What's the difference between the SUID (Stream Unique IDentifier) and the private static member serialVersionUID?

Tim Rohaly

The SUID is one of a number of things that the serialization protocol writes to the stream in addition to the serialized object (other things include a magic number and the fully- qualified class name of the object). SUID is not the same as the static variable serialVersionUID, although SUID is computed using that field, if it exists. In psuedocode,

if (serialVersionUID is defined) then
    SUID is set equal to serialVersionUID
    SUID is computed algoritmically
Because serialVersionUID is a static member, it is not written to the stream as part of the serialized object. Instead, serialization uses the serialVersionUID to compute the SUID. The SUID is then sent to the stream as part of the stream protocol, not as part of the object definition.

Deserializing requires two things:

  1. The serialized object. This does not include the static member serialVersionUID, but it does include the SUID, fully-qualified class name, etc.
  2. The .class file. This does include the static members.
When deserializing, the SUID embedded in the object input stream is compared to the SUID computed from the local .class file according to the psuedocode above. If the SUIDs are equal, then the serialized object is compatible with the class file definition.