This is a work in progress.

There are some issues to be solved.

KernelInterface API

I'm not able to mesure the impact of droping\Serializable fromKernelInterface, not sure if we should do that in a minor release.

Tests

Traces into objects

This new serialization strategy injects a trace into the serialized objects.
To make some tests pass I had to clone these objects to keep their original instances clean.
Here the list of tests changed:

• Symfony\Component\Config\Tests\Resource\ComposerResourceTest:testSerializeUnserialize()
• Symfony\Component\DependencyInjection\Tests\Config\ContainerParametersResourceTest:testSerializeUnserialize()
• Symfony\Component\Routing\Tests\RouteTest:testSerialize()
• Symfony\Component\Routing\Tests\RouteTest:testSerializeWhenCompiled()
  • This one is interesting because there is a internal object with the same behavior as its parent

Tests realying on serialized strings

Symfony\Component\HttpKernel\Tests\DataCollector\DumpDataCollectorTest relied on internal serialization engine. I've updated it, but it still depends on the internal implementation. I created aExposedDumpDataCollector class that expose some internal variables for test purposes.

Tests failing

• Symfony\Component\Routing\Tests\RouteTest:testSerializedRepresentationKeepsWorking()
• Symfony\Component\Config\Tests\ResourceCheckerConfigCacheTest:testCacheIsNotFreshWhenUnserializeFails()
  • I guess it's related toSymfony\Component\Config\ResourceCheckerConfigCache:safelyUnserialize()

I would consider implementingSerializable an internal implementation detail, which means I'm fine removing it on these classes on master. No BC break here :)

@stof, using __sleep without transient attribute will break serialization for child classes (if parent class has private attributes in the bulk).

In other words: Serializing extended classes won't work anymore.

Real example: I ketp the trasient attribute in theSymfony\Component\Routing\CompiledRoute in order to keepSymfony\Component\Routing\Tests\RouteTest:testSerializeWhenCompiledWithClass() green.

Here is a list of classes that mention private attributes in__sleep():

• Symfony\Component\Config\Resource\ClassExistenceResource
• Symfony\Component\Config\Resource\ComposerResource
• Symfony\Component\Config\Resource\DirectoryResource
• Symfony\Component\Config\Resource\FileExistenceResource
• Symfony\Component\Config\Resource\FileResource
• Symfony\Component\Config\Resource\GlobResource
• Symfony\Component\Config\Resource\ReflectionClassResource
• Symfony\Component\DependencyInjection\Config\ContainerParametersResource
• Symfony\Component\Form\FormError
• Symfony\Component\HttpKernel\Debug\FileLinkFormatter
• Symfony\Component\Routing\Route

Please, check if I should revert it for some of them.

Here is the list of classes mentioning only protected attributes in__sleep():

• Symfony\Component\HttpKernel\DataCollector\DataCollector
• Symfony\Component\HttpKernel\Kernel

Here is the list of classes I did changed the transient attribute approach:

• Symfony\Component\Form\Extension\DataCollector\FormDataCollector
• Symfony\Component\HttpKernel\DataCollector\DumpDataCollector

@nicolas-grekass/list(...)/[...] done

Tests still failing:

• Symfony\Component\Config\Test\ResourceCheckerConfigCacheTest::testCacheIsNotFreshWhenUnserializeFails
• Symfony\Component\Routing\Tests\RouteTest::testSerializedRepresentationKeepsWorking

Actually, we cannot do that forDataCollector as that breaks classes like e.g.
https://github.com/intbizth/toro-admin-bundle/blob/fc85a454fa8c22daffdd6e4ac713b8ea95d23990/DataCollector/ToroDataCollector.php

Maybe split the data-collector related changes to a separate PR to move the rest forward?

I think we can drop\Serialize nowhere, because related methods become@internal one week ago. We cannot be sure no one is overwriting these methods in other classes 😒

And we still need to move forward, so we need plans :)
Mine would be to drop Serializable from resources and mark them@final because that looks safe enough,
and remove@internal from the base data collector btw, then consider data collectors in a separate PR.

Updates:

• Reverted changes inDataCollector
• Some classes become@final

❗ Test failingResourceCheckerConfigCacheTest::testCacheIsNotFreshWhenUnserializeFails

It seems the strategy applyed inResourceCheckerConfigCache:safelyUnserialize() does not work with__sleep() payload.

Here is an example where nativeunserialize() works, andsafelyUnserialize() doesn't:https://3v4l.org/0Chn9

OK for dropping\Serializable on my side but still, it is a BC break that should be mentioned in CHANGELOG/UPGRADE files IMHO. Classes made@final may also be documented as anything that triggers notices.

Changelogs updated. Not sure about upgrade files, so I didn't update them.

Thank you@renanbr.