1Storable(3)           User Contributed Perl Documentation          Storable(3)
2
3
4

NAME

6       Storable - persistence for Perl data structures
7

SYNOPSIS

9        use Storable;
10        store \%table, 'file';
11        $hashref = retrieve('file');
12
13        use Storable qw(nstore store_fd nstore_fd freeze thaw dclone);
14
15        # Network order
16        nstore \%table, 'file';
17        $hashref = retrieve('file');   # There is NO nretrieve()
18
19        # Storing to and retrieving from an already opened file
20        store_fd \@array, \*STDOUT;
21        nstore_fd \%table, \*STDOUT;
22        $aryref = fd_retrieve(\*SOCKET);
23        $hashref = fd_retrieve(\*SOCKET);
24
25        # Serializing to memory
26        $serialized = freeze \%table;
27        %table_clone = %{ thaw($serialized) };
28
29        # Deep (recursive) cloning
30        $cloneref = dclone($ref);
31
32        # Advisory locking
33        use Storable qw(lock_store lock_nstore lock_retrieve)
34        lock_store \%table, 'file';
35        lock_nstore \%table, 'file';
36        $hashref = lock_retrieve('file');
37

DESCRIPTION

39       The Storable package brings persistence to your Perl data structures
40       containing SCALAR, ARRAY, HASH or REF objects, i.e. anything that can
41       be conveniently stored to disk and retrieved at a later time.
42
43       It can be used in the regular procedural way by calling "store" with a
44       reference to the object to be stored, along with the file name where
45       the image should be written.
46
47       The routine returns "undef" for I/O problems or other internal error, a
48       true value otherwise. Serious errors are propagated as a "die"
49       exception.
50
51       To retrieve data stored to disk, use "retrieve" with a file name.  The
52       objects stored into that file are recreated into memory for you, and a
53       reference to the root object is returned. In case an I/O error occurs
54       while reading, "undef" is returned instead. Other serious errors are
55       propagated via "die".
56
57       Since storage is performed recursively, you might want to stuff
58       references to objects that share a lot of common data into a single
59       array or hash table, and then store that object. That way, when you
60       retrieve back the whole thing, the objects will continue to share what
61       they originally shared.
62
63       At the cost of a slight header overhead, you may store to an already
64       opened file descriptor using the "store_fd" routine, and retrieve from
65       a file via "fd_retrieve". Those names aren't imported by default, so
66       you will have to do that explicitly if you need those routines.  The
67       file descriptor you supply must be already opened, for read if you're
68       going to retrieve and for write if you wish to store.
69
70               store_fd(\%table, *STDOUT) || die "can't store to stdout\n";
71               $hashref = fd_retrieve(*STDIN);
72
73       You can also store data in network order to allow easy sharing across
74       multiple platforms, or when storing on a socket known to be remotely
75       connected. The routines to call have an initial "n" prefix for network,
76       as in "nstore" and "nstore_fd". At retrieval time, your data will be
77       correctly restored so you don't have to know whether you're restoring
78       from native or network ordered data.  Double values are stored
79       stringified to ensure portability as well, at the slight risk of
80       loosing some precision in the last decimals.
81
82       When using "fd_retrieve", objects are retrieved in sequence, one object
83       (i.e. one recursive tree) per associated "store_fd".
84
85       If you're more from the object-oriented camp, you can inherit from
86       Storable and directly store your objects by invoking "store" as a
87       method. The fact that the root of the to-be-stored tree is a blessed
88       reference (i.e. an object) is special-cased so that the retrieve does
89       not provide a reference to that object but rather the blessed object
90       reference itself. (Otherwise, you'd get a reference to that blessed
91       object).
92

MEMORY STORE

94       The Storable engine can also store data into a Perl scalar instead, to
95       later retrieve them. This is mainly used to freeze a complex structure
96       in some safe compact memory place (where it can possibly be sent to
97       another process via some IPC, since freezing the structure also
98       serializes it in effect). Later on, and maybe somewhere else, you can
99       thaw the Perl scalar out and recreate the original complex structure in
100       memory.
101
102       Surprisingly, the routines to be called are named "freeze" and "thaw".
103       If you wish to send out the frozen scalar to another machine, use
104       "nfreeze" instead to get a portable image.
105
106       Note that freezing an object structure and immediately thawing it
107       actually achieves a deep cloning of that structure:
108
109           dclone(.) = thaw(freeze(.))
110
111       Storable provides you with a "dclone" interface which does not create
112       that intermediary scalar but instead freezes the structure in some
113       internal memory space and then immediately thaws it out.
114

ADVISORY LOCKING

116       The "lock_store" and "lock_nstore" routine are equivalent to "store"
117       and "nstore", except that they get an exclusive lock on the file before
118       writing.  Likewise, "lock_retrieve" does the same as "retrieve", but
119       also gets a shared lock on the file before reading.
120
121       As with any advisory locking scheme, the protection only works if you
122       systematically use "lock_store" and "lock_retrieve".  If one side of
123       your application uses "store" whilst the other uses "lock_retrieve",
124       you will get no protection at all.
125
126       The internal advisory locking is implemented using Perl's flock()
127       routine.  If your system does not support any form of flock(), or if
128       you share your files across NFS, you might wish to use other forms of
129       locking by using modules such as LockFile::Simple which lock a file
130       using a filesystem entry, instead of locking the file descriptor.
131

SPEED

133       The heart of Storable is written in C for decent speed. Extra low-level
134       optimizations have been made when manipulating perl internals, to
135       sacrifice encapsulation for the benefit of greater speed.
136

CANONICAL REPRESENTATION

138       Normally, Storable stores elements of hashes in the order they are
139       stored internally by Perl, i.e. pseudo-randomly.  If you set
140       $Storable::canonical to some "TRUE" value, Storable will store hashes
141       with the elements sorted by their key.  This allows you to compare data
142       structures by comparing their frozen representations (or even the
143       compressed frozen representations), which can be useful for creating
144       lookup tables for complicated queries.
145
146       Canonical order does not imply network order; those are two orthogonal
147       settings.
148

CODE REFERENCES

150       Since Storable version 2.05, CODE references may be serialized with the
151       help of B::Deparse. To enable this feature, set $Storable::Deparse to a
152       true value. To enable deserialization, $Storable::Eval should be set to
153       a true value. Be aware that deserialization is done through "eval",
154       which is dangerous if the Storable file contains malicious data. You
155       can set $Storable::Eval to a subroutine reference which would be used
156       instead of "eval". See below for an example using a Safe compartment
157       for deserialization of CODE references.
158
159       If $Storable::Deparse and/or $Storable::Eval are set to false values,
160       then the value of $Storable::forgive_me (see below) is respected while
161       serializing and deserializing.
162

FORWARD COMPATIBILITY

164       This release of Storable can be used on a newer version of Perl to
165       serialize data which is not supported by earlier Perls.  By default,
166       Storable will attempt to do the right thing, by "croak()"ing if it
167       encounters data that it cannot deserialize.  However, the defaults can
168       be changed as follows:
169
170       utf8 data
171           Perl 5.6 added support for Unicode characters with code points >
172           255, and Perl 5.8 has full support for Unicode characters in hash
173           keys.  Perl internally encodes strings with these characters using
174           utf8, and Storable serializes them as utf8.  By default, if an
175           older version of Perl encounters a utf8 value it cannot represent,
176           it will "croak()".  To change this behaviour so that Storable
177           deserializes utf8 encoded values as the string of bytes
178           (effectively dropping the is_utf8 flag) set $Storable::drop_utf8 to
179           some "TRUE" value.  This is a form of data loss, because with
180           $drop_utf8 true, it becomes impossible to tell whether the original
181           data was the Unicode string, or a series of bytes that happen to be
182           valid utf8.
183
184       restricted hashes
185           Perl 5.8 adds support for restricted hashes, which have keys
186           restricted to a given set, and can have values locked to be read
187           only.  By default, when Storable encounters a restricted hash on a
188           perl that doesn't support them, it will deserialize it as a normal
189           hash, silently discarding any placeholder keys and leaving the keys
190           and all values unlocked.  To make Storable "croak()" instead, set
191           $Storable::downgrade_restricted to a "FALSE" value.  To restore the
192           default set it back to some "TRUE" value.
193
194           The cperl PERL_PERTURB_KEYS_TOP hash strategy has a known problem
195           with restricted hashes.
196
197       huge objects
198           On 64bit systems some data structures may exceed the 2G (i.e.
199           I32_MAX) limit. On 32bit systems also strings between I32 and U32
200           (2G-4G).  Since Storable 3.00 (not in perl5 core) we are able to
201           store and retrieve these objects, even if perl5 itself is not able
202           to handle them.  These are strings longer then 4G, arrays with more
203           then 2G elements and hashes with more then 2G elements. cperl
204           forbids hashes with more than 2G elements, but this fail in cperl
205           then. perl5 itself at least until 5.26 allows it, but cannot
206           iterate over them.  Note that creating those objects might cause
207           out of memory exceptions by the operating system before perl has a
208           chance to abort.
209
210       files from future versions of Storable
211           Earlier versions of Storable would immediately croak if they
212           encountered a file with a higher internal version number than the
213           reading Storable knew about.  Internal version numbers are
214           increased each time new data types (such as restricted hashes) are
215           added to the vocabulary of the file format.  This meant that a
216           newer Storable module had no way of writing a file readable by an
217           older Storable, even if the writer didn't store newer data types.
218
219           This version of Storable will defer croaking until it encounters a
220           data type in the file that it does not recognize.  This means that
221           it will continue to read files generated by newer Storable modules
222           which are careful in what they write out, making it easier to
223           upgrade Storable modules in a mixed environment.
224
225           The old behaviour of immediate croaking can be re-instated by
226           setting $Storable::accept_future_minor to some "FALSE" value.
227
228       All these variables have no effect on a newer Perl which supports the
229       relevant feature.
230

ERROR REPORTING

232       Storable uses the "exception" paradigm, in that it does not try to
233       workaround failures: if something bad happens, an exception is
234       generated from the caller's perspective (see Carp and "croak()").  Use
235       eval {} to trap those exceptions.
236
237       When Storable croaks, it tries to report the error via the "logcroak()"
238       routine from the "Log::Agent" package, if it is available.
239
240       Normal errors are reported by having store() or retrieve() return
241       "undef".  Such errors are usually I/O errors (or truncated stream
242       errors at retrieval).
243
244       When Storable throws the "Max. recursion depth with nested structures
245       exceeded" error we are already out of stack space. Unfortunately on
246       some earlier perl versions cleaning up a recursive data structure
247       recurses into the free calls, which will lead to stack overflows in the
248       cleanup. This data structure is not properly cleaned up then, it will
249       only be destroyed during global destruction.
250

WIZARDS ONLY

252   Hooks
253       Any class may define hooks that will be called during the serialization
254       and deserialization process on objects that are instances of that
255       class.  Those hooks can redefine the way serialization is performed
256       (and therefore, how the symmetrical deserialization should be
257       conducted).
258
259       Since we said earlier:
260
261           dclone(.) = thaw(freeze(.))
262
263       everything we say about hooks should also hold for deep cloning.
264       However, hooks get to know whether the operation is a mere
265       serialization, or a cloning.
266
267       Therefore, when serializing hooks are involved,
268
269           dclone(.) <> thaw(freeze(.))
270
271       Well, you could keep them in sync, but there's no guarantee it will
272       always hold on classes somebody else wrote.  Besides, there is little
273       to gain in doing so: a serializing hook could keep only one attribute
274       of an object, which is probably not what should happen during a deep
275       cloning of that same object.
276
277       Here is the hooking interface:
278
279       "STORABLE_freeze" obj, cloning
280           The serializing hook, called on the object during serialization.
281           It can be inherited, or defined in the class itself, like any other
282           method.
283
284           Arguments: obj is the object to serialize, cloning is a flag
285           indicating whether we're in a dclone() or a regular serialization
286           via store() or freeze().
287
288           Returned value: A LIST "($serialized, $ref1, $ref2, ...)" where
289           $serialized is the serialized form to be used, and the optional
290           $ref1, $ref2, etc... are extra references that you wish to let the
291           Storable engine serialize.
292
293           At deserialization time, you will be given back the same LIST, but
294           all the extra references will be pointing into the deserialized
295           structure.
296
297           The first time the hook is hit in a serialization flow, you may
298           have it return an empty list.  That will signal the Storable engine
299           to further discard that hook for this class and to therefore revert
300           to the default serialization of the underlying Perl data.  The hook
301           will again be normally processed in the next serialization.
302
303           Unless you know better, serializing hook should always say:
304
305               sub STORABLE_freeze {
306                   my ($self, $cloning) = @_;
307                   return if $cloning;         # Regular default serialization
308                   ....
309               }
310
311           in order to keep reasonable dclone() semantics.
312
313       "STORABLE_thaw" obj, cloning, serialized, ...
314           The deserializing hook called on the object during deserialization.
315           But wait: if we're deserializing, there's no object yet... right?
316
317           Wrong: the Storable engine creates an empty one for you.  If you
318           know Eiffel, you can view "STORABLE_thaw" as an alternate creation
319           routine.
320
321           This means the hook can be inherited like any other method, and
322           that obj is your blessed reference for this particular instance.
323
324           The other arguments should look familiar if you know
325           "STORABLE_freeze": cloning is true when we're part of a deep clone
326           operation, serialized is the serialized string you returned to the
327           engine in "STORABLE_freeze", and there may be an optional list of
328           references, in the same order you gave them at serialization time,
329           pointing to the deserialized objects (which have been processed
330           courtesy of the Storable engine).
331
332           When the Storable engine does not find any "STORABLE_thaw" hook
333           routine, it tries to load the class by requiring the package
334           dynamically (using the blessed package name), and then re-attempts
335           the lookup.  If at that time the hook cannot be located, the engine
336           croaks.  Note that this mechanism will fail if you define several
337           classes in the same file, but perlmod warned you.
338
339           It is up to you to use this information to populate obj the way you
340           want.
341
342           Returned value: none.
343
344       "STORABLE_attach" class, cloning, serialized
345           While "STORABLE_freeze" and "STORABLE_thaw" are useful for classes
346           where each instance is independent, this mechanism has difficulty
347           (or is incompatible) with objects that exist as common process-
348           level or system-level resources, such as singleton objects,
349           database pools, caches or memoized objects.
350
351           The alternative "STORABLE_attach" method provides a solution for
352           these shared objects. Instead of "STORABLE_freeze" -->
353           "STORABLE_thaw", you implement "STORABLE_freeze" -->
354           "STORABLE_attach" instead.
355
356           Arguments: class is the class we are attaching to, cloning is a
357           flag indicating whether we're in a dclone() or a regular de-
358           serialization via thaw(), and serialized is the stored string for
359           the resource object.
360
361           Because these resource objects are considered to be owned by the
362           entire process/system, and not the "property" of whatever is being
363           serialized, no references underneath the object should be included
364           in the serialized string. Thus, in any class that implements
365           "STORABLE_attach", the "STORABLE_freeze" method cannot return any
366           references, and "Storable" will throw an error if "STORABLE_freeze"
367           tries to return references.
368
369           All information required to "attach" back to the shared resource
370           object must be contained only in the "STORABLE_freeze" return
371           string.  Otherwise, "STORABLE_freeze" behaves as normal for
372           "STORABLE_attach" classes.
373
374           Because "STORABLE_attach" is passed the class (rather than an
375           object), it also returns the object directly, rather than modifying
376           the passed object.
377
378           Returned value: object of type "class"
379
380   Predicates
381       Predicates are not exportable.  They must be called by explicitly
382       prefixing them with the Storable package name.
383
384       "Storable::last_op_in_netorder"
385           The "Storable::last_op_in_netorder()" predicate will tell you
386           whether network order was used in the last store or retrieve
387           operation.  If you don't know how to use this, just forget about
388           it.
389
390       "Storable::is_storing"
391           Returns true if within a store operation (via STORABLE_freeze
392           hook).
393
394       "Storable::is_retrieving"
395           Returns true if within a retrieve operation (via STORABLE_thaw
396           hook).
397
398   Recursion
399       With hooks comes the ability to recurse back to the Storable engine.
400       Indeed, hooks are regular Perl code, and Storable is convenient when it
401       comes to serializing and deserializing things, so why not use it to
402       handle the serialization string?
403
404       There are a few things you need to know, however:
405
406       ·   From Storable 3.05 to 3.13 we probed for the stack recursion limit
407           for references, arrays and hashes to a maximal depth of
408           ~1200-35000, otherwise we might fall into a stack-overflow.  On
409           JSON::XS this limit is 512 btw.  With references not immediately
410           referencing each other there's no such limit yet, so you might fall
411           into such a stack-overflow segfault.
412
413           This probing and the checks we performed have some limitations:
414
415           ·   the stack size at build time might be different at run time,
416               eg. the stack size may have been modified with ulimit(1).  If
417               it's larger at run time Storable may fail the freeze() or
418               thaw() unnecessarily.  If it's larger at build time Storable
419               may segmentation fault when processing a deep structure at run
420               time.
421
422           ·   the stack size might be different in a thread.
423
424           ·   array and hash recursion limits are checked separately against
425               the same recursion depth, a frozen structure with a large
426               sequence of nested arrays within many nested hashes may exhaust
427               the processor stack without triggering Storable's recursion
428               protection.
429
430           So these now have simple defaults rather than probing at build-
431           time.
432
433           You can control the maximum array and hash recursion depths by
434           modifying $Storable::recursion_limit and
435           $Storable::recursion_limit_hash respectively.  Either can be set to
436           "-1" to prevent any depth checks, though this isn't recommended.
437
438       ·   You can create endless loops if the things you serialize via
439           freeze() (for instance) point back to the object we're trying to
440           serialize in the hook.
441
442       ·   Shared references among objects will not stay shared: if we're
443           serializing the list of object [A, C] where both object A and C
444           refer to the SAME object B, and if there is a serializing hook in A
445           that says freeze(B), then when deserializing, we'll get [A', C']
446           where A' refers to B', but C' refers to D, a deep clone of B'.  The
447           topology was not preserved.
448
449       ·   The maximal stack recursion limit for your system is returned by
450           "stack_depth()" and "stack_depth_hash()". The hash limit is usually
451           half the size of the array and ref limit, as the Perl hash API is
452           not optimal.
453
454       That's why "STORABLE_freeze" lets you provide a list of references to
455       serialize.  The engine guarantees that those will be serialized in the
456       same context as the other objects, and therefore that shared objects
457       will stay shared.
458
459       In the above [A, C] example, the "STORABLE_freeze" hook could return:
460
461               ("something", $self->{B})
462
463       and the B part would be serialized by the engine.  In "STORABLE_thaw",
464       you would get back the reference to the B' object, deserialized for
465       you.
466
467       Therefore, recursion should normally be avoided, but is nonetheless
468       supported.
469
470   Deep Cloning
471       There is a Clone module available on CPAN which implements deep cloning
472       natively, i.e. without freezing to memory and thawing the result.  It
473       is aimed to replace Storable's dclone() some day.  However, it does not
474       currently support Storable hooks to redefine the way deep cloning is
475       performed.
476

Storable magic

478       Yes, there's a lot of that :-) But more precisely, in UNIX systems
479       there's a utility called "file", which recognizes data files based on
480       their contents (usually their first few bytes).  For this to work, a
481       certain file called magic needs to taught about the signature of the
482       data.  Where that configuration file lives depends on the UNIX flavour;
483       often it's something like /usr/share/misc/magic or /etc/magic.  Your
484       system administrator needs to do the updating of the magic file.  The
485       necessary signature information is output to STDOUT by invoking
486       Storable::show_file_magic().  Note that the GNU implementation of the
487       "file" utility, version 3.38 or later, is expected to contain support
488       for recognising Storable files out-of-the-box, in addition to other
489       kinds of Perl files.
490
491       You can also use the following functions to extract the file header
492       information from Storable images:
493
494       $info = Storable::file_magic( $filename )
495           If the given file is a Storable image return a hash describing it.
496           If the file is readable, but not a Storable image return "undef".
497           If the file does not exist or is unreadable then croak.
498
499           The hash returned has the following elements:
500
501           "version"
502               This returns the file format version.  It is a string like
503               "2.7".
504
505               Note that this version number is not the same as the version
506               number of the Storable module itself.  For instance Storable
507               v0.7 create files in format v2.0 and Storable v2.15 create
508               files in format v2.7.  The file format version number only
509               increment when additional features that would confuse older
510               versions of the module are added.
511
512               Files older than v2.0 will have the one of the version numbers
513               "-1", "0" or "1".  No minor number was used at that time.
514
515           "version_nv"
516               This returns the file format version as number.  It is a string
517               like "2.007".  This value is suitable for numeric comparisons.
518
519               The constant function "Storable::BIN_VERSION_NV" returns a
520               comparable number that represents the highest file version
521               number that this version of Storable fully supports (but see
522               discussion of $Storable::accept_future_minor above).  The
523               constant "Storable::BIN_WRITE_VERSION_NV" function returns what
524               file version is written and might be less than
525               "Storable::BIN_VERSION_NV" in some configurations.
526
527           "major", "minor"
528               This also returns the file format version.  If the version is
529               "2.7" then major would be 2 and minor would be 7.  The minor
530               element is missing for when major is less than 2.
531
532           "hdrsize"
533               The is the number of bytes that the Storable header occupies.
534
535           "netorder"
536               This is TRUE if the image store data in network order.  This
537               means that it was created with nstore() or similar.
538
539           "byteorder"
540               This is only present when "netorder" is FALSE.  It is the
541               $Config{byteorder} string of the perl that created this image.
542               It is a string like "1234" (32 bit little endian) or "87654321"
543               (64 bit big endian).  This must match the current perl for the
544               image to be readable by Storable.
545
546           "intsize", "longsize", "ptrsize", "nvsize"
547               These are only present when "netorder" is FALSE. These are the
548               sizes of various C datatypes of the perl that created this
549               image.  These must match the current perl for the image to be
550               readable by Storable.
551
552               The "nvsize" element is only present for file format v2.2 and
553               higher.
554
555           "file"
556               The name of the file.
557
558       $info = Storable::read_magic( $buffer )
559       $info = Storable::read_magic( $buffer, $must_be_file )
560           The $buffer should be a Storable image or the first few bytes of
561           it.  If $buffer starts with a Storable header, then a hash
562           describing the image is returned, otherwise "undef" is returned.
563
564           The hash has the same structure as the one returned by
565           Storable::file_magic().  The "file" element is true if the image is
566           a file image.
567
568           If the $must_be_file argument is provided and is TRUE, then return
569           "undef" unless the image looks like it belongs to a file dump.
570
571           The maximum size of a Storable header is currently 21 bytes.  If
572           the provided $buffer is only the first part of a Storable image it
573           should at least be this long to ensure that read_magic() will
574           recognize it as such.
575

EXAMPLES

577       Here are some code samples showing a possible usage of Storable:
578
579        use Storable qw(store retrieve freeze thaw dclone);
580
581        %color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1);
582
583        store(\%color, 'mycolors') or die "Can't store %a in mycolors!\n";
584
585        $colref = retrieve('mycolors');
586        die "Unable to retrieve from mycolors!\n" unless defined $colref;
587        printf "Blue is still %lf\n", $colref->{'Blue'};
588
589        $colref2 = dclone(\%color);
590
591        $str = freeze(\%color);
592        printf "Serialization of %%color is %d bytes long.\n", length($str);
593        $colref3 = thaw($str);
594
595       which prints (on my machine):
596
597        Blue is still 0.100000
598        Serialization of %color is 102 bytes long.
599
600       Serialization of CODE references and deserialization in a safe
601       compartment:
602
603        use Storable qw(freeze thaw);
604        use Safe;
605        use strict;
606        my $safe = new Safe;
607               # because of opcodes used in "use strict":
608        $safe->permit(qw(:default require));
609        local $Storable::Deparse = 1;
610        local $Storable::Eval = sub { $safe->reval($_[0]) };
611        my $serialized = freeze(sub { 42 });
612        my $code = thaw($serialized);
613        $code->() == 42;
614

SECURITY WARNING

616       Do not accept Storable documents from untrusted sources!
617
618       Some features of Storable can lead to security vulnerabilities if you
619       accept Storable documents from untrusted sources with the default
620       flags. Most obviously, the optional (off by default) CODE reference
621       serialization feature allows transfer of code to the deserializing
622       process. Furthermore, any serialized object will cause Storable to
623       helpfully load the module corresponding to the class of the object in
624       the deserializing module.  For manipulated module names, this can load
625       almost arbitrary code.  Finally, the deserialized object's destructors
626       will be invoked when the objects get destroyed in the deserializing
627       process. Maliciously crafted Storable documents may put such objects in
628       the value of a hash key that is overridden by another key/value pair in
629       the same hash, thus causing immediate destructor execution.
630
631       To disable blessing objects while thawing/retrieving remove the flag
632       "BLESS_OK" = 2 from $Storable::flags or set the 2nd argument for
633       thaw/retrieve to 0.
634
635       To disable tieing data while thawing/retrieving remove the flag
636       "TIE_OK" = 4 from $Storable::flags or set the 2nd argument for
637       thaw/retrieve to 0.
638
639       With the default setting of $Storable::flags = 6, creating or
640       destroying random objects, even renamed objects can be controlled by an
641       attacker.  See CVE-2015-1592 and its metasploit module.
642
643       If your application requires accepting data from untrusted sources, you
644       are best off with a less powerful and more-likely safe serialization
645       format and implementation. If your data is sufficiently simple,
646       Cpanel::JSON::XS, Data::MessagePack or Serial are the best choices and
647       offers maximum interoperability, but note that Serial is unsafe by
648       default.
649

WARNING

651       If you're using references as keys within your hash tables, you're
652       bound to be disappointed when retrieving your data. Indeed, Perl
653       stringifies references used as hash table keys. If you later wish to
654       access the items via another reference stringification (i.e. using the
655       same reference that was used for the key originally to record the value
656       into the hash table), it will work because both references stringify to
657       the same string.
658
659       It won't work across a sequence of "store" and "retrieve" operations,
660       however, because the addresses in the retrieved objects, which are part
661       of the stringified references, will probably differ from the original
662       addresses. The topology of your structure is preserved, but not hidden
663       semantics like those.
664
665       On platforms where it matters, be sure to call "binmode()" on the
666       descriptors that you pass to Storable functions.
667
668       Storing data canonically that contains large hashes can be
669       significantly slower than storing the same data normally, as temporary
670       arrays to hold the keys for each hash have to be allocated, populated,
671       sorted and freed.  Some tests have shown a halving of the speed of
672       storing -- the exact penalty will depend on the complexity of your
673       data.  There is no slowdown on retrieval.
674

REGULAR EXPRESSIONS

676       Storable now has experimental support for storing regular expressions,
677       but there are significant limitations:
678
679       ·   perl 5.8 or later is required.
680
681       ·   regular expressions with code blocks, ie "/(?{ ... })/" or "/(??{
682           ... })/" will throw an exception when thawed.
683
684       ·   regular expression syntax and flags have changed over the history
685           of perl, so a regular expression that you freeze in one version of
686           perl may fail to thaw or behave differently in another version of
687           perl.
688
689       ·   depending on the version of perl, regular expressions can change in
690           behaviour depending on the context, but later perls will bake that
691           behaviour into the regexp.
692
693       Storable will throw an exception if a frozen regular expression cannot
694       be thawed.
695

BUGS

697       You can't store GLOB, FORMLINE, etc.... If you can define semantics for
698       those operations, feel free to enhance Storable so that it can deal
699       with them.
700
701       The store functions will "croak" if they run into such references
702       unless you set $Storable::forgive_me to some "TRUE" value. In that
703       case, the fatal message is converted to a warning and some meaningless
704       string is stored instead.
705
706       Setting $Storable::canonical may not yield frozen strings that compare
707       equal due to possible stringification of numbers. When the string
708       version of a scalar exists, it is the form stored; therefore, if you
709       happen to use your numbers as strings between two freezing operations
710       on the same data structures, you will get different results.
711
712       When storing doubles in network order, their value is stored as text.
713       However, you should also not expect non-numeric floating-point values
714       such as infinity and "not a number" to pass successfully through a
715       nstore()/retrieve() pair.
716
717       As Storable neither knows nor cares about character sets (although it
718       does know that characters may be more than eight bits wide), any
719       difference in the interpretation of character codes between a host and
720       a target system is your problem.  In particular, if host and target use
721       different code points to represent the characters used in the text
722       representation of floating-point numbers, you will not be able be able
723       to exchange floating-point data, even with nstore().
724
725       "Storable::drop_utf8" is a blunt tool.  There is no facility either to
726       return all strings as utf8 sequences, or to attempt to convert utf8
727       data back to 8 bit and "croak()" if the conversion fails.
728
729       Prior to Storable 2.01, no distinction was made between signed and
730       unsigned integers on storing.  By default Storable prefers to store a
731       scalars string representation (if it has one) so this would only cause
732       problems when storing large unsigned integers that had never been
733       converted to string or floating point.  In other words values that had
734       been generated by integer operations such as logic ops and then not
735       used in any string or arithmetic context before storing.
736
737   64 bit data in perl 5.6.0 and 5.6.1
738       This section only applies to you if you have existing data written out
739       by Storable 2.02 or earlier on perl 5.6.0 or 5.6.1 on Unix or Linux
740       which has been configured with 64 bit integer support (not the default)
741       If you got a precompiled perl, rather than running Configure to build
742       your own perl from source, then it almost certainly does not affect
743       you, and you can stop reading now (unless you're curious). If you're
744       using perl on Windows it does not affect you.
745
746       Storable writes a file header which contains the sizes of various C
747       language types for the C compiler that built Storable (when not writing
748       in network order), and will refuse to load files written by a Storable
749       not on the same (or compatible) architecture.  This check and a check
750       on machine byteorder is needed because the size of various fields in
751       the file are given by the sizes of the C language types, and so files
752       written on different architectures are incompatible.  This is done for
753       increased speed.  (When writing in network order, all fields are
754       written out as standard lengths, which allows full interworking, but
755       takes longer to read and write)
756
757       Perl 5.6.x introduced the ability to optional configure the perl
758       interpreter to use C's "long long" type to allow scalars to store 64
759       bit integers on 32 bit systems.  However, due to the way the Perl
760       configuration system generated the C configuration files on non-Windows
761       platforms, and the way Storable generates its header, nothing in the
762       Storable file header reflected whether the perl writing was using 32 or
763       64 bit integers, despite the fact that Storable was storing some data
764       differently in the file.  Hence Storable running on perl with 64 bit
765       integers will read the header from a file written by a 32 bit perl, not
766       realise that the data is actually in a subtly incompatible format, and
767       then go horribly wrong (possibly crashing) if it encountered a stored
768       integer.  This is a design failure.
769
770       Storable has now been changed to write out and read in a file header
771       with information about the size of integers.  It's impossible to detect
772       whether an old file being read in was written with 32 or 64 bit
773       integers (they have the same header) so it's impossible to
774       automatically switch to a correct backwards compatibility mode.  Hence
775       this Storable defaults to the new, correct behaviour.
776
777       What this means is that if you have data written by Storable 1.x
778       running on perl 5.6.0 or 5.6.1 configured with 64 bit integers on Unix
779       or Linux then by default this Storable will refuse to read it, giving
780       the error Byte order is not compatible.  If you have such data then you
781       should set $Storable::interwork_56_64bit to a true value to make this
782       Storable read and write files with the old header.  You should also
783       migrate your data, or any older perl you are communicating with, to
784       this current version of Storable.
785
786       If you don't have data written with specific configuration of perl
787       described above, then you do not and should not do anything.  Don't set
788       the flag - not only will Storable on an identically configured perl
789       refuse to load them, but Storable a differently configured perl will
790       load them believing them to be correct for it, and then may well fail
791       or crash part way through reading them.
792

CREDITS

794       Thank you to (in chronological order):
795
796               Jarkko Hietaniemi <jhi@iki.fi>
797               Ulrich Pfeifer <pfeifer@charly.informatik.uni-dortmund.de>
798               Benjamin A. Holzman <bholzman@earthlink.net>
799               Andrew Ford <A.Ford@ford-mason.co.uk>
800               Gisle Aas <gisle@aas.no>
801               Jeff Gresham <gresham_jeffrey@jpmorgan.com>
802               Murray Nesbitt <murray@activestate.com>
803               Marc Lehmann <pcg@opengroup.org>
804               Justin Banks <justinb@wamnet.com>
805               Jarkko Hietaniemi <jhi@iki.fi> (AGAIN, as perl 5.7.0 Pumpkin!)
806               Salvador Ortiz Garcia <sog@msg.com.mx>
807               Dominic Dunlop <domo@computer.org>
808               Erik Haugan <erik@solbors.no>
809               Benjamin A. Holzman <ben.holzman@grantstreet.com>
810               Reini Urban <rurban@cpan.org>
811               Todd Rinaldo <toddr@cpanel.net>
812               Aaron Crane <arc@cpan.org>
813
814       for their bug reports, suggestions and contributions.
815
816       Benjamin Holzman contributed the tied variable support, Andrew Ford
817       contributed the canonical order for hashes, and Gisle Aas fixed a few
818       misunderstandings of mine regarding the perl internals, and optimized
819       the emission of "tags" in the output streams by simply counting the
820       objects instead of tagging them (leading to a binary incompatibility
821       for the Storable image starting at version 0.6--older images are, of
822       course, still properly understood).  Murray Nesbitt made Storable
823       thread-safe.  Marc Lehmann added overloading and references to tied
824       items support.  Benjamin Holzman added a performance improvement for
825       overloaded classes; thanks to Grant Street Group for footing the bill.
826       Reini Urban took over maintainance from p5p, and added security fixes
827       and huge object support.
828

AUTHOR

830       Storable was written by Raphael Manfredi <Raphael_Manfredi@pobox.com>
831       Maintenance is now done by cperl <http://perl11.org/cperl>
832
833       Please e-mail us with problems, bug fixes, comments and complaints,
834       although if you have compliments you should send them to Raphael.
835       Please don't e-mail Raphael with problems, as he no longer works on
836       Storable, and your message will be delayed while he forwards it to us.
837

SEE ALSO

839       Clone.
840
841
842
843perl v5.28.1                      2019-04-24                       Storable(3)
Impressum