1Storable(3) User Contributed Perl Documentation Storable(3)
2
6 Storable - persistence for Perl data structures
7
9 use Storable;
10 store \%table, 'file';
11 $hashref = retrieve('file');
12 use Storable qw(nstore store_fd nstore_fd freeze thaw dclone);
14 # Network order
16 nstore \%table, 'file';
17 $hashref = retrieve('file'); # There is NO nretrieve()
18 # Storing to and retrieving from an already opened file
20 store_fd \@array, \*STDOUT;
21 nstore_fd \%table, \*STDOUT;
22 $aryref = fd_retrieve(\*SOCKET);
23 $hashref = fd_retrieve(\*SOCKET);
24 # Serializing to memory
26 $serialized = freeze \%table;
27 %table_clone = %{ thaw($serialized) };
28 # Deep (recursive) cloning
30 $cloneref = dclone($ref);
31 # Advisory locking
33 use Storable qw(lock_store lock_nstore lock_retrieve)
34 lock_store \%table, 'file';
35 lock_nstore \%table, 'file';
36 $hashref = lock_retrieve('file');
37
39 The Storable package brings persistence to your Perl data structures
40 containing SCALAR, ARRAY, HASH or REF objects, i.e. anything that can
41 be conveniently stored to disk and retrieved at a later time.
42 It can be used in the regular procedural way by calling "store" with a
44 reference to the object to be stored, along with the file name where
45 the image should be written.
46 The routine returns "undef" for I/O problems or other internal error, a
48 true value otherwise. Serious errors are propagated as a "die"
49 exception.
50 To retrieve data stored to disk, use "retrieve" with a file name. The
52 objects stored into that file are recreated into memory for you, and a
53 reference to the root object is returned. In case an I/O error occurs
54 while reading, "undef" is returned instead. Other serious errors are
55 propagated via "die".
56 Since storage is performed recursively, you might want to stuff
58 references to objects that share a lot of common data into a single
59 array or hash table, and then store that object. That way, when you
60 retrieve back the whole thing, the objects will continue to share what
61 they originally shared.
62 At the cost of a slight header overhead, you may store to an already
64 opened file descriptor using the "store_fd" routine, and retrieve from
65 a file via "fd_retrieve". Those names aren't imported by default, so
66 you will have to do that explicitly if you need those routines. The
67 file descriptor you supply must be already opened, for read if you're
68 going to retrieve and for write if you wish to store.
69 store_fd(\%table, *STDOUT) || die "can't store to stdout\n";
71 $hashref = fd_retrieve(*STDIN);
72 You can also store data in network order to allow easy sharing across
74 multiple platforms, or when storing on a socket known to be remotely
75 connected. The routines to call have an initial "n" prefix for network,
76 as in "nstore" and "nstore_fd". At retrieval time, your data will be
77 correctly restored so you don't have to know whether you're restoring
78 from native or network ordered data. Double values are stored
79 stringified to ensure portability as well, at the slight risk of
80 loosing some precision in the last decimals.
81 When using "fd_retrieve", objects are retrieved in sequence, one object
83 (i.e. one recursive tree) per associated "store_fd".
84 If you're more from the object-oriented camp, you can inherit from
86 Storable and directly store your objects by invoking "store" as a
87 method. The fact that the root of the to-be-stored tree is a blessed
88 reference (i.e. an object) is special-cased so that the retrieve does
89 not provide a reference to that object but rather the blessed object
90 reference itself. (Otherwise, you'd get a reference to that blessed
91 object).
92
94 The Storable engine can also store data into a Perl scalar instead, to
95 later retrieve them. This is mainly used to freeze a complex structure
96 in some safe compact memory place (where it can possibly be sent to
97 another process via some IPC, since freezing the structure also
98 serializes it in effect). Later on, and maybe somewhere else, you can
99 thaw the Perl scalar out and recreate the original complex structure in
100 memory.
101 Surprisingly, the routines to be called are named "freeze" and "thaw".
103 If you wish to send out the frozen scalar to another machine, use
104 "nfreeze" instead to get a portable image.
105 Note that freezing an object structure and immediately thawing it
107 actually achieves a deep cloning of that structure:
108 dclone(.) = thaw(freeze(.))
110 Storable provides you with a "dclone" interface which does not create
112 that intermediary scalar but instead freezes the structure in some
113 internal memory space and then immediately thaws it out.
114
116 The "lock_store" and "lock_nstore" routine are equivalent to "store"
117 and "nstore", except that they get an exclusive lock on the file before
118 writing. Likewise, "lock_retrieve" does the same as "retrieve", but
119 also gets a shared lock on the file before reading.
120 As with any advisory locking scheme, the protection only works if you
122 systematically use "lock_store" and "lock_retrieve". If one side of
123 your application uses "store" whilst the other uses "lock_retrieve",
124 you will get no protection at all.
125 The internal advisory locking is implemented using Perl's flock()
127 routine. If your system does not support any form of flock(), or if
128 you share your files across NFS, you might wish to use other forms of
129 locking by using modules such as LockFile::Simple which lock a file
130 using a filesystem entry, instead of locking the file descriptor.
131
133 The heart of Storable is written in C for decent speed. Extra low-level
134 optimizations have been made when manipulating perl internals, to
135 sacrifice encapsulation for the benefit of greater speed.
136
138 Normally, Storable stores elements of hashes in the order they are
139 stored internally by Perl, i.e. pseudo-randomly. If you set
140 $Storable::canonical to some "TRUE" value, Storable will store hashes
141 with the elements sorted by their key. This allows you to compare data
142 structures by comparing their frozen representations (or even the
143 compressed frozen representations), which can be useful for creating
144 lookup tables for complicated queries.
145 Canonical order does not imply network order; those are two orthogonal
147 settings.
148
150 Since Storable version 2.05, CODE references may be serialized with the
151 help of B::Deparse. To enable this feature, set $Storable::Deparse to a
152 true value. To enable deserialization, $Storable::Eval should be set to
153 a true value. Be aware that deserialization is done through "eval",
154 which is dangerous if the Storable file contains malicious data. You
155 can set $Storable::Eval to a subroutine reference which would be used
156 instead of "eval". See below for an example using a Safe compartment
157 for deserialization of CODE references.
158 If $Storable::Deparse and/or $Storable::Eval are set to false values,
160 then the value of $Storable::forgive_me (see below) is respected while
161 serializing and deserializing.
162
164 This release of Storable can be used on a newer version of Perl to
165 serialize data which is not supported by earlier Perls. By default,
166 Storable will attempt to do the right thing, by croak()ing if it
167 encounters data that it cannot deserialize. However, the defaults can
168 be changed as follows:
169 utf8 data
171 Perl 5.6 added support for Unicode characters with code points >
172 255, and Perl 5.8 has full support for Unicode characters in hash
173 keys. Perl internally encodes strings with these characters using
174 utf8, and Storable serializes them as utf8. By default, if an
175 older version of Perl encounters a utf8 value it cannot represent,
176 it will croak(). To change this behaviour so that Storable
177 deserializes utf8 encoded values as the string of bytes
178 (effectively dropping the is_utf8 flag) set $Storable::drop_utf8 to
179 some "TRUE" value. This is a form of data loss, because with
180 $drop_utf8 true, it becomes impossible to tell whether the original
181 data was the Unicode string, or a series of bytes that happen to be
182 valid utf8.
183 restricted hashes
185 Perl 5.8 adds support for restricted hashes, which have keys
186 restricted to a given set, and can have values locked to be read
187 only. By default, when Storable encounters a restricted hash on a
188 perl that doesn't support them, it will deserialize it as a normal
189 hash, silently discarding any placeholder keys and leaving the keys
190 and all values unlocked. To make Storable croak() instead, set
191 $Storable::downgrade_restricted to a "FALSE" value. To restore the
192 default set it back to some "TRUE" value.
193 The cperl PERL_PERTURB_KEYS_TOP hash strategy has a known problem
195 with restricted hashes.
196 huge objects
198 On 64bit systems some data structures may exceed the 2G (i.e.
199 I32_MAX) limit. On 32bit systems also strings between I32 and U32
200 (2G-4G). Since Storable 3.00 (not in perl5 core) we are able to
201 store and retrieve these objects, even if perl5 itself is not able
202 to handle them. These are strings longer then 4G, arrays with more
203 then 2G elements and hashes with more then 2G elements. cperl
204 forbids hashes with more than 2G elements, but this fail in cperl
205 then. perl5 itself at least until 5.26 allows it, but cannot
206 iterate over them. Note that creating those objects might cause
207 out of memory exceptions by the operating system before perl has a
208 chance to abort.
209 files from future versions of Storable
211 Earlier versions of Storable would immediately croak if they
212 encountered a file with a higher internal version number than the
213 reading Storable knew about. Internal version numbers are
214 increased each time new data types (such as restricted hashes) are
215 added to the vocabulary of the file format. This meant that a
216 newer Storable module had no way of writing a file readable by an
217 older Storable, even if the writer didn't store newer data types.
218 This version of Storable will defer croaking until it encounters a
220 data type in the file that it does not recognize. This means that
221 it will continue to read files generated by newer Storable modules
222 which are careful in what they write out, making it easier to
223 upgrade Storable modules in a mixed environment.
224 The old behaviour of immediate croaking can be re-instated by
226 setting $Storable::accept_future_minor to some "FALSE" value.
227 All these variables have no effect on a newer Perl which supports the
229 relevant feature.
230
232 Storable uses the "exception" paradigm, in that it does not try to
233 workaround failures: if something bad happens, an exception is
234 generated from the caller's perspective (see Carp and croak()). Use
235 eval {} to trap those exceptions.
236 When Storable croaks, it tries to report the error via the logcroak()
238 routine from the "Log::Agent" package, if it is available.
239 Normal errors are reported by having store() or retrieve() return
241 "undef". Such errors are usually I/O errors (or truncated stream
242 errors at retrieval).
243 When Storable throws the "Max. recursion depth with nested structures
245 exceeded" error we are already out of stack space. Unfortunately on
246 some earlier perl versions cleaning up a recursive data structure
247 recurses into the free calls, which will lead to stack overflows in the
248 cleanup. This data structure is not properly cleaned up then, it will
249 only be destroyed during global destruction.
250
252 Hooks
253 Any class may define hooks that will be called during the serialization
254 and deserialization process on objects that are instances of that
255 class. Those hooks can redefine the way serialization is performed
256 (and therefore, how the symmetrical deserialization should be
257 conducted).
258 Since we said earlier:
260 dclone(.) = thaw(freeze(.))
262 everything we say about hooks should also hold for deep cloning.
264 However, hooks get to know whether the operation is a mere
265 serialization, or a cloning.
266 Therefore, when serializing hooks are involved,
268 dclone(.) <> thaw(freeze(.))
270 Well, you could keep them in sync, but there's no guarantee it will
272 always hold on classes somebody else wrote. Besides, there is little
273 to gain in doing so: a serializing hook could keep only one attribute
274 of an object, which is probably not what should happen during a deep
275 cloning of that same object.
276 Here is the hooking interface:
278 "STORABLE_freeze" obj, cloning
280 The serializing hook, called on the object during serialization.
281 It can be inherited, or defined in the class itself, like any other
282 method.
283 Arguments: obj is the object to serialize, cloning is a flag
285 indicating whether we're in a dclone() or a regular serialization
286 via store() or freeze().
287 Returned value: A LIST "($serialized, $ref1, $ref2, ...)" where
289 $serialized is the serialized form to be used, and the optional
290 $ref1, $ref2, etc... are extra references that you wish to let the
291 Storable engine serialize.
292 At deserialization time, you will be given back the same LIST, but
294 all the extra references will be pointing into the deserialized
295 structure.
296 The first time the hook is hit in a serialization flow, you may
298 have it return an empty list. That will signal the Storable engine
299 to further discard that hook for this class and to therefore revert
300 to the default serialization of the underlying Perl data. The hook
301 will again be normally processed in the next serialization.
302 Unless you know better, serializing hook should always say:
304 sub STORABLE_freeze {
306 my ($self, $cloning) = @_;
307 return if $cloning; # Regular default serialization
308 ....
309 }
310 in order to keep reasonable dclone() semantics.
312 "STORABLE_thaw" obj, cloning, serialized, ...
314 The deserializing hook called on the object during deserialization.
315 But wait: if we're deserializing, there's no object yet... right?
316 Wrong: the Storable engine creates an empty one for you. If you
318 know Eiffel, you can view "STORABLE_thaw" as an alternate creation
319 routine.
320 This means the hook can be inherited like any other method, and
322 that obj is your blessed reference for this particular instance.
323 The other arguments should look familiar if you know
325 "STORABLE_freeze": cloning is true when we're part of a deep clone
326 operation, serialized is the serialized string you returned to the
327 engine in "STORABLE_freeze", and there may be an optional list of
328 references, in the same order you gave them at serialization time,
329 pointing to the deserialized objects (which have been processed
330 courtesy of the Storable engine).
331 When the Storable engine does not find any "STORABLE_thaw" hook
333 routine, it tries to load the class by requiring the package
334 dynamically (using the blessed package name), and then re-attempts
335 the lookup. If at that time the hook cannot be located, the engine
336 croaks. Note that this mechanism will fail if you define several
337 classes in the same file, but perlmod warned you.
338 It is up to you to use this information to populate obj the way you
340 want.
341 Returned value: none.
343 "STORABLE_attach" class, cloning, serialized
345 While "STORABLE_freeze" and "STORABLE_thaw" are useful for classes
346 where each instance is independent, this mechanism has difficulty
347 (or is incompatible) with objects that exist as common process-
348 level or system-level resources, such as singleton objects,
349 database pools, caches or memoized objects.
350 The alternative "STORABLE_attach" method provides a solution for
352 these shared objects. Instead of "STORABLE_freeze" -->
353 "STORABLE_thaw", you implement "STORABLE_freeze" -->
354 "STORABLE_attach" instead.
355 Arguments: class is the class we are attaching to, cloning is a
357 flag indicating whether we're in a dclone() or a regular de-
358 serialization via thaw(), and serialized is the stored string for
359 the resource object.
360 Because these resource objects are considered to be owned by the
362 entire process/system, and not the "property" of whatever is being
363 serialized, no references underneath the object should be included
364 in the serialized string. Thus, in any class that implements
365 "STORABLE_attach", the "STORABLE_freeze" method cannot return any
366 references, and "Storable" will throw an error if "STORABLE_freeze"
367 tries to return references.
368 All information required to "attach" back to the shared resource
370 object must be contained only in the "STORABLE_freeze" return
371 string. Otherwise, "STORABLE_freeze" behaves as normal for
372 "STORABLE_attach" classes.
373 Because "STORABLE_attach" is passed the class (rather than an
375 object), it also returns the object directly, rather than modifying
376 the passed object.
377 Returned value: object of type "class"
379 Predicates
381 Predicates are not exportable. They must be called by explicitly
382 prefixing them with the Storable package name.
383 "Storable::last_op_in_netorder"
385 The Storable::last_op_in_netorder() predicate will tell you whether
386 network order was used in the last store or retrieve operation. If
387 you don't know how to use this, just forget about it.
388 "Storable::is_storing"
390 Returns true if within a store operation (via STORABLE_freeze
391 hook).
392 "Storable::is_retrieving"
394 Returns true if within a retrieve operation (via STORABLE_thaw
395 hook).
396 Recursion
398 With hooks comes the ability to recurse back to the Storable engine.
399 Indeed, hooks are regular Perl code, and Storable is convenient when it
400 comes to serializing and deserializing things, so why not use it to
401 handle the serialization string?
402 There are a few things you need to know, however:
404 • From Storable 3.05 to 3.13 we probed for the stack recursion limit
406 for references, arrays and hashes to a maximal depth of
407 ~1200-35000, otherwise we might fall into a stack-overflow. On
408 JSON::XS this limit is 512 btw. With references not immediately
409 referencing each other there's no such limit yet, so you might fall
410 into such a stack-overflow segfault.
411 This probing and the checks we performed have some limitations:
413 • the stack size at build time might be different at run time,
415 eg. the stack size may have been modified with ulimit(1). If
416 it's larger at run time Storable may fail the freeze() or
417 thaw() unnecessarily. If it's larger at build time Storable
418 may segmentation fault when processing a deep structure at run
419 time.
420 • the stack size might be different in a thread.
422 • array and hash recursion limits are checked separately against
424 the same recursion depth, a frozen structure with a large
425 sequence of nested arrays within many nested hashes may exhaust
426 the processor stack without triggering Storable's recursion
427 protection.
428 So these now have simple defaults rather than probing at build-
430 time.
431 You can control the maximum array and hash recursion depths by
433 modifying $Storable::recursion_limit and
434 $Storable::recursion_limit_hash respectively. Either can be set to
435 -1 to prevent any depth checks, though this isn't recommended.
436 If you want to test what the limits are, the stacksize tool is
438 included in the "Storable" distribution.
439 • You can create endless loops if the things you serialize via
441 freeze() (for instance) point back to the object we're trying to
442 serialize in the hook.
443 • Shared references among objects will not stay shared: if we're
445 serializing the list of object [A, C] where both object A and C
446 refer to the SAME object B, and if there is a serializing hook in A
447 that says freeze(B), then when deserializing, we'll get [A', C']
448 where A' refers to B', but C' refers to D, a deep clone of B'. The
449 topology was not preserved.
450 • The maximal stack recursion limit for your system is returned by
452 stack_depth() and stack_depth_hash(). The hash limit is usually
453 half the size of the array and ref limit, as the Perl hash API is
454 not optimal.
455 That's why "STORABLE_freeze" lets you provide a list of references to
457 serialize. The engine guarantees that those will be serialized in the
458 same context as the other objects, and therefore that shared objects
459 will stay shared.
460 In the above [A, C] example, the "STORABLE_freeze" hook could return:
462 ("something", $self->{B})
464 and the B part would be serialized by the engine. In "STORABLE_thaw",
466 you would get back the reference to the B' object, deserialized for
467 you.
468 Therefore, recursion should normally be avoided, but is nonetheless
470 supported.
471 Deep Cloning
473 There is a Clone module available on CPAN which implements deep cloning
474 natively, i.e. without freezing to memory and thawing the result. It
475 is aimed to replace Storable's dclone() some day. However, it does not
476 currently support Storable hooks to redefine the way deep cloning is
477 performed.
478
480 Yes, there's a lot of that :-) But more precisely, in UNIX systems
481 there's a utility called "file", which recognizes data files based on
482 their contents (usually their first few bytes). For this to work, a
483 certain file called magic needs to taught about the signature of the
484 data. Where that configuration file lives depends on the UNIX flavour;
485 often it's something like /usr/share/misc/magic or /etc/magic. Your
486 system administrator needs to do the updating of the magic file. The
487 necessary signature information is output to STDOUT by invoking
488 Storable::show_file_magic(). Note that the GNU implementation of the
489 "file" utility, version 3.38 or later, is expected to contain support
490 for recognising Storable files out-of-the-box, in addition to other
491 kinds of Perl files.
492 You can also use the following functions to extract the file header
494 information from Storable images:
495 $info = Storable::file_magic( $filename )
497 If the given file is a Storable image return a hash describing it.
498 If the file is readable, but not a Storable image return "undef".
499 If the file does not exist or is unreadable then croak.
500 The hash returned has the following elements:
502 "version"
504 This returns the file format version. It is a string like
505 "2.7".
506 Note that this version number is not the same as the version
508 number of the Storable module itself. For instance Storable
509 v0.7 create files in format v2.0 and Storable v2.15 create
510 files in format v2.7. The file format version number only
511 increment when additional features that would confuse older
512 versions of the module are added.
513 Files older than v2.0 will have the one of the version numbers
515 "-1", "0" or "1". No minor number was used at that time.
516 "version_nv"
518 This returns the file format version as number. It is a string
519 like "2.007". This value is suitable for numeric comparisons.
520 The constant function "Storable::BIN_VERSION_NV" returns a
522 comparable number that represents the highest file version
523 number that this version of Storable fully supports (but see
524 discussion of $Storable::accept_future_minor above). The
525 constant "Storable::BIN_WRITE_VERSION_NV" function returns what
526 file version is written and might be less than
527 "Storable::BIN_VERSION_NV" in some configurations.
528 "major", "minor"
530 This also returns the file format version. If the version is
531 "2.7" then major would be 2 and minor would be 7. The minor
532 element is missing for when major is less than 2.
533 "hdrsize"
535 The is the number of bytes that the Storable header occupies.
536 "netorder"
538 This is TRUE if the image store data in network order. This
539 means that it was created with nstore() or similar.
540 "byteorder"
542 This is only present when "netorder" is FALSE. It is the
543 $Config{byteorder} string of the perl that created this image.
544 It is a string like "1234" (32 bit little endian) or "87654321"
545 (64 bit big endian). This must match the current perl for the
546 image to be readable by Storable.
547 "intsize", "longsize", "ptrsize", "nvsize"
549 These are only present when "netorder" is FALSE. These are the
550 sizes of various C datatypes of the perl that created this
551 image. These must match the current perl for the image to be
552 readable by Storable.
553 The "nvsize" element is only present for file format v2.2 and
555 higher.
556 "file"
558 The name of the file.
559 $info = Storable::read_magic( $buffer )
561 $info = Storable::read_magic( $buffer, $must_be_file )
562 The $buffer should be a Storable image or the first few bytes of
563 it. If $buffer starts with a Storable header, then a hash
564 describing the image is returned, otherwise "undef" is returned.
565 The hash has the same structure as the one returned by
567 Storable::file_magic(). The "file" element is true if the image is
568 a file image.
569 If the $must_be_file argument is provided and is TRUE, then return
571 "undef" unless the image looks like it belongs to a file dump.
572 The maximum size of a Storable header is currently 21 bytes. If
574 the provided $buffer is only the first part of a Storable image it
575 should at least be this long to ensure that read_magic() will
576 recognize it as such.
577
579 Here are some code samples showing a possible usage of Storable:
580 use Storable qw(store retrieve freeze thaw dclone);
582 %color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1);
584 store(\%color, 'mycolors') or die "Can't store %a in mycolors!\n";
586 $colref = retrieve('mycolors');
588 die "Unable to retrieve from mycolors!\n" unless defined $colref;
589 printf "Blue is still %lf\n", $colref->{'Blue'};
590 $colref2 = dclone(\%color);
592 $str = freeze(\%color);
594 printf "Serialization of %%color is %d bytes long.\n", length($str);
595 $colref3 = thaw($str);
596 which prints (on my machine):
598 Blue is still 0.100000
600 Serialization of %color is 102 bytes long.
601 Serialization of CODE references and deserialization in a safe
603 compartment:
604 use Storable qw(freeze thaw);
606 use Safe;
607 use strict;
608 my $safe = new Safe;
609 # because of opcodes used in "use strict":
610 $safe->permit(qw(:default require));
611 local $Storable::Deparse = 1;
612 local $Storable::Eval = sub { $safe->reval($_[0]) };
613 my $serialized = freeze(sub { 42 });
614 my $code = thaw($serialized);
615 $code->() == 42;
616
618 Do not accept Storable documents from untrusted sources! There is no
619 way to configure Storable so that it can be used safely to process
620 untrusted data. While there are various options that can be used to
621 mitigate specific security issues these options do not comprise a
622 complete safety net for the user, and processing untrusted data may
623 result in segmentation faults, remote code execution, or privilege
624 escalation. The following lists some known features which represent
625 security issues that should be considered by users of this module.
626 Most obviously, the optional (off by default) CODE reference
628 serialization feature allows transfer of code to the deserializing
629 process. Furthermore, any serialized object will cause Storable to
630 helpfully load the module corresponding to the class of the object in
631 the deserializing module. For manipulated module names, this can load
632 almost arbitrary code. Finally, the deserialized object's destructors
633 will be invoked when the objects get destroyed in the deserializing
634 process. Maliciously crafted Storable documents may put such objects in
635 the value of a hash key that is overridden by another key/value pair in
636 the same hash, thus causing immediate destructor execution.
637 To disable blessing objects while thawing/retrieving remove the flag
639 "BLESS_OK" = 2 from $Storable::flags or set the 2nd argument for
640 thaw/retrieve to 0.
641 To disable tieing data while thawing/retrieving remove the flag
643 "TIE_OK" = 4 from $Storable::flags or set the 2nd argument for
644 thaw/retrieve to 0.
645 With the default setting of $Storable::flags = 6, creating or
647 destroying random objects, even renamed objects can be controlled by an
648 attacker. See CVE-2015-1592 and its metasploit module.
649 If your application requires accepting data from untrusted sources, you
651 are best off with a less powerful and more-likely safe serialization
652 format and implementation. If your data is sufficiently simple,
653 Cpanel::JSON::XS or Data::MessagePack are fine alternatives. For more
654 complex data structures containing various Perl specific data types
655 like regular expressions or aliased data Sereal is the best alternative
656 and offers maximum interoperability. Note that Sereal is unsafe by
657 default, but you can configure the encoder and decoder to mitigate any
658 security issues.
659
661 If you're using references as keys within your hash tables, you're
662 bound to be disappointed when retrieving your data. Indeed, Perl
663 stringifies references used as hash table keys. If you later wish to
664 access the items via another reference stringification (i.e. using the
665 same reference that was used for the key originally to record the value
666 into the hash table), it will work because both references stringify to
667 the same string.
668 It won't work across a sequence of "store" and "retrieve" operations,
670 however, because the addresses in the retrieved objects, which are part
671 of the stringified references, will probably differ from the original
672 addresses. The topology of your structure is preserved, but not hidden
673 semantics like those.
674 On platforms where it matters, be sure to call binmode() on the
676 descriptors that you pass to Storable functions.
677 Storing data canonically that contains large hashes can be
679 significantly slower than storing the same data normally, as temporary
680 arrays to hold the keys for each hash have to be allocated, populated,
681 sorted and freed. Some tests have shown a halving of the speed of
682 storing -- the exact penalty will depend on the complexity of your
683 data. There is no slowdown on retrieval.
684
686 Storable now has experimental support for storing regular expressions,
687 but there are significant limitations:
688 • perl 5.8 or later is required.
690 • regular expressions with code blocks, ie "/(?{ ... })/" or "/(??{
692 ... })/" will throw an exception when thawed.
693 • regular expression syntax and flags have changed over the history
695 of perl, so a regular expression that you freeze in one version of
696 perl may fail to thaw or behave differently in another version of
697 perl.
698 • depending on the version of perl, regular expressions can change in
700 behaviour depending on the context, but later perls will bake that
701 behaviour into the regexp.
702 Storable will throw an exception if a frozen regular expression cannot
704 be thawed.
705
707 You can't store GLOB, FORMLINE, etc.... If you can define semantics for
708 those operations, feel free to enhance Storable so that it can deal
709 with them.
710 The store functions will "croak" if they run into such references
712 unless you set $Storable::forgive_me to some "TRUE" value. In that
713 case, the fatal message is converted to a warning and some meaningless
714 string is stored instead.
715 Setting $Storable::canonical may not yield frozen strings that compare
717 equal due to possible stringification of numbers. When the string
718 version of a scalar exists, it is the form stored; therefore, if you
719 happen to use your numbers as strings between two freezing operations
720 on the same data structures, you will get different results.
721 When storing doubles in network order, their value is stored as text.
723 However, you should also not expect non-numeric floating-point values
724 such as infinity and "not a number" to pass successfully through a
725 nstore()/retrieve() pair.
726 As Storable neither knows nor cares about character sets (although it
728 does know that characters may be more than eight bits wide), any
729 difference in the interpretation of character codes between a host and
730 a target system is your problem. In particular, if host and target use
731 different code points to represent the characters used in the text
732 representation of floating-point numbers, you will not be able be able
733 to exchange floating-point data, even with nstore().
734 "Storable::drop_utf8" is a blunt tool. There is no facility either to
736 return all strings as utf8 sequences, or to attempt to convert utf8
737 data back to 8 bit and croak() if the conversion fails.
738 Prior to Storable 2.01, no distinction was made between signed and
740 unsigned integers on storing. By default Storable prefers to store a
741 scalars string representation (if it has one) so this would only cause
742 problems when storing large unsigned integers that had never been
743 converted to string or floating point. In other words values that had
744 been generated by integer operations such as logic ops and then not
745 used in any string or arithmetic context before storing.
746 64 bit data in perl 5.6.0 and 5.6.1
748 This section only applies to you if you have existing data written out
749 by Storable 2.02 or earlier on perl 5.6.0 or 5.6.1 on Unix or Linux
750 which has been configured with 64 bit integer support (not the default)
751 If you got a precompiled perl, rather than running Configure to build
752 your own perl from source, then it almost certainly does not affect
753 you, and you can stop reading now (unless you're curious). If you're
754 using perl on Windows it does not affect you.
755 Storable writes a file header which contains the sizes of various C
757 language types for the C compiler that built Storable (when not writing
758 in network order), and will refuse to load files written by a Storable
759 not on the same (or compatible) architecture. This check and a check
760 on machine byteorder is needed because the size of various fields in
761 the file are given by the sizes of the C language types, and so files
762 written on different architectures are incompatible. This is done for
763 increased speed. (When writing in network order, all fields are
764 written out as standard lengths, which allows full interworking, but
765 takes longer to read and write)
766 Perl 5.6.x introduced the ability to optional configure the perl
768 interpreter to use C's "long long" type to allow scalars to store 64
769 bit integers on 32 bit systems. However, due to the way the Perl
770 configuration system generated the C configuration files on non-Windows
771 platforms, and the way Storable generates its header, nothing in the
772 Storable file header reflected whether the perl writing was using 32 or
773 64 bit integers, despite the fact that Storable was storing some data
774 differently in the file. Hence Storable running on perl with 64 bit
775 integers will read the header from a file written by a 32 bit perl, not
776 realise that the data is actually in a subtly incompatible format, and
777 then go horribly wrong (possibly crashing) if it encountered a stored
778 integer. This is a design failure.
779 Storable has now been changed to write out and read in a file header
781 with information about the size of integers. It's impossible to detect
782 whether an old file being read in was written with 32 or 64 bit
783 integers (they have the same header) so it's impossible to
784 automatically switch to a correct backwards compatibility mode. Hence
785 this Storable defaults to the new, correct behaviour.
786 What this means is that if you have data written by Storable 1.x
788 running on perl 5.6.0 or 5.6.1 configured with 64 bit integers on Unix
789 or Linux then by default this Storable will refuse to read it, giving
790 the error Byte order is not compatible. If you have such data then you
791 should set $Storable::interwork_56_64bit to a true value to make this
792 Storable read and write files with the old header. You should also
793 migrate your data, or any older perl you are communicating with, to
794 this current version of Storable.
795 If you don't have data written with specific configuration of perl
797 described above, then you do not and should not do anything. Don't set
798 the flag - not only will Storable on an identically configured perl
799 refuse to load them, but Storable a differently configured perl will
800 load them believing them to be correct for it, and then may well fail
801 or crash part way through reading them.
802
804 Thank you to (in chronological order):
805 Jarkko Hietaniemi <jhi@iki.fi>
807 Ulrich Pfeifer <pfeifer@charly.informatik.uni-dortmund.de>
808 Benjamin A. Holzman <bholzman@earthlink.net>
809 Andrew Ford <A.Ford@ford-mason.co.uk>
810 Gisle Aas <gisle@aas.no>
811 Jeff Gresham <gresham_jeffrey@jpmorgan.com>
812 Murray Nesbitt <murray@activestate.com>
813 Marc Lehmann <pcg@opengroup.org>
814 Justin Banks <justinb@wamnet.com>
815 Jarkko Hietaniemi <jhi@iki.fi> (AGAIN, as perl 5.7.0 Pumpkin!)
816 Salvador Ortiz Garcia <sog@msg.com.mx>
817 Dominic Dunlop <domo@computer.org>
818 Erik Haugan <erik@solbors.no>
819 Benjamin A. Holzman <ben.holzman@grantstreet.com>
820 Reini Urban <rurban@cpan.org>
821 Todd Rinaldo <toddr@cpanel.net>
822 Aaron Crane <arc@cpan.org>
823 for their bug reports, suggestions and contributions.
825 Benjamin Holzman contributed the tied variable support, Andrew Ford
827 contributed the canonical order for hashes, and Gisle Aas fixed a few
828 misunderstandings of mine regarding the perl internals, and optimized
829 the emission of "tags" in the output streams by simply counting the
830 objects instead of tagging them (leading to a binary incompatibility
831 for the Storable image starting at version 0.6--older images are, of
832 course, still properly understood). Murray Nesbitt made Storable
833 thread-safe. Marc Lehmann added overloading and references to tied
834 items support. Benjamin Holzman added a performance improvement for
835 overloaded classes; thanks to Grant Street Group for footing the bill.
836 Reini Urban took over maintenance from p5p, and added security fixes
837 and huge object support.
838
840 Storable was written by Raphael Manfredi <Raphael_Manfredi@pobox.com>
841 Maintenance is now done by cperl <http://perl11.org/cperl>
842 Please e-mail us with problems, bug fixes, comments and complaints,
844 although if you have compliments you should send them to Raphael.
845 Please don't e-mail Raphael with problems, as he no longer works on
846 Storable, and your message will be delayed while he forwards it to us.
847
849 Clone.
850perl v5.38.0 2023-07-21 Storable(3)