Sereal::Decoder(3pm) User Contributed Perl Documentation Sereal::Decoder(3pm)
NAME
Sereal::Decoder - Fast, compact, powerful binary deserialization
SYNOPSIS
use Sereal::Decoder
qw(decode_sereal sereal_decode_with_object scalar_looks_like_sereal);
my $decoder = Sereal::Decoder->new({...options...});
my $structure;
$decoder->decode($blob, $structure); # deserializes into $structure
# or if you don't have references to the top level structure, this works, too:
$structure = $decoder->decode($blob);
# alternatively functional interface: (See Sereal::Performance)
sereal_decode_with_object($decoder, $blob, $structure);
$structure = sereal_decode_with_object($decoder, $blob);
# much slower functional interface with no persistent objects:
decode_sereal($blob, {... options ...}, $structure);
$structure = decode_sereal($blob, {... options ...});
# Not a full validation, but just a quick check for a reasonable header:
my $is_likely_sereal = scalar_looks_like_sereal($some_string);
# or:
$is_likely_sereal = $decoder->looks_like_sereal($some_string);
DESCRIPTION
This library implements a deserializer for an efficient, compact-
output, and feature-rich binary protocol called Sereal. Its sister
module Sereal::Encoder implements an encoder for this format. The two
are released separately to allow for independent and safer upgrading.
The Sereal protocol versions that are compatible with this decoder
implementation are currently protocol versions 1, 2, 3 and 4. As it
stands, it will refuse to attempt to decode future versions of the
protocol, but if necessary there is likely going to be an option to
decode the parts of the input that are compatible with version 4 of the
protocol. The protocol was designed to allow for this.
The protocol specification and many other bits of documentation can be
found in the github repository. Right now, the specification is at
<https://github.com/Sereal/Sereal/blob/master/sereal_spec.pod>, there
is a discussion of the design objectives in
<https://github.com/Sereal/Sereal/blob/master/README.pod>, and the
output of our benchmarks can be seen at
<https://github.com/Sereal/Sereal/wiki/Sereal-Comparison-Graphs>.
CLASS METHODS
new
Constructor. Optionally takes a hash reference as first parameter. This
hash reference may contain any number of options that influence the
behaviour of the encoder.
Currently, the following options are recognized, none of them are on by
default.
refuse_snappy
If set, the decoder will refuse Snappy-compressed input data. This can
be desirable for robustness. See the section "ROBUSTNESS" below.
refuse_objects
If set, the decoder will refuse deserializing any objects in the input
stream and instead throw an exception. Defaults to off. See the section
"ROBUSTNESS" below.
no_bless_objects
If set, the decoder will deserialize any objects in the input stream
but without blessing them. Defaults to off. See the section
"ROBUSTNESS" below.
no_thaw_objects
If set, the decoder will deserialize frozen objects in the objects
stream as an array ref of arguments that would be passed into the THAW
subroutine instead of calling THAW itself.
validate_utf8
If set, the decoder will refuse invalid UTF-8 byte sequences. This is
off by default, but it's strongly encouraged to be turned on if you're
dealing with any data that has been encoded by an external source (e.g.
http cookies).
max_recursion_depth
"Sereal::Decoder" is recursive. If you pass it a Sereal document that
is deeply nested, it will eventually exhaust the C stack. Therefore,
there is a limit on the depth of recursion that is accepted. It
defaults to 10000 nested calls. You may choose to override this value
with the "max_recursion_depth" option. Beware that setting it too high
can cause hard crashes.
Do note that the setting is somewhat approximate. Setting it to 10000
may break at somewhere between 9997 and 10003 nested structures
depending on their types.
max_num_hash_entries
If set to a non-zero value (default: 0), then "Sereal::Decoder" will
refuse to deserialize any hash/dictionary (or hash-based object) with
more than that number of entries. This is to be able to respond quickly
to any future hash-collision attacks on Perl's hash function, and also
the memory exhaustion attacks on Sereal itself. For a gentle
introduction to the topic from the cryptographic point of view, see
<http://en.wikipedia.org/wiki/Collision_attack>.
max_num_array_entries
If set to a non-zero value (default: 0), then "Sereal::Decoder" will
refuse to deserialize any array with more than that number of entries.
This is to be able to respond quickly to any future memory exhaustion
attacks on Sereal.
max_string_length
If set to a non-zero value (default: 0), then "Sereal::Decoder" will
refuse to deserialize any string with more than that number of
characters. This is to be able to respond quickly to any future memory
exhaustion attacks on Sereal.
max_uncompressed_size
If set to a non-zero value (default: 0), then "Sereal::Decoder" will
refuse to deserialize any blob with a size that exceds the value when
uncompressed. This is to be able to respond quickly to any future
memory exhaustion attacks on Sereal.
incremental
If set to a non-zero value (default: 0), then "Sereal::Decoder" will
destructively parse Sereal documents out of a variable. Every time a
Sereal document is successfully parsed it is removed from the front of
the string it is parsed from.
This means you can do this:
while (length $buffer) {
my $data= decode_sereal($buffer,{incremental=>1});
}
alias_smallint
If set to a true value then "Sereal::Decoder" will share integers from
-16 to 15 (encoded as either SRL_HDR_NEG and SRL_HDR_POS) as read-only
aliases to a common SV.
The result of this may be significant space savings in data structures
with many integers in the specified range. The cost is more memory used
by the decoder and a very modest speed penalty when deserializing.
Note this option changes the structure of the dumped data. Use with
caution.
See also the "alias_varint_under" option.
alias_varint_under
If set to a true positive integer smaller than 16 then this option is
similar to setting "alias_smallint" and causes all integers from -16 to
15 to be shared as read-only aliases to the same SV, except that this
treatment ALSO applies to SRL_HDR_VARINT. If set to a value larger than
16 then this applies to all varints varints under the value set. (In
general SRL_HDR_VARINT is used only for integers larger than 15, and
SRL_HDR_NEG and SRL_HDR_POS are used for -16 to -1 and 0 to 15
respectively.)
In simple terms if you want to share values larger than 16 then you
should use this option, if you want to share only values in the -16 to
15 range then you should use the "alias_smallint" option instead.
The result of this may be significant space savings in data structures
with many integers in the desire range. The cost is more memory used by
the decoder and a very modest speed penalty when deserializing.
Note this option changes the structure of the dumped data. Use with
caution.
use_undef
If set to a true value then this any undef value to be deserialized as
PL_sv_undef. This may change the structure of the data structure being
dumped, do not enable this unless you know what you are doing.
set_readonly
If set to a true value then the output will be completely readonly
(deeply).
set_readonly_scalars
If set to a true value then scalars in the output will be readonly
(deeply). References won't be readonly.
INSTANCE METHODS
decode
Given a byte string of Sereal data, the "decode" call deserializes that
data structure. The result can be obtained in one of two ways: "decode"
accepts a second parameter, which is a scalar to write the result to,
AND "decode" will return the resulting data structure.
The two are subtly different in case of data structures that contain
references to the root element. In that case, the return value will be
a (non-recursive) copy of the reference. The pass-in style is more
correct. In other words,
$decoder->decode($sereal_string, my $out);
# is almost the same but safer than:
my $out = $decoder->decode($sereal_string);
This is an unfortunate side-effect of perls standard copy semantics of
assignment. Possibly one day we will have an alternative to this.
decode_with_header
Given a byte string of Sereal data, the "decode_with_header" call
deserializes that data structure as "decode" would do, however it also
decodes the optional user data structure that can be embedded into a
Sereal document, inside the header (see Sereal::Encoder::encode).
It accepts an optional second parameter, which is a scalar to write the
body to, and an optional third parameter, which is a scalar to write
the header to.
Regardless of the number of parameters received, "decode_with_header"
returns an ArrayRef containing the deserialized header, and the
deserialized body, in this order.
See "decode" for the subtle difference between the one, two and three
parameters versions.
If there is no header in a Sereal document, corresponding variable or
return value will be set to undef.
decode_only_header
Given a byte string of Sereal data, the "decode_only_header"
deserializes only the optional user data structure that can be embedded
into a Sereal document, inside the header (see
Sereal::Encoder::encode).
It accepts an optional second parameter, which is a scalar to write the
header to.
Regardless of the number of parameters received, "decode_only_header"
returns the resulting data structure.
See "decode" for the subtle difference between the one and two
parameters versions.
If there is no header in a Sereal document, corresponding variable or
return value will be set to undef.
decode_with_offset
Same as the "decode" method, except as second parameter, you must pass
an integer offset into the input string, at which the decoding is to
start. The optional "pass-in" style scalar (see "decode" above) is
relegated to being the third parameter.
decode_only_header_with_offset
Same as the "decode_only_header" method, except as second parameter,
you must pass an integer offset into the input string, at which the
decoding is to start. The optional "pass-in" style scalar (see
"decode_only_header" above) is relegated to being the third parameter.
decode_with_header_and_offset
Same as the "decode_with_header" method, except as second parameter,
you must pass an integer offset into the input string, at which the
decoding is to start. The optional "pass-in" style scalars (see
"decode_with_header" above) are relegated to being the third and fourth
parameters.
bytes_consumed
After using the various "decode" methods documented previously,
"bytes_consumed" can return the number of bytes from the body of the
input string that were actually consumed by the decoder. That is, if
you append random garbage to a valid Sereal document, "decode" will
happily decode the data and ignore the garbage. If that is an error in
your use case, you can use "bytes_consumed" to catch it.
my $out = $decoder->decode($sereal_string);
if (length($sereal_string) != $decoder->bytes_consumed) {
die "Not all input data was consumed!";
}
Chances are that if you do this, you're violating UNIX philosophy in
"be strict in what you emit but lenient in what you accept".
You can also use this to deserialize a list of Sereal documents that is
concatenated into the same string (code not very robust...):
my @out;
my $pos = 0;
eval {
while (1) {
push @out, $decoder->decode_with_offset($sereal_string, $pos);
$pos += $decoder->bytes_consumed;
last if $pos >= length($sereal_string)
or not $decoder->bytes_consumed;
}
};
As mentioned, only the bytes consumed from the body are considered. So
the following example is correct, as only the header is deserialized:
my $header = $decoder->decode_only_header($sereal_string);
my $count = $decoder->bytes_consumed;
# $count is 0
decode_from_file
Sereal::Decoder->decode_from_file($file);
$decoder->decode_from_file($file);
Read and decode the file specified. If called in list context and
incremental mode is enabled then decodes all packets contained in the
file and returns a list, otherwise decodes the first (or only) packet
in the file. Accepts an optional "target" variable as a second
argument.
looks_like_sereal
Performs some rudimentary check to determine if the argument appears to
be a valid Sereal packet or not. These tests are not comprehensive and
a true result does not mean that the document is valid, merely that it
appears to be valid. On the other hand a false result is always
reliable.
The return of this method may be treated as a simple boolean but is in
fact a more complex return. When the argument does not look anything
like a Sereal document then the return is perl's FALSE, which has the
property of being string equivalent to "" and numerically equivalent to
0. However when the argument appears to be a UTF-8 encoded protocol 3
Sereal document (by noticing that the \xF3 in the magic string has been
replaced by \xC3\xB3) then it returns 0 (the number, which is string
equivalent to "0"), and otherwise returns the protocol version of the
document. This means you can write something like this:
$type= Sereal::Decoder->looks_like_sereal($thing);
if ($type eq '') {
say "Not a Sereal document";
} elsif ($type eq '0') {
say "Possibly utf8 encoded Sereal document";
} else {
say "Sereal document version $type";
}
For reference, Sereal's magic value is a four byte string which is
either "=srl" for protocol version 1 and 2 or "=\xF3rl" for protocol
version 3 and later. This function checks that the magic string
corresponds with the reported version number, as well as other checks,
which may be enhanced in the future.
Note that looks_like_sereal() may be called as a class or object
method, and may also be called as a single argument function. See the
related scalar_looks_like_sereal() for a version which may ONLY be
called as a function, not as a method (and which is typically much
faster).
EXPORTABLE FUNCTIONS
sereal_decode_with_object
The functional interface that is equivalent to using "decode". Takes a
decoder object reference as first parameter, followed by a byte string
to deserialize. Optionally takes a third parameter, which is the
output scalar to write to. See the documentation for "decode" above for
details.
This functional interface is marginally faster than the OO interface
since it avoids method resolution overhead and, on sufficiently modern
Perl versions, can usually avoid subroutine call overhead. See
Sereal::Performance for a discussion on how to tune Sereal for maximum
performance if you need to.
sereal_decode_with_header_with_object
The functional interface that is equivalent to using
"decode_with_header". Takes a decoder object reference as first
parameter, followed by a byte string to deserialize. Optionally takes
third and fourth parameters, which are the output scalars to write to.
See the documentation for "decode_with_header" above for details.
This functional interface is marginally faster than the OO interface
since it avoids method resolution overhead and, on sufficiently modern
Perl versions, can usually avoid subroutine call overhead. See
Sereal::Performance for a discussion on how to tune Sereal for maximum
performance if you need to.
sereal_decode_only_header_with_object
The functional interface that is equivalent to using
"decode_only_header". Takes a decoder object reference as first
parameter, followed by a byte string to deserialize. Optionally takes a
third parameters, which outputs scalars to write to. See the
documentation for "decode_with_header" above for details.
This functional interface is marginally faster than the OO interface
since it avoids method resolution overhead and, on sufficiently modern
Perl versions, can usually avoid subroutine call overhead. See
Sereal::Performance for a discussion on how to tune Sereal for maximum
performance if you need to.
sereal_decode_only_header_with_offset_with_object
The functional interface that is equivalent to using
"decode_only_header_with_offset". Same as the
"sereal_decode_only_header_with_object" function, except as the third
parameter, you must pass an integer offset into the input string, at
which the decoding is to start. The optional "pass-in" style scalar
(see "sereal_decode_only_header_with_object" above) is relegated to
being the fourth parameter.
This functional interface is marginally faster than the OO interface
since it avoids method resolution overhead and, on sufficiently modern
Perl versions, can usually avoid subroutine call overhead. See
Sereal::Performance for a discussion on how to tune Sereal for maximum
performance if you need to.
sereal_decode_with_header_and_offset_with_object
The functional interface that is equivalent to using
"decode_with_header_and_offset". Same as the
"sereal_decode_with_header_with_object" function, except as the third
parameter, you must pass an integer offset into the input string, at
which the decoding is to start. The optional "pass-in" style scalars
(see "sereal_decode_with_header_with_object" above) are relegated to
being the fourth and fifth parameters.
This functional interface is marginally faster than the OO interface
since it avoids method resolution overhead and, on sufficiently modern
Perl versions, can usually avoid subroutine call overhead. See
Sereal::Performance for a discussion on how to tune Sereal for maximum
performance if you need to.
sereal_decode_with_offset_with_object
The functional interface that is equivalent to using
"decode_with_offset". Same as the "sereal_decode_with_object"
function, except as the third parameter, you must pass an integer
offset into the input string, at which the decoding is to start. The
optional "pass-in" style scalar (see "sereal_decode_with_object" above)
is relegated to being the third parameter.
This functional interface is marginally faster than the OO interface
since it avoids method resolution overhead and, on sufficiently modern
Perl versions, can usually avoid subroutine call overhead. See
Sereal::Performance for a discussion on how to tune Sereal for maximum
performance if you need to.
decode_sereal
The functional interface that is equivalent to using "new" and
"decode". Expects a byte string to deserialize as first argument,
optionally followed by a hash reference of options (see documentation
for "new()"). Finally, "decode_sereal" supports a third parameter,
which is the output scalar to write to. See the documentation for
"decode" above for details.
This functional interface is significantly slower than the OO interface
since it cannot reuse the decoder object.
decode_sereal_with_header_data
The functional interface that is equivalent to using "new" and
"decode_with_header". Expects a byte string to deserialize as first
argument, optionally followed by a hash reference of options (see
documentation for "new()"). Finally, "decode_sereal" supports third and
fourth parameters, which are the output scalars to write to. See the
documentation for "decode_with_header" above for details.
This functional interface is significantly slower than the OO interface
since it cannot reuse the decoder object.
scalar_looks_like_sereal
The functional interface that is equivalent to using
"looks_like_sereal".
Note that this version cannot be called as a method. It is normally
executed as a custom opcode, as such errors about its usage may be
caught at compile time, and it should be much faster than
looks_like_sereal.
ROBUSTNESS
This implementation of a Sereal decoder tries to be as robust to
invalid input data as reasonably possible. This means that it should
never (though read on) segfault. It may, however, cause a large malloc
to fail. Generally speaking, invalid data should cause a Perl-trappable
exception. The one exception is that for Snappy-compressed Sereal
documents, the Snappy library may cause segmentation faults (invalid
reads or writes). This should only be a problem if you do not checksum
your data (internal checksum support is a To-Do) or if you accept data
from potentially malicious sources.
It requires a lot of run-time boundary checks to prevent decoder
segmentation faults on invalid data. We implemented them in the
lightest way possible. Adding robustness against running out of memory
would cause an very significant run-time overhead. In most cases of
random garbage (with valid header no less) when a malloc() fails due to
invalid data, the problem was caused by a very large array or string
length. This kind of very large malloc can then fail, being trappable
from Perl. Only when packet causes many repeated allocations do you
risk causing a hard OOM error from the kernel that cannot be trapped
because Perl may require some small allocations to succeed before the
now-invalid memory is released. It is at least not entirely trivial to
craft a Sereal document that causes this behaviour.
Finally, deserializing proper objects is potentially a problem because
classes can define a destructor. Thus, the data fed to the decoder can
cause the (deferred) execution of any destructor in your application.
That's why the "refuse_objects" option exists and what the
"no_bless_objects" can be used for as well. Later on, we may or may not
provide a facility to whitelist classes. Furthermore, if the encoder
emitted any objects using "FREEZE" callbacks, the "THAW" class method
may be invoked on the respective classes. If you can't trust the source
of your Sereal documents, you may want to use the "refuse_objects"
option. For more details on the "FREEZE/THAW" mechanism, please refer
to Sereal::Encoder.
FREEZE/THAW CALLBACK MECHANISM
Some objects do not lend themselves naturally to naive perl
datastructure level serialization. For instance XS code might use a
hidden structure that would not get serialized, or an object may
contain volatile data like a filehandle that would not be reconstituted
properly. To support cases like this "Sereal" supports a FREEZE and
THAW api. When objects are serialized their FREEZE method is asked for
a replacement representation, and when objects are deserialized their
THAW method is asked to convert that replacement back to something
useful.
For security reasons decoding an object will NOT autoload any modules
to support THAW, however if the classes and methods are preloaded it
will invoke THAW as required and an exception will be thrown if the
class has not been loaded. It is possible to disable THAW in the
decoder by using the "no_thaw_objects" option, which when true causes
frozen objects to be blessed into a special utility class
"Sereal::Decoder::THAW_args" for debugging. The objects themselves are
an array, whose last member will contain the class name the arguments
are for.
Prior to v4.024 the decoder had issues with frozen representations that
contained other objects and did not define a specific order that items
would be thawed and blessed, making it impractical to put an object
inside of the frozen representation of another object.
As of v4.024 frozen representations may contain other objects, and the
order in which they are thawed is defined to be LIFO, thus the
arguments to a THAW method will themselves be thawed (if need be)
before the call to the containing objects THAW method. Thawing occurs
only after all simple objects have been blessed into their appropriate
object form.
The FREEZE/THAW mechanism is inspired by the equivalent mechanism in
CBOR::XS. The general mechanism is documented in the A GENERIC OBJECT
SERIALIATION PROTOCOL section of Types::Serialiser. Similar to CBOR
using "CBOR", Sereal uses the string "Sereal" as a serializer
identifier for the callbacks.
PERFORMANCE
Please refer to the Sereal::Performance document that has more detailed
information about Sereal performance and tuning thereof.
THREAD-SAFETY
"Sereal::Decoder" is thread-safe on Perl's 5.8.7 and higher. This means
"thread-safe" in the sense that if you create a new thread, all
"Sereal::Decoder" objects will become a reference to undef in the new
thread. This might change in a future release to become a full clone of
the decoder object.
BUGS, CONTACT AND SUPPORT
For reporting bugs, please use the github bug tracker at
<http://github.com/Sereal/Sereal/issues>.
For support and discussion of Sereal, there are two Google Groups:
Announcements around Sereal (extremely low volume):
<https://groups.google.com/forum/?fromgroups#!forum/sereal-announce>
Sereal development list:
<https://groups.google.com/forum/?fromgroups#!forum/sereal-dev>
AUTHORS AND CONTRIBUTORS
Yves Orton <demerphq@gmail.com>
Damian Gryski
Steffen Mueller <smueller@cpan.org>
Rafaël Garcia-Suarez
Ævar Arnfjörð Bjarmason <avar@cpan.org>
Tim Bunce
Daniel Dragan <bulkdd@cpan.org> (Windows support and bugfixes)
Zefram
Borislav Nikolov
Ivan Kruglov <ivan.kruglov@yahoo.com>
Eric Herman <eric@freesa.org>
Some inspiration and code was taken from Marc Lehmann's excellent
JSON::XS module due to obvious overlap in problem domain.
ACKNOWLEDGMENT
This module was originally developed for Booking.com. With approval
from Booking.com, this module was generalized and published on CPAN,
for which the authors would like to express their gratitude.
COPYRIGHT AND LICENSE
Copyright (C) 2012, 2013, 2014 by Steffen Mueller Copyright (C) 2012,
2013, 2014 by Yves Orton
The license for the code in this distribution is the following, with
the exceptions listed below:
This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
Except portions taken from Marc Lehmann's code for the JSON::XS module,
which is licensed under the same terms as this module. (Many thanks to
Marc for inspiration, and code.)
Also except the code for Snappy compression library, whose license is
reproduced below and which, to the best of our knowledge, is compatible
with this module's license. The license for the enclosed Snappy code
is:
Copyright 2011, Google Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
perl v5.36.0 2023-02-10 Sereal::Decoder(3pm)
Generated by dwww version 1.15 on Mon Jun 24 13:53:48 CEST 2024.