We have a project which uses serialization by implementing ISerializable and using BinaryFormatter. We are moving to .net compact which do not have BinaryFormatter class. I was wondering if we can use ProtoBuf-Net. Can we instruct ProtoBuf-Net to use GetObjectData() for serialization? Specifically, I want to find out how to use Serializer.Serialize(SerializableInfo, ISerializable) function.
Added
I looked at the source code and I see that though the function
Serializer.Serialize(SerializableInfo, T t) where T is ISerializable
doesn't use the constraint T is ISerializable at all. Why was T declared to be ISerializable?
The ISerializable support exists (at the moment) as a mechanism for injecting protobuf-net into the middle of existing APIs that use BinaryFormatter - for example, you can do this to reduce the overhead of .NET remoting or (serialized) session-state. However, this still results in a pb-net BLOB in the middle of a BinaryFormatter wrapper (in particular, the bf header specifies the concrete type assembly-qualfied-name).
Re the question about the constraint - that is simply to help guide usage; that API is only intended to be used as part of this injection into BinaryFormatter via ISerializable. Otherwise it is preferred to just use the Stream based API.
If you are looking at CF, then of course BinaryFormatter ceases to be useful, but the Stream based API is fine. It works on CF, but you should note that for models with lots of classes there are currently some glitches on CF caused by the overuse of generics ("missing method" or some-such). The good news is that I'm making good progress on some refactoring that ditches this, making it much more stable on the smaller frameworks.
Related
I wonder if there is any possibility of serializing a class described in a topic.
Suppose we have someone's library that is shared as binary DLL file. Additionally a creator of this lib created a class that is not Serializable. How to serialize such a class? I know I can create a twin-class that contains all the poperties etc. that can be serialized. But is there any other, easier solution to do this? How do you serialize classes that are "not yours" and are stored as binary only?
The 3rd party class is an implementation detail; frankly, it is a very bad idea to involve this in your serialization, as you are then completely fenced into a corner, and can never change implementation. You would also face significant risk of versioning issues - something that BinaryFormatter simply doesn't handle well.
It might not be what you want to hear, but I offer two recommendations:
do not serialize implementation details; serialize the data (only); this may indeed require you to write a DTO that mirrors the implementation, but this is usually a trivial job
make sure you understand the implications of BinaryFormatter; frankly, I never recommend it - it has... glitches.
As for workarounds: you can investigate serialization surrogates, but that isn't a trivial thing to do inside BinaryFormatter, and is basically just a re-statement of the first bullet.
If it was me (although I am hugely biased), I would change serializer; protobuf-net (disclosure: I'm the author) works as a binary serializer, and has easy-to-implement support for surrogates if the third-party model is already coupled to your model.
Based on my understanding, SerializableAttribute provides no compile time checks, as it's all done at runtime. If that's the case, then why is it required for classes to be marked as serializable?
Couldn't the serializer just try to serialize an object and then fail? Isn't that what it does right now? When something is marked, it tries and fails. Wouldn't it be better if you had to mark things as unserializable rather than serializable? That way you wouldn't have the problem of libraries not marking things as serializable?
As I understand it, the idea behind the SerializableAttribute is to create an opt-in system for binary serialization.
Keep in mind that, unlike XML serialization, which uses public properties, binary serialization grabs all the private fields by default.
Not only this could include operating system structures and private data that is not supposed to be exposed, but deserializing it could result in corrupt state that can crash an application (silly example: a handle for a file open in a different computer).
This is only a requirement for BinaryFormatter (and the SOAP equivalent, but nobody uses that). Diego is right; there are good reasons for this in terms of what it does, but it is far from the only option - indeed, personally I only recommend BinaryFormatter for talking between AppDomains - it is not (IMO) a good way to persist data (to disk, in cache, to a database BLOB, etc).
If this behaviour causes you trouble, consider using any of the alternatives:
XmlSerializer, which works on public members (not just the fields), but demands a public parameterless constructor and public type
DataContractSerializer, which can work fully opt-in (using [DataContract]/[DataMember]), but which can also (in 3.5 and above) work against the fields instead
Also - for a 3rd-party option (me being the 3rd party); protobuf-net may have options here; "v2" (not fully released yet, but available as source) allows the model (which members to serialize, etc) to be described independently of the type, so that it can be applied to types that you don't control. And unlike BinaryFormatter the output is version-tolerant, known public format, etc.
When an object is serialized (by remoting to be sent across the wire) does the instance method code get serialized? Or are just the class level instance fields serialized?
I am asking this as some of my objects have large method and want to know wheather I should be using DTO's (data transfer objects) for sending data across the wire.
I guessing it's just the data plus some type version data ... am I right?
Thanks
Methods are never serialized.
Re "fields" - it all depends on the serializer; BinaryFormatter will do fields; you mention "remoting", which suggests BinaryFormatter, but remoting is largely a hangover now - from MSDN (on remoting):
This topic is specific to a legacy
technology that is retained for
backward compatibility with existing
applications and is not recommended
for new development. Distributed
applications should now be developed
using the Windows Communication
Foundation (WCF).
If you use web-services or WCF: XmlSerializer does public fields+properties; DataContractSerializer will do marked fields, etc.
Regular classes are often reusable as DTOs, but if you need lots of control over the wire (or have versioning issues), a separate DTO can be helpful.
(edit/additional) note also that there are other reasons not to like BinaryFormatter - it can be very brittle with versioning, and very painful to fix (although achievable). Other (more tolerant) serializers exist if this is likely to be an issue... if so, let me know and I'll update.
What gets saved is the data plus tags corresponding to your class and property names. The code itself doesn't get serialized.
I would like to know the most common scenarios where xml serialization may fail in .NET.
I'm thinking mainly of XmlSerializer here:
it is limited to tree-like data; it can't handle full object graphs
it is limited to public members, on public classes
it can't really do much with object members
it has some weaknesses around generics
like many serializers, it won't touch instance properties on a collection (bad practice in the first place)
xml simply isn't always a good choice for large data (not least, for performance)
requires a public parameterless constructor
DataContractSerializer solves some of these, but has its own limitations:
it can't handle values in attributes
requires .NET 3.0 (so not much use in 2.0)
Cannot easily serialize generic collections.
See another question: C# XML Serialization Gotchas
Depending on the serializer, cyclic references may not work
Using the shadows keyword has also broken serialization and deserialization for me because the shadowing causes a new implementation of that property to exist making it incompatible for proper reconstruction. Only use overloads if you want to retype to the specific for a subclass.
TimeSpan objects are not serializable. IDictionary-implementing types are not serializable either (although they can be serialized with some manual massaging).
AFAIK, classes marked as [Obsolete] are not serialized by XmlSerializer since .NET 2.0
In C#, if I want to serialize an instance with XmlSerializer, the object's type doesn't have to be marked with [Serializable] attribute. However, for other serialization approaches, such as DataContractSerializer, needs the class be marked as [Serializable] or [DataContract].
Is there any standard or pattern about serialization requirement?
This is because XmlSerializer only serializes public fields/properties. Other forms of serialization can serialize private data, which constitutes a potential security risk, so you have to "opt in" using an attribute.
Security isn't the only issue; simply, serialization only makes sense for certain classes. For example, it makes little snse to serialize a "connection". A connection string, sure, but the connection itself? nah. Likewise, anything that requires an unmanaged pointer/handle is not going to serialize very well. Nor are delegates.
Additionally, XmlSerializer and DataContractSerializer (by default) are tree serializers, not graph serializers - so any recursive links (like Parent) will cause it to break.
Marking the class with the serializer's preferred token is simply a way of saying "and it should make sense".
IIRC, both [XmlSerializer and [DataContractSerializer] used to be very rigid about demanding things like [Serializable], [DataContract] or [IXmlSerializable], but they have become a bit more liberal lately.
Right now there are really 3 forms of serialization in the .Net Framework.
XmlSerialization - By default works on public fields and properties. Can still be controlled via XmlElementAttribute, XmlAttributeAttribute, etc ...
BinarySerialization - Controlled by the SerializationAttribute. Deeply integrated into the CLR
WCF Seralization - DataContractAttribute, etc ...
There unfortunately is standard overall pattern for serialization. All 3 frameworks have different requirements and quirks.