PVS-Studio.com logo
V3096. Possible exception when serializ…

V3096. Possible exception when serializing type. [Serializable] attribute is missing.

The analyzer detected a type that implements the 'ISerializable' interface but is not marked with the [Serializable] attribute. Attempting to serialize instances of this type will cause raising a 'SerializationException'. Implementation of the 'ISerializable' interface is not enough for the CLR to know at runtime that the type is serializable; it must be additionally marked with the [Serializable] attribute.

Consider the following example. Suppose we have a method to perform object serialization and deserialization:

static void Foo(MemoryStream ms, BinaryFormatter bf, C1 obj)
  bf.Serialize(ms, obj);
  ms.Position = 0;
  obj = (C1)bf.Deserialize(ms);

The 'C1' class is declared in the following way:

sealed class C1 : ISerializable
  public C1()
  { }

  private C1(SerializationInfo info, StreamingContext context)
    field = (String)info.GetValue("field", typeof(String));

  public void GetObjectData(SerializationInfo info,  
                            StreamingContext context)
    info.AddValue("field", field, typeof(String));

  private String field = "Some field";

When trying to serialize an instance of this type, a 'SerializationException' will be raised. To solve the issue, we must decorate this class with the [Serializable] attribute. Therefore, a correct class declaration should look like this:

sealed class C1 : ISerializable
  public C1()
  { }

  private C1(SerializationInfo info, StreamingContext context)
    field = (String)info.GetValue("field", typeof(String));

  public void GetObjectData(SerializationInfo info, 
                            StreamingContext context)
    info.AddValue("field", field, typeof(String));

  private String field = "Some field";

Note. This diagnostic has one additional parameter, which you can configure in the configuration file (*.pvsconfig). It has the following syntax:

//+V3096:CONF:{ IncludeBaseTypes: true }

With this parameter on, the analyzer examines not only how the 'ISerializable' interface is implemented by the class itself, but also how it is implemented by any of the base classes. This option is off by default.

To learn more about configuration files, see this page.