Serialization

In computer science, in the context of data storage and transmission, serialization is the process of converting an object into a sequence of bits so that it can be persisted on a storage medium (such as a file, or a memory buffer) or transmitted across a network connection link. When the resulting series of bits is reread according to the serialization format, it can be used to create a semantically identical clone of the original object. For many complex objects, such as those that make extensive use of references, this process is not straightforward.

This process of serializing an object is also called deflating or marshalling an object. The opposite operation, extracting a data structure from a series of bytes, is deserialization (which is also called inflating or unmarshalling).

Uses
Serialization has a number of advantages. It provides:
 * a method of persisting objects which is more convenient than writing their properties to a text file on disk, and re-assembling them by reading this back in.
 * a method of issuing remote procedure calls, e.g., as in SOAP
 * a method for distributing objects, especially in software componentry such as COM, CORBA, etc.
 * a method for detecting changes in time-varying data.

For some of these features to be useful, architecture independence must be maintained. For example, for maximal use of distribution, a computer running on a different hardware architecture should be able to reliably reconstruct a serialized data stream, regardless of endianness. This means that the simpler and faster procedure of directly copying the memory layout of the data structure cannot work reliably for all architectures. Serializing the data structure in an architecture independent format means that we do not suffer from the problems of byte ordering, memory layout, or simply different ways of representing data structures in different programming languages.

Inherent to any serialization scheme is that, because the encoding of the data is by definition serial, extracting one part of the serialized data structure requires that the entire object be read from start to end, and reconstructed. In many applications this linearity is an asset, because it enables simple, common I/O interfaces to be utilized to hold and pass on the state of an object. In applications where higher performance is an issue, it can make sense to expend more effort to deal with a more complex, non-linear storage organization.

Even on a single machine, primitive pointer objects are too fragile to save, because the objects to which they point may be reloaded to a different location in memory. To deal with this, the serialization process includes a step called unswizzling or pointer unswizzling and the deserialization process includes a step called pointer swizzling.

Since both serializing and deserializing can be driven from common code, (for example, the Serialize function in Microsoft Foundation Classes) it is possible for the common code to do both at the same time, and thus 1) detect differences between the objects being serialized and their prior copies, and 2) provide the input for the next such detection. It is not necessary to actually build the prior copy, since differences can be detected "on the fly". This is a way to understand the technique called differential execution. It is useful in the programming of user interfaces whose contents are time-varying — graphical objects can be created, removed, altered, or made to handle input events without necessarily having to write separate code to do those things.

Consequences
Serialization, however, breaks the opacity of an abstract data type by potentially exposing private implementation details. To discourage competitors from making compatible products, publishers of proprietary software often keep the details of their programs' serialization formats a trade secret. Some deliberately obfuscate or even encrypt the serialized data.

Yet, interoperability requires that applications be able to understand each other's serialization formats. Therefore remote method call architectures such as CORBA define their serialization formats in detail and often provide methods of checking the consistency of any serialized stream when converting it back into an object.

Human-readable serialization
In the late 1990s, a push to provide an alternative to the standard serialization protocols started: XML was used to produce a human readable text-based encoding. Such an encoding can be useful for persistent objects that may be read and understood by humans, or communicated to other systems regardless of programming language. It has the disadvantage of losing the more compact, byte-stream-based encoding. A future solution to this dilemma could be transparent compression schemes (see binary XML).

XML is today often used for asynchronous transfer of structured data between client and server in Ajax web applications. An alternative for this use case is JSON, a more lightweight text-based serialization protocol that uses JavaScript syntax but is supported in other programming languages as well.

Another alternative, YAML, is effectively a superset of JSON and includes features that make it more powerful for serialization, more "human friendly," and potentially more compact. These features include a notion of tagging data types, support for non-hierarchical data structures, the option to data structure with indentation, and multiple forms of scalar data quoting.

Another human-readable serialization format is the property list format used in NeXTSTEP, GNUstep, and Mac OS X Cocoa.

Scientific serialization
For large volume scientific datasets, such as satellite data and output of numerical climate, weather, or ocean models, specific binary serialization standards have been developed, e.g. HDF, netCDF and the older GRIB.

Programming language support
Several object-oriented programming languages directly support object serialization (or object archival), either by syntactic sugar elements or providing a standard interface for doing so.

Some of these programming languages are Ruby, Smalltalk, Python, PHP, Objective-C, Java, and the .NET family of languages.

Google's protocol buffers encode and decode structured data in an efficient and extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. The serialized data are compatible among C++, Java, and Python.

There are also libraries available that add serialization support to languages that lack native support for it.

.NET Framework
In the .NET languages, classes can be serialized and deserialized by adding the  attribute to the class.

If new members are added to a serializable class, they can be tagged with the  attribute to allow previous versions of the object to be deserialized without error. This attribute affects only deserialization, and prevents the runtime from throwing an exception if a member is missing from the serialized stream. A member can also be marked with the  attribute to indicate that it should not be serialized. This will allow the details of those members to be kept secret.

To modify the default deserialization (for example, to automatically initialize a member marked ), the class must implement the   interface and define the   method.

Objects may be serialized in binary format for deserialization by other .NET applications. The framework also provides the  and   objects to support serialization in human-readable, cross-platform XML.

Objective-C
In the Objective-C programming language, serialization (more commonly known as archiving) is achieved by overriding the  and   methods in the Object root class. (N.B. This is in the GNU runtime variant of Objective-C. In the NeXT-style runtime, the implementation is very similar.)

Example
The following example demonstrates two independent programs, a "sender", who takes the current time (as per time in the C standard library), archives it, and prints the archived form to the standard output; and a "receiver" which decodes the archived form, reconstructs the time, and prints it out.

When compiled, we get a sender program and a receiver program. If we just execute the sender program, we will get out a serialization that looks like: GNU TypedStream 1D@îC¡ (with a NULL character after the 1). If we pipe the two programs together, as  sender | receiver, we get received 1089356705 showing the object was serialized, sent, and reconstructed properly.

In essence, the sender and receiver programs could be distributed across a network connection, providing distributed object capabilities.

Java
Java provides automatic serialization which requires that the object be marked by implementing the interface. Implementing the interface marks the class as "okay to serialize," and Java then handles serialization internally. There are no serialization methods defined on the  interface, but a serializable class can optionally define methods with certain special names and signatures that if defined, will be called as part of the serialization/deserialization process. The language also allows the developer to override the serialization process more thoroughly by implementing another interface, the interface, which includes two special methods that are used to save and restore the object's state.

There are three primary reasons why objects are not serializable by default and must implement the  interface to access Java's serialization mechanism.


 * 1) Not all objects capture useful semantics in a serialized state.  For example, a  object is tied to  the state of the current JVM.  There is no context in which a deserialized   object would maintain useful semantics.
 * 2) The serialized state of an object forms part of its class's compatibility contract.  Maintaining compatibility between versions of serializable classes requires additional effort and consideration.  Therefore, making a class serializable needs to be a deliberate design decision and not a default condition.
 * 3) Serialization allows access to non-transient private members of a class that are not otherwise accessible.  Classes containing sensitive information (for example, a password) should not be serializable or externalizable.

The standard encoding method uses a simple translation of the fields into a byte stream. Primitives as well as non-transient, non-static referenced objects are encoded into the stream. Each object that is referenced by the serialized object and not marked as transient must also be serialized; and if any object in the complete graph of non-transient object references is not serializable, then serialization will fail. The developer can influence this behavior by marking objects as transient, or by redefining the serialization for an object so that some portion of the reference graph is truncated and not serialized.

It is possible to serialize Java objects through JDBC and store them into a database.

While Swing components do implement the Serializable interface, they are not portable between different versions of the Java Virtual Machine. As such, a Swing component, or any component which inherits it, may be serialized to an array of bytes, but it is not guaranteed that this storage will be readable on another machine.

ColdFusion
ColdFusion allows data structures to be serialized to WDDX with the  tag.

OCaml
OCaml's standard library provides marshalling through the Marshal module (its documentation) and the Pervasives functions output_value and input_value. While OCaml programming is statically type-checked, uses of the Marshal module may break type guarantees, as there is no way to check whether an unmarshalled stream represents objects of the expected type. In OCaml it is difficult to marshal a function or a data structure which contains a function (e.g. an object which contains a method), because executable code in functions cannot be transmitted across different programs. (There is a flag to marshal the code position of a function but it can only be unmarshalled in the exact same program.)

Perl
Several Perl modules available from CPAN provide serialization mechanisms, including  and.

Storable includes functions to serialize and deserialize Perl data structures to and from files or Perl scalars.

In addition to serializing directly to files,  includes the freeze function to return a serialized copy of the data packed into a scalar, and thaw</tt> to deserialize such a scalar. This is useful for sending a complex data structure over a network socket or storing it in a database.

When serializing structures with, there are network safe functions that always store their data in a format that is readable on any computer at a small cost of speed. These functions are named nstore</tt>, nfreeze</tt>, etc. There are no "n" functions for deserializing these structures — the regular thaw</tt> and retrieve</tt> deserialize structures serialized with the " " functions and their machine-specific equivalents.

C
The tpl library supports serializing C data structures into an efficient, native binary representation. The serialized data can be reversibly converted to a human-readable XML representation.

The open source gSOAP toolkit provides serialization of C data structures in XML using a C data binding for XML schema. The toolkit supports SOAP, WSDL and XSD specifications.

The c11n ("cerialization") project is a C variant of the libs11n C++ library, geared towards serializing client-side C objects. c11n is internally ignorant of any file formats and provides handlers for several different ones (e.g. XML, SQL, and custom formats).

C++
Boost Serialization, libs11n, Sweet Persist, and Google Protocol Buffers are libraries that provide support for serialization from within the C++ language itself. They all integrate well with the C++ Standard Library. Boost Serialization supports serialization in XML and binary formats. Sweet Persist supports serialization in XML, JSON, Lua, and binary formats. The libs11n library supports serialization to and from several text formats (including 3 flavors of XML) as well as sqlite3. Google Protocol Buffers supports serialization to a binary format.

The Microsoft Foundation Class Library has comprehensive support for serialization to a binary format. It doesn't have support for the STL but does support its own containers.

Alternatively XML Data Binding implementations, like XML Schema to C++ data binding compiler and gSOAP, provide support for serialization to and from XML by generating C++ source code from an intermediate specification (e.g. an XML schema).

Ebenezer Enterprises provides an on line service that writes efficient C++ marshalling code.

Python
Python implements serialization through the standard library module, and to a lesser extent, the older   modules. does offer the ability to serialize Python code objects, unlike.

PHP
PHP implements serialization through the built-in ' ' and ' ' functions. PHP can serialize any of its data types except resources (file pointers, sockets, etc.).

For objects (as of at least PHP 4) there are two "magic methods" that can be implemented within a class — __sleep</tt> and __wakeup</tt> — that are called from within  and , respectively, that can clean up and restore an object. For example, it may be desirable to close a database connection on serialization and restore the connection on deserialization; this functionality would be handled in these two magic methods. They also permit the object to pick which properties are serialized.

REBOL
REBOL will serialize to file or to a. Strings and files can be deserialized using the polymorphic  function.

Ruby
Ruby includes the standard module  with 2 methods   and , akin to the standard Unix utilities   and. These methods serialize to the standard class, that is, they effectively become a sequence of bytes.

Some objects can't be serialized (doing so would raise a  exception):


 * bindings,
 * procedure objects,
 * instances of class IO,
 * singleton objects

If a class requires custom serialization (for example, it requires certain cleanup actions done on dumping / restoring), it can be done by implementing 2 methods:  and. The instance method  should return a   object containing all the information necessary to reconstitute objects of this class and all referenced objects up to a maximum depth given as an integer parameter (a value of -1 implies that depth checking should be disabled). The class method  should take a   and return an object of this class.

Squeak Smalltalk
There are several ways in Smalltalk to serialize and store objects. The easiest and most used method will be shown below. Other classes of interest in Squeak for serializing objects are  and.

To store a Dictionary (sometimes called a hash map in other languages) containing some nonsense data of varying types into a file named "data.obj":

To restore the  object stored in "data.obj" and bring up an inspector containing the data:

Other Smalltalk dialects
Object serialization is not part of the ANSI Smalltalk specification. As a result, the code to serialize an object varies by Smalltalk implementation. The resulting binary data also varies. For instance, a serialized object created in Squeak Smalltalk cannot be restored in Ambrai Smalltalk. Consequently, various applications that do work on multiple Smalltalk implementations that rely on object serialization cannot share data between these different implementations. These applications include the MinneStore object database and some RPC packages. A solution to this problem is SIXX, which is an package for multiple Smalltalks that uses an XML-based format for serialization.

Lisp
Generally a Lisp data structure can be serialized with the functions " " and " ". A variable foo containing, for example, a list of arrays would be printed by. Similarly an object can be read from a stream named s by. These two parts of the Lisp implementation are called the Printer and the Reader. The output of " " is human readable; it uses lists demarked by parentheses, for example:.

In many types of Lisp, including Common Lisp, the printer cannot represent every type of data because it is not clear how to do so. In Common Lisp for example the printer cannot print CLOS objects. Instead the programmer may write a method on the generic function, this will be invoked when the object is printed. This is somewhat similar to the method used in Ruby.

Lisp code itself is written in the syntax of the reader, called read syntax. Most languages use separate and different parsers to deal with code and data, Lisp only uses one. A file containing lisp code may be read into memory as a data structure, transformed by another program, then possibly executed or written out. See REPL.

There are also binary serialization libraries like cl-store and cl-serializer.

Haskell
In Haskell, serialization is supported for types by inheritance of the Read and Show type classes. Every type that inherits the  class defines a function that will extract the data from the string representation of the dumped data. The  class, in turn, contains the show function from which a string representation of the object can be generated.

The programmer need not define the functions explicitly -- merely declaring a type to be deriving Read or deriving Show, or both, will make the compiler generate the appropriate functions.

Windows PowerShell
Windows PowerShell implements serialization through the built-in cmdlet. serializes .NET objects and stores the resulting XML in a file.

To reconstitute the objects, use the  cmdlet, which generates a deserialized object from the XML in the exported file. Deserialized objects, often known as "property bags" are not live objects; they are snapshots that have properties, but no methods.

$struct = @{text = 'Hello, world!'; list = 1,2,3}
 * 1) Create a hash with some nested data structures

$struct | Export-CliXML serialized.xml
 * 1) Serialize the hash into an XML file

$newstruct = Import-CliXML serialized.xml
 * 1) Read the data back later

The serialized data structures are stored in XML format:

Two dimensional data structures can also be (de)serialized in CSV format using the built-in cmdlets  and.