We are trying to implement message signing in the application layer for an internal project. The transport is over Thrift – the server side is using Java and the client side is using C++. We noticed that the message signing would fail because the client and server would serialize the same Thrift object in different ways.
The semantics of "optional" fields differ between thrift code generated for Java and CPP. In CPP, all optional fields are guarded by the isset helper struct. On Java, however, the generated code takes advantage of nullable types: for containers, structs, exceptions, enums, and, notably, strings, the generator elides explicit use of an "isset" bit vector and instead emits checks of the form "field null". This leads to varying behavior between the two languages: an optional string field with a default value will have isset[fieldid] false on C, but the equivalent test in Java will be true.
To be concrete, consider the following example:
In C++, the checks for 'bar' and 'i' are similar:
However, in Java, the checks are different:
As a result, when the Java object is serialized, the value for 'bar' is included. But when the C++ object is serialized, the value for 'bar' is NOT included.
For a system like Thrift, I would eschew a few bytes saved over correctness and reliability. As a user of Thrift, I do expect that the wire data generated for identical Thrift objects will be identical, regardless of the language used.
We already use a BitSet to track primitive types in Java. The compiler should extend the bit vector to also guard nullable types, to be consistent with C++. This is pretty easy and low impact – I'm happy to provide a patch.