序列化-Serializable和Parcelable的简单介绍

序列化的本质

序列化是一种用来处理对象流的机制。序列化是为了解决在对对象流进行读写操作时所引发的问题。

序列化：将java对象转换成字节序列的过程，字节码可以保存到数据库、内存、文件等，也可用于网络传输

反序列化：将字节序列恢复为java对象的过程。

序列化实现的方式有很多方案，在java中是使用的JDK内置的Serializable接口来实现序列化，而Android SDK中增加Parcelable方式来实现序列化，除了常见的这2种还有很多其他优秀的序列化和反序列化方案（Twitter的Serial、Google的Protocol Buffers和flatbuffers等），这里先了解一下Serializable和Parcelable2种方式的原理和区别。

Serializable

Serializable是一个空的标记接口，没有任何方法和属性，implement Serializable只用于标记该对象是可以序列化的。如果一个类implement Serializable，则子类也是可以序列化的。

/**
 * Serializability of a class is enabled by the class implementing the
 * java.io.Serializable interface. Classes that do not implement this
 * interface will not have any of their state serialized or
 * deserialized.  All subtypes of a serializable class are themselves
 * serializable.  The serialization interface has no methods or fields
 * and serves only to identify the semantics of being serializable. <p>
 *
 * To allow subtypes of non-serializable classes to be serialized, the
 * subtype may assume responsibility for saving and restoring the
 * state of the supertype's public, protected, and (if accessible)
 * package fields.  The subtype may assume this responsibility only if
 * the class it extends has an accessible no-arg constructor to
 * initialize the class's state.  It is an error to declare a class
 * Serializable if this is not the case.  The error will be detected at
 * runtime. <p>
 *
 * During deserialization, the fields of non-serializable classes will
 * be initialized using the public or protected no-arg constructor of
 * the class.  A no-arg constructor must be accessible to the subclass
 * that is serializable.  The fields of serializable subclasses will
 * be restored from the stream. <p>
 *
 * When traversing a graph, an object may be encountered that does not
 * support the Serializable interface. In this case the
 * NotSerializableException will be thrown and will identify the class
 * of the non-serializable object. <p>
 *
 * Classes that require special handling during the serialization and
 * deserialization process must implement special methods with these exact
 * signatures:
 *
 * <PRE>
 * private void writeObject(java.io.ObjectOutputStream out)
 *     throws IOException
 * private void readObject(java.io.ObjectInputStream in)
 *     throws IOException, ClassNotFoundException;
 * private void readObjectNoData()
 *     throws ObjectStreamException;
 * </PRE>
 *
 * <p>The writeObject method is responsible for writing the state of the
 * object for its particular class so that the corresponding
 * readObject method can restore it.  The default mechanism for saving
 * the Object's fields can be invoked by calling
 * out.defaultWriteObject. The method does not need to concern
 * itself with the state belonging to its superclasses or subclasses.
 * State is saved by writing the individual fields to the
 * ObjectOutputStream using the writeObject method or by using the
 * methods for primitive data types supported by DataOutput.
 *
 * <p>The readObject method is responsible for reading from the stream and
 * restoring the classes fields. It may call in.defaultReadObject to invoke
 * the default mechanism for restoring the object's non-static and
 * non-transient fields.  The defaultReadObject method uses information in
 * the stream to assign the fields of the object saved in the stream with the
 * correspondingly named fields in the current object.  This handles the case
 * when the class has evolved to add new fields. The method does not need to
 * concern itself with the state belonging to its superclasses or subclasses.
 * State is saved by writing the individual fields to the
 * ObjectOutputStream using the writeObject method or by using the
 * methods for primitive data types supported by DataOutput.
 *
 * <p>The readObjectNoData method is responsible for initializing the state of
 * the object for its particular class in the event that the serialization
 * stream does not list the given class as a superclass of the object being
 * deserialized.  This may occur in cases where the receiving party uses a
 * different version of the deserialized instance's class than the sending
 * party, and the receiver's version extends classes that are not extended by
 * the sender's version.  This may also occur if the serialization stream has
 * been tampered; hence, readObjectNoData is useful for initializing
 * deserialized objects properly despite a "hostile" or incomplete source
 * stream.
 *
 * <p>Serializable classes that need to designate an alternative object to be
 * used when writing an object to the stream should implement this
 * special method with the exact signature:
 *
 * <PRE>
 * ANY-ACCESS-MODIFIER Object writeReplace() throws ObjectStreamException;
 * </PRE><p>
 *
 * This writeReplace method is invoked by serialization if the method
 * exists and it would be accessible from a method defined within the
 * class of the object being serialized. Thus, the method can have private,
 * protected and package-private access. Subclass access to this method
 * follows java accessibility rules. <p>
 *
 * Classes that need to designate a replacement when an instance of it
 * is read from the stream should implement this special method with the
 * exact signature.
 *
 * <PRE>
 * ANY-ACCESS-MODIFIER Object readResolve() throws ObjectStreamException;
 * </PRE><p>
 *
 * This readResolve method follows the same invocation rules and
 * accessibility rules as writeReplace.<p>
 *
 * The serialization runtime associates with each serializable class a version
 * number, called a serialVersionUID, which is used during deserialization to
 * verify that the sender and receiver of a serialized object have loaded
 * classes for that object that are compatible with respect to serialization.
 * If the receiver has loaded a class for the object that has a different
 * serialVersionUID than that of the corresponding sender's class, then
 * deserialization will result in an {@link InvalidClassException}.  A
 * serializable class can declare its own serialVersionUID explicitly by
 * declaring a field named <code>"serialVersionUID"</code> that must be static,
 * final, and of type <code>long</code>:
 *
 * <PRE>
 * ANY-ACCESS-MODIFIER static final long serialVersionUID = 42L;
 * </PRE>
 *
 * If a serializable class does not explicitly declare a serialVersionUID, then
 * the serialization runtime will calculate a default serialVersionUID value
 * for that class based on various aspects of the class, as described in the
 * Java(TM) Object Serialization Specification.  However, it is <em>strongly
 * recommended</em> that all serializable classes explicitly declare
 * serialVersionUID values, since the default serialVersionUID computation is
 * highly sensitive to class details that may vary depending on compiler
 * implementations, and can thus result in unexpected
 * <code>InvalidClassException</code>s during deserialization.  Therefore, to
 * guarantee a consistent serialVersionUID value across different java compiler
 * implementations, a serializable class must declare an explicit
 * serialVersionUID value.  It is also strongly advised that explicit
 * serialVersionUID declarations use the <code>private</code> modifier where
 * possible, since such declarations apply only to the immediately declaring
 * class--serialVersionUID fields are not useful as inherited members. Array
 * classes cannot declare an explicit serialVersionUID, so they always have
 * the default computed value, but the requirement for matching
 * serialVersionUID values is waived for array classes.
 *
 * Android implementation of serialVersionUID computation will change slightly
 * for some classes if you're targeting android N. In order to preserve compatibility,
 * this change is only enabled is the application target SDK version is set to
 * 24 or higher. It is highly recommended to use an explicit serialVersionUID
 * field to avoid compatibility issues.
 *
 * <h3>Implement Serializable Judiciously</h3>
 * Refer to <i>Effective Java</i>'s chapter on serialization for thorough
 * coverage of the serialization API. The book explains how to use this
 * interface without harming your application's maintainability.
 *
 * <h3>Recommended Alternatives</h3>
 * <strong>JSON</strong> is concise, human-readable and efficient. Android
 * includes both a {@link android.util.JsonReader streaming API} and a {@link
 * org.json.JSONObject tree API} to read and write JSON. Use a binding library
 * like <a href="http://code.google.com/p/google-gson/">GSON</a> to read and
 * write Java objects directly.
 *
 * @author  unascribed
 * @see java.io.ObjectOutputStream
 * @see java.io.ObjectInputStream
 * @see java.io.ObjectOutput
 * @see java.io.ObjectInput
 * @see java.io.Externalizable
 * @since   JDK1.1
 */
public interface Serializable {
   
}

上面就是Serializable接口，可以看到注释特别长，总结一下大致如下：

1. Serializable接口没有方法和属性字段，用于标记类可以序列化。
2. 父类可序列化，则子类也可序列化。
3. static或用transient关键字标记的字段不会被序列化
4. Serializable内部是使用的ObjectOutputStream和ObjectInputStream来序列化和反序列化的，序列化时通过ObjectOutputStream的writeObject写入对象序列化流数据及状态，默认的保存机制是调用out.defaultWriteObject；反序列化时使用ObjectInputStream.readObject方法将流数据还原成类对象。
5. 序列化运行时是通过serialVersionUID来判断版本的一致性，我们可以在要序列化的类中显式的声明一个static final long serialVerisonUID值，默认情况下java编译器会自动给我们生成一个serialVersionUID，但由于不同的java编译器可能生成的serialVersionUID不同，反序列化期间可能导致InvalidClassException，所以强烈建议我们自己定义serialVersionUID值。
6. Serializable在使用是会产生大量临时变量，频繁GC，使用了反射，序列化过程较慢，所以官方推荐使用简洁高效的JSON代替Serializable。

序列化过程

下面看看ObjectOutputStream的writeObject相关的源码，简单看看序列化的过程

/**
 * 外部调用，序列化入口
 */
public final void writeObject(Object obj) throws IOException {
   
	...
	writeObject0(obj, false);
	...
}

/**
 * 写数据，unshared=false
 */
private void writeObject0(Object obj, boolean unshared) throws IOException {
   
    ...
    //判断序列化对象的类型
    if (obj instanceof Class) {
   
        writeClass((Class) obj, unshared);
    } else if (obj instanceof ObjectStreamClass) {
   
        writeClassDesc((ObjectStreamClass) obj, unshared);
    // END Android-changed:  Make Class and ObjectStreamClass replaceable.
    } else if (obj instanceof String) {
   
        writeString((String) obj, unshared);
    } else if (cl.isArray()) {
   
        writeArray(obj, desc, unshared);
    } else if (obj instanceof Enum) {
   
        writeEnum((Enum<?>) obj, desc, unshared);
    } else if (obj instanceof Serializable) {
   
      	//如果是可序列化的，开始写入数据
        writeOrdinaryObject(obj, desc, unshared);
    } else {
   
      	//不可序列化，抛出异常
        if (extendedDebugInfo) {
   
            throw new NotSerializableException(
                cl.getName() + "\n" + debugInfoStack.toString());
        } else {
   
            throw new NotSerializableException(cl.getName());
        }
    }
    ...
}

/**
 * 写object数据
 */
private void writeOrdinaryObject(Object obj, ObjectStreamClass desc, boolean unshared) throws IOException {
   
    if (extendedDebugInfo) {
   
        debugInfoStack.push(
            (depth == 1 ? "root " : "") + "object (class \"" +
            obj.getClass().getName() + "\", " + obj.toString() + ")");
    }
    try {
   
        desc.checkSerialize();
      	//写入标记类型，读的时候根据这个来判断
        bout.writeByte(TC_OBJECT);
      	//写入类的描述信息
        writeClassDesc(desc, false);
        handles.assign(unshared ? null : obj);
        if (desc.isExternalizable() && !desc.isProxy()) {
   
          	//如果是实现了Externa