Strategies for backwards compatibility when using pickle?
Heiko Wundram
heikowu at ceosg.de
Mon May 3 20:48:40 EDT 2004
Am Dienstag, 4. Mai 2004 00:41 schrieb duncan:
> Does anyone have any advice on how to balance the conflicting interests
> of the developers who want to keep evolving the object model and users
> who need stable project persistance?
I've written a serialization library which may be of use here. What this
library does is enable you to store class instances (and inheritance trees)
with userdefined __store__ and __load__ functions, which use a dict (which is
further serialized) to store the data to the stream and back. It doesn't
naively only call the topmost class (like Pickle does with __getstate__ and
__setstate__), but rather allows each base of the serialized class to store
itself. A toplevel class can even deny being serialized, this means that the
pickled data will be the immediate base of this class. If that class denies
to serialize itself, the immediate base of that class will be serialized,
etc. Another aspect is the fact that the serialized data doesn't contain the
name of the class, rather it contains a reference to a registered name (such
as MyLocalHostClass), which is looked up on unserialization. This mechanism
is completely transparent, but allows you to pickle data for another program
which may use different class names but implements the same interfaces.
This library offers several other gimmicks (it was actually designed to
implement a secure Pickle which can be used over a network without fear of
attacks involving unserializing classes which are not explicitly decreed as
being unserializable), such as signing of portions of the data with a key
(requires PyCrypto), and automated type-checking for the dictionary of data
which is passed to __load__.
For storing basic types and recursive structures, it can do all that Pickle
can, excepting the following construction (which can be serialized, but gets
unserialized wrong, but without error):
x = {}
y = (x,)
x["hello"] = y
serialize(y)
If you're interested, I can send you the library, along with several example
files showing how to implement user classes which correctly operate with this
library.
Heiko.
More information about the Python-list
mailing list