Why not to serialize objects for storage

Discussion in 'Resources' started by dktapps, Apr 16, 2018.

  1. dktapps

    dktapps Administrator Staff Member PMMP Team

    Messages:
    595
    GitHub:
    dktapps
    Recently I've had to deal with an outbreak of issues with people having trouble with serialized data not working on newest versions of PocketMine-MP.

    While serialization may seem like a pretty nice simple way to store data that doesn't require more code, storing serialized objects is a very bad idea, because any changes to the classes you're serializing (which can happen any time in PM core!!!) WILL BREAK YOUR DATA.

    As an example, SlapperCache abused serialization to store CompoundTag and Item objects. Because these classes and their descendents subsequently changed in their implementations, the data stored no longer works after unserializing.
    As seen in the most recent commits, a whole bunch of ugly hacks were needed to try and salvage the data.

    TL;DR: Stored data depending on code is BAD. Do not abuse serialization. Your data storage format should always be independent of the code reading it. If it is not, it can and will break.
     
    HimbeersaftLP, jojoe77777 and Muqsit like this.
  2. dktapps

    dktapps Administrator Staff Member PMMP Team

    Messages:
    595
    GitHub:
    dktapps
    For the technical who want more detailed examples:

    - Serializing a "DiamondSword" object in ALPHA10 will now unserialize into a __PHP_Incomplete_Class because the "DiamondSword" class doesn't exist anymore
    - Serializing a CompoundTag prior to ALPHA11 (which used dynamic field assignment) will now unserialize to an empty CompoundTag with those fields assigned but ignored (because the internal implementation has changed).
     
    corytortoise and Muqsit like this.
  3. Daniktheboss

    Daniktheboss Baby Zombie

    Messages:
    151
    GitHub:
    daniktheboss
    What if you serialize an item class? Won't it work without any issue?
     
  4. dktapps

    dktapps Administrator Staff Member PMMP Team

    Messages:
    595
    GitHub:
    dktapps
    If the class is changed in any way (for example extra fields added, changed or removed) or the class is deleted or moved or whatever, your serialized items will break.
     
  5. Daniktheboss

    Daniktheboss Baby Zombie

    Messages:
    151
    GitHub:
    daniktheboss
    Ok thanks
     
  6. SOFe

    SOFe Administrator Staff Member PMMP Team Poggit Admin Noobiest member in the PMMP Team

    Messages:
    1,709
    GitHub:
    sof3
    Note: the DiamondSword problem is actually the fault of API change. But the Compound tag problem is related to changes in undocumented internals and is indeed a genuine problem of serialization.
     
  7. dktapps

    dktapps Administrator Staff Member PMMP Team

    Messages:
    595
    GitHub:
    dktapps
    regardless of who you blame, it is still very difficult to salvage data from a __PHP_Incomplete_Class.
     
  8. Angel

    Angel Spider Jockey

    Messages:
    31
    GitHub:
    teamblocket
    Is it bad to serialize array's and store them?
     
  9. SOFe

    SOFe Administrator Staff Member PMMP Team Poggit Admin Noobiest member in the PMMP Team

    Messages:
    1,709
    GitHub:
    sof3
    It is ok as long as it doesn't contain non-stdclass objects inside. Just the ands data as those you'd store in YAML.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.