Implement new custom object serialization mechanism

RFC: https://wiki.php.net/rfc/custom_object_serialization

Author: nikic

UPGRADING

@@ -107,6 +107,7 @@ PHP 7.4 UPGRADE NOTES
     This will enforce that $user->id can only be assigned integer and
     $user->name can only be assigned strings. For more information see the
     RFC: https://wiki.php.net/rfc/typed_properties_v2
+
   . Added support for coalesce assign (??=) operator. For example:
 
         $array['key'] ??= computeDefault();
@@ -156,6 +157,20 @@ PHP 7.4 UPGRADE NOTES
   . strip_tags() now also accepts an array of allowed tags: Instead of
     strip_tags($str, '<a><p>') you can now write strip_tags($str, ['a', 'p']).
 
+  . A new mechanism for custom object serialization has been added, which
+    uses two new magic methods:
+
+        // Returns array containing all the necessary state of the object.
+        public function __serialize(): array;
+
+        // Restores the object state from the given data array.
+        public function __unserialize(array $data): void;
+
+    The new serialization mechanism supersedes the Serializable interface,
+    which will be deprecated in the future.
+
+    RFC: https://wiki.php.net/rfc/custom_object_serialization
+
 ========================================
 3. Changes in SAPI modules
 ========================================

ext/standard/tests/serialize/__serialize_001.phpt

@@ -0,0 +1,32 @@
+--TEST--
+__serialize() mechanism (001): Basics
+--FILE--
+<?php
+
+class Test {
+    public $prop;
+    public $prop2;
+    public function __serialize() {
+        return ["value" => $this->prop, 42 => $this->prop2];
+    }
+    public function __unserialize(array $data) {
+        $this->prop = $data["value"];
+        $this->prop2 = $data[42];
+    }
+}
+
+$test = new Test;
+$test->prop = "foobar";
+$test->prop2 = "barfoo";
+var_dump($s = serialize($test));
+var_dump(unserialize($s));
+
+?>
+--EXPECT--
+string(58) "O:4:"Test":2:{s:5:"value";s:6:"foobar";i:42;s:6:"barfoo";}"
+object(Test)#2 (2) {
+  ["prop"]=>
+  string(6) "foobar"
+  ["prop2"]=>
+  string(6) "barfoo"
+}

ext/standard/tests/serialize/__serialize_002.phpt

@@ -0,0 +1,20 @@
+--TEST--
+__serialize() mechanism (002): TypeError on invalid return type
+--FILE--
+<?php
+
+class Test {
+    public function __serialize() {
+        return $this;
+    }
+}
+
+try {
+    serialize(new Test);
+} catch (TypeError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+__serialize() must return an array

ext/standard/tests/serialize/__serialize_003.phpt

@@ -0,0 +1,56 @@
+--TEST--
+__serialize() mechanism (003): Interoperability of different serialization mechanisms
+--FILE--
+<?php
+
+class Test implements Serializable {
+    public function __sleep() {
+        echo "__sleep() called\n";
+    }
+
+    public function __wakeup() {
+        echo "__wakeup() called\n";
+    }
+
+    public function __serialize() {
+        echo "__serialize() called\n";
+        return ["key" => "value"];
+    }
+
+    public function __unserialize(array $data) {
+        echo "__unserialize() called\n";
+        var_dump($data);
+    }
+
+    public function serialize() {
+        echo "serialize() called\n";
+        return "payload";
+    }
+
+    public function unserialize($payload) {
+        echo "unserialize() called\n";
+        var_dump($payload);
+    }
+}
+
+$test = new Test;
+var_dump($s = serialize($test));
+var_dump(unserialize($s));
+
+var_dump(unserialize('C:4:"Test":7:{payload}'));
+
+?>
+--EXPECT--
+__serialize() called
+string(37) "O:4:"Test":1:{s:3:"key";s:5:"value";}"
+__unserialize() called
+array(1) {
+  ["key"]=>
+  string(5) "value"
+}
+object(Test)#2 (0) {
+}
+unserialize() called
+string(7) "payload"
+object(Test)#2 (0) {
+}

ext/standard/tests/serialize/__serialize_004.phpt

@@ -0,0 +1,131 @@
+--TEST--
+__serialize() mechanism (004): Delayed __unserialize() calls
+--FILE--
+<?php
+
+class Wakeup {
+    public $data;
+    public function __construct(array $data) {
+        $this->data = $data;
+    }
+    public function __wakeup() {
+        echo "__wakeup() called\n";
+        var_dump($this->data);
+        $this->woken_up = true;
+    }
+}
+
+class Unserialize {
+    public $data;
+    public function __construct(array $data) {
+        $this->data = $data;
+    }
+    public function __serialize() {
+        return $this->data;
+    }
+    public function __unserialize(array $data) {
+        $this->data = $data;
+        echo "__unserialize() called\n";
+        var_dump($this->data);
+        $this->unserialized = true;
+    }
+}
+
+$obj = new Wakeup([new Unserialize([new Wakeup([new Unserialize([])])])]);
+var_dump($s = serialize($obj));
+var_dump(unserialize($s));
+
+?>
+--EXPECT--
+string(126) "O:6:"Wakeup":1:{s:4:"data";a:1:{i:0;O:11:"Unserialize":1:{i:0;O:6:"Wakeup":1:{s:4:"data";a:1:{i:0;O:11:"Unserialize":0:{}}}}}}"
+__unserialize() called
+array(0) {
+}
+__wakeup() called
+array(1) {
+  [0]=>
+  object(Unserialize)#8 (2) {
+    ["data"]=>
+    array(0) {
+    }
+    ["unserialized"]=>
+    bool(true)
+  }
+}
+__unserialize() called
+array(1) {
+  [0]=>
+  object(Wakeup)#7 (2) {
+    ["data"]=>
+    array(1) {
+      [0]=>
+      object(Unserialize)#8 (2) {
+        ["data"]=>
+        array(0) {
+        }
+        ["unserialized"]=>
+        bool(true)
+      }
+    }
+    ["woken_up"]=>
+    bool(true)
+  }
+}
+__wakeup() called
+array(1) {
+  [0]=>
+  object(Unserialize)#6 (2) {
+    ["data"]=>
+    array(1) {
+      [0]=>
+      object(Wakeup)#7 (2) {
+        ["data"]=>
+        array(1) {
+          [0]=>
+          object(Unserialize)#8 (2) {
+            ["data"]=>
+            array(0) {
+            }
+            ["unserialized"]=>
+            bool(true)
+          }
+        }
+        ["woken_up"]=>
+        bool(true)
+      }
+    }
+    ["unserialized"]=>
+    bool(true)
+  }
+}
+object(Wakeup)#5 (2) {
+  ["data"]=>
+  array(1) {
+    [0]=>
+    object(Unserialize)#6 (2) {
+      ["data"]=>
+      array(1) {
+        [0]=>
+        object(Wakeup)#7 (2) {
+          ["data"]=>
+          array(1) {
+            [0]=>
+            object(Unserialize)#8 (2) {
+              ["data"]=>
+              array(0) {
+              }
+              ["unserialized"]=>
+              bool(true)
+            }
+          }
+          ["woken_up"]=>
+          bool(true)
+        }
+      }
+      ["unserialized"]=>
+      bool(true)
+    }
+  }
+  ["woken_up"]=>
+  bool(true)
+}

ext/standard/tests/serialize/__serialize_005.phpt

@@ -0,0 +1,56 @@
+--TEST--
+__serialize() mechanism (005): parent::__unserialize() is safe
+--FILE--
+<?php
+
+class A {
+    private $data;
+    public function __construct(array $data) {
+        $this->data = $data;
+    }
+    public function __serialize() {
+        return $this->data;
+    }
+    public function __unserialize(array $data) {
+        $this->data = $data;
+    }
+}
+
+class B extends A {
+    private $data2;
+    public function __construct(array $data, array $data2) {
+        parent::__construct($data);
+        $this->data2 = $data2;
+    }
+    public function __serialize() {
+        return [$this->data2, parent::__serialize()];
+    }
+    public function __unserialize(array $payload) {
+        [$data2, $data] = $payload;
+        parent::__unserialize($data);
+        $this->data2 = $data2;
+    }
+}
+
+$common = new stdClass;
+$obj = new B([$common], [$common]);
+var_dump($s = serialize($obj));
+var_dump(unserialize($s));
+
+?>
+--EXPECT--
+string(63) "O:1:"B":2:{i:0;a:1:{i:0;O:8:"stdClass":0:{}}i:1;a:1:{i:0;r:3;}}"
+object(B)#3 (2) {
+  ["data2":"B":private]=>
+  array(1) {
+    [0]=>
+    object(stdClass)#4 (0) {
+    }
+  }
+  ["data":"A":private]=>
+  array(1) {
+    [0]=>
+    object(stdClass)#4 (0) {
+    }
+  }
+}