$30 off During Our Annual Pro Sale. View Details »

Pickles are for Delis, not for Software by Alex Gaynor

PyCon 2014
April 11, 2014
Programming
3
1.1k

Pickles are for Delis, not for Software by Alex Gaynor

PyCon 2014

April 11, 2014
Tweet

More Decks by PyCon 2014

See All by PyCon 2014
Postgres Performance for Humans by Craig Kerstiens
pycon2014
29
3.5k
Technical Onboarding, Training, and Mentoring by Kate Heddleston and Nicole Zuckerman
pycon2014
1
2.1k
"My big gay adventure. Making, releasing and selling an indie game made in python." by Luke Miller
pycon2014
2
1.4k
Farewell and Welcome Home, Python in Two Genders by Naomi_Ceder
pycon2014
1
670
Deliver Your Software in an Envelope by Augie Fackler and Nathaniel Manista
pycon2014
1
500
Hitchhikers Guide to Free and Open Source Participation by Elena Williams
pycon2014
6
1.1k
Localization Revisted (aka. Translations Evolved) by Ruchi Varshney
pycon2014
0
610
Smart Dumpster by Bradley E. Angell
pycon2014
0
430
Software Engineering for Hackers: Bridging the Two Solitudes by Tavish Armstrong
pycon2014
0
680

Other Decks in Programming

See All in Programming
TypeScript_コンパイラの内側に片足を入れる
ryounasso
0
210
セシール、大地に立つ - NIFTY Tech Day 2023
niftycorp
0
110
フロントエンドの書くべきだったテスト、書かなくてよかったテスト
takefumiyoshii
32
11k
.NET 8世代のBlazorについて
tomokusaba
0
150
Cloudflare Workers は楽しい!
codehex
8
2.2k
ChatGPTをソフトウェア開発に活用する
fbei_ot
0
130
GoにおけるCall Graphを用いた 大規模コードベースの影響調査
ffjlabo
0
110
ちょうぜつ本の紹介 (クリーンアーキテクチャとパッケージ原則)
suzukimar
0
270
安心してリリース!〜Blue/Greenデプロイ戦略の実体験〜 - NIFTY Tech Day 2023
niftycorp
0
120
Next.js App Router での MPA フロントエンド刷新
mugi_uno
28
9.2k
Scala Left Fold Parallelisation - Three Approaches
philipschwarz
PRO
0
270
B2B SaaSでSpringSecurityによる Roleを用いたユーザー権限設定の 実装について
rakus_dev
1
180

Featured

See All Featured
Web development in the modern age
philhawksworth
201
9.9k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
240
20k
How to Ace a Technical Interview
jacobian
272
22k
What's in a price? How to price your products and services
michaelherold
236
10k
Atom: Resistance is Futile
akmur
257
24k
Building Adaptive Systems
keathley
29
1.6k
Pencils Down: Stop Designing & Start Developing
hursman
115
11k
The Language of Interfaces
destraynor
149
22k
Infographics Made Easy
chrislema
236
17k
Gamification - CAS2011
davidbonilla
75
4.4k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
31k
Faster Mobile Websites
deanohume
296
29k

Transcript

  1. Pickles are for Delis,
    Not Software
    Alex Gaynor

    View Slide

  2. About me
    • Django, PyPy, OpenStack, CPython, etc.
    • Director of the Python Software Foundation
    • Software engineer at Rackspace

    View Slide

  3. These are a few of my
    favorite things…

    View Slide

  4. View Slide

  5. View Slide

  6. View Slide

  7. These are a few of my
    least favorite things…

    View Slide

  8. >>> import pickle!

    View Slide

  9. What is pickle?
    • Serialization library
    • Take a random python object, turn it into bytes
    • Take some bytes, turn them back into an object
    later

    View Slide

  10. Use cases
    • Sending things between two Python processes
    which are both running (e.g. multiprocessing)
    • Storing random Python objects in your database
    (e.g. memcached)

    View Slide

  11. So how’s it work?

    View Slide

  12. >>> pickle.dumps([1, "a", None])!
    "(lp0\nI1\naS'a'\np1\naNa."!

    View Slide

  13. >>> pickle.dumps([1, "a", None])!
    "(lp0\nI1\naS'a'\np1\naNa."!
    Random nonsense!

    View Slide

  14. def dump(self, obj):!
    # Check the type dispatch table!
    t = type(obj)!
    f = self.dispatch.get(t)!
    if f:!
    f(self, obj)!
    return!
    ...!

    View Slide

  15. def dump_list(self, obj):!
    self.write(EMPTY_LIST)!
    for x in obj:!
    self.dump(x)!
    self.write(APPEND)!

    View Slide

  16. def dump_int(self, obj):!
    self.write(INT + repr(obj) + '\n')!

    View Slide

  17. def dump_none(self, obj):!
    self.write(NONE)!

    View Slide

  18. >>> import pickletools!
    >>> pickletools.dis("(lp0\nI1\naS'a'\np1\naNa.")!
    1: l LIST (MARK at 0)!
    5: I INT 1!
    8: a APPEND!
    9: S STRING 'a'!
    17: a APPEND!
    18: N NONE!
    19: a APPEND!
    20: . STOP

    View Slide

  19. So what about your
    classes?

    View Slide

  20. def dump(self, obj):!
    # Check the type dispatch table!
    t = type(obj)!
    f = self.dispatch.get(t)!
    if f:!
    f(self, obj)!
    return!
    ...!

    View Slide

  21. def dump(self, obj):!
    # ...!
    func, args = obj.__reduce__()!
    if reduce:!
    rv = reduce()!
    self.save(func)!
    self.save(args)!
    self.write(REDUCE)!

    View Slide

  22. >>> pickletools.dis(pickle.dumps(object()))!
    0: c GLOBAL 'copy_reg _reconstructor'!
    29: c GLOBAL '__builtin__ object'!
    55: N NONE!
    56: t TUPLE!
    60: R REDUCE!
    64: . STOP!

    View Slide

  23. >>> class X(object):!
    ... def __init__(self):!
    ... self.my_cool_attr = 3!
    ...!
    >>> x = X()!

    View Slide

  24. >>> pickletools.dis(pickle.dumps(x))!
    0: c GLOBAL 'copy_reg _reconstructor'!
    29: c GLOBAL '__main__ X'!
    44: c GLOBAL '__builtin__ object'!
    67: N NONE!
    68: t TUPLE!
    72: R REDUCE!
    77: d DICT!
    81: S STRING 'my_cool_attr'!
    100: I INT 3!
    103: s SETITEM!
    104: b BUILD!
    105: . STOP!

    View Slide

  25. What if I want to have
    custom pickle logic?

    View Slide

  26. >>> class FunkyPickle(object):!
    ... def __reduce__(self):!
    ... return (str, ('abc',),)!
    ...!

    View Slide

  27. >>> pickle.loads(pickle.dumps(FunkyPickle()))!
    'abc'!

    View Slide

  28. Unpickling

    View Slide

  29. Stack machines

    View Slide

  30. >>> [1, 'a', None]!
    [1, 'a', None]!

    View Slide

  31. LIST
    INT 1
    APPEND
    STRING
    APPEND
    None
    APPEND

    View Slide

  32. LIST
    INT 1
    APPEND
    STRING
    APPEND
    None
    APPEND
    []!

    View Slide

  33. LIST
    INT 1
    APPEND
    STRING
    APPEND
    None
    APPEND
    []!
    1!

    View Slide

  34. LIST
    INT 1
    APPEND
    STRING
    APPEND
    None
    APPEND
    [1]

    View Slide

  35. LIST
    INT 1
    APPEND
    STRING
    APPEND
    None
    APPEND
    [1]
    'a'

    View Slide

  36. LIST
    INT 1
    APPEND
    STRING
    APPEND
    None
    APPEND
    [1, 'a']!

    View Slide

  37. LIST
    INT 1
    APPEND
    STRING
    APPEND
    None
    APPEND
    [1, 'a']!
    None!

    View Slide

  38. LIST
    INT 1
    APPEND
    STRING
    APPEND
    None
    APPEND
    [1, 'a', None]!

    View Slide

  39. STOP
    [1, 'a', None]!

    View Slide

  40. def loads(self):!
    try:!
    while True:!
    key = self.read(1)!
    self.dispatch[key](self)!
    except _Stop as exc:!
    return exc.value!

    View Slide

  41. def load_empty_list(self):!
    self.stack.append([])!
    dispatch[EMPTY_LIST] = load_empty_list!
    !
    def load_append(self):!
    stack = self.stack!
    value = stack.pop()!
    list = stack[-1]!
    list.append(value)!
    dispatch[APPEND] = load_append!

    View Slide

  42. def load_reduce(self):!
    stack = self.stack!
    args = stack.pop()!
    func = stack[-1]!
    value = func(*args)!
    stack[-1] = value!
    dispatch[REDUCE] = load_reduce!

    View Slide

  43. Security

    View Slide

  44. >>> class WhatEvenIsSecurity(object):!
    ... def __reduce__(self):!
    ... return (os.listdir, ('.',),)!
    ...!
    >>> p = pickle.dumps(WhatEvenIsSecurity())!
    >>> pickle.loads(p)!
    ['Applications', 'Desktop', 'Documents', 'Downloads', ...]!

    View Slide

  45. You cannot safely
    unpickle untrusted data.
    https://blog.nelhage.com/2011/03/exploiting-pickle/

    View Slide

  46. Do you, Programmer, take this Object
    to be part of the persistent state of
    your application, to have and to hold,
    through maintenance and iterations,
    for past and future versions, as long as
    the application shall live?
    !
    - Erm, can I get back to you on that?

    View Slide

  47. Let me tell you a
    story…

    View Slide

  48. >>> class X(object):!
    ... pass!
    ...!
    >>> x = X()!
    >>> p = pickle.dumps(x)!
    >>> del X!
    >>> pickle.loads(p)!
    Traceback (most recent call last):!
    ...!
    AttributeError: 'module' object has no attribute 'X'!

    View Slide

  49. >>> class X(object):!
    ... def __init__(self):!
    ... self.x = 4!
    ... def f(self):!
    ... return self.x!
    ...!
    >>> p = pickle.dumps(X())!
    >>> pickle.loads(p)!
    <__main__.X object at 0x107f80d90>!

    View Slide

  50. >>> class X(object):!
    ... def __init__(self):!
    ... self.y = 4!
    ... def f(self):!
    ... return self.y!
    ...!
    >>> x = pickle.loads(p)!
    >>> x.f()!
    Traceback (most recent call last):!
    File "", line 1, in !
    File "", line 5, in f!
    AttributeError: 'X' object has no attribute 'y'!

    View Slide

  51. Alternatives
    (Also known as, write some functions)

    View Slide

  52. class Table(object):!
    def __init__(self, size):!
    self.size = size!
    !
    def dump(self):!
    return json.dumps({!
    "version": 1,!
    "size": self.size!
    })!

    View Slide

  53. @classmethod!
    def load(cls, data):!
    assert data["version"] == 1!
    return cls(data["size"])!

    View Slide

  54. class Table(object):!
    def __init__(self, height, width):!
    self.heigh = heigh!
    self.width = width!
    !
    def dump(self):!
    return json.dumps({!
    "version": 2,!
    "height": self.height,!
    "width": self.width,!
    })!

    View Slide

  55. @classmethod!
    def load(cls, data):!
    if data["version"] == 1:!
    h = w = sqrt(data["size"])!
    return cls(h, w)!
    elif data["version"] == 2:!
    return cls(data["height"], data["width"])!
    else:!
    raise ValueError!

    View Slide

  56. • More testable
    • Simpler
    • More auditable

    View Slide

  57. • msgpack
    • JSON

    View Slide

  58. Pickle: Unsafe at any
    speed

    View Slide

  59. Thanks!
    Questions? Answers?

    View Slide