Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:85420
Return-Path: <dennis@birkholz.biz>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 52326 invoked from network); 23 Mar 2015 06:21:27 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Mar 2015 06:21:27 -0000
Authentication-Results: pb1.pair.com smtp.mail=dennis@birkholz.biz; spf=unknown; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=dennis@birkholz.biz; sender-id=unknown
Received-SPF: unknown (pb1.pair.com: domain birkholz.biz does not designate 144.76.185.252 as permitted sender)
X-PHP-List-Original-Sender: dennis@birkholz.biz
X-Host-Fingerprint: 144.76.185.252 mx01.nexxes.net  
Received: from [144.76.185.252] ([144.76.185.252:53779] helo=mx01.nexxes.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B6/91-44294-5E0BF055 for <internals@lists.php.net>; Mon, 23 Mar 2015 01:21:26 -0500
Received: from [137.226.183.192] (ip3192.saw.rwth-aachen.de [137.226.183.192])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: db220660-p0g-1@packages.nexxes.net)
	by mx01.nexxes.net (Postfix) with ESMTPSA id D2775481F0B
	for <internals@lists.php.net>; Mon, 23 Mar 2015 07:21:22 +0100 (CET)
Message-ID: <550FB0E2.7020600@birkholz.biz>
Date: Mon, 23 Mar 2015 07:21:22 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: internals@lists.php.net
References: <550FA2ED.6080000@gmail.com>
In-Reply-To: <550FA2ED.6080000@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Serializing exceptions
From: dennis@birkholz.biz (Dennis Birkholz)

Hi,

Am 23.03.2015 um 06:21 schrieb Stanislav Malyshev:
> Looking into some issue, I've discovered that, to my surprise,
> Exceptions are serializable. Except that it doesn't always work of
> course (e.g. see http://stackoverflow.com/q/9747813/214196) because
> exceptions contain backtraces, and those can contain non-serializable
> objects. So in reality, you never know if you can serialize it or not.
> 
> So, I wonder - would it be ok to make exceptions not serializable at
> all? I think that would prevent major WTF factor when people try it and
> it randomly fails.
> 
> Thoughts?

I think we should discuss if (un)serialization is a first-class
operation in the language and if so, we should try to make everything
serializable. Currently, we introduce more and more unserializable
language features (closures, anonymous classes) which makes it more and
more dangerous to serialize something that could contain any of these
(or any of a number of non-serializable internal classes: mysqli/pdo, etc.)
If we don't want serialization as a first-class operation, we should
make objects not serializable by default unless they implement
serializable or __sleep()/__wakeup() and add an is_serializable() method
to check if an object is serializable. But currently serialization gets
more and more unreliable/prone to runtime errors.

Greets
Dennis