1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
|
.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "Storable 3perl"
.TH Storable 3perl 2024-05-30 "perl v5.38.2" "Perl Programmers Reference Guide"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
Storable \- persistence for Perl data structures
.SH SYNOPSIS
.IX Header "SYNOPSIS"
.Vb 3
\& use Storable;
\& store \e%table, \*(Aqfile\*(Aq;
\& $hashref = retrieve(\*(Aqfile\*(Aq);
\&
\& use Storable qw(nstore store_fd nstore_fd freeze thaw dclone);
\&
\& # Network order
\& nstore \e%table, \*(Aqfile\*(Aq;
\& $hashref = retrieve(\*(Aqfile\*(Aq); # There is NO nretrieve()
\&
\& # Storing to and retrieving from an already opened file
\& store_fd \e@array, \e*STDOUT;
\& nstore_fd \e%table, \e*STDOUT;
\& $aryref = fd_retrieve(\e*SOCKET);
\& $hashref = fd_retrieve(\e*SOCKET);
\&
\& # Serializing to memory
\& $serialized = freeze \e%table;
\& %table_clone = %{ thaw($serialized) };
\&
\& # Deep (recursive) cloning
\& $cloneref = dclone($ref);
\&
\& # Advisory locking
\& use Storable qw(lock_store lock_nstore lock_retrieve)
\& lock_store \e%table, \*(Aqfile\*(Aq;
\& lock_nstore \e%table, \*(Aqfile\*(Aq;
\& $hashref = lock_retrieve(\*(Aqfile\*(Aq);
.Ve
.SH DESCRIPTION
.IX Header "DESCRIPTION"
The Storable package brings persistence to your Perl data structures
containing SCALAR, ARRAY, HASH or REF objects, i.e. anything that can be
conveniently stored to disk and retrieved at a later time.
.PP
It can be used in the regular procedural way by calling \f(CW\*(C`store\*(C'\fR with
a reference to the object to be stored, along with the file name where
the image should be written.
.PP
The routine returns \f(CW\*(C`undef\*(C'\fR for I/O problems or other internal error,
a true value otherwise. Serious errors are propagated as a \f(CW\*(C`die\*(C'\fR exception.
.PP
To retrieve data stored to disk, use \f(CW\*(C`retrieve\*(C'\fR with a file name.
The objects stored into that file are recreated into memory for you,
and a \fIreference\fR to the root object is returned. In case an I/O error
occurs while reading, \f(CW\*(C`undef\*(C'\fR is returned instead. Other serious
errors are propagated via \f(CW\*(C`die\*(C'\fR.
.PP
Since storage is performed recursively, you might want to stuff references
to objects that share a lot of common data into a single array or hash
table, and then store that object. That way, when you retrieve back the
whole thing, the objects will continue to share what they originally shared.
.PP
At the cost of a slight header overhead, you may store to an already
opened file descriptor using the \f(CW\*(C`store_fd\*(C'\fR routine, and retrieve
from a file via \f(CW\*(C`fd_retrieve\*(C'\fR. Those names aren't imported by default,
so you will have to do that explicitly if you need those routines.
The file descriptor you supply must be already opened, for read
if you're going to retrieve and for write if you wish to store.
.PP
.Vb 2
\& store_fd(\e%table, *STDOUT) || die "can\*(Aqt store to stdout\en";
\& $hashref = fd_retrieve(*STDIN);
.Ve
.PP
You can also store data in network order to allow easy sharing across
multiple platforms, or when storing on a socket known to be remotely
connected. The routines to call have an initial \f(CW\*(C`n\*(C'\fR prefix for \fInetwork\fR,
as in \f(CW\*(C`nstore\*(C'\fR and \f(CW\*(C`nstore_fd\*(C'\fR. At retrieval time, your data will be
correctly restored so you don't have to know whether you're restoring
from native or network ordered data. Double values are stored stringified
to ensure portability as well, at the slight risk of loosing some precision
in the last decimals.
.PP
When using \f(CW\*(C`fd_retrieve\*(C'\fR, objects are retrieved in sequence, one
object (i.e. one recursive tree) per associated \f(CW\*(C`store_fd\*(C'\fR.
.PP
If you're more from the object-oriented camp, you can inherit from
Storable and directly store your objects by invoking \f(CW\*(C`store\*(C'\fR as
a method. The fact that the root of the to-be-stored tree is a
blessed reference (i.e. an object) is special-cased so that the
retrieve does not provide a reference to that object but rather the
blessed object reference itself. (Otherwise, you'd get a reference
to that blessed object).
.SH "MEMORY STORE"
.IX Header "MEMORY STORE"
The Storable engine can also store data into a Perl scalar instead, to
later retrieve them. This is mainly used to freeze a complex structure in
some safe compact memory place (where it can possibly be sent to another
process via some IPC, since freezing the structure also serializes it in
effect). Later on, and maybe somewhere else, you can thaw the Perl scalar
out and recreate the original complex structure in memory.
.PP
Surprisingly, the routines to be called are named \f(CW\*(C`freeze\*(C'\fR and \f(CW\*(C`thaw\*(C'\fR.
If you wish to send out the frozen scalar to another machine, use
\&\f(CW\*(C`nfreeze\*(C'\fR instead to get a portable image.
.PP
Note that freezing an object structure and immediately thawing it
actually achieves a deep cloning of that structure:
.PP
.Vb 1
\& dclone(.) = thaw(freeze(.))
.Ve
.PP
Storable provides you with a \f(CW\*(C`dclone\*(C'\fR interface which does not create
that intermediary scalar but instead freezes the structure in some
internal memory space and then immediately thaws it out.
.SH "ADVISORY LOCKING"
.IX Header "ADVISORY LOCKING"
The \f(CW\*(C`lock_store\*(C'\fR and \f(CW\*(C`lock_nstore\*(C'\fR routine are equivalent to
\&\f(CW\*(C`store\*(C'\fR and \f(CW\*(C`nstore\*(C'\fR, except that they get an exclusive lock on
the file before writing. Likewise, \f(CW\*(C`lock_retrieve\*(C'\fR does the same
as \f(CW\*(C`retrieve\*(C'\fR, but also gets a shared lock on the file before reading.
.PP
As with any advisory locking scheme, the protection only works if you
systematically use \f(CW\*(C`lock_store\*(C'\fR and \f(CW\*(C`lock_retrieve\*(C'\fR. If one side of
your application uses \f(CW\*(C`store\*(C'\fR whilst the other uses \f(CW\*(C`lock_retrieve\*(C'\fR,
you will get no protection at all.
.PP
The internal advisory locking is implemented using Perl's \fBflock()\fR
routine. If your system does not support any form of \fBflock()\fR, or if
you share your files across NFS, you might wish to use other forms
of locking by using modules such as LockFile::Simple which lock a
file using a filesystem entry, instead of locking the file descriptor.
.SH SPEED
.IX Header "SPEED"
The heart of Storable is written in C for decent speed. Extra low-level
optimizations have been made when manipulating perl internals, to
sacrifice encapsulation for the benefit of greater speed.
.SH "CANONICAL REPRESENTATION"
.IX Header "CANONICAL REPRESENTATION"
Normally, Storable stores elements of hashes in the order they are
stored internally by Perl, i.e. pseudo-randomly. If you set
\&\f(CW$Storable::canonical\fR to some \f(CW\*(C`TRUE\*(C'\fR value, Storable will store
hashes with the elements sorted by their key. This allows you to
compare data structures by comparing their frozen representations (or
even the compressed frozen representations), which can be useful for
creating lookup tables for complicated queries.
.PP
Canonical order does not imply network order; those are two orthogonal
settings.
.SH "CODE REFERENCES"
.IX Header "CODE REFERENCES"
Since Storable version 2.05, CODE references may be serialized with
the help of B::Deparse. To enable this feature, set
\&\f(CW$Storable::Deparse\fR to a true value. To enable deserialization,
\&\f(CW$Storable::Eval\fR should be set to a true value. Be aware that
deserialization is done through \f(CW\*(C`eval\*(C'\fR, which is dangerous if the
Storable file contains malicious data. You can set \f(CW$Storable::Eval\fR
to a subroutine reference which would be used instead of \f(CW\*(C`eval\*(C'\fR. See
below for an example using a Safe compartment for deserialization
of CODE references.
.PP
If \f(CW$Storable::Deparse\fR and/or \f(CW$Storable::Eval\fR are set to false
values, then the value of \f(CW$Storable::forgive_me\fR (see below) is
respected while serializing and deserializing.
.SH "FORWARD COMPATIBILITY"
.IX Header "FORWARD COMPATIBILITY"
This release of Storable can be used on a newer version of Perl to
serialize data which is not supported by earlier Perls. By default,
Storable will attempt to do the right thing, by \f(CWcroak()\fRing if it
encounters data that it cannot deserialize. However, the defaults
can be changed as follows:
.IP "utf8 data" 4
.IX Item "utf8 data"
Perl 5.6 added support for Unicode characters with code points > 255,
and Perl 5.8 has full support for Unicode characters in hash keys.
Perl internally encodes strings with these characters using utf8, and
Storable serializes them as utf8. By default, if an older version of
Perl encounters a utf8 value it cannot represent, it will \f(CWcroak()\fR.
To change this behaviour so that Storable deserializes utf8 encoded
values as the string of bytes (effectively dropping the \fIis_utf8\fR flag)
set \f(CW$Storable::drop_utf8\fR to some \f(CW\*(C`TRUE\*(C'\fR value. This is a form of
data loss, because with \f(CW$drop_utf8\fR true, it becomes impossible to tell
whether the original data was the Unicode string, or a series of bytes
that happen to be valid utf8.
.IP "restricted hashes" 4
.IX Item "restricted hashes"
Perl 5.8 adds support for restricted hashes, which have keys
restricted to a given set, and can have values locked to be read only.
By default, when Storable encounters a restricted hash on a perl
that doesn't support them, it will deserialize it as a normal hash,
silently discarding any placeholder keys and leaving the keys and
all values unlocked. To make Storable \f(CWcroak()\fR instead, set
\&\f(CW$Storable::downgrade_restricted\fR to a \f(CW\*(C`FALSE\*(C'\fR value. To restore
the default set it back to some \f(CW\*(C`TRUE\*(C'\fR value.
.Sp
The cperl PERL_PERTURB_KEYS_TOP hash strategy has a known problem with
restricted hashes.
.IP "huge objects" 4
.IX Item "huge objects"
On 64bit systems some data structures may exceed the 2G (i.e. I32_MAX)
limit. On 32bit systems also strings between I32 and U32 (2G\-4G).
Since Storable 3.00 (not in perl5 core) we are able to store and
retrieve these objects, even if perl5 itself is not able to handle
them. These are strings longer then 4G, arrays with more then 2G
elements and hashes with more then 2G elements. cperl forbids hashes
with more than 2G elements, but this fail in cperl then. perl5 itself
at least until 5.26 allows it, but cannot iterate over them.
Note that creating those objects might cause out of memory
exceptions by the operating system before perl has a chance to abort.
.IP "files from future versions of Storable" 4
.IX Item "files from future versions of Storable"
Earlier versions of Storable would immediately croak if they encountered
a file with a higher internal version number than the reading Storable
knew about. Internal version numbers are increased each time new data
types (such as restricted hashes) are added to the vocabulary of the file
format. This meant that a newer Storable module had no way of writing a
file readable by an older Storable, even if the writer didn't store newer
data types.
.Sp
This version of Storable will defer croaking until it encounters a data
type in the file that it does not recognize. This means that it will
continue to read files generated by newer Storable modules which are careful
in what they write out, making it easier to upgrade Storable modules in a
mixed environment.
.Sp
The old behaviour of immediate croaking can be re-instated by setting
\&\f(CW$Storable::accept_future_minor\fR to some \f(CW\*(C`FALSE\*(C'\fR value.
.PP
All these variables have no effect on a newer Perl which supports the
relevant feature.
.SH "ERROR REPORTING"
.IX Header "ERROR REPORTING"
Storable uses the "exception" paradigm, in that it does not try to
workaround failures: if something bad happens, an exception is
generated from the caller's perspective (see Carp and \f(CWcroak()\fR).
Use eval {} to trap those exceptions.
.PP
When Storable croaks, it tries to report the error via the \f(CWlogcroak()\fR
routine from the \f(CW\*(C`Log::Agent\*(C'\fR package, if it is available.
.PP
Normal errors are reported by having \fBstore()\fR or \fBretrieve()\fR return \f(CW\*(C`undef\*(C'\fR.
Such errors are usually I/O errors (or truncated stream errors at retrieval).
.PP
When Storable throws the "Max. recursion depth with nested structures
exceeded" error we are already out of stack space. Unfortunately on
some earlier perl versions cleaning up a recursive data structure
recurses into the free calls, which will lead to stack overflows in
the cleanup. This data structure is not properly cleaned up then, it
will only be destroyed during global destruction.
.SH "WIZARDS ONLY"
.IX Header "WIZARDS ONLY"
.SS Hooks
.IX Subsection "Hooks"
Any class may define hooks that will be called during the serialization
and deserialization process on objects that are instances of that class.
Those hooks can redefine the way serialization is performed (and therefore,
how the symmetrical deserialization should be conducted).
.PP
Since we said earlier:
.PP
.Vb 1
\& dclone(.) = thaw(freeze(.))
.Ve
.PP
everything we say about hooks should also hold for deep cloning. However,
hooks get to know whether the operation is a mere serialization, or a cloning.
.PP
Therefore, when serializing hooks are involved,
.PP
.Vb 1
\& dclone(.) <> thaw(freeze(.))
.Ve
.PP
Well, you could keep them in sync, but there's no guarantee it will always
hold on classes somebody else wrote. Besides, there is little to gain in
doing so: a serializing hook could keep only one attribute of an object,
which is probably not what should happen during a deep cloning of that
same object.
.PP
Here is the hooking interface:
.ie n .IP """STORABLE_freeze"" \fIobj\fR, \fIcloning\fR" 4
.el .IP "\f(CWSTORABLE_freeze\fR \fIobj\fR, \fIcloning\fR" 4
.IX Item "STORABLE_freeze obj, cloning"
The serializing hook, called on the object during serialization. It can be
inherited, or defined in the class itself, like any other method.
.Sp
Arguments: \fIobj\fR is the object to serialize, \fIcloning\fR is a flag indicating
whether we're in a \fBdclone()\fR or a regular serialization via \fBstore()\fR or \fBfreeze()\fR.
.Sp
Returned value: A LIST \f(CW\*(C`($serialized, $ref1, $ref2, ...)\*(C'\fR where \f(CW$serialized\fR
is the serialized form to be used, and the optional \f(CW$ref1\fR, \f(CW$ref2\fR, etc... are
extra references that you wish to let the Storable engine serialize.
.Sp
At deserialization time, you will be given back the same LIST, but all the
extra references will be pointing into the deserialized structure.
.Sp
The \fBfirst time\fR the hook is hit in a serialization flow, you may have it
return an empty list. That will signal the Storable engine to further
discard that hook for this class and to therefore revert to the default
serialization of the underlying Perl data. The hook will again be normally
processed in the next serialization.
.Sp
Unless you know better, serializing hook should always say:
.Sp
.Vb 5
\& sub STORABLE_freeze {
\& my ($self, $cloning) = @_;
\& return if $cloning; # Regular default serialization
\& ....
\& }
.Ve
.Sp
in order to keep reasonable \fBdclone()\fR semantics.
.ie n .IP """STORABLE_thaw"" \fIobj\fR, \fIcloning\fR, \fIserialized\fR, ..." 4
.el .IP "\f(CWSTORABLE_thaw\fR \fIobj\fR, \fIcloning\fR, \fIserialized\fR, ..." 4
.IX Item "STORABLE_thaw obj, cloning, serialized, ..."
The deserializing hook called on the object during deserialization.
But wait: if we're deserializing, there's no object yet... right?
.Sp
Wrong: the Storable engine creates an empty one for you. If you know Eiffel,
you can view \f(CW\*(C`STORABLE_thaw\*(C'\fR as an alternate creation routine.
.Sp
This means the hook can be inherited like any other method, and that
\&\fIobj\fR is your blessed reference for this particular instance.
.Sp
The other arguments should look familiar if you know \f(CW\*(C`STORABLE_freeze\*(C'\fR:
\&\fIcloning\fR is true when we're part of a deep clone operation, \fIserialized\fR
is the serialized string you returned to the engine in \f(CW\*(C`STORABLE_freeze\*(C'\fR,
and there may be an optional list of references, in the same order you gave
them at serialization time, pointing to the deserialized objects (which
have been processed courtesy of the Storable engine).
.Sp
When the Storable engine does not find any \f(CW\*(C`STORABLE_thaw\*(C'\fR hook routine,
it tries to load the class by requiring the package dynamically (using
the blessed package name), and then re-attempts the lookup. If at that
time the hook cannot be located, the engine croaks. Note that this mechanism
will fail if you define several classes in the same file, but perlmod
warned you.
.Sp
It is up to you to use this information to populate \fIobj\fR the way you want.
.Sp
Returned value: none.
.ie n .IP """STORABLE_attach"" \fIclass\fR, \fIcloning\fR, \fIserialized\fR" 4
.el .IP "\f(CWSTORABLE_attach\fR \fIclass\fR, \fIcloning\fR, \fIserialized\fR" 4
.IX Item "STORABLE_attach class, cloning, serialized"
While \f(CW\*(C`STORABLE_freeze\*(C'\fR and \f(CW\*(C`STORABLE_thaw\*(C'\fR are useful for classes where
each instance is independent, this mechanism has difficulty (or is
incompatible) with objects that exist as common process-level or
system-level resources, such as singleton objects, database pools, caches
or memoized objects.
.Sp
The alternative \f(CW\*(C`STORABLE_attach\*(C'\fR method provides a solution for these
shared objects. Instead of \f(CW\*(C`STORABLE_freeze\*(C'\fR \-\-> \f(CW\*(C`STORABLE_thaw\*(C'\fR,
you implement \f(CW\*(C`STORABLE_freeze\*(C'\fR \-\-> \f(CW\*(C`STORABLE_attach\*(C'\fR instead.
.Sp
Arguments: \fIclass\fR is the class we are attaching to, \fIcloning\fR is a flag
indicating whether we're in a \fBdclone()\fR or a regular de-serialization via
\&\fBthaw()\fR, and \fIserialized\fR is the stored string for the resource object.
.Sp
Because these resource objects are considered to be owned by the entire
process/system, and not the "property" of whatever is being serialized,
no references underneath the object should be included in the serialized
string. Thus, in any class that implements \f(CW\*(C`STORABLE_attach\*(C'\fR, the
\&\f(CW\*(C`STORABLE_freeze\*(C'\fR method cannot return any references, and \f(CW\*(C`Storable\*(C'\fR
will throw an error if \f(CW\*(C`STORABLE_freeze\*(C'\fR tries to return references.
.Sp
All information required to "attach" back to the shared resource object
\&\fBmust\fR be contained \fBonly\fR in the \f(CW\*(C`STORABLE_freeze\*(C'\fR return string.
Otherwise, \f(CW\*(C`STORABLE_freeze\*(C'\fR behaves as normal for \f(CW\*(C`STORABLE_attach\*(C'\fR
classes.
.Sp
Because \f(CW\*(C`STORABLE_attach\*(C'\fR is passed the class (rather than an object),
it also returns the object directly, rather than modifying the passed
object.
.Sp
Returned value: object of type \f(CW\*(C`class\*(C'\fR
.SS Predicates
.IX Subsection "Predicates"
Predicates are not exportable. They must be called by explicitly prefixing
them with the Storable package name.
.ie n .IP """Storable::last_op_in_netorder""" 4
.el .IP \f(CWStorable::last_op_in_netorder\fR 4
.IX Item "Storable::last_op_in_netorder"
The \f(CWStorable::last_op_in_netorder()\fR predicate will tell you whether
network order was used in the last store or retrieve operation. If you
don't know how to use this, just forget about it.
.ie n .IP """Storable::is_storing""" 4
.el .IP \f(CWStorable::is_storing\fR 4
.IX Item "Storable::is_storing"
Returns true if within a store operation (via STORABLE_freeze hook).
.ie n .IP """Storable::is_retrieving""" 4
.el .IP \f(CWStorable::is_retrieving\fR 4
.IX Item "Storable::is_retrieving"
Returns true if within a retrieve operation (via STORABLE_thaw hook).
.SS Recursion
.IX Subsection "Recursion"
With hooks comes the ability to recurse back to the Storable engine.
Indeed, hooks are regular Perl code, and Storable is convenient when
it comes to serializing and deserializing things, so why not use it
to handle the serialization string?
.PP
There are a few things you need to know, however:
.IP \(bu 4
From Storable 3.05 to 3.13 we probed for the stack recursion limit for references,
arrays and hashes to a maximal depth of ~1200\-35000, otherwise we might
fall into a stack-overflow. On JSON::XS this limit is 512 btw. With
references not immediately referencing each other there's no such
limit yet, so you might fall into such a stack-overflow segfault.
.Sp
This probing and the checks we performed have some limitations:
.RS 4
.IP \(bu 4
the stack size at build time might be different at run time, eg. the
stack size may have been modified with \fBulimit\fR\|(1). If it's larger at
run time Storable may fail the \fBfreeze()\fR or \fBthaw()\fR unnecessarily. If
it's larger at build time Storable may segmentation fault when
processing a deep structure at run time.
.IP \(bu 4
the stack size might be different in a thread.
.IP \(bu 4
array and hash recursion limits are checked separately against the
same recursion depth, a frozen structure with a large sequence of
nested arrays within many nested hashes may exhaust the processor
stack without triggering Storable's recursion protection.
.RE
.RS 4
.Sp
So these now have simple defaults rather than probing at build-time.
.Sp
You can control the maximum array and hash recursion depths by
modifying \f(CW$Storable::recursion_limit\fR and
\&\f(CW$Storable::recursion_limit_hash\fR respectively. Either can be set to
\&\f(CW\-1\fR to prevent any depth checks, though this isn't recommended.
.Sp
If you want to test what the limits are, the \fIstacksize\fR tool is
included in the \f(CW\*(C`Storable\*(C'\fR distribution.
.RE
.IP \(bu 4
You can create endless loops if the things you serialize via \fBfreeze()\fR
(for instance) point back to the object we're trying to serialize in
the hook.
.IP \(bu 4
Shared references among objects will not stay shared: if we're serializing
the list of object [A, C] where both object A and C refer to the SAME object
B, and if there is a serializing hook in A that says freeze(B), then when
deserializing, we'll get [A', C'] where A' refers to B', but C' refers to D,
a deep clone of B'. The topology was not preserved.
.IP \(bu 4
The maximal stack recursion limit for your system is returned by
\&\f(CWstack_depth()\fR and \f(CWstack_depth_hash()\fR. The hash limit is usually
half the size of the array and ref limit, as the Perl hash API is not optimal.
.PP
That's why \f(CW\*(C`STORABLE_freeze\*(C'\fR lets you provide a list of references
to serialize. The engine guarantees that those will be serialized in the
same context as the other objects, and therefore that shared objects will
stay shared.
.PP
In the above [A, C] example, the \f(CW\*(C`STORABLE_freeze\*(C'\fR hook could return:
.PP
.Vb 1
\& ("something", $self\->{B})
.Ve
.PP
and the B part would be serialized by the engine. In \f(CW\*(C`STORABLE_thaw\*(C'\fR, you
would get back the reference to the B' object, deserialized for you.
.PP
Therefore, recursion should normally be avoided, but is nonetheless supported.
.SS "Deep Cloning"
.IX Subsection "Deep Cloning"
There is a Clone module available on CPAN which implements deep cloning
natively, i.e. without freezing to memory and thawing the result. It is
aimed to replace Storable's \fBdclone()\fR some day. However, it does not currently
support Storable hooks to redefine the way deep cloning is performed.
.SH "Storable magic"
.IX Header "Storable magic"
Yes, there's a lot of that :\-) But more precisely, in UNIX systems
there's a utility called \f(CW\*(C`file\*(C'\fR, which recognizes data files based on
their contents (usually their first few bytes). For this to work,
a certain file called \fImagic\fR needs to taught about the \fIsignature\fR
of the data. Where that configuration file lives depends on the UNIX
flavour; often it's something like \fI/usr/share/misc/magic\fR or
\&\fI/etc/magic\fR. Your system administrator needs to do the updating of
the \fImagic\fR file. The necessary signature information is output to
STDOUT by invoking \fBStorable::show_file_magic()\fR. Note that the GNU
implementation of the \f(CW\*(C`file\*(C'\fR utility, version 3.38 or later,
is expected to contain support for recognising Storable files
out-of-the-box, in addition to other kinds of Perl files.
.PP
You can also use the following functions to extract the file header
information from Storable images:
.ie n .IP "$info = Storable::file_magic( $filename )" 4
.el .IP "\f(CW$info\fR = Storable::file_magic( \f(CW$filename\fR )" 4
.IX Item "$info = Storable::file_magic( $filename )"
If the given file is a Storable image return a hash describing it. If
the file is readable, but not a Storable image return \f(CW\*(C`undef\*(C'\fR. If
the file does not exist or is unreadable then croak.
.Sp
The hash returned has the following elements:
.RS 4
.ie n .IP """version""" 4
.el .IP \f(CWversion\fR 4
.IX Item "version"
This returns the file format version. It is a string like "2.7".
.Sp
Note that this version number is not the same as the version number of
the Storable module itself. For instance Storable v0.7 create files
in format v2.0 and Storable v2.15 create files in format v2.7. The
file format version number only increment when additional features
that would confuse older versions of the module are added.
.Sp
Files older than v2.0 will have the one of the version numbers "\-1",
"0" or "1". No minor number was used at that time.
.ie n .IP """version_nv""" 4
.el .IP \f(CWversion_nv\fR 4
.IX Item "version_nv"
This returns the file format version as number. It is a string like
"2.007". This value is suitable for numeric comparisons.
.Sp
The constant function \f(CW\*(C`Storable::BIN_VERSION_NV\*(C'\fR returns a comparable
number that represents the highest file version number that this
version of Storable fully supports (but see discussion of
\&\f(CW$Storable::accept_future_minor\fR above). The constant
\&\f(CW\*(C`Storable::BIN_WRITE_VERSION_NV\*(C'\fR function returns what file version
is written and might be less than \f(CW\*(C`Storable::BIN_VERSION_NV\*(C'\fR in some
configurations.
.ie n .IP """major"", ""minor""" 4
.el .IP "\f(CWmajor\fR, \f(CWminor\fR" 4
.IX Item "major, minor"
This also returns the file format version. If the version is "2.7"
then major would be 2 and minor would be 7. The minor element is
missing for when major is less than 2.
.ie n .IP """hdrsize""" 4
.el .IP \f(CWhdrsize\fR 4
.IX Item "hdrsize"
The is the number of bytes that the Storable header occupies.
.ie n .IP """netorder""" 4
.el .IP \f(CWnetorder\fR 4
.IX Item "netorder"
This is TRUE if the image store data in network order. This means
that it was created with \fBnstore()\fR or similar.
.ie n .IP """byteorder""" 4
.el .IP \f(CWbyteorder\fR 4
.IX Item "byteorder"
This is only present when \f(CW\*(C`netorder\*(C'\fR is FALSE. It is the
\&\f(CW$Config\fR{byteorder} string of the perl that created this image. It is
a string like "1234" (32 bit little endian) or "87654321" (64 bit big
endian). This must match the current perl for the image to be
readable by Storable.
.ie n .IP """intsize"", ""longsize"", ""ptrsize"", ""nvsize""" 4
.el .IP "\f(CWintsize\fR, \f(CWlongsize\fR, \f(CWptrsize\fR, \f(CWnvsize\fR" 4
.IX Item "intsize, longsize, ptrsize, nvsize"
These are only present when \f(CW\*(C`netorder\*(C'\fR is FALSE. These are the sizes of
various C datatypes of the perl that created this image. These must
match the current perl for the image to be readable by Storable.
.Sp
The \f(CW\*(C`nvsize\*(C'\fR element is only present for file format v2.2 and
higher.
.ie n .IP """file""" 4
.el .IP \f(CWfile\fR 4
.IX Item "file"
The name of the file.
.RE
.RS 4
.RE
.ie n .IP "$info = Storable::read_magic( $buffer )" 4
.el .IP "\f(CW$info\fR = Storable::read_magic( \f(CW$buffer\fR )" 4
.IX Item "$info = Storable::read_magic( $buffer )"
.PD 0
.ie n .IP "$info = Storable::read_magic( $buffer, $must_be_file )" 4
.el .IP "\f(CW$info\fR = Storable::read_magic( \f(CW$buffer\fR, \f(CW$must_be_file\fR )" 4
.IX Item "$info = Storable::read_magic( $buffer, $must_be_file )"
.PD
The \f(CW$buffer\fR should be a Storable image or the first few bytes of it.
If \f(CW$buffer\fR starts with a Storable header, then a hash describing the
image is returned, otherwise \f(CW\*(C`undef\*(C'\fR is returned.
.Sp
The hash has the same structure as the one returned by
\&\fBStorable::file_magic()\fR. The \f(CW\*(C`file\*(C'\fR element is true if the image is a
file image.
.Sp
If the \f(CW$must_be_file\fR argument is provided and is TRUE, then return
\&\f(CW\*(C`undef\*(C'\fR unless the image looks like it belongs to a file dump.
.Sp
The maximum size of a Storable header is currently 21 bytes. If the
provided \f(CW$buffer\fR is only the first part of a Storable image it should
at least be this long to ensure that \fBread_magic()\fR will recognize it as
such.
.SH EXAMPLES
.IX Header "EXAMPLES"
Here are some code samples showing a possible usage of Storable:
.PP
.Vb 1
\& use Storable qw(store retrieve freeze thaw dclone);
\&
\& %color = (\*(AqBlue\*(Aq => 0.1, \*(AqRed\*(Aq => 0.8, \*(AqBlack\*(Aq => 0, \*(AqWhite\*(Aq => 1);
\&
\& store(\e%color, \*(Aqmycolors\*(Aq) or die "Can\*(Aqt store %a in mycolors!\en";
\&
\& $colref = retrieve(\*(Aqmycolors\*(Aq);
\& die "Unable to retrieve from mycolors!\en" unless defined $colref;
\& printf "Blue is still %lf\en", $colref\->{\*(AqBlue\*(Aq};
\&
\& $colref2 = dclone(\e%color);
\&
\& $str = freeze(\e%color);
\& printf "Serialization of %%color is %d bytes long.\en", length($str);
\& $colref3 = thaw($str);
.Ve
.PP
which prints (on my machine):
.PP
.Vb 2
\& Blue is still 0.100000
\& Serialization of %color is 102 bytes long.
.Ve
.PP
Serialization of CODE references and deserialization in a safe
compartment:
.PP
.Vb 11
\& use Storable qw(freeze thaw);
\& use Safe;
\& use strict;
\& my $safe = new Safe;
\& # because of opcodes used in "use strict":
\& $safe\->permit(qw(:default require));
\& local $Storable::Deparse = 1;
\& local $Storable::Eval = sub { $safe\->reval($_[0]) };
\& my $serialized = freeze(sub { 42 });
\& my $code = thaw($serialized);
\& $code\->() == 42;
.Ve
.SH "SECURITY WARNING"
.IX Header "SECURITY WARNING"
\&\fBDo not accept Storable documents from untrusted sources!\fR There is
\&\fBno\fR way to configure Storable so that it can be used safely to process
untrusted data. While there \fIare\fR various options that can be used to
mitigate specific security issues these options do \fInot\fR comprise a
complete safety net for the user, and processing untrusted data may
result in segmentation faults, remote code execution, or privilege
escalation. The following lists some known features which represent
security issues that should be considered by users of this module.
.PP
Most obviously, the optional (off by default) CODE reference
serialization feature allows transfer of code to the deserializing
process. Furthermore, any serialized object will cause Storable to
helpfully load the module corresponding to the class of the object in
the deserializing module. For manipulated module names, this can load
almost arbitrary code. Finally, the deserialized object's destructors
will be invoked when the objects get destroyed in the deserializing
process. Maliciously crafted Storable documents may put such objects
in the value of a hash key that is overridden by another key/value
pair in the same hash, thus causing immediate destructor execution.
.PP
To disable blessing objects while thawing/retrieving remove the flag
\&\f(CW\*(C`BLESS_OK\*(C'\fR = 2 from \f(CW$Storable::flags\fR or set the 2nd argument for
thaw/retrieve to 0.
.PP
To disable tieing data while thawing/retrieving remove the flag \f(CW\*(C`TIE_OK\*(C'\fR
= 4 from \f(CW$Storable::flags\fR or set the 2nd argument for thaw/retrieve
to 0.
.PP
With the default setting of \f(CW$Storable::flags\fR = 6, creating or destroying
random objects, even renamed objects can be controlled by an attacker.
See CVE\-2015\-1592 and its metasploit module.
.PP
If your application requires accepting data from untrusted sources, you
are best off with a less powerful and more-likely safe serialization
format and implementation. If your data is sufficiently simple,
Cpanel::JSON::XS or Data::MessagePack are fine alternatives. For
more complex data structures containing various Perl specific data types
like regular expressions or aliased data Sereal is the best
alternative and offers maximum interoperability. Note that Sereal is
unsafe by default, but you can configure
the encoder and decoder to mitigate any security issues.
.SH WARNING
.IX Header "WARNING"
If you're using references as keys within your hash tables, you're bound
to be disappointed when retrieving your data. Indeed, Perl stringifies
references used as hash table keys. If you later wish to access the
items via another reference stringification (i.e. using the same
reference that was used for the key originally to record the value into
the hash table), it will work because both references stringify to the
same string.
.PP
It won't work across a sequence of \f(CW\*(C`store\*(C'\fR and \f(CW\*(C`retrieve\*(C'\fR operations,
however, because the addresses in the retrieved objects, which are
part of the stringified references, will probably differ from the
original addresses. The topology of your structure is preserved,
but not hidden semantics like those.
.PP
On platforms where it matters, be sure to call \f(CWbinmode()\fR on the
descriptors that you pass to Storable functions.
.PP
Storing data canonically that contains large hashes can be
significantly slower than storing the same data normally, as
temporary arrays to hold the keys for each hash have to be allocated,
populated, sorted and freed. Some tests have shown a halving of the
speed of storing \-\- the exact penalty will depend on the complexity of
your data. There is no slowdown on retrieval.
.SH "REGULAR EXPRESSIONS"
.IX Header "REGULAR EXPRESSIONS"
Storable now has experimental support for storing regular expressions,
but there are significant limitations:
.IP \(bu 4
perl 5.8 or later is required.
.IP \(bu 4
regular expressions with code blocks, ie \f(CW\*(C`/(?{ ... })/\*(C'\fR or \f(CW\*(C`/(??{
\&... })/\*(C'\fR will throw an exception when thawed.
.IP \(bu 4
regular expression syntax and flags have changed over the history of
perl, so a regular expression that you freeze in one version of perl
may fail to thaw or behave differently in another version of perl.
.IP \(bu 4
depending on the version of perl, regular expressions can change in
behaviour depending on the context, but later perls will bake that
behaviour into the regexp.
.PP
Storable will throw an exception if a frozen regular expression cannot
be thawed.
.SH BUGS
.IX Header "BUGS"
You can't store GLOB, FORMLINE, etc.... If you can define semantics
for those operations, feel free to enhance Storable so that it can
deal with them.
.PP
The store functions will \f(CW\*(C`croak\*(C'\fR if they run into such references
unless you set \f(CW$Storable::forgive_me\fR to some \f(CW\*(C`TRUE\*(C'\fR value. In that
case, the fatal message is converted to a warning and some meaningless
string is stored instead.
.PP
Setting \f(CW$Storable::canonical\fR may not yield frozen strings that
compare equal due to possible stringification of numbers. When the
string version of a scalar exists, it is the form stored; therefore,
if you happen to use your numbers as strings between two freezing
operations on the same data structures, you will get different
results.
.PP
When storing doubles in network order, their value is stored as text.
However, you should also not expect non-numeric floating-point values
such as infinity and "not a number" to pass successfully through a
\&\fBnstore()\fR/\fBretrieve()\fR pair.
.PP
As Storable neither knows nor cares about character sets (although it
does know that characters may be more than eight bits wide), any difference
in the interpretation of character codes between a host and a target
system is your problem. In particular, if host and target use different
code points to represent the characters used in the text representation
of floating-point numbers, you will not be able be able to exchange
floating-point data, even with \fBnstore()\fR.
.PP
\&\f(CW\*(C`Storable::drop_utf8\*(C'\fR is a blunt tool. There is no facility either to
return \fBall\fR strings as utf8 sequences, or to attempt to convert utf8
data back to 8 bit and \f(CWcroak()\fR if the conversion fails.
.PP
Prior to Storable 2.01, no distinction was made between signed and
unsigned integers on storing. By default Storable prefers to store a
scalars string representation (if it has one) so this would only cause
problems when storing large unsigned integers that had never been converted
to string or floating point. In other words values that had been generated
by integer operations such as logic ops and then not used in any string or
arithmetic context before storing.
.SS "64 bit data in perl 5.6.0 and 5.6.1"
.IX Subsection "64 bit data in perl 5.6.0 and 5.6.1"
This section only applies to you if you have existing data written out
by Storable 2.02 or earlier on perl 5.6.0 or 5.6.1 on Unix or Linux which
has been configured with 64 bit integer support (not the default)
If you got a precompiled perl, rather than running Configure to build
your own perl from source, then it almost certainly does not affect you,
and you can stop reading now (unless you're curious). If you're using perl
on Windows it does not affect you.
.PP
Storable writes a file header which contains the sizes of various C
language types for the C compiler that built Storable (when not writing in
network order), and will refuse to load files written by a Storable not
on the same (or compatible) architecture. This check and a check on
machine byteorder is needed because the size of various fields in the file
are given by the sizes of the C language types, and so files written on
different architectures are incompatible. This is done for increased speed.
(When writing in network order, all fields are written out as standard
lengths, which allows full interworking, but takes longer to read and write)
.PP
Perl 5.6.x introduced the ability to optional configure the perl interpreter
to use C's \f(CW\*(C`long long\*(C'\fR type to allow scalars to store 64 bit integers on 32
bit systems. However, due to the way the Perl configuration system
generated the C configuration files on non-Windows platforms, and the way
Storable generates its header, nothing in the Storable file header reflected
whether the perl writing was using 32 or 64 bit integers, despite the fact
that Storable was storing some data differently in the file. Hence Storable
running on perl with 64 bit integers will read the header from a file
written by a 32 bit perl, not realise that the data is actually in a subtly
incompatible format, and then go horribly wrong (possibly crashing) if it
encountered a stored integer. This is a design failure.
.PP
Storable has now been changed to write out and read in a file header with
information about the size of integers. It's impossible to detect whether
an old file being read in was written with 32 or 64 bit integers (they have
the same header) so it's impossible to automatically switch to a correct
backwards compatibility mode. Hence this Storable defaults to the new,
correct behaviour.
.PP
What this means is that if you have data written by Storable 1.x running
on perl 5.6.0 or 5.6.1 configured with 64 bit integers on Unix or Linux
then by default this Storable will refuse to read it, giving the error
\&\fIByte order is not compatible\fR. If you have such data then you
should set \f(CW$Storable::interwork_56_64bit\fR to a true value to make this
Storable read and write files with the old header. You should also
migrate your data, or any older perl you are communicating with, to this
current version of Storable.
.PP
If you don't have data written with specific configuration of perl described
above, then you do not and should not do anything. Don't set the flag \-
not only will Storable on an identically configured perl refuse to load them,
but Storable a differently configured perl will load them believing them
to be correct for it, and then may well fail or crash part way through
reading them.
.SH CREDITS
.IX Header "CREDITS"
Thank you to (in chronological order):
.PP
.Vb 10
\& Jarkko Hietaniemi <jhi@iki.fi>
\& Ulrich Pfeifer <pfeifer@charly.informatik.uni\-dortmund.de>
\& Benjamin A. Holzman <bholzman@earthlink.net>
\& Andrew Ford <A.Ford@ford\-mason.co.uk>
\& Gisle Aas <gisle@aas.no>
\& Jeff Gresham <gresham_jeffrey@jpmorgan.com>
\& Murray Nesbitt <murray@activestate.com>
\& Marc Lehmann <pcg@opengroup.org>
\& Justin Banks <justinb@wamnet.com>
\& Jarkko Hietaniemi <jhi@iki.fi> (AGAIN, as perl 5.7.0 Pumpkin!)
\& Salvador Ortiz Garcia <sog@msg.com.mx>
\& Dominic Dunlop <domo@computer.org>
\& Erik Haugan <erik@solbors.no>
\& Benjamin A. Holzman <ben.holzman@grantstreet.com>
\& Reini Urban <rurban@cpan.org>
\& Todd Rinaldo <toddr@cpanel.net>
\& Aaron Crane <arc@cpan.org>
.Ve
.PP
for their bug reports, suggestions and contributions.
.PP
Benjamin Holzman contributed the tied variable support, Andrew Ford
contributed the canonical order for hashes, and Gisle Aas fixed
a few misunderstandings of mine regarding the perl internals,
and optimized the emission of "tags" in the output streams by
simply counting the objects instead of tagging them (leading to
a binary incompatibility for the Storable image starting at version
0.6\-\-older images are, of course, still properly understood).
Murray Nesbitt made Storable thread-safe. Marc Lehmann added overloading
and references to tied items support. Benjamin Holzman added a performance
improvement for overloaded classes; thanks to Grant Street Group for footing
the bill.
Reini Urban took over maintenance from p5p, and added security fixes
and huge object support.
.SH AUTHOR
.IX Header "AUTHOR"
Storable was written by Raphael Manfredi
\&\fI<Raphael_Manfredi@pobox.com>\fR
Maintenance is now done by cperl <http://perl11.org/cperl>
.PP
Please e\-mail us with problems, bug fixes, comments and complaints,
although if you have compliments you should send them to Raphael.
Please don't e\-mail Raphael with problems, as he no longer works on
Storable, and your message will be delayed while he forwards it to us.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
Clone.
|