Esmond said:
As the algorithm is very tightly specified in the Serialization
Specification and the JVM specification I find this rather difficult to
believe. I'm aware that GNU Java gets it wrong but I've never found any
evidence to suggest that GNU Java is Java in any useful way.
But the things it depends upon are less well specified. For instance,
according to section 4.6 of the serialization specification, <clinit> is
included in the hash. IIRC, if you target 1.4 you need <clinit> for
..class constants; if you target 1.5 the ldc instruction takes on that
roll. There are a number of bugs in the bug parade on the subject.
Again from section 4.6 of the serialization specification:
"Note - It is strongly recommended that all serializable classes
explicitly declare serialVersionUID values, since the default
serialVersionUID computation is highly sensitive to class details
that may vary depending on compiler implementations, and can thus
result in unexpected serialVersionUID conflicts during
deserialization, causing deserialization to fail."
http://java.sun.com/javase/6/docs/platform/serialization/spec/class.html
Tom Hawtin