theigl commented on issue #2559: URL: https://github.com/apache/fory/issues/2559#issuecomment-3249286614
We have deployed detailed monitoring for the Fory pool as well as serializer creation today. I will collect the logs and post my findings tomorrow. One issue became apparent immediately: Fory attempts to create serializers for interfaces and abstract classes over and over again when computing the `classVersionHash` in `ObjectCodecBuilder`. It iterates over all descriptors of the class and then resolves the `ClassInfo` here: https://github.com/apache/fory/blob/2a63b9035524a38f3cdb350df060df3627bb5241/java/fory-core/src/main/java/org/apache/fory/serializer/ObjectSerializer.java#L364-L366 If there is no existing `ClassInfo`, Fory then attempts to create a new serializer for it: https://github.com/apache/fory/blob/2a63b9035524a38f3cdb350df060df3627bb5241/java/fory-core/src/main/java/org/apache/fory/resolver/ClassResolver.java#L1272-L1280 For interfaces and abstract classes this fails with an exception. I registered a custom `SerializerFactory` that logs attempts to create new serializers and the logs are full of attempts to create such serializers. Should `computeFieldHash` really try to instantiate and register serializers as a side-effect? It even triggers a warning, urging the user to register the interface if `suppressClassRegistrationWarnings=false`. E.g. > interface java.lang.Iterable is not registered, please check whether it's the type you want to serialize or a **vulnerability** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
