Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:129003 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by lists.php.net (Postfix) with ESMTPS id 764021A00BC for ; Wed, 29 Oct 2025 22:23:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1761776604; bh=TwMx5YRRXZOBOLeYzhqU2lHcjIlq/tI8ojzT/rv1Xrg=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=dqbfgaKXZCOJ/KNXx8Z+8qCvOsDO/3683PDnIOFqbSgTcv6p2RjbBUgCEaHak8+d2 mu2U0+pP/tKjUVIveMaxmIQvRJQSoa4J3dL+tXRKIX5id4thlNAHK/tn5RURCCyqku f2zhrUeQYVRBsxQtP2b2+aPRHjq1MVOZp6qX7CrVtjINLEWXbgHfQ+xWcEULIHeHfm OJU+hnxHG90x8kRBmztuIB6DeV6sAN9Pb74zVZosP1trqw4ULsKPkzMx/7XChjw+zw LUm57t+W8CDtUbS15bAxp+wVloKMenUs4PrcQ4WJzdJ/qRBIqksVmNRvClzn3zq/O3 oj/vpdv1YblRg== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 2DCD218003F for ; Wed, 29 Oct 2025 22:23:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=4.0.1 X-Spam-Virus: No X-Envelope-From: Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 29 Oct 2025 22:23:22 +0000 (UTC) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-29490944023so2990875ad.3 for ; Wed, 29 Oct 2025 15:23:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761776597; x=1762381397; darn=lists.php.net; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ld+eUmSbuZVrCVznJ9o7mr3zmjtdxHbQzgSLDpIM5eY=; b=nc0EgebUJ7RgCYxTQRjAQvkDpgt7HSirrDTsO8lQAqz1j//Nd3UhUMWafDmcsdLWhd y6HjeVyciQ1Ywk4GrL/DymkSYPkjqcb7JuJu9jTomPslZnIGJEyAMgRJJBVwheGUz2OM 11IdNc/3MTXyesRrklH/zdh7WLLo92HhaiBLQtGEiMwBWPLbZrln7C8fu+ONXc9611so HHyj6kzC9uI/TK4bWbtlhrsksxu3rujatWG6jzDVZWz8gU6DzDa3em5tY0WD6eqfU4nU LCxK0YwFwhnOJ4D8iP+sias0/ayYXLneQZOVaMtBkxSf+D8eXe+gKWIfVMYAsSR80er/ z9EA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761776597; x=1762381397; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ld+eUmSbuZVrCVznJ9o7mr3zmjtdxHbQzgSLDpIM5eY=; b=JfQzjJm1nTM71UgEgX7V9+GthHZfLw5i4751BD7lXlmfdxkmWTkox+ZRKyQ9OjQ+cZ nUqoTLpUDHcy94we4kyPupfhwPFIlEYl4bwO9LxyOwicMVi+o80pJ88dTNIbBIFp19gw vpAxOY10hoCm0xIFGxiM2iMfJ9KMSV6GdWh1Y1UNrYB0RmR/hqUenzU2yPPHddfFiNWU +q8ky5+QtVbFteDmMpsGdrlyVJkyTG0pGMaAeTjg0poyLanNltoyP0r9D335kdjCb3o0 Li7NGlXg15eusJpbHlELQQUoRwcdzYyDssuW3w8H52gqz/O/NmZNSjg/xuO9IS10x41a lqHw== X-Forwarded-Encrypted: i=1; AJvYcCUXSmpTO9KlOlsU8WOpqkFQvxCYapXDCBIHOhg5Gs3mbiPa2Ydqq8e1YGe0LwvUpo+qlmsYsA12GnY=@lists.php.net X-Gm-Message-State: AOJu0YxLNbKaym45zgEvtbb2770utcf2RcuBlUvRYQ6vCYhuRVZgba+d RAtXhpNPgpsHCOMXcTb8V9p4C/jpJin5uKgYW0wQTDgoUrsKEIvzQUEUT4W1aW6r1MCV5oW0a+6 VkI7K08PS1STfpvbpV8XR0OGoZrh+TGM= X-Gm-Gg: ASbGnctoFOfiJYVx4WJML+Bm8MLmFaZvDAzGwF3Upv6NGtVsEckJa8laciG+iBt4mPU pTK+rr9AjvcSuKhsD4ozFLAcG1cU/JeYYNPnAm1/ENgRtPY20KnL1DESJ7T4WXovGfbLqH/Kfna n45LphqJ60jZmTQOYvQ4rVYfA62/cYlXjuWzlYl8UGUMqzVVQu+UopwF++dyxWbTvGQEDWre1pE OPJ/k9FCa4g048UCSzDURHN7RIBxUYl36il0/XPPwSe2QtuFmrXhSySA14XMZ+le12r2hI= X-Google-Smtp-Source: AGHT+IHTHLVSZUA1LT98x+WiurOeSFNQc1P1UV6NG+USSNwPzejtO4H2I/ZIOTjw99tT1wHdpXWfVHkU+B7m1FLhj1A= X-Received: by 2002:a17:902:d50a:b0:294:cc8d:c0c2 with SMTP id d9443c01a7336-294dee26107mr53823675ad.27.1761776596664; Wed, 29 Oct 2025 15:23:16 -0700 (PDT) Precedence: list list-help: list-unsubscribe: list-post: List-Id: x-ms-reactions: disallow MIME-Version: 1.0 References: <4b6abc36d8ab6cd306e95141869db3b0@bastelstu.be> In-Reply-To: <4b6abc36d8ab6cd306e95141869db3b0@bastelstu.be> Date: Thu, 30 Oct 2025 00:23:05 +0200 X-Gm-Features: AWmQ_bni-Wjap69k6MOlY9ZN42cT08Ho24OvGwgnJwtpjEtK5yiPOcBwMsvfKFM Message-ID: Subject: Re: [PHP-DEV] [RFC][Discussion] Add #[NoSerialize] attribute for excluding properties or classes from serialization To: =?UTF-8?Q?Tim_D=C3=BCsterhus?= Cc: Ilija Tovilo , PHP internals Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable From: lnkvisitor.ts@gmail.com (Dmytro Kulyk) Thanks for the feedback. > Thank you for your RFC. It is really well-written and nicely explains > the various (edge) cases. I've only read through the `#[\NoSerialize]` > one, since it is the topic of this RFC discussion. I agree with Ilija on > all points. > > Am 2025-10-29 15:35, schrieb Dmytro Kulyk: > > #[NoSerialize], on the other hand, would apply to wrappers, > > containers, or domain objects where serialization of the rest of the > > structure should continue even if one field or nested object cannot be > > meaningfully serialized. > > But even for wrappers you can't guarantee that the wrapper is stored in > a nullable property. When applying the attribute to a field, omitting > the field makes sense, since the author of the property is the same > person who is capable of adding the attribute and thus is in full > control. This is different for classes where the author of the class > doesn't know how and where the class is being used. I thus agree with > Ilija that this should throw to clearly indicate that the user of the > class is doing something incorrect and to not silently corrupt data. If > an author of a class needs more fine-grained control, they can either > add the attribute to individual properties themselves - or implement > `__serialize()`. > You are right, this behavior can be non-obvious and lead to unexpected resu= lts. > >> > Class-level #[NoSerialize] is inherited by child classes unless expl= icitly overridden. > >> > >> Can you clarify how this would work? How can you override this > >> attribute by omission? > >> > >> #[NoSerialize] > >> class Foo {} > >> > >> /* What do I add here to remove #[NoSerialize]? */ > >> class Bar extends Foo {} > > > > Class-level #[NoSerialize] is transparently inherited by child classes. > > There=E2=80=99s currently no way to override or cancel this behavior in > > descendants; the attribute remains effective throughout the > > inheritance chain. > > Indeed, however the =E2=80=9Cunless explicitly overridden=E2=80=9D bit in= the RFC text > implies that this is possible. > > > As an alternative, #[NotSerializable] could be extended to > > #[NotSerializable(bool $soft =3D false)], which would provide the same > > behavior while keeping it in a separate, more consistent attribute =E2= =80=94 > > avoiding the double semantics currently implied by #[NoSerialize]. > > I don't think that sub classes should be able to make a non-serializable > parent class serializable, since they clearly won't be able to correctly > restore the state of the parent class. In fact I would consider this an > improvement over the existing serialization hooks where the child class > can simply skip calling the parent's serializer and thus create a > situation that the parent class does not expect to occur. It already makes no sense because the class-level attribute will be excluded from the RFC, and I have no plan to add something like this to #[NotSerializable]. It may be added in a future RFC. > > Initially, the idea was to make all of these cases emit warnings, but > > I didn=E2=80=99t figure out how to implement that consistently within t= he > > attribute validators. > > At this point, I don=E2=80=99t see any practical reason to allow the at= tribute > > on unsupported targets, so all such cases will be changed to > > compile-time errors instead of warnings. > > Yes, every clear error that is detectable at compile-time should be a > hard error to make it easy for users to detect the mistake. > Best regards Dmytro Kulyk