Home Library Learn Samples Downloads Support Community Forums
MSDN Library
Development Tools and Languages
Visual Studio 2010
Visual Studio Application Lifecycle Management
Developing the Application
Performing Common Development Tasks
Analyzing Application Quality by Using Code Analysis Tools
Analyzing Managed Code Quality by Using Code Analysis
Code Analysis for Managed Code Warnings
Usage Warnings
CA1801: Review unused parameters
CA1806: Do not ignore method results
CA1816: Call GC.SuppressFinalize correctly
CA2200: Rethrow to preserve stack details
CA2201: Do not raise reserved exception types
CA2202: Do not dispose objects multiple times
CA2204: Literals should be spelled correctly
CA2205: Use managed equivalents of Win32 API
CA2207: Initialize value type static fields inline
CA2208: Instantiate argument exceptions correctly
CA2211: Non-constant fields should not be visible
CA2212: Do not mark serviced components with WebMethod
CA2213: Disposable fields should be disposed
CA2214: Do not call overridable methods in constructors
CA2215: Dispose methods should call base class dispose
CA2216: Disposable types should declare finalizer
CA2217: Do not mark enums with FlagsAttribute
CA2218: Override GetHashCode on overriding Equals
CA2219: Do not raise exceptions in exception clauses
CA2220: Finalizers should call base class finalizer
CA2221: Finalizers should be protected
CA2222: Do not decrease inherited member visibility
CA2223: Members should differ by more than return type
CA2224: Override equals on overloading operator equals
CA2225: Operator overloads have named alternates
CA2226: Operators should have symmetrical overloads
CA2227: Collection properties should be read only
CA2228: Do not ship unreleased resource formats
CA2229: Implement serialization constructors
CA2230: Use params for variable arguments
CA2231: Overload operator equals on overriding ValueType.Equals
CA2232: Mark Windows Forms entry points with STAThread
CA2233: Operations should not overflow
CA2234: Pass System.Uri objects instead of strings
CA2235: Mark all non-serializable fields
CA2236: Call base class methods on ISerializable types
CA2237: Mark ISerializable types with SerializableAttribute
CA2238: Implement serialization methods correctly
CA2239: Provide deserialization methods for optional fields
CA2240: Implement ISerializable correctly
CA2241: Provide correct arguments to formatting methods
CA2242: Test for NaN correctly
CA2243: Attribute string literals should parse correctly
Expand Minimize
1 out of 1 rated this helpful - Rate this topic

CA2240: Implement ISerializable correctly

Visual Studio 2010

TypeName

ImplementISerializableCorrectly

CheckId

CA2240

Category

Microsoft.Usage

Breaking Change

Non Breaking

An externally visible type is assignable to the System.Runtime.Serialization.ISerializable interface and one of the following conditions is true:

Instance fields that are declared in a type that inherits the System.Runtime.Serialization.ISerializable interface are not automatically included in the serialization process. To include the fields, the type must implement the GetObjectData method and the serialization constructor. If the fields should not be serialized, apply the NonSerializedAttribute attribute to the fields to explicitly indicate the decision.

In types that are not sealed, implementations of the GetObjectData method should be externally visible. Therefore, the method can be called by derived types, and is overridable.

To fix a violation of this rule, make the GetObjectData method visible and overridable and make sure all instance fields are included in the serialization process or explicitly marked with the NonSerializedAttribute attribute.

Do not suppress a warning from this rule.

The following example shows two serializable types that violate the rule.

C#
C++
VB
Copy 

using System;
using System.Security.Permissions;
using System.Runtime.Serialization;

namespace Samples1
{
    // Violates this rule
    [Serializable]
    public class Book : ISerializable
    {
        private readonly string _Text;

        public Book(string text)
        {
            if (text == null)
                throw new ArgumentNullException("text");

            _Text = text;
        }

        protected Book(SerializationInfo info, StreamingContext context)
        {
            if (info == null)
                throw new ArgumentNullException("info");

            _Text = info.GetString("Text");
        }

        public string Text
        {
            get { return _Text; }
        }

        [SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
        public void GetObjectData(SerializationInfo info, StreamingContext context)
        {
            if (info == null)
                throw new ArgumentNullException("info");

            info.AddValue("Text", _Text);
        }
    }

    // Violates this rule
    [Serializable]
    public class LibraryBook : Book
    {
        private readonly DateTime _CheckedOut;

        public LibraryBook(string text, DateTime checkedOut)
            : base(text)
        {
            _CheckedOut = checkedOut;
        }

        public DateTime CheckedOut
        {
            get { return _CheckedOut; }
        }
    }
}

The following example fixes the two previous violations by providing an overrideable implementation of [ISerializable.GetObjectData] on the Book class and by providing an implementation of [ISerializable.GetObjectData] on the Library class.

C#
C++
VB
Copy 

using System;
using System.Security.Permissions;
using System.Runtime.Serialization;

namespace Samples2
{
    [Serializable]
    public class Book : ISerializable
    {
        private readonly string _Title;

        public Book(string title)
        {
            if (title == null)
                throw new ArgumentNullException("title");

            _Title = title;
        }

        protected Book(SerializationInfo info, StreamingContext context)
        {
            if (info == null)
                throw new ArgumentNullException("info");

            _Title = info.GetString("Title");
        }

        public string Title
        {
            get { return _Title; }
        }

        [SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
        protected virtual void GetObjectData(SerializationInfo info, StreamingContext context)
        {
            info.AddValue("Title", _Title);
        }

        [SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.SerializationFormatter)]
        void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context)
        {
            if (info == null)
                throw new ArgumentNullException("info");

            GetObjectData(info, context);
        }
    }

    [Serializable]
    public class LibraryBook : Book
    {
        private readonly DateTime _CheckedOut;

        public LibraryBook(string title, DateTime checkedOut)
            : base(title)
        {
            _CheckedOut = checkedOut;
        }

        protected LibraryBook(SerializationInfo info, StreamingContext context)
            : base(info, context)
        {
            _CheckedOut = info.GetDateTime("CheckedOut");
        }

        public DateTime CheckedOut
        {
            get { return _CheckedOut; }
        }

        [SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
        protected override void GetObjectData(SerializationInfo info, StreamingContext context)
        {
            base.GetObjectData(info, context);

            info.AddValue("CheckedOut", _CheckedOut);
        }
    }
}
Did you find this helpful?
(1500 characters remaining)

Community Additions

ADD
© 2013 Microsoft. All rights reserved.