1Storable(3)           User Contributed Perl Documentation          Storable(3)
2
3
4

NAME

6       Storable - persistence for Perl data structures
7

SYNOPSIS

9        use Storable;
10        store \%table, 'file';
11        $hashref = retrieve('file');
12
13        use Storable qw(nstore store_fd nstore_fd freeze thaw dclone);
14
15        # Network order
16        nstore \%table, 'file';
17        $hashref = retrieve('file');   # There is NO nretrieve()
18
19        # Storing to and retrieving from an already opened file
20        store_fd \@array, \*STDOUT;
21        nstore_fd \%table, \*STDOUT;
22        $aryref = fd_retrieve(\*SOCKET);
23        $hashref = fd_retrieve(\*SOCKET);
24
25        # Serializing to memory
26        $serialized = freeze \%table;
27        %table_clone = %{ thaw($serialized) };
28
29        # Deep (recursive) cloning
30        $cloneref = dclone($ref);
31
32        # Advisory locking
33        use Storable qw(lock_store lock_nstore lock_retrieve)
34        lock_store \%table, 'file';
35        lock_nstore \%table, 'file';
36        $hashref = lock_retrieve('file');
37

DESCRIPTION

39       The Storable package brings persistence to your Perl data structures
40       containing SCALAR, ARRAY, HASH or REF objects, i.e. anything that can
41       be conveniently stored to disk and retrieved at a later time.
42
43       It can be used in the regular procedural way by calling "store" with a
44       reference to the object to be stored, along with the file name where
45       the image should be written.
46
47       The routine returns "undef" for I/O problems or other internal error, a
48       true value otherwise. Serious errors are propagated as a "die"
49       exception.
50
51       To retrieve data stored to disk, use "retrieve" with a file name.  The
52       objects stored into that file are recreated into memory for you, and a
53       reference to the root object is returned. In case an I/O error occurs
54       while reading, "undef" is returned instead. Other serious errors are
55       propagated via "die".
56
57       Since storage is performed recursively, you might want to stuff
58       references to objects that share a lot of common data into a single
59       array or hash table, and then store that object. That way, when you
60       retrieve back the whole thing, the objects will continue to share what
61       they originally shared.
62
63       At the cost of a slight header overhead, you may store to an already
64       opened file descriptor using the "store_fd" routine, and retrieve from
65       a file via "fd_retrieve". Those names aren't imported by default, so
66       you will have to do that explicitly if you need those routines.  The
67       file descriptor you supply must be already opened, for read if you're
68       going to retrieve and for write if you wish to store.
69
70               store_fd(\%table, *STDOUT) || die "can't store to stdout\n";
71               $hashref = fd_retrieve(*STDIN);
72
73       You can also store data in network order to allow easy sharing across
74       multiple platforms, or when storing on a socket known to be remotely
75       connected. The routines to call have an initial "n" prefix for network,
76       as in "nstore" and "nstore_fd". At retrieval time, your data will be
77       correctly restored so you don't have to know whether you're restoring
78       from native or network ordered data.  Double values are stored
79       stringified to ensure portability as well, at the slight risk of
80       loosing some precision in the last decimals.
81
82       When using "fd_retrieve", objects are retrieved in sequence, one object
83       (i.e. one recursive tree) per associated "store_fd".
84
85       If you're more from the object-oriented camp, you can inherit from
86       Storable and directly store your objects by invoking "store" as a
87       method. The fact that the root of the to-be-stored tree is a blessed
88       reference (i.e. an object) is special-cased so that the retrieve does
89       not provide a reference to that object but rather the blessed object
90       reference itself. (Otherwise, you'd get a reference to that blessed
91       object).
92

MEMORY STORE

94       The Storable engine can also store data into a Perl scalar instead, to
95       later retrieve them. This is mainly used to freeze a complex structure
96       in some safe compact memory place (where it can possibly be sent to
97       another process via some IPC, since freezing the structure also
98       serializes it in effect). Later on, and maybe somewhere else, you can
99       thaw the Perl scalar out and recreate the original complex structure in
100       memory.
101
102       Surprisingly, the routines to be called are named "freeze" and "thaw".
103       If you wish to send out the frozen scalar to another machine, use
104       "nfreeze" instead to get a portable image.
105
106       Note that freezing an object structure and immediately thawing it
107       actually achieves a deep cloning of that structure:
108
109           dclone(.) = thaw(freeze(.))
110
111       Storable provides you with a "dclone" interface which does not create
112       that intermediary scalar but instead freezes the structure in some
113       internal memory space and then immediately thaws it out.
114

ADVISORY LOCKING

116       The "lock_store" and "lock_nstore" routine are equivalent to "store"
117       and "nstore", except that they get an exclusive lock on the file before
118       writing.  Likewise, "lock_retrieve" does the same as "retrieve", but
119       also gets a shared lock on the file before reading.
120
121       As with any advisory locking scheme, the protection only works if you
122       systematically use "lock_store" and "lock_retrieve".  If one side of
123       your application uses "store" whilst the other uses "lock_retrieve",
124       you will get no protection at all.
125
126       The internal advisory locking is implemented using Perl's flock()
127       routine.  If your system does not support any form of flock(), or if
128       you share your files across NFS, you might wish to use other forms of
129       locking by using modules such as LockFile::Simple which lock a file
130       using a filesystem entry, instead of locking the file descriptor.
131

SPEED

133       The heart of Storable is written in C for decent speed. Extra low-level
134       optimizations have been made when manipulating perl internals, to
135       sacrifice encapsulation for the benefit of greater speed.
136

CANONICAL REPRESENTATION

138       Normally, Storable stores elements of hashes in the order they are
139       stored internally by Perl, i.e. pseudo-randomly.  If you set
140       $Storable::canonical to some "TRUE" value, Storable will store hashes
141       with the elements sorted by their key.  This allows you to compare data
142       structures by comparing their frozen representations (or even the
143       compressed frozen representations), which can be useful for creating
144       lookup tables for complicated queries.
145
146       Canonical order does not imply network order; those are two orthogonal
147       settings.
148

CODE REFERENCES

150       Since Storable version 2.05, CODE references may be serialized with the
151       help of B::Deparse. To enable this feature, set $Storable::Deparse to a
152       true value. To enable deserialization, $Storable::Eval should be set to
153       a true value. Be aware that deserialization is done through "eval",
154       which is dangerous if the Storable file contains malicious data. You
155       can set $Storable::Eval to a subroutine reference which would be used
156       instead of "eval". See below for an example using a Safe compartment
157       for deserialization of CODE references.
158
159       If $Storable::Deparse and/or $Storable::Eval are set to false values,
160       then the value of $Storable::forgive_me (see below) is respected while
161       serializing and deserializing.
162

FORWARD COMPATIBILITY

164       This release of Storable can be used on a newer version of Perl to
165       serialize data which is not supported by earlier Perls.  By default,
166       Storable will attempt to do the right thing, by croak()ing if it
167       encounters data that it cannot deserialize.  However, the defaults can
168       be changed as follows:
169
170       utf8 data
171           Perl 5.6 added support for Unicode characters with code points >
172           255, and Perl 5.8 has full support for Unicode characters in hash
173           keys.  Perl internally encodes strings with these characters using
174           utf8, and Storable serializes them as utf8.  By default, if an
175           older version of Perl encounters a utf8 value it cannot represent,
176           it will croak().  To change this behaviour so that Storable
177           deserializes utf8 encoded values as the string of bytes
178           (effectively dropping the is_utf8 flag) set $Storable::drop_utf8 to
179           some "TRUE" value.  This is a form of data loss, because with
180           $drop_utf8 true, it becomes impossible to tell whether the original
181           data was the Unicode string, or a series of bytes that happen to be
182           valid utf8.
183
184       restricted hashes
185           Perl 5.8 adds support for restricted hashes, which have keys
186           restricted to a given set, and can have values locked to be read
187           only.  By default, when Storable encounters a restricted hash on a
188           perl that doesn't support them, it will deserialize it as a normal
189           hash, silently discarding any placeholder keys and leaving the keys
190           and all values unlocked.  To make Storable croak() instead, set
191           $Storable::downgrade_restricted to a "FALSE" value.  To restore the
192           default set it back to some "TRUE" value.
193
194           The cperl PERL_PERTURB_KEYS_TOP hash strategy has a known problem
195           with restricted hashes.
196
197       huge objects
198           On 64bit systems some data structures may exceed the 2G (i.e.
199           I32_MAX) limit. On 32bit systems also strings between I32 and U32
200           (2G-4G).  Since Storable 3.00 (not in perl5 core) we are able to
201           store and retrieve these objects, even if perl5 itself is not able
202           to handle them.  These are strings longer then 4G, arrays with more
203           then 2G elements and hashes with more then 2G elements. cperl
204           forbids hashes with more than 2G elements, but this fail in cperl
205           then. perl5 itself at least until 5.26 allows it, but cannot
206           iterate over them.  Note that creating those objects might cause
207           out of memory exceptions by the operating system before perl has a
208           chance to abort.
209
210       files from future versions of Storable
211           Earlier versions of Storable would immediately croak if they
212           encountered a file with a higher internal version number than the
213           reading Storable knew about.  Internal version numbers are
214           increased each time new data types (such as restricted hashes) are
215           added to the vocabulary of the file format.  This meant that a
216           newer Storable module had no way of writing a file readable by an
217           older Storable, even if the writer didn't store newer data types.
218
219           This version of Storable will defer croaking until it encounters a
220           data type in the file that it does not recognize.  This means that
221           it will continue to read files generated by newer Storable modules
222           which are careful in what they write out, making it easier to
223           upgrade Storable modules in a mixed environment.
224
225           The old behaviour of immediate croaking can be re-instated by
226           setting $Storable::accept_future_minor to some "FALSE" value.
227
228       All these variables have no effect on a newer Perl which supports the
229       relevant feature.
230

ERROR REPORTING

232       Storable uses the "exception" paradigm, in that it does not try to
233       workaround failures: if something bad happens, an exception is
234       generated from the caller's perspective (see Carp and croak()).  Use
235       eval {} to trap those exceptions.
236
237       When Storable croaks, it tries to report the error via the logcroak()
238       routine from the "Log::Agent" package, if it is available.
239
240       Normal errors are reported by having store() or retrieve() return
241       "undef".  Such errors are usually I/O errors (or truncated stream
242       errors at retrieval).
243
244       When Storable throws the "Max. recursion depth with nested structures
245       exceeded" error we are already out of stack space. Unfortunately on
246       some earlier perl versions cleaning up a recursive data structure
247       recurses into the free calls, which will lead to stack overflows in the
248       cleanup. This data structure is not properly cleaned up then, it will
249       only be destroyed during global destruction.
250

WIZARDS ONLY

252   Hooks
253       Any class may define hooks that will be called during the serialization
254       and deserialization process on objects that are instances of that
255       class.  Those hooks can redefine the way serialization is performed
256       (and therefore, how the symmetrical deserialization should be
257       conducted).
258
259       Since we said earlier:
260
261           dclone(.) = thaw(freeze(.))
262
263       everything we say about hooks should also hold for deep cloning.
264       However, hooks get to know whether the operation is a mere
265       serialization, or a cloning.
266
267       Therefore, when serializing hooks are involved,
268
269           dclone(.) <> thaw(freeze(.))
270
271       Well, you could keep them in sync, but there's no guarantee it will
272       always hold on classes somebody else wrote.  Besides, there is little
273       to gain in doing so: a serializing hook could keep only one attribute
274       of an object, which is probably not what should happen during a deep
275       cloning of that same object.
276
277       Here is the hooking interface:
278
279       "STORABLE_freeze" obj, cloning
280           The serializing hook, called on the object during serialization.
281           It can be inherited, or defined in the class itself, like any other
282           method.
283
284           Arguments: obj is the object to serialize, cloning is a flag
285           indicating whether we're in a dclone() or a regular serialization
286           via store() or freeze().
287
288           Returned value: A LIST "($serialized, $ref1, $ref2, ...)" where
289           $serialized is the serialized form to be used, and the optional
290           $ref1, $ref2, etc... are extra references that you wish to let the
291           Storable engine serialize.
292
293           At deserialization time, you will be given back the same LIST, but
294           all the extra references will be pointing into the deserialized
295           structure.
296
297           The first time the hook is hit in a serialization flow, you may
298           have it return an empty list.  That will signal the Storable engine
299           to further discard that hook for this class and to therefore revert
300           to the default serialization of the underlying Perl data.  The hook
301           will again be normally processed in the next serialization.
302
303           Unless you know better, serializing hook should always say:
304
305               sub STORABLE_freeze {
306                   my ($self, $cloning) = @_;
307                   return if $cloning;         # Regular default serialization
308                   ....
309               }
310
311           in order to keep reasonable dclone() semantics.
312
313       "STORABLE_thaw" obj, cloning, serialized, ...
314           The deserializing hook called on the object during deserialization.
315           But wait: if we're deserializing, there's no object yet... right?
316
317           Wrong: the Storable engine creates an empty one for you.  If you
318           know Eiffel, you can view "STORABLE_thaw" as an alternate creation
319           routine.
320
321           This means the hook can be inherited like any other method, and
322           that obj is your blessed reference for this particular instance.
323
324           The other arguments should look familiar if you know
325           "STORABLE_freeze": cloning is true when we're part of a deep clone
326           operation, serialized is the serialized string you returned to the
327           engine in "STORABLE_freeze", and there may be an optional list of
328           references, in the same order you gave them at serialization time,
329           pointing to the deserialized objects (which have been processed
330           courtesy of the Storable engine).
331
332           When the Storable engine does not find any "STORABLE_thaw" hook
333           routine, it tries to load the class by requiring the package
334           dynamically (using the blessed package name), and then re-attempts
335           the lookup.  If at that time the hook cannot be located, the engine
336           croaks.  Note that this mechanism will fail if you define several
337           classes in the same file, but perlmod warned you.
338
339           It is up to you to use this information to populate obj the way you
340           want.
341
342           Returned value: none.
343
344       "STORABLE_attach" class, cloning, serialized
345           While "STORABLE_freeze" and "STORABLE_thaw" are useful for classes
346           where each instance is independent, this mechanism has difficulty
347           (or is incompatible) with objects that exist as common process-
348           level or system-level resources, such as singleton objects,
349           database pools, caches or memoized objects.
350
351           The alternative "STORABLE_attach" method provides a solution for
352           these shared objects. Instead of "STORABLE_freeze" -->
353           "STORABLE_thaw", you implement "STORABLE_freeze" -->
354           "STORABLE_attach" instead.
355
356           Arguments: class is the class we are attaching to, cloning is a
357           flag indicating whether we're in a dclone() or a regular de-
358           serialization via thaw(), and serialized is the stored string for
359           the resource object.
360
361           Because these resource objects are considered to be owned by the
362           entire process/system, and not the "property" of whatever is being
363           serialized, no references underneath the object should be included
364           in the serialized string. Thus, in any class that implements
365           "STORABLE_attach", the "STORABLE_freeze" method cannot return any
366           references, and "Storable" will throw an error if "STORABLE_freeze"
367           tries to return references.
368
369           All information required to "attach" back to the shared resource
370           object must be contained only in the "STORABLE_freeze" return
371           string.  Otherwise, "STORABLE_freeze" behaves as normal for
372           "STORABLE_attach" classes.
373
374           Because "STORABLE_attach" is passed the class (rather than an
375           object), it also returns the object directly, rather than modifying
376           the passed object.
377
378           Returned value: object of type "class"
379
380   Predicates
381       Predicates are not exportable.  They must be called by explicitly
382       prefixing them with the Storable package name.
383
384       "Storable::last_op_in_netorder"
385           The Storable::last_op_in_netorder() predicate will tell you whether
386           network order was used in the last store or retrieve operation.  If
387           you don't know how to use this, just forget about it.
388
389       "Storable::is_storing"
390           Returns true if within a store operation (via STORABLE_freeze
391           hook).
392
393       "Storable::is_retrieving"
394           Returns true if within a retrieve operation (via STORABLE_thaw
395           hook).
396
397   Recursion
398       With hooks comes the ability to recurse back to the Storable engine.
399       Indeed, hooks are regular Perl code, and Storable is convenient when it
400       comes to serializing and deserializing things, so why not use it to
401       handle the serialization string?
402
403       There are a few things you need to know, however:
404
405       •   From Storable 3.05 to 3.13 we probed for the stack recursion limit
406           for references, arrays and hashes to a maximal depth of
407           ~1200-35000, otherwise we might fall into a stack-overflow.  On
408           JSON::XS this limit is 512 btw.  With references not immediately
409           referencing each other there's no such limit yet, so you might fall
410           into such a stack-overflow segfault.
411
412           This probing and the checks we performed have some limitations:
413
414           •   the stack size at build time might be different at run time,
415               eg. the stack size may have been modified with ulimit(1).  If
416               it's larger at run time Storable may fail the freeze() or
417               thaw() unnecessarily.  If it's larger at build time Storable
418               may segmentation fault when processing a deep structure at run
419               time.
420
421           •   the stack size might be different in a thread.
422
423           •   array and hash recursion limits are checked separately against
424               the same recursion depth, a frozen structure with a large
425               sequence of nested arrays within many nested hashes may exhaust
426               the processor stack without triggering Storable's recursion
427               protection.
428
429           So these now have simple defaults rather than probing at build-
430           time.
431
432           You can control the maximum array and hash recursion depths by
433           modifying $Storable::recursion_limit and
434           $Storable::recursion_limit_hash respectively.  Either can be set to
435           -1 to prevent any depth checks, though this isn't recommended.
436
437           If you want to test what the limits are, the stacksize tool is
438           included in the "Storable" distribution.
439
440       •   You can create endless loops if the things you serialize via
441           freeze() (for instance) point back to the object we're trying to
442           serialize in the hook.
443
444       •   Shared references among objects will not stay shared: if we're
445           serializing the list of object [A, C] where both object A and C
446           refer to the SAME object B, and if there is a serializing hook in A
447           that says freeze(B), then when deserializing, we'll get [A', C']
448           where A' refers to B', but C' refers to D, a deep clone of B'.  The
449           topology was not preserved.
450
451       •   The maximal stack recursion limit for your system is returned by
452           stack_depth() and stack_depth_hash(). The hash limit is usually
453           half the size of the array and ref limit, as the Perl hash API is
454           not optimal.
455
456       That's why "STORABLE_freeze" lets you provide a list of references to
457       serialize.  The engine guarantees that those will be serialized in the
458       same context as the other objects, and therefore that shared objects
459       will stay shared.
460
461       In the above [A, C] example, the "STORABLE_freeze" hook could return:
462
463               ("something", $self->{B})
464
465       and the B part would be serialized by the engine.  In "STORABLE_thaw",
466       you would get back the reference to the B' object, deserialized for
467       you.
468
469       Therefore, recursion should normally be avoided, but is nonetheless
470       supported.
471
472   Deep Cloning
473       There is a Clone module available on CPAN which implements deep cloning
474       natively, i.e. without freezing to memory and thawing the result.  It
475       is aimed to replace Storable's dclone() some day.  However, it does not
476       currently support Storable hooks to redefine the way deep cloning is
477       performed.
478

Storable magic

480       Yes, there's a lot of that :-) But more precisely, in UNIX systems
481       there's a utility called "file", which recognizes data files based on
482       their contents (usually their first few bytes).  For this to work, a
483       certain file called magic needs to taught about the signature of the
484       data.  Where that configuration file lives depends on the UNIX flavour;
485       often it's something like /usr/share/misc/magic or /etc/magic.  Your
486       system administrator needs to do the updating of the magic file.  The
487       necessary signature information is output to STDOUT by invoking
488       Storable::show_file_magic().  Note that the GNU implementation of the
489       "file" utility, version 3.38 or later, is expected to contain support
490       for recognising Storable files out-of-the-box, in addition to other
491       kinds of Perl files.
492
493       You can also use the following functions to extract the file header
494       information from Storable images:
495
496       $info = Storable::file_magic( $filename )
497           If the given file is a Storable image return a hash describing it.
498           If the file is readable, but not a Storable image return "undef".
499           If the file does not exist or is unreadable then croak.
500
501           The hash returned has the following elements:
502
503           "version"
504               This returns the file format version.  It is a string like
505               "2.7".
506
507               Note that this version number is not the same as the version
508               number of the Storable module itself.  For instance Storable
509               v0.7 create files in format v2.0 and Storable v2.15 create
510               files in format v2.7.  The file format version number only
511               increment when additional features that would confuse older
512               versions of the module are added.
513
514               Files older than v2.0 will have the one of the version numbers
515               "-1", "0" or "1".  No minor number was used at that time.
516
517           "version_nv"
518               This returns the file format version as number.  It is a string
519               like "2.007".  This value is suitable for numeric comparisons.
520
521               The constant function "Storable::BIN_VERSION_NV" returns a
522               comparable number that represents the highest file version
523               number that this version of Storable fully supports (but see
524               discussion of $Storable::accept_future_minor above).  The
525               constant "Storable::BIN_WRITE_VERSION_NV" function returns what
526               file version is written and might be less than
527               "Storable::BIN_VERSION_NV" in some configurations.
528
529           "major", "minor"
530               This also returns the file format version.  If the version is
531               "2.7" then major would be 2 and minor would be 7.  The minor
532               element is missing for when major is less than 2.
533
534           "hdrsize"
535               The is the number of bytes that the Storable header occupies.
536
537           "netorder"
538               This is TRUE if the image store data in network order.  This
539               means that it was created with nstore() or similar.
540
541           "byteorder"
542               This is only present when "netorder" is FALSE.  It is the
543               $Config{byteorder} string of the perl that created this image.
544               It is a string like "1234" (32 bit little endian) or "87654321"
545               (64 bit big endian).  This must match the current perl for the
546               image to be readable by Storable.
547
548           "intsize", "longsize", "ptrsize", "nvsize"
549               These are only present when "netorder" is FALSE. These are the
550               sizes of various C datatypes of the perl that created this
551               image.  These must match the current perl for the image to be
552               readable by Storable.
553
554               The "nvsize" element is only present for file format v2.2 and
555               higher.
556
557           "file"
558               The name of the file.
559
560       $info = Storable::read_magic( $buffer )
561       $info = Storable::read_magic( $buffer, $must_be_file )
562           The $buffer should be a Storable image or the first few bytes of
563           it.  If $buffer starts with a Storable header, then a hash
564           describing the image is returned, otherwise "undef" is returned.
565
566           The hash has the same structure as the one returned by
567           Storable::file_magic().  The "file" element is true if the image is
568           a file image.
569
570           If the $must_be_file argument is provided and is TRUE, then return
571           "undef" unless the image looks like it belongs to a file dump.
572
573           The maximum size of a Storable header is currently 21 bytes.  If
574           the provided $buffer is only the first part of a Storable image it
575           should at least be this long to ensure that read_magic() will
576           recognize it as such.
577

EXAMPLES

579       Here are some code samples showing a possible usage of Storable:
580
581        use Storable qw(store retrieve freeze thaw dclone);
582
583        %color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1);
584
585        store(\%color, 'mycolors') or die "Can't store %a in mycolors!\n";
586
587        $colref = retrieve('mycolors');
588        die "Unable to retrieve from mycolors!\n" unless defined $colref;
589        printf "Blue is still %lf\n", $colref->{'Blue'};
590
591        $colref2 = dclone(\%color);
592
593        $str = freeze(\%color);
594        printf "Serialization of %%color is %d bytes long.\n", length($str);
595        $colref3 = thaw($str);
596
597       which prints (on my machine):
598
599        Blue is still 0.100000
600        Serialization of %color is 102 bytes long.
601
602       Serialization of CODE references and deserialization in a safe
603       compartment:
604
605        use Storable qw(freeze thaw);
606        use Safe;
607        use strict;
608        my $safe = new Safe;
609               # because of opcodes used in "use strict":
610        $safe->permit(qw(:default require));
611        local $Storable::Deparse = 1;
612        local $Storable::Eval = sub { $safe->reval($_[0]) };
613        my $serialized = freeze(sub { 42 });
614        my $code = thaw($serialized);
615        $code->() == 42;
616

SECURITY WARNING

618       Do not accept Storable documents from untrusted sources! There is no
619       way to configure Storable so that it can be used safely to process
620       untrusted data.  While there are various options that can be used to
621       mitigate specific security issues these options do not comprise a
622       complete safety net for the user, and processing untrusted data may
623       result in segmentation faults, remote code execution, or privilege
624       escalation.  The following lists some known features which represent
625       security issues that should be considered by users of this module.
626
627       Most obviously, the optional (off by default) CODE reference
628       serialization feature allows transfer of code to the deserializing
629       process. Furthermore, any serialized object will cause Storable to
630       helpfully load the module corresponding to the class of the object in
631       the deserializing module.  For manipulated module names, this can load
632       almost arbitrary code.  Finally, the deserialized object's destructors
633       will be invoked when the objects get destroyed in the deserializing
634       process. Maliciously crafted Storable documents may put such objects in
635       the value of a hash key that is overridden by another key/value pair in
636       the same hash, thus causing immediate destructor execution.
637
638       To disable blessing objects while thawing/retrieving remove the flag
639       "BLESS_OK" = 2 from $Storable::flags or set the 2nd argument for
640       thaw/retrieve to 0.
641
642       To disable tieing data while thawing/retrieving remove the flag
643       "TIE_OK" = 4 from $Storable::flags or set the 2nd argument for
644       thaw/retrieve to 0.
645
646       With the default setting of $Storable::flags = 6, creating or
647       destroying random objects, even renamed objects can be controlled by an
648       attacker.  See CVE-2015-1592 and its metasploit module.
649
650       If your application requires accepting data from untrusted sources, you
651       are best off with a less powerful and more-likely safe serialization
652       format and implementation.  If your data is sufficiently simple,
653       Cpanel::JSON::XS or Data::MessagePack are fine alternatives.  For more
654       complex data structures containing various Perl specific data types
655       like regular expressions or aliased data Sereal is the best alternative
656       and offers maximum interoperability.  Note that Sereal is unsafe by
657       default, but you can configure the encoder and decoder to mitigate any
658       security issues.
659

WARNING

661       If you're using references as keys within your hash tables, you're
662       bound to be disappointed when retrieving your data. Indeed, Perl
663       stringifies references used as hash table keys. If you later wish to
664       access the items via another reference stringification (i.e. using the
665       same reference that was used for the key originally to record the value
666       into the hash table), it will work because both references stringify to
667       the same string.
668
669       It won't work across a sequence of "store" and "retrieve" operations,
670       however, because the addresses in the retrieved objects, which are part
671       of the stringified references, will probably differ from the original
672       addresses. The topology of your structure is preserved, but not hidden
673       semantics like those.
674
675       On platforms where it matters, be sure to call binmode() on the
676       descriptors that you pass to Storable functions.
677
678       Storing data canonically that contains large hashes can be
679       significantly slower than storing the same data normally, as temporary
680       arrays to hold the keys for each hash have to be allocated, populated,
681       sorted and freed.  Some tests have shown a halving of the speed of
682       storing -- the exact penalty will depend on the complexity of your
683       data.  There is no slowdown on retrieval.
684

REGULAR EXPRESSIONS

686       Storable now has experimental support for storing regular expressions,
687       but there are significant limitations:
688
689       •   perl 5.8 or later is required.
690
691       •   regular expressions with code blocks, ie "/(?{ ... })/" or "/(??{
692           ... })/" will throw an exception when thawed.
693
694       •   regular expression syntax and flags have changed over the history
695           of perl, so a regular expression that you freeze in one version of
696           perl may fail to thaw or behave differently in another version of
697           perl.
698
699       •   depending on the version of perl, regular expressions can change in
700           behaviour depending on the context, but later perls will bake that
701           behaviour into the regexp.
702
703       Storable will throw an exception if a frozen regular expression cannot
704       be thawed.
705

BUGS

707       You can't store GLOB, FORMLINE, etc.... If you can define semantics for
708       those operations, feel free to enhance Storable so that it can deal
709       with them.
710
711       The store functions will "croak" if they run into such references
712       unless you set $Storable::forgive_me to some "TRUE" value. In that
713       case, the fatal message is converted to a warning and some meaningless
714       string is stored instead.
715
716       Setting $Storable::canonical may not yield frozen strings that compare
717       equal due to possible stringification of numbers. When the string
718       version of a scalar exists, it is the form stored; therefore, if you
719       happen to use your numbers as strings between two freezing operations
720       on the same data structures, you will get different results.
721
722       When storing doubles in network order, their value is stored as text.
723       However, you should also not expect non-numeric floating-point values
724       such as infinity and "not a number" to pass successfully through a
725       nstore()/retrieve() pair.
726
727       As Storable neither knows nor cares about character sets (although it
728       does know that characters may be more than eight bits wide), any
729       difference in the interpretation of character codes between a host and
730       a target system is your problem.  In particular, if host and target use
731       different code points to represent the characters used in the text
732       representation of floating-point numbers, you will not be able be able
733       to exchange floating-point data, even with nstore().
734
735       "Storable::drop_utf8" is a blunt tool.  There is no facility either to
736       return all strings as utf8 sequences, or to attempt to convert utf8
737       data back to 8 bit and croak() if the conversion fails.
738
739       Prior to Storable 2.01, no distinction was made between signed and
740       unsigned integers on storing.  By default Storable prefers to store a
741       scalars string representation (if it has one) so this would only cause
742       problems when storing large unsigned integers that had never been
743       converted to string or floating point.  In other words values that had
744       been generated by integer operations such as logic ops and then not
745       used in any string or arithmetic context before storing.
746
747   64 bit data in perl 5.6.0 and 5.6.1
748       This section only applies to you if you have existing data written out
749       by Storable 2.02 or earlier on perl 5.6.0 or 5.6.1 on Unix or Linux
750       which has been configured with 64 bit integer support (not the default)
751       If you got a precompiled perl, rather than running Configure to build
752       your own perl from source, then it almost certainly does not affect
753       you, and you can stop reading now (unless you're curious). If you're
754       using perl on Windows it does not affect you.
755
756       Storable writes a file header which contains the sizes of various C
757       language types for the C compiler that built Storable (when not writing
758       in network order), and will refuse to load files written by a Storable
759       not on the same (or compatible) architecture.  This check and a check
760       on machine byteorder is needed because the size of various fields in
761       the file are given by the sizes of the C language types, and so files
762       written on different architectures are incompatible.  This is done for
763       increased speed.  (When writing in network order, all fields are
764       written out as standard lengths, which allows full interworking, but
765       takes longer to read and write)
766
767       Perl 5.6.x introduced the ability to optional configure the perl
768       interpreter to use C's "long long" type to allow scalars to store 64
769       bit integers on 32 bit systems.  However, due to the way the Perl
770       configuration system generated the C configuration files on non-Windows
771       platforms, and the way Storable generates its header, nothing in the
772       Storable file header reflected whether the perl writing was using 32 or
773       64 bit integers, despite the fact that Storable was storing some data
774       differently in the file.  Hence Storable running on perl with 64 bit
775       integers will read the header from a file written by a 32 bit perl, not
776       realise that the data is actually in a subtly incompatible format, and
777       then go horribly wrong (possibly crashing) if it encountered a stored
778       integer.  This is a design failure.
779
780       Storable has now been changed to write out and read in a file header
781       with information about the size of integers.  It's impossible to detect
782       whether an old file being read in was written with 32 or 64 bit
783       integers (they have the same header) so it's impossible to
784       automatically switch to a correct backwards compatibility mode.  Hence
785       this Storable defaults to the new, correct behaviour.
786
787       What this means is that if you have data written by Storable 1.x
788       running on perl 5.6.0 or 5.6.1 configured with 64 bit integers on Unix
789       or Linux then by default this Storable will refuse to read it, giving
790       the error Byte order is not compatible.  If you have such data then you
791       should set $Storable::interwork_56_64bit to a true value to make this
792       Storable read and write files with the old header.  You should also
793       migrate your data, or any older perl you are communicating with, to
794       this current version of Storable.
795
796       If you don't have data written with specific configuration of perl
797       described above, then you do not and should not do anything.  Don't set
798       the flag - not only will Storable on an identically configured perl
799       refuse to load them, but Storable a differently configured perl will
800       load them believing them to be correct for it, and then may well fail
801       or crash part way through reading them.
802

CREDITS

804       Thank you to (in chronological order):
805
806               Jarkko Hietaniemi <jhi@iki.fi>
807               Ulrich Pfeifer <pfeifer@charly.informatik.uni-dortmund.de>
808               Benjamin A. Holzman <bholzman@earthlink.net>
809               Andrew Ford <A.Ford@ford-mason.co.uk>
810               Gisle Aas <gisle@aas.no>
811               Jeff Gresham <gresham_jeffrey@jpmorgan.com>
812               Murray Nesbitt <murray@activestate.com>
813               Marc Lehmann <pcg@opengroup.org>
814               Justin Banks <justinb@wamnet.com>
815               Jarkko Hietaniemi <jhi@iki.fi> (AGAIN, as perl 5.7.0 Pumpkin!)
816               Salvador Ortiz Garcia <sog@msg.com.mx>
817               Dominic Dunlop <domo@computer.org>
818               Erik Haugan <erik@solbors.no>
819               Benjamin A. Holzman <ben.holzman@grantstreet.com>
820               Reini Urban <rurban@cpan.org>
821               Todd Rinaldo <toddr@cpanel.net>
822               Aaron Crane <arc@cpan.org>
823
824       for their bug reports, suggestions and contributions.
825
826       Benjamin Holzman contributed the tied variable support, Andrew Ford
827       contributed the canonical order for hashes, and Gisle Aas fixed a few
828       misunderstandings of mine regarding the perl internals, and optimized
829       the emission of "tags" in the output streams by simply counting the
830       objects instead of tagging them (leading to a binary incompatibility
831       for the Storable image starting at version 0.6--older images are, of
832       course, still properly understood).  Murray Nesbitt made Storable
833       thread-safe.  Marc Lehmann added overloading and references to tied
834       items support.  Benjamin Holzman added a performance improvement for
835       overloaded classes; thanks to Grant Street Group for footing the bill.
836       Reini Urban took over maintenance from p5p, and added security fixes
837       and huge object support.
838

AUTHOR

840       Storable was written by Raphael Manfredi <Raphael_Manfredi@pobox.com>
841       Maintenance is now done by cperl <http://perl11.org/cperl>
842
843       Please e-mail us with problems, bug fixes, comments and complaints,
844       although if you have compliments you should send them to Raphael.
845       Please don't e-mail Raphael with problems, as he no longer works on
846       Storable, and your message will be delayed while he forwards it to us.
847

SEE ALSO

849       Clone.
850
851
852
853perl v5.38.0                      2023-07-21                       Storable(3)
Impressum