1Storable(3) User Contributed Perl Documentation Storable(3)
2
3
4
6 Storable - persistence for Perl data structures
7
9 use Storable;
10 store \%table, 'file';
11 $hashref = retrieve('file');
12
13 use Storable qw(nstore store_fd nstore_fd freeze thaw dclone);
14
15 # Network order
16 nstore \%table, 'file';
17 $hashref = retrieve('file'); # There is NO nretrieve()
18
19 # Storing to and retrieving from an already opened file
20 store_fd \@array, \*STDOUT;
21 nstore_fd \%table, \*STDOUT;
22 $aryref = fd_retrieve(\*SOCKET);
23 $hashref = fd_retrieve(\*SOCKET);
24
25 # Serializing to memory
26 $serialized = freeze \%table;
27 %table_clone = %{ thaw($serialized) };
28
29 # Deep (recursive) cloning
30 $cloneref = dclone($ref);
31
32 # Advisory locking
33 use Storable qw(lock_store lock_nstore lock_retrieve)
34 lock_store \%table, 'file';
35 lock_nstore \%table, 'file';
36 $hashref = lock_retrieve('file');
37
39 The Storable package brings persistence to your Perl data structures
40 containing SCALAR, ARRAY, HASH or REF objects, i.e. anything that can
41 be conveniently stored to disk and retrieved at a later time.
42
43 It can be used in the regular procedural way by calling "store" with a
44 reference to the object to be stored, along with the file name where
45 the image should be written.
46
47 The routine returns "undef" for I/O problems or other internal error, a
48 true value otherwise. Serious errors are propagated as a "die"
49 exception.
50
51 To retrieve data stored to disk, use "retrieve" with a file name. The
52 objects stored into that file are recreated into memory for you, and a
53 reference to the root object is returned. In case an I/O error occurs
54 while reading, "undef" is returned instead. Other serious errors are
55 propagated via "die".
56
57 Since storage is performed recursively, you might want to stuff
58 references to objects that share a lot of common data into a single
59 array or hash table, and then store that object. That way, when you
60 retrieve back the whole thing, the objects will continue to share what
61 they originally shared.
62
63 At the cost of a slight header overhead, you may store to an already
64 opened file descriptor using the "store_fd" routine, and retrieve from
65 a file via "fd_retrieve". Those names aren't imported by default, so
66 you will have to do that explicitly if you need those routines. The
67 file descriptor you supply must be already opened, for read if you're
68 going to retrieve and for write if you wish to store.
69
70 store_fd(\%table, *STDOUT) || die "can't store to stdout\n";
71 $hashref = fd_retrieve(*STDIN);
72
73 You can also store data in network order to allow easy sharing across
74 multiple platforms, or when storing on a socket known to be remotely
75 connected. The routines to call have an initial "n" prefix for network,
76 as in "nstore" and "nstore_fd". At retrieval time, your data will be
77 correctly restored so you don't have to know whether you're restoring
78 from native or network ordered data. Double values are stored
79 stringified to ensure portability as well, at the slight risk of
80 loosing some precision in the last decimals.
81
82 When using "fd_retrieve", objects are retrieved in sequence, one object
83 (i.e. one recursive tree) per associated "store_fd".
84
85 If you're more from the object-oriented camp, you can inherit from
86 Storable and directly store your objects by invoking "store" as a
87 method. The fact that the root of the to-be-stored tree is a blessed
88 reference (i.e. an object) is special-cased so that the retrieve does
89 not provide a reference to that object but rather the blessed object
90 reference itself. (Otherwise, you'd get a reference to that blessed
91 object).
92
94 The Storable engine can also store data into a Perl scalar instead, to
95 later retrieve them. This is mainly used to freeze a complex structure
96 in some safe compact memory place (where it can possibly be sent to
97 another process via some IPC, since freezing the structure also
98 serializes it in effect). Later on, and maybe somewhere else, you can
99 thaw the Perl scalar out and recreate the original complex structure in
100 memory.
101
102 Surprisingly, the routines to be called are named "freeze" and "thaw".
103 If you wish to send out the frozen scalar to another machine, use
104 "nfreeze" instead to get a portable image.
105
106 Note that freezing an object structure and immediately thawing it
107 actually achieves a deep cloning of that structure:
108
109 dclone(.) = thaw(freeze(.))
110
111 Storable provides you with a "dclone" interface which does not create
112 that intermediary scalar but instead freezes the structure in some
113 internal memory space and then immediately thaws it out.
114
116 The "lock_store" and "lock_nstore" routine are equivalent to "store"
117 and "nstore", except that they get an exclusive lock on the file before
118 writing. Likewise, "lock_retrieve" does the same as "retrieve", but
119 also gets a shared lock on the file before reading.
120
121 As with any advisory locking scheme, the protection only works if you
122 systematically use "lock_store" and "lock_retrieve". If one side of
123 your application uses "store" whilst the other uses "lock_retrieve",
124 you will get no protection at all.
125
126 The internal advisory locking is implemented using Perl's flock()
127 routine. If your system does not support any form of flock(), or if
128 you share your files across NFS, you might wish to use other forms of
129 locking by using modules such as LockFile::Simple which lock a file
130 using a filesystem entry, instead of locking the file descriptor.
131
133 The heart of Storable is written in C for decent speed. Extra low-level
134 optimizations have been made when manipulating perl internals, to
135 sacrifice encapsulation for the benefit of greater speed.
136
138 Normally, Storable stores elements of hashes in the order they are
139 stored internally by Perl, i.e. pseudo-randomly. If you set
140 $Storable::canonical to some "TRUE" value, Storable will store hashes
141 with the elements sorted by their key. This allows you to compare data
142 structures by comparing their frozen representations (or even the
143 compressed frozen representations), which can be useful for creating
144 lookup tables for complicated queries.
145
146 Canonical order does not imply network order; those are two orthogonal
147 settings.
148
150 Since Storable version 2.05, CODE references may be serialized with the
151 help of B::Deparse. To enable this feature, set $Storable::Deparse to a
152 true value. To enable deserialization, $Storable::Eval should be set to
153 a true value. Be aware that deserialization is done through "eval",
154 which is dangerous if the Storable file contains malicious data. You
155 can set $Storable::Eval to a subroutine reference which would be used
156 instead of "eval". See below for an example using a Safe compartment
157 for deserialization of CODE references.
158
159 If $Storable::Deparse and/or $Storable::Eval are set to false values,
160 then the value of $Storable::forgive_me (see below) is respected while
161 serializing and deserializing.
162
164 This release of Storable can be used on a newer version of Perl to
165 serialize data which is not supported by earlier Perls. By default,
166 Storable will attempt to do the right thing, by croak()ing if it
167 encounters data that it cannot deserialize. However, the defaults can
168 be changed as follows:
169
170 utf8 data
171 Perl 5.6 added support for Unicode characters with code points >
172 255, and Perl 5.8 has full support for Unicode characters in hash
173 keys. Perl internally encodes strings with these characters using
174 utf8, and Storable serializes them as utf8. By default, if an
175 older version of Perl encounters a utf8 value it cannot represent,
176 it will croak(). To change this behaviour so that Storable
177 deserializes utf8 encoded values as the string of bytes
178 (effectively dropping the is_utf8 flag) set $Storable::drop_utf8 to
179 some "TRUE" value. This is a form of data loss, because with
180 $drop_utf8 true, it becomes impossible to tell whether the original
181 data was the Unicode string, or a series of bytes that happen to be
182 valid utf8.
183
184 restricted hashes
185 Perl 5.8 adds support for restricted hashes, which have keys
186 restricted to a given set, and can have values locked to be read
187 only. By default, when Storable encounters a restricted hash on a
188 perl that doesn't support them, it will deserialize it as a normal
189 hash, silently discarding any placeholder keys and leaving the keys
190 and all values unlocked. To make Storable croak() instead, set
191 $Storable::downgrade_restricted to a "FALSE" value. To restore the
192 default set it back to some "TRUE" value.
193
194 The cperl PERL_PERTURB_KEYS_TOP hash strategy has a known problem
195 with restricted hashes.
196
197 huge objects
198 On 64bit systems some data structures may exceed the 2G (i.e.
199 I32_MAX) limit. On 32bit systems also strings between I32 and U32
200 (2G-4G). Since Storable 3.00 (not in perl5 core) we are able to
201 store and retrieve these objects, even if perl5 itself is not able
202 to handle them. These are strings longer then 4G, arrays with more
203 then 2G elements and hashes with more then 2G elements. cperl
204 forbids hashes with more than 2G elements, but this fail in cperl
205 then. perl5 itself at least until 5.26 allows it, but cannot
206 iterate over them. Note that creating those objects might cause
207 out of memory exceptions by the operating system before perl has a
208 chance to abort.
209
210 files from future versions of Storable
211 Earlier versions of Storable would immediately croak if they
212 encountered a file with a higher internal version number than the
213 reading Storable knew about. Internal version numbers are
214 increased each time new data types (such as restricted hashes) are
215 added to the vocabulary of the file format. This meant that a
216 newer Storable module had no way of writing a file readable by an
217 older Storable, even if the writer didn't store newer data types.
218
219 This version of Storable will defer croaking until it encounters a
220 data type in the file that it does not recognize. This means that
221 it will continue to read files generated by newer Storable modules
222 which are careful in what they write out, making it easier to
223 upgrade Storable modules in a mixed environment.
224
225 The old behaviour of immediate croaking can be re-instated by
226 setting $Storable::accept_future_minor to some "FALSE" value.
227
228 All these variables have no effect on a newer Perl which supports the
229 relevant feature.
230
232 Storable uses the "exception" paradigm, in that it does not try to
233 workaround failures: if something bad happens, an exception is
234 generated from the caller's perspective (see Carp and croak()). Use
235 eval {} to trap those exceptions.
236
237 When Storable croaks, it tries to report the error via the logcroak()
238 routine from the "Log::Agent" package, if it is available.
239
240 Normal errors are reported by having store() or retrieve() return
241 "undef". Such errors are usually I/O errors (or truncated stream
242 errors at retrieval).
243
244 When Storable throws the "Max. recursion depth with nested structures
245 exceeded" error we are already out of stack space. Unfortunately on
246 some earlier perl versions cleaning up a recursive data structure
247 recurses into the free calls, which will lead to stack overflows in the
248 cleanup. This data structure is not properly cleaned up then, it will
249 only be destroyed during global destruction.
250
252 Hooks
253 Any class may define hooks that will be called during the serialization
254 and deserialization process on objects that are instances of that
255 class. Those hooks can redefine the way serialization is performed
256 (and therefore, how the symmetrical deserialization should be
257 conducted).
258
259 Since we said earlier:
260
261 dclone(.) = thaw(freeze(.))
262
263 everything we say about hooks should also hold for deep cloning.
264 However, hooks get to know whether the operation is a mere
265 serialization, or a cloning.
266
267 Therefore, when serializing hooks are involved,
268
269 dclone(.) <> thaw(freeze(.))
270
271 Well, you could keep them in sync, but there's no guarantee it will
272 always hold on classes somebody else wrote. Besides, there is little
273 to gain in doing so: a serializing hook could keep only one attribute
274 of an object, which is probably not what should happen during a deep
275 cloning of that same object.
276
277 Here is the hooking interface:
278
279 "STORABLE_freeze" obj, cloning
280 The serializing hook, called on the object during serialization.
281 It can be inherited, or defined in the class itself, like any other
282 method.
283
284 Arguments: obj is the object to serialize, cloning is a flag
285 indicating whether we're in a dclone() or a regular serialization
286 via store() or freeze().
287
288 Returned value: A LIST "($serialized, $ref1, $ref2, ...)" where
289 $serialized is the serialized form to be used, and the optional
290 $ref1, $ref2, etc... are extra references that you wish to let the
291 Storable engine serialize.
292
293 At deserialization time, you will be given back the same LIST, but
294 all the extra references will be pointing into the deserialized
295 structure.
296
297 The first time the hook is hit in a serialization flow, you may
298 have it return an empty list. That will signal the Storable engine
299 to further discard that hook for this class and to therefore revert
300 to the default serialization of the underlying Perl data. The hook
301 will again be normally processed in the next serialization.
302
303 Unless you know better, serializing hook should always say:
304
305 sub STORABLE_freeze {
306 my ($self, $cloning) = @_;
307 return if $cloning; # Regular default serialization
308 ....
309 }
310
311 in order to keep reasonable dclone() semantics.
312
313 "STORABLE_thaw" obj, cloning, serialized, ...
314 The deserializing hook called on the object during deserialization.
315 But wait: if we're deserializing, there's no object yet... right?
316
317 Wrong: the Storable engine creates an empty one for you. If you
318 know Eiffel, you can view "STORABLE_thaw" as an alternate creation
319 routine.
320
321 This means the hook can be inherited like any other method, and
322 that obj is your blessed reference for this particular instance.
323
324 The other arguments should look familiar if you know
325 "STORABLE_freeze": cloning is true when we're part of a deep clone
326 operation, serialized is the serialized string you returned to the
327 engine in "STORABLE_freeze", and there may be an optional list of
328 references, in the same order you gave them at serialization time,
329 pointing to the deserialized objects (which have been processed
330 courtesy of the Storable engine).
331
332 When the Storable engine does not find any "STORABLE_thaw" hook
333 routine, it tries to load the class by requiring the package
334 dynamically (using the blessed package name), and then re-attempts
335 the lookup. If at that time the hook cannot be located, the engine
336 croaks. Note that this mechanism will fail if you define several
337 classes in the same file, but perlmod warned you.
338
339 It is up to you to use this information to populate obj the way you
340 want.
341
342 Returned value: none.
343
344 "STORABLE_attach" class, cloning, serialized
345 While "STORABLE_freeze" and "STORABLE_thaw" are useful for classes
346 where each instance is independent, this mechanism has difficulty
347 (or is incompatible) with objects that exist as common process-
348 level or system-level resources, such as singleton objects,
349 database pools, caches or memoized objects.
350
351 The alternative "STORABLE_attach" method provides a solution for
352 these shared objects. Instead of "STORABLE_freeze" -->
353 "STORABLE_thaw", you implement "STORABLE_freeze" -->
354 "STORABLE_attach" instead.
355
356 Arguments: class is the class we are attaching to, cloning is a
357 flag indicating whether we're in a dclone() or a regular de-
358 serialization via thaw(), and serialized is the stored string for
359 the resource object.
360
361 Because these resource objects are considered to be owned by the
362 entire process/system, and not the "property" of whatever is being
363 serialized, no references underneath the object should be included
364 in the serialized string. Thus, in any class that implements
365 "STORABLE_attach", the "STORABLE_freeze" method cannot return any
366 references, and "Storable" will throw an error if "STORABLE_freeze"
367 tries to return references.
368
369 All information required to "attach" back to the shared resource
370 object must be contained only in the "STORABLE_freeze" return
371 string. Otherwise, "STORABLE_freeze" behaves as normal for
372 "STORABLE_attach" classes.
373
374 Because "STORABLE_attach" is passed the class (rather than an
375 object), it also returns the object directly, rather than modifying
376 the passed object.
377
378 Returned value: object of type "class"
379
380 Predicates
381 Predicates are not exportable. They must be called by explicitly
382 prefixing them with the Storable package name.
383
384 "Storable::last_op_in_netorder"
385 The Storable::last_op_in_netorder() predicate will tell you whether
386 network order was used in the last store or retrieve operation. If
387 you don't know how to use this, just forget about it.
388
389 "Storable::is_storing"
390 Returns true if within a store operation (via STORABLE_freeze
391 hook).
392
393 "Storable::is_retrieving"
394 Returns true if within a retrieve operation (via STORABLE_thaw
395 hook).
396
397 Recursion
398 With hooks comes the ability to recurse back to the Storable engine.
399 Indeed, hooks are regular Perl code, and Storable is convenient when it
400 comes to serializing and deserializing things, so why not use it to
401 handle the serialization string?
402
403 There are a few things you need to know, however:
404
405 • From Storable 3.05 to 3.13 we probed for the stack recursion limit
406 for references, arrays and hashes to a maximal depth of
407 ~1200-35000, otherwise we might fall into a stack-overflow. On
408 JSON::XS this limit is 512 btw. With references not immediately
409 referencing each other there's no such limit yet, so you might fall
410 into such a stack-overflow segfault.
411
412 This probing and the checks we performed have some limitations:
413
414 • the stack size at build time might be different at run time,
415 eg. the stack size may have been modified with ulimit(1). If
416 it's larger at run time Storable may fail the freeze() or
417 thaw() unnecessarily. If it's larger at build time Storable
418 may segmentation fault when processing a deep structure at run
419 time.
420
421 • the stack size might be different in a thread.
422
423 • array and hash recursion limits are checked separately against
424 the same recursion depth, a frozen structure with a large
425 sequence of nested arrays within many nested hashes may exhaust
426 the processor stack without triggering Storable's recursion
427 protection.
428
429 So these now have simple defaults rather than probing at build-
430 time.
431
432 You can control the maximum array and hash recursion depths by
433 modifying $Storable::recursion_limit and
434 $Storable::recursion_limit_hash respectively. Either can be set to
435 -1 to prevent any depth checks, though this isn't recommended.
436
437 If you want to test what the limits are, the stacksize tool is
438 included in the "Storable" distribution.
439
440 • You can create endless loops if the things you serialize via
441 freeze() (for instance) point back to the object we're trying to
442 serialize in the hook.
443
444 • Shared references among objects will not stay shared: if we're
445 serializing the list of object [A, C] where both object A and C
446 refer to the SAME object B, and if there is a serializing hook in A
447 that says freeze(B), then when deserializing, we'll get [A', C']
448 where A' refers to B', but C' refers to D, a deep clone of B'. The
449 topology was not preserved.
450
451 • The maximal stack recursion limit for your system is returned by
452 stack_depth() and stack_depth_hash(). The hash limit is usually
453 half the size of the array and ref limit, as the Perl hash API is
454 not optimal.
455
456 That's why "STORABLE_freeze" lets you provide a list of references to
457 serialize. The engine guarantees that those will be serialized in the
458 same context as the other objects, and therefore that shared objects
459 will stay shared.
460
461 In the above [A, C] example, the "STORABLE_freeze" hook could return:
462
463 ("something", $self->{B})
464
465 and the B part would be serialized by the engine. In "STORABLE_thaw",
466 you would get back the reference to the B' object, deserialized for
467 you.
468
469 Therefore, recursion should normally be avoided, but is nonetheless
470 supported.
471
472 Deep Cloning
473 There is a Clone module available on CPAN which implements deep cloning
474 natively, i.e. without freezing to memory and thawing the result. It
475 is aimed to replace Storable's dclone() some day. However, it does not
476 currently support Storable hooks to redefine the way deep cloning is
477 performed.
478
480 Yes, there's a lot of that :-) But more precisely, in UNIX systems
481 there's a utility called "file", which recognizes data files based on
482 their contents (usually their first few bytes). For this to work, a
483 certain file called magic needs to taught about the signature of the
484 data. Where that configuration file lives depends on the UNIX flavour;
485 often it's something like /usr/share/misc/magic or /etc/magic. Your
486 system administrator needs to do the updating of the magic file. The
487 necessary signature information is output to STDOUT by invoking
488 Storable::show_file_magic(). Note that the GNU implementation of the
489 "file" utility, version 3.38 or later, is expected to contain support
490 for recognising Storable files out-of-the-box, in addition to other
491 kinds of Perl files.
492
493 You can also use the following functions to extract the file header
494 information from Storable images:
495
496 $info = Storable::file_magic( $filename )
497 If the given file is a Storable image return a hash describing it.
498 If the file is readable, but not a Storable image return "undef".
499 If the file does not exist or is unreadable then croak.
500
501 The hash returned has the following elements:
502
503 "version"
504 This returns the file format version. It is a string like
505 "2.7".
506
507 Note that this version number is not the same as the version
508 number of the Storable module itself. For instance Storable
509 v0.7 create files in format v2.0 and Storable v2.15 create
510 files in format v2.7. The file format version number only
511 increment when additional features that would confuse older
512 versions of the module are added.
513
514 Files older than v2.0 will have the one of the version numbers
515 "-1", "0" or "1". No minor number was used at that time.
516
517 "version_nv"
518 This returns the file format version as number. It is a string
519 like "2.007". This value is suitable for numeric comparisons.
520
521 The constant function "Storable::BIN_VERSION_NV" returns a
522 comparable number that represents the highest file version
523 number that this version of Storable fully supports (but see
524 discussion of $Storable::accept_future_minor above). The
525 constant "Storable::BIN_WRITE_VERSION_NV" function returns what
526 file version is written and might be less than
527 "Storable::BIN_VERSION_NV" in some configurations.
528
529 "major", "minor"
530 This also returns the file format version. If the version is
531 "2.7" then major would be 2 and minor would be 7. The minor
532 element is missing for when major is less than 2.
533
534 "hdrsize"
535 The is the number of bytes that the Storable header occupies.
536
537 "netorder"
538 This is TRUE if the image store data in network order. This
539 means that it was created with nstore() or similar.
540
541 "byteorder"
542 This is only present when "netorder" is FALSE. It is the
543 $Config{byteorder} string of the perl that created this image.
544 It is a string like "1234" (32 bit little endian) or "87654321"
545 (64 bit big endian). This must match the current perl for the
546 image to be readable by Storable.
547
548 "intsize", "longsize", "ptrsize", "nvsize"
549 These are only present when "netorder" is FALSE. These are the
550 sizes of various C datatypes of the perl that created this
551 image. These must match the current perl for the image to be
552 readable by Storable.
553
554 The "nvsize" element is only present for file format v2.2 and
555 higher.
556
557 "file"
558 The name of the file.
559
560 $info = Storable::read_magic( $buffer )
561 $info = Storable::read_magic( $buffer, $must_be_file )
562 The $buffer should be a Storable image or the first few bytes of
563 it. If $buffer starts with a Storable header, then a hash
564 describing the image is returned, otherwise "undef" is returned.
565
566 The hash has the same structure as the one returned by
567 Storable::file_magic(). The "file" element is true if the image is
568 a file image.
569
570 If the $must_be_file argument is provided and is TRUE, then return
571 "undef" unless the image looks like it belongs to a file dump.
572
573 The maximum size of a Storable header is currently 21 bytes. If
574 the provided $buffer is only the first part of a Storable image it
575 should at least be this long to ensure that read_magic() will
576 recognize it as such.
577
579 Here are some code samples showing a possible usage of Storable:
580
581 use Storable qw(store retrieve freeze thaw dclone);
582
583 %color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1);
584
585 store(\%color, 'mycolors') or die "Can't store %a in mycolors!\n";
586
587 $colref = retrieve('mycolors');
588 die "Unable to retrieve from mycolors!\n" unless defined $colref;
589 printf "Blue is still %lf\n", $colref->{'Blue'};
590
591 $colref2 = dclone(\%color);
592
593 $str = freeze(\%color);
594 printf "Serialization of %%color is %d bytes long.\n", length($str);
595 $colref3 = thaw($str);
596
597 which prints (on my machine):
598
599 Blue is still 0.100000
600 Serialization of %color is 102 bytes long.
601
602 Serialization of CODE references and deserialization in a safe
603 compartment:
604
605 use Storable qw(freeze thaw);
606 use Safe;
607 use strict;
608 my $safe = new Safe;
609 # because of opcodes used in "use strict":
610 $safe->permit(qw(:default require));
611 local $Storable::Deparse = 1;
612 local $Storable::Eval = sub { $safe->reval($_[0]) };
613 my $serialized = freeze(sub { 42 });
614 my $code = thaw($serialized);
615 $code->() == 42;
616
618 Do not accept Storable documents from untrusted sources! There is no
619 way to configure Storable so that it can be used safely to process
620 untrusted data. While there are various options that can be used to
621 mitigate specific security issues these options do not comprise a
622 complete safety net for the user, and processing untrusted data may
623 result in segmentation faults, remote code execution, or privilege
624 escalation. The following lists some known features which represent
625 security issues that should be considered by users of this module.
626
627 Most obviously, the optional (off by default) CODE reference
628 serialization feature allows transfer of code to the deserializing
629 process. Furthermore, any serialized object will cause Storable to
630 helpfully load the module corresponding to the class of the object in
631 the deserializing module. For manipulated module names, this can load
632 almost arbitrary code. Finally, the deserialized object's destructors
633 will be invoked when the objects get destroyed in the deserializing
634 process. Maliciously crafted Storable documents may put such objects in
635 the value of a hash key that is overridden by another key/value pair in
636 the same hash, thus causing immediate destructor execution.
637
638 To disable blessing objects while thawing/retrieving remove the flag
639 "BLESS_OK" = 2 from $Storable::flags or set the 2nd argument for
640 thaw/retrieve to 0.
641
642 To disable tieing data while thawing/retrieving remove the flag
643 "TIE_OK" = 4 from $Storable::flags or set the 2nd argument for
644 thaw/retrieve to 0.
645
646 With the default setting of $Storable::flags = 6, creating or
647 destroying random objects, even renamed objects can be controlled by an
648 attacker. See CVE-2015-1592 and its metasploit module.
649
650 If your application requires accepting data from untrusted sources, you
651 are best off with a less powerful and more-likely safe serialization
652 format and implementation. If your data is sufficiently simple,
653 Cpanel::JSON::XS or Data::MessagePack are fine alternatives. For more
654 complex data structures containing various Perl specific data types
655 like regular expressions or aliased data Sereal is the best alternative
656 and offers maximum interoperability. Note that Sereal is unsafe by
657 default, but you can configure the encoder and decoder to mitigate any
658 security issues.
659
661 If you're using references as keys within your hash tables, you're
662 bound to be disappointed when retrieving your data. Indeed, Perl
663 stringifies references used as hash table keys. If you later wish to
664 access the items via another reference stringification (i.e. using the
665 same reference that was used for the key originally to record the value
666 into the hash table), it will work because both references stringify to
667 the same string.
668
669 It won't work across a sequence of "store" and "retrieve" operations,
670 however, because the addresses in the retrieved objects, which are part
671 of the stringified references, will probably differ from the original
672 addresses. The topology of your structure is preserved, but not hidden
673 semantics like those.
674
675 On platforms where it matters, be sure to call binmode() on the
676 descriptors that you pass to Storable functions.
677
678 Storing data canonically that contains large hashes can be
679 significantly slower than storing the same data normally, as temporary
680 arrays to hold the keys for each hash have to be allocated, populated,
681 sorted and freed. Some tests have shown a halving of the speed of
682 storing -- the exact penalty will depend on the complexity of your
683 data. There is no slowdown on retrieval.
684
686 Storable now has experimental support for storing regular expressions,
687 but there are significant limitations:
688
689 • perl 5.8 or later is required.
690
691 • regular expressions with code blocks, ie "/(?{ ... })/" or "/(??{
692 ... })/" will throw an exception when thawed.
693
694 • regular expression syntax and flags have changed over the history
695 of perl, so a regular expression that you freeze in one version of
696 perl may fail to thaw or behave differently in another version of
697 perl.
698
699 • depending on the version of perl, regular expressions can change in
700 behaviour depending on the context, but later perls will bake that
701 behaviour into the regexp.
702
703 Storable will throw an exception if a frozen regular expression cannot
704 be thawed.
705
707 You can't store GLOB, FORMLINE, etc.... If you can define semantics for
708 those operations, feel free to enhance Storable so that it can deal
709 with them.
710
711 The store functions will "croak" if they run into such references
712 unless you set $Storable::forgive_me to some "TRUE" value. In that
713 case, the fatal message is converted to a warning and some meaningless
714 string is stored instead.
715
716 Setting $Storable::canonical may not yield frozen strings that compare
717 equal due to possible stringification of numbers. When the string
718 version of a scalar exists, it is the form stored; therefore, if you
719 happen to use your numbers as strings between two freezing operations
720 on the same data structures, you will get different results.
721
722 When storing doubles in network order, their value is stored as text.
723 However, you should also not expect non-numeric floating-point values
724 such as infinity and "not a number" to pass successfully through a
725 nstore()/retrieve() pair.
726
727 As Storable neither knows nor cares about character sets (although it
728 does know that characters may be more than eight bits wide), any
729 difference in the interpretation of character codes between a host and
730 a target system is your problem. In particular, if host and target use
731 different code points to represent the characters used in the text
732 representation of floating-point numbers, you will not be able be able
733 to exchange floating-point data, even with nstore().
734
735 "Storable::drop_utf8" is a blunt tool. There is no facility either to
736 return all strings as utf8 sequences, or to attempt to convert utf8
737 data back to 8 bit and croak() if the conversion fails.
738
739 Prior to Storable 2.01, no distinction was made between signed and
740 unsigned integers on storing. By default Storable prefers to store a
741 scalars string representation (if it has one) so this would only cause
742 problems when storing large unsigned integers that had never been
743 converted to string or floating point. In other words values that had
744 been generated by integer operations such as logic ops and then not
745 used in any string or arithmetic context before storing.
746
747 64 bit data in perl 5.6.0 and 5.6.1
748 This section only applies to you if you have existing data written out
749 by Storable 2.02 or earlier on perl 5.6.0 or 5.6.1 on Unix or Linux
750 which has been configured with 64 bit integer support (not the default)
751 If you got a precompiled perl, rather than running Configure to build
752 your own perl from source, then it almost certainly does not affect
753 you, and you can stop reading now (unless you're curious). If you're
754 using perl on Windows it does not affect you.
755
756 Storable writes a file header which contains the sizes of various C
757 language types for the C compiler that built Storable (when not writing
758 in network order), and will refuse to load files written by a Storable
759 not on the same (or compatible) architecture. This check and a check
760 on machine byteorder is needed because the size of various fields in
761 the file are given by the sizes of the C language types, and so files
762 written on different architectures are incompatible. This is done for
763 increased speed. (When writing in network order, all fields are
764 written out as standard lengths, which allows full interworking, but
765 takes longer to read and write)
766
767 Perl 5.6.x introduced the ability to optional configure the perl
768 interpreter to use C's "long long" type to allow scalars to store 64
769 bit integers on 32 bit systems. However, due to the way the Perl
770 configuration system generated the C configuration files on non-Windows
771 platforms, and the way Storable generates its header, nothing in the
772 Storable file header reflected whether the perl writing was using 32 or
773 64 bit integers, despite the fact that Storable was storing some data
774 differently in the file. Hence Storable running on perl with 64 bit
775 integers will read the header from a file written by a 32 bit perl, not
776 realise that the data is actually in a subtly incompatible format, and
777 then go horribly wrong (possibly crashing) if it encountered a stored
778 integer. This is a design failure.
779
780 Storable has now been changed to write out and read in a file header
781 with information about the size of integers. It's impossible to detect
782 whether an old file being read in was written with 32 or 64 bit
783 integers (they have the same header) so it's impossible to
784 automatically switch to a correct backwards compatibility mode. Hence
785 this Storable defaults to the new, correct behaviour.
786
787 What this means is that if you have data written by Storable 1.x
788 running on perl 5.6.0 or 5.6.1 configured with 64 bit integers on Unix
789 or Linux then by default this Storable will refuse to read it, giving
790 the error Byte order is not compatible. If you have such data then you
791 should set $Storable::interwork_56_64bit to a true value to make this
792 Storable read and write files with the old header. You should also
793 migrate your data, or any older perl you are communicating with, to
794 this current version of Storable.
795
796 If you don't have data written with specific configuration of perl
797 described above, then you do not and should not do anything. Don't set
798 the flag - not only will Storable on an identically configured perl
799 refuse to load them, but Storable a differently configured perl will
800 load them believing them to be correct for it, and then may well fail
801 or crash part way through reading them.
802
804 Thank you to (in chronological order):
805
806 Jarkko Hietaniemi <jhi@iki.fi>
807 Ulrich Pfeifer <pfeifer@charly.informatik.uni-dortmund.de>
808 Benjamin A. Holzman <bholzman@earthlink.net>
809 Andrew Ford <A.Ford@ford-mason.co.uk>
810 Gisle Aas <gisle@aas.no>
811 Jeff Gresham <gresham_jeffrey@jpmorgan.com>
812 Murray Nesbitt <murray@activestate.com>
813 Marc Lehmann <pcg@opengroup.org>
814 Justin Banks <justinb@wamnet.com>
815 Jarkko Hietaniemi <jhi@iki.fi> (AGAIN, as perl 5.7.0 Pumpkin!)
816 Salvador Ortiz Garcia <sog@msg.com.mx>
817 Dominic Dunlop <domo@computer.org>
818 Erik Haugan <erik@solbors.no>
819 Benjamin A. Holzman <ben.holzman@grantstreet.com>
820 Reini Urban <rurban@cpan.org>
821 Todd Rinaldo <toddr@cpanel.net>
822 Aaron Crane <arc@cpan.org>
823
824 for their bug reports, suggestions and contributions.
825
826 Benjamin Holzman contributed the tied variable support, Andrew Ford
827 contributed the canonical order for hashes, and Gisle Aas fixed a few
828 misunderstandings of mine regarding the perl internals, and optimized
829 the emission of "tags" in the output streams by simply counting the
830 objects instead of tagging them (leading to a binary incompatibility
831 for the Storable image starting at version 0.6--older images are, of
832 course, still properly understood). Murray Nesbitt made Storable
833 thread-safe. Marc Lehmann added overloading and references to tied
834 items support. Benjamin Holzman added a performance improvement for
835 overloaded classes; thanks to Grant Street Group for footing the bill.
836 Reini Urban took over maintenance from p5p, and added security fixes
837 and huge object support.
838
840 Storable was written by Raphael Manfredi <Raphael_Manfredi@pobox.com>
841 Maintenance is now done by cperl <http://perl11.org/cperl>
842
843 Please e-mail us with problems, bug fixes, comments and complaints,
844 although if you have compliments you should send them to Raphael.
845 Please don't e-mail Raphael with problems, as he no longer works on
846 Storable, and your message will be delayed while he forwards it to us.
847
849 Clone.
850
851
852
853perl v5.38.0 2023-07-21 Storable(3)