Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87457
Return-Path: <me@stephencoakley.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 99823 invoked from network); 31 Jul 2015 20:14:57 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 31 Jul 2015 20:14:57 -0000
X-Host-Fingerprint: 68.118.157.39 68-118-157-39.dhcp.mdsn.wi.charter.com  
Received: from [68.118.157.39] ([68.118.157.39:27519] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 63/12-24609-047DBB55 for <internals@lists.php.net>; Fri, 31 Jul 2015 16:14:57 -0400
Message-ID: <63.12.24609.047DBB55@pb1.pair.com>
To: internals@lists.php.net
Date: Fri, 31 Jul 2015 15:14:53 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
References: <550FA2ED.6080000@gmail.com> <CADR=R-gtCy7Vi7Y15jx+SYWX3aEB6TN3WGJPAqqQ4tO__SWqQw@mail.gmail.com> <CAF+90c8c8_Vth3vVaYF1N1u68JANTbGDq-QUTvG44X+Wr+oe0A@mail.gmail.com> <55B7B08E.7070700@gmail.com> <CADyq6s+n8z=oCMrPBzP744NCxTvMJwak71HVm50i9Z4v4A0zOg@mail.gmail.com> <55B7EA22.7060504@gmail.com>
In-Reply-To: <55B7EA22.7060504@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Posted-By: 68.118.157.39
Subject: Re: [PHP-DEV] Re: Serializing exceptions
From: me@stephencoakley.com (Stephen Coakley)

On 07/28/2015 03:46 PM, Stanislav Malyshev wrote:
> Hi!
>
>> This sort of change would be a major BC break for 8.x or similar.
>
> How is it a major BC break? You make it sound like serializing
> exceptions is something no application can do without. I have yet to see
> a single case where it's useful (yes, I've read the Symphony comment but
> I'm not sure why they're doing it and if it's indeed something that
> should be done and not an ugly hack like unserializing fake internal
> objects).
>
>> I also don't see security implications, tbh.
>
> I don't want to discuss it in detail yet, but check out currently open
> or recently fixed security issues and see how many of them relate to
> serialized exceptions and consequences of that.
> --
> Stas Malyshev
> smalyshev@gmail.com
>

Serializing exceptions can be useful in parallel code using multiple 
processes or threads. I have been working on a concurrency library for a 
week or two and I serialize exceptions (excluding stack trace arguments) 
to send them back to the calling process to aid in debugging process 
failures.

I agree there aren't too many use cases, but there are a few. Of course, 
exceptions aren't *consistently* serializable, which is still a problem 
that should be resolved in some way.

-- 
Stephen Coakley