mercredi 12 Juin 2019 21:26:34
> Objet: Re: Serialization of object identity

>> In fact, the cyclic graph issue is a result of an inability to represent
>> object identity in serialization, which is a much larger problem.
> Actually, they're two entirely different problems.
> The challenge with cyclic graphs is not that we have to respect identity
> -- that can be done (it is up to a particular serialization to decide if
> it is going to do so.)  The challenge with cyclic graphs is that
> logically cyclic graphs cannot, in general, be reproduced through a
> series of constructor calls -- some mutation is required as well.  Which
> conflicts with our main security goal, that deserialization proceed
> through constructors.
> (It is possible, at the cost of significant complexity for both the
> framework and class authors, to have a more complex model that can
> reflect post-construction mutation -- but the incremental complexity and
> risk is significant.)

it's not fully true because you can leak "this" and then mutate a field inside the constructor. 

class A {
  final B b;
  A(Function<A,B> fun) {
    b = fun.apply(this);
class B {
  final A a;
  B(A a) {
   this.a = a;

new A(B::new);


More information about the amber-dev mailing list