Re: [PHP-DEV] Serializing exceptions
Stanislav Malyshev wrote on 23/03/2015 05:21: Hi! Looking into some issue, I've discovered that, to my surprise, Exceptions are serializable. Except that it doesn't always work of course (e.g. see http://stackoverflow.com/q/9747813/214196) because exceptions contain backtraces, and those can contain non-serializable objects. So in reality, you never know if you can serialize it or not. So, I wonder - would it be ok to make exceptions not serializable at all? I think that would prevent major WTF factor when people try it and it randomly fails. Thoughts? I came upon exactly this situation some time ago, and posted to the list about it: http://marc.info/?l=php-internalsm=138118333112741w=2 The options I presented there are: 1) Mark all exceptions as non-serializable, as you suggest, removing the surprise. 2) Don't capture args in exceptions backtraces, with the additional benefit of destructors firing more predictably. 3) Strip args out of the backtrace when serializing. 4) Have a function to strip the backtrace ready to serialize, and prevent serialization if it hasn't been called. Option 1 is the simplest, but just as many have questioned the need to serialize exceptions, I would question the need for their backtraces to contain every argument passed to every function in the stack, so would tend towards option 2. AFAIK, no unserializable information is stored outside the 'args' element of the backtrace items. Regards, -- Rowan Collins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Serializing exceptions
Hi, Am 23.03.2015 um 06:21 schrieb Stanislav Malyshev: Looking into some issue, I've discovered that, to my surprise, Exceptions are serializable. Except that it doesn't always work of course (e.g. see http://stackoverflow.com/q/9747813/214196) because exceptions contain backtraces, and those can contain non-serializable objects. So in reality, you never know if you can serialize it or not. So, I wonder - would it be ok to make exceptions not serializable at all? I think that would prevent major WTF factor when people try it and it randomly fails. Thoughts? I think we should discuss if (un)serialization is a first-class operation in the language and if so, we should try to make everything serializable. Currently, we introduce more and more unserializable language features (closures, anonymous classes) which makes it more and more dangerous to serialize something that could contain any of these (or any of a number of non-serializable internal classes: mysqli/pdo, etc.) If we don't want serialization as a first-class operation, we should make objects not serializable by default unless they implement serializable or __sleep()/__wakeup() and add an is_serializable() method to check if an object is serializable. But currently serialization gets more and more unreliable/prone to runtime errors. Greets Dennis -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Serializing exceptions
Hi! Maybe you can implement the __sleep method and just return the documented attributes (message, code, file, line). That would be an option, but before going there, my question is - does anybody need it, really? -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Serializing exceptions
Hi! I think we should discuss if (un)serialization is a first-class operation in the language and if so, we should try to make everything serializable. Currently, we introduce more and more unserializable I don't think we can, not unless we can serialize PHP code (like Java can have JARs with bytecode). Otherwise, something like closure is inherently not serializable. Moreover, something resource-bound is not serializable either since it depends on something external. If we don't want serialization as a first-class operation, we should I'm not sure what you mean by first-class operation. We certainly want most objects be serializable, and they are. But some are not, and would never be. The question is - is Exception one of those? I think yes, but I'd like to hear if somebody says otherwise. make objects not serializable by default unless they implement serializable or __sleep()/__wakeup() and add an is_serializable() method to check if an object is serializable. But currently serialization gets more and more unreliable/prone to runtime errors. That's because implementers of classes are not careful to account for serialization. However, I don't think we need any drastic changes here. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DEV] Serializing exceptions
From: Stanislav Malyshev [mailto:smalys...@gmail.com], Sent: Monday, March 23, 2015 7:45 AM Hi! Maybe you can implement the __sleep method and just return the documented attributes (message, code, file, line). That would be an option, but before going there, my question is - does anybody need it, really? Hi. Symfony2 stores an `AuthenticationException` in the session, when login credentials are invalid. I think, exceptions should be serializable. One could strip the objects from the backtrace and document it like that. Christian
Re: [PHP-DEV] Serializing exceptions
Maybe you can implement the __sleep method and just return the documented attributes (message, code, file, line). Not perfect, but probably more useful than throw an exception, specially if the exception is something that is the attribute of some object that is being serialized. Juan Basso On Mar 23, 2015 1:22 AM, Stanislav Malyshev smalys...@gmail.com wrote: Hi! Looking into some issue, I've discovered that, to my surprise, Exceptions are serializable. Except that it doesn't always work of course (e.g. see http://stackoverflow.com/q/9747813/214196) because exceptions contain backtraces, and those can contain non-serializable objects. So in reality, you never know if you can serialize it or not. So, I wonder - would it be ok to make exceptions not serializable at all? I think that would prevent major WTF factor when people try it and it randomly fails. Thoughts? -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Serializing exceptions
On Mon, Mar 23, 2015 at 12:31 PM, Juan Basso jrba...@gmail.com wrote: Maybe you can implement the __sleep method and just return the documented attributes (message, code, file, line). Not perfect, but probably more useful than throw an exception, specially if the exception is something that is the attribute of some object that is being serialized. Well, can someone explain me why some code would need to serialize exception in the 1st place? Cheers, -- Pierre @pierrejoye | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php