Explicit Serialization API and Security

Peter Firmstone peter.firmstone at zeus.net.au
Thu Jan 29 12:20:17 UTC 2015

I decided to sample cpu load (see attached), with debugging enabled for 
the validating ObjectInputStream and JERI, so heaps of output to the 

There are no performance optimisations with stream validation, I've just 
focused on correctness and security.

Thank you HotSpot developers, nice job :)

To give you some background in the tests, there's a heap of dynamic 
class loading going on with codebase downloads, Remote Invocations etc.

I'll profile it on Sparc T2+ in the near future with Oracle express.

Sure miss the sparc gear, OBP and when Solaris was open for a brief 
snapshot in time, can only use it for dev testing now, can't afford to 
use it for production.



More information about the core-libs-dev mailing list