Introduce a way to (de)serialize subclasses of un(de)serializable classes if the appropriate methods are present

This introduces the class flag ZEND_ACC_SUBCLASS_SERIALIZABLE, which
allows classes which are not serializable / deserializable to become
that if a subclass implements the appropriate methods.
Setting this flag through the stubs can be done using
@subclass-serializable.
Introducing this through behaviour a new flag allows for opt-in
behaviour, which is backwards compatible.

Fixes GH-8996.

Author: nielsdos

Zend/zend_compile.h

@@ -239,7 +239,7 @@ typedef struct _zend_oparray_context {
 /* or IS_CONSTANT_VISITED_MARK                            |     |     |     */
 #define ZEND_CLASS_CONST_IS_CASE         (1 << 6)  /*     |     |     |  X  */
 /*                                                        |     |     |     */
-/* Class Flags (unused: 30,31)                            |     |     |     */
+/* Class Flags (unused: 31)                               |     |     |     */
 /* ===========                                            |     |     |     */
 /*                                                        |     |     |     */
 /* Special class types                                    |     |     |     */
@@ -305,7 +305,12 @@ typedef struct _zend_oparray_context {
 /* Class cannot be serialized or unserialized             |     |     |     */
 #define ZEND_ACC_NOT_SERIALIZABLE        (1 << 29) /*  X  |     |     |     */
 /*                                                        |     |     |     */
-/* Function Flags (unused: 29-30)                         |     |     |     */
+/* Subclass can be serialized or unserialized even if     |     |     |     */
+/* the parent cannot be, on the condition that the        |     |     |     */
+/* subclass implements the appropriate methods.           |     |     |     */
+#define ZEND_ACC_SUBCLASS_SERIALIZABLE   (1 << 30) /*  X  |     |     |     */
+/*                                                        |     |     |     */
+/* Function Flags (unused: 28-30)                         |     |     |     */
 /* ==============                                         |     |     |     */
 /*                                                        |     |     |     */
 /* deprecation flag                                       |     |     |     */

Zend/zend_inheritance.c

@@ -1672,7 +1672,16 @@ ZEND_API void zend_do_inheritance_ex(zend_class_entry *ce, zend_class_entry *par
 			ce->ce_flags |= ZEND_ACC_EXPLICIT_ABSTRACT_CLASS;
 		}
 	}
-	ce->ce_flags |= parent_ce->ce_flags & (ZEND_HAS_STATIC_IN_METHODS | ZEND_ACC_HAS_TYPE_HINTS | ZEND_ACC_HAS_READONLY_PROPS | ZEND_ACC_USE_GUARDS | ZEND_ACC_NOT_SERIALIZABLE | ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES);
+	ce->ce_flags |= parent_ce->ce_flags & (ZEND_HAS_STATIC_IN_METHODS | ZEND_ACC_HAS_TYPE_HINTS | ZEND_ACC_HAS_READONLY_PROPS | ZEND_ACC_USE_GUARDS | ZEND_ACC_NOT_SERIALIZABLE | ZEND_ACC_ALLOW_DYNAMIC_PROPERTIES | ZEND_ACC_SUBCLASS_SERIALIZABLE);
+
+	if ((parent_ce->ce_flags & (ZEND_ACC_NOT_SERIALIZABLE | ZEND_ACC_SUBCLASS_SERIALIZABLE)) == (ZEND_ACC_NOT_SERIALIZABLE | ZEND_ACC_SUBCLASS_SERIALIZABLE)) {
+		if (ce->__serialize || ce->__unserialize
+			|| ce->serialize || ce->unserialize
+			|| zend_hash_find_known_hash(&ce->function_table, ZSTR_KNOWN(ZEND_STR_SLEEP))
+			|| zend_hash_find_known_hash(&ce->function_table, ZSTR_KNOWN(ZEND_STR_WAKEUP))) {
+			ce->ce_flags &= ~(ZEND_ACC_NOT_SERIALIZABLE | ZEND_ACC_SUBCLASS_SERIALIZABLE);
+		}
+	}
 }
 /* }}} */
 

build/gen_stub.php

@@ -23,7 +23,8 @@
 const PHP_81_VERSION_ID = 80100;
 const PHP_82_VERSION_ID = 80200;
 const PHP_83_VERSION_ID = 80300;
-const ALL_PHP_VERSION_IDS = [PHP_70_VERSION_ID, PHP_80_VERSION_ID, PHP_81_VERSION_ID, PHP_82_VERSION_ID, PHP_83_VERSION_ID];
+const PHP_84_VERSION_ID = 80400;
+const ALL_PHP_VERSION_IDS = [PHP_70_VERSION_ID, PHP_80_VERSION_ID, PHP_81_VERSION_ID, PHP_82_VERSION_ID, PHP_83_VERSION_ID, PHP_84_VERSION_ID];
 
 /**
  * @return FileInfo[]
@@ -1845,6 +1846,7 @@ protected function getFlagsByPhpVersion(): array
             PHP_81_VERSION_ID => [$flags],
             PHP_82_VERSION_ID => [$flags],
             PHP_83_VERSION_ID => [$flags],
+            PHP_84_VERSION_ID => [$flags],
         ];
     }
 
@@ -2528,6 +2530,7 @@ class ClassInfo {
     /** @var AttributeInfo[] */
     public array $attributes;
     public bool $isNotSerializable;
+    public bool $isSubclassSerializable;
     /** @var Name[] */
     public array $extends;
     /** @var Name[] */
@@ -2563,6 +2566,7 @@ public function __construct(
         bool $isStrictProperties,
         array $attributes,
         bool $isNotSerializable,
+        bool $isSubclassSerializable,
         array $extends,
         array $implements,
         array $constInfos,
@@ -2582,6 +2586,7 @@ public function __construct(
         $this->isStrictProperties = $isStrictProperties;
         $this->attributes = $attributes;
         $this->isNotSerializable = $isNotSerializable;
+        $this->isSubclassSerializable = $isSubclassSerializable;
         $this->extends = $extends;
         $this->implements = $implements;
         $this->constInfos = $constInfos;
@@ -2795,12 +2800,19 @@ private function getFlagsByPhpVersion(): array
 
         $php83Flags = $php82Flags;
 
+        $php84Flags = $php83Flags;
+
+        if ($this->isSubclassSerializable) {
+            $php84Flags[] = "ZEND_ACC_SUBCLASS_SERIALIZABLE";
+        }
+
         return [
             PHP_70_VERSION_ID => $php70Flags,
             PHP_80_VERSION_ID => $php80Flags,
             PHP_81_VERSION_ID => $php81Flags,
             PHP_82_VERSION_ID => $php82Flags,
             PHP_83_VERSION_ID => $php83Flags,
+            PHP_84_VERSION_ID => $php84Flags,
         ];
     }
 
@@ -3712,6 +3724,7 @@ function parseClass(
     $isDeprecated = false;
     $isStrictProperties = false;
     $isNotSerializable = false;
+    $isSubclassSerializable = false;
     $allowsDynamicProperties = false;
     $attributes = [];
 
@@ -3728,6 +3741,8 @@ function parseClass(
                 $isNotSerializable = true;
             } else if ($tag->name === 'undocumentable') {
                 $isUndocumentable = true;
+            } else if ($tag->name == 'subclass-serializable') {
+                $isSubclassSerializable = true;
             }
         }
     }
@@ -3745,6 +3760,10 @@ function parseClass(
         throw new Exception("A class may not have '@strict-properties' and '#[\\AllowDynamicProperties]' at the same time.");
     }
 
+    if (!$isNotSerializable && $isSubclassSerializable) {
+        throw new Exception("@subclass-serializable without @not-serializable is a no-op");
+    }
+
     $extends = [];
     $implements = [];
 
@@ -3783,6 +3802,7 @@ function parseClass(
         $isStrictProperties,
         $attributes,
         $isNotSerializable,
+        $isSubclassSerializable,
         $extends,
         $implements,
         $consts,

ext/dom/php_dom.stub.php

@@ -294,7 +294,10 @@ public function after(...$nodes): void;
     public function replaceWith(...$nodes): void;
 }
 
-/** @not-serializable */
+/**
+ * @not-serializable
+ * @subclass-serializable
+ */
 class DOMNode
 {
     public const int DOCUMENT_POSITION_DISCONNECTED = 0x01;
@@ -415,7 +418,10 @@ public function getRootNode(?array $options = null): DOMNode {}
     public function compareDocumentPosition(DOMNode $other): int {}
 }
 
-/** @not-serializable */
+/**
+ * @not-serializable
+ * @subclass-serializable
+ */
 class DOMNameSpaceNode
 {
     /** @readonly */
@@ -977,7 +983,10 @@ public function __construct(string $name, string $value = "") {}
 }
 
 #ifdef LIBXML_XPATH_ENABLED
-/** @not-serializable */
+/**
+ * @not-serializable
+ * @subclass-serializable
+ */
 class DOMXPath
 {
     /** @readonly */

ext/dom/php_dom_arginfo.h

@@ -36,7 +36,7 @@ try {
 
 ?>
 --EXPECT--
-Serialization of 'DOMDocument' is not allowed
-Serialization of 'DOMElement' is not allowed
-Serialization of 'DOMXPath' is not allowed
-Serialization of 'DOMNameSpaceNode' is not allowed
+Serialization of 'DOMDocument' is not allowed, unless you extend the class and provide a serialisation method
+Serialization of 'DOMElement' is not allowed, unless you extend the class and provide a serialisation method
+Serialization of 'DOMXPath' is not allowed, unless you extend the class and provide a serialisation method
+Serialization of 'DOMNameSpaceNode' is not allowed, unless you extend the class and provide a serialisation method

ext/dom/tests/not_serializable.phpt

@@ -2,7 +2,10 @@
 
 /** @generate-class-entries */
 
-/** @not-serializable */
+/**
+ * @not-serializable
+ * @subclass-serializable
+ */
 class NumberFormatter
 {
     /* UNumberFormatStyle constants */

ext/intl/formatter/formatter.stub.php

@@ -12,4 +12,4 @@ try {
 }
 ?>
 --EXPECT--
-Serialization of 'NumberFormatter' is not allowed
+Serialization of 'NumberFormatter' is not allowed, unless you extend the class and provide a serialisation method

ext/intl/formatter/formatter_arginfo.h

@@ -8,7 +8,10 @@ function simplexml_load_string(string $data, ?string $class_name = SimpleXMLElem
 
 function simplexml_import_dom(SimpleXMLElement|DOMNode $node, ?string $class_name = SimpleXMLElement::class): ?SimpleXMLElement {}
 
-/** @not-serializable */
+/**
+ * @not-serializable
+ * @subclass-serializable
+ */
 class SimpleXMLElement implements Stringable, Countable, RecursiveIterator
 {
     /** @tentative-return-type */

ext/intl/tests/bug74063.phpt

@@ -1054,8 +1054,13 @@ static void php_var_serialize_intern(smart_str *buf, zval *struc, php_serialize_
 				uint32_t count;
 
 				if (ce->ce_flags & ZEND_ACC_NOT_SERIALIZABLE) {
-					zend_throw_exception_ex(NULL, 0, "Serialization of '%s' is not allowed",
-						ZSTR_VAL(ce->name));
+					if (ce->ce_flags & ZEND_ACC_SUBCLASS_SERIALIZABLE) {
+						zend_throw_exception_ex(NULL, 0, "Serialization of '%s' is not allowed, unless you extend the class and provide a serialisation method",
+							ZSTR_VAL(ce->name));
+					} else {
+						zend_throw_exception_ex(NULL, 0, "Serialization of '%s' is not allowed",
+							ZSTR_VAL(ce->name));
+					}
 					return;
 				}
 

ext/simplexml/simplexml.stub.php

@@ -1277,8 +1277,13 @@ object ":" uiv ":" ["]	{
 	*p = YYCURSOR;
 
 	if (ce->ce_flags & ZEND_ACC_NOT_SERIALIZABLE) {
-		zend_throw_exception_ex(NULL, 0, "Unserialization of '%s' is not allowed",
-			ZSTR_VAL(ce->name));
+		if (ce->ce_flags & ZEND_ACC_SUBCLASS_SERIALIZABLE) {
+			zend_throw_exception_ex(NULL, 0, "Unserialization of '%s' is not allowed, unless you extend the class and provide a unserialisation method",
+				ZSTR_VAL(ce->name));
+		} else {
+			zend_throw_exception_ex(NULL, 0, "Unserialization of '%s' is not allowed",
+				ZSTR_VAL(ce->name));
+		}
 		zend_string_release_ex(class_name, 0);
 		return 0;
 	}