原因 that BinaryFormatter
(有时)能够往返Action<T>
这些代表被标记为[Serializable] https://msdn.microsoft.com/en-us/library/system.serializableattribute(v=vs.110).aspx并实施ISerializable https://msdn.microsoft.com/en-us/library/system.runtime.serialization.iserializable(v=vs.110).aspx.
然而,仅仅因为委托本身被标记为可序列化并不意味着它的成员可以成功序列化。在测试中,我能够序列化以下委托:
Action<int> a1 = (a) => Console.WriteLine(a);
但尝试序列化以下内容引发了SerializationException
:
int i = 0;
Action<int> a2 = (a) => i = i + a;
捕获的变量i
显然被放置在不可序列化的编译器生成的类中,从而阻止委托的二进制序列化成功。
另一方面,Json.NET 无法往返Action<T>
尽管支持ISerializable https://www.newtonsoft.com/json/help/html/SerializationGuide.htm#ISerializable因为它不提供对通过配置的序列化代理的支持SerializationInfo.SetType(Type) https://msdn.microsoft.com/en-us/library/system.runtime.serialization.serializationinfo.settype(v=vs.110).aspx。我们可以确认Action<T>
通过以下代码使用此机制:
var iSerializable = a1 as ISerializable;
if (iSerializable != null)
{
var info = new SerializationInfo(a1.GetType(), new FormatterConverter());
var initialFullTypeName = info.FullTypeName;
iSerializable.GetObjectData(info, new StreamingContext(StreamingContextStates.All));
Console.WriteLine("Initial FullTypeName = \"{0}\", final FullTypeName = \"{1}\".", initialFullTypeName, info.FullTypeName);
var enumerator = info.GetEnumerator();
while (enumerator.MoveNext())
{
Console.WriteLine(" Name = {0}, objectType = {1}, value = {2}.", enumerator.Name, enumerator.ObjectType, enumerator.Value);
}
}
运行时,输出:
Initial FullTypeName = "System.Action`1[[System.Int32, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]", final FullTypeName = "System.DelegateSerializationHolder".
Name = Delegate, objectType = System.DelegateSerializationHolder+DelegateEntry, value = System.DelegateSerializationHolder+DelegateEntry.
Name = method0, objectType = System.Reflection.RuntimeMethodInfo, value = Void <Test>b__0(Int32).
请注意FullTypeName
已更改为System.DelegateSerializationHolder https://referencesource.microsoft.com/#mscorlib/system/delegateserializationholder.cs?那是代理,Json.NET 不支持它。
这就引出了一个问题,当委托被序列化时,会写出什么?为了确定这一点,我们可以配置 Json.NET 进行序列化Action<T>
类似于如何BinaryFormatter
将通过设置
- DefaultContractResolver.IgnoreSerializableAttribute = false https://www.newtonsoft.com/json/help/html/P_Newtonsoft_Json_Serialization_DefaultContractResolver_IgnoreSerializableAttribute.htm
- DefaultContractResolver.IgnoreSerializableInterface = false https://www.newtonsoft.com/json/help/html/P_Newtonsoft_Json_Serialization_DefaultContractResolver_IgnoreSerializableInterface.htm
- JsonSerializerSettings.TypeNameHandling = TypeNameHandling.All https://www.newtonsoft.com/json/help/html/P_Newtonsoft_Json_JsonSerializerSettings_TypeNameHandling.htm
如果我序列化a1
使用这些设置:
var settings = new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.All,
ContractResolver = new DefaultContractResolver
{
IgnoreSerializableInterface = false,
IgnoreSerializableAttribute = false,
},
Formatting = Formatting.Indented,
};
var json = JsonConvert.SerializeObject(a1, settings);
Console.WriteLine(json);
然后生成以下 JSON:
{
"$type": "System.Action`1[[System.Int32, mscorlib]], mscorlib",
"Delegate": {
"$type": "System.DelegateSerializationHolder+DelegateEntry, mscorlib",
"type": "System.Action`1[[System.Int32, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
"assembly": "mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
"target": null,
"targetTypeAssembly": "Tile, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null",
"targetTypeName": "Question49138328.TestClass",
"methodName": "<Test>b__0",
"delegateEntry": null
},
"method0": {
"$type": "System.Reflection.RuntimeMethodInfo, mscorlib",
"Name": "<Test>b__0",
"AssemblyName": "Tile, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null",
"ClassName": "Question49138328.TestClass",
"Signature": "Void <Test>b__0(Int32)",
"MemberType": 8,
"GenericArguments": null
}
}
替代品FullTypeName
不包括在内,但其他一切都包括在内。正如您所看到的,它实际上并没有存储委托的 IL 指令;而是存储了代理的 IL 指令。它存储要调用的方法的完整签名,包括隐藏的、编译器生成的方法名称<Test>b__0
中提到的这个答案 https://stackoverflow.com/a/17709299。你可以通过打印自己看到隐藏的方法名称a1.Method.Name
.
顺便说一下,为了确认 Json.NET 确实保存了与BinaryFormatter
,你可以序列化a1
转换为二进制并打印任何嵌入的 ASCII 字符串,如下所示:
var binary = BinaryFormatterHelper.ToBinary(a1);
var s = Regex.Replace(Encoding.ASCII.GetString(binary), @"[^\u0020-\u007E]", string.Empty);
Console.WriteLine(s);
Assert.IsTrue(s.Contains(a1.Method.Name)); // Always passes
使用扩展方法:
public static partial class BinaryFormatterHelper
{
public static byte[] ToBinary<T>(T obj)
{
using (var stream = new MemoryStream())
{
new System.Runtime.Serialization.Formatters.Binary.BinaryFormatter().Serialize(stream, obj);
return stream.ToArray();
}
}
}
这样做会产生以下字符串:
????"System.DelegateSerializationHolderDelegatemethod00System.DelegateSerializationHolder+DelegateEntry/System.Reflection.MemberInfoSerializationHolder0System.DelegateSerializationHolder+DelegateEntrytypeassemblytargettargetTypeAssemblytargetTypeNamemethodNamedelegateEntry0System.DelegateSerializationHolder+DelegateEntrylSystem.Action`1[[System.Int32, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]Kmscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;Tile, Version=1.0.0.0, Culture=neutral, PublicKeyToken=nullQuestion49138328.TestClass<Test>b__0/System.Reflection.MemberInfoSerializationHolderNameAssemblyNameClassNameSignatureMemberTypeGenericArgumentsSystem.Type[]Void <Test>b__0(Int32)
并且断言永远不会触发,表明编译器生成的方法名称<Test>b__0
确实也存在于二进制文件中。
现在,这是可怕的部分。如果我修改我的 C# 源代码来创建另一个Action<T>
before a1
,像这样:
// I inserted this before a1 and then recompiled:
Action<int> a0 = (a) => Debug.WriteLine(a);
Action<int> a1 = (a) => Console.WriteLine(a);
然后重新构建并重新运行,a1.Method.Name
更改为<Test>b__1
:
{
"$type": "System.Action`1[[System.Int32, mscorlib]], mscorlib",
"Delegate": {
"$type": "System.DelegateSerializationHolder+DelegateEntry, mscorlib",
"type": "System.Action`1[[System.Int32, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
"assembly": "mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
"target": null,
"targetTypeAssembly": "Tile, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null",
"targetTypeName": "Question49138328.TestClass",
"methodName": "<Test>b__1",
"delegateEntry": null
},
"method0": {
"$type": "System.Reflection.RuntimeMethodInfo, mscorlib",
"Name": "<Test>b__1",
"AssemblyName": "Tile, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null",
"ClassName": "Question49138328.TestClass",
"Signature": "Void <Test>b__1(Int32)",
"MemberType": 8,
"GenericArguments": null
}
}
现在,如果我反序列化二进制数据a1
从早期版本保存后,它返回为a0
!因此,在代码库中的某个位置添加另一个委托,或者以明显无害的方式重构代码,可能会导致先前序列化的委托数据损坏并失败,甚至反序列化到新版本软件时可能会执行错误的方法。此外,除了恢复代码中的所有更改并且不再进行此类更改之外,这不太可能是可修复的。
总结,我们发现序列化的委托信息对于代码库中看似不相关的更改非常脆弱。我强烈建议不要通过序列化来持久化代表BinaryFormatter
或 Json.NET。相反,请考虑维护一个命名委托表并序列化名称,或者遵循命令模式 https://en.wikipedia.org/wiki/Command_pattern并序列化命令对象。