In the computer programming language Python, pickle is the standard mechanism for object serialization; pickling is the common term among Python programmers for serialization (unpickling for deserializing). Pickle uses a simple stack-based virtual machine that records the instructions used to reconstruct the object. This makes pickle vulnerable to security risks by malformed or maliciously constructed data, that may cause the deserializer to import arbitrary modules and instantiate any object. Not all object types can be pickled automatically, especially ones that hold operating system resources like file handles, but users can register custom "reduction" and construction functions to support the pickling and unpickling of arbitrary types.
Pickle was originally implemented as the pure Python
pickle module, but, in versions of Python prior to 3.0, the
cPickle module (also a built-in) offers improved performance (up to 1000 times faster). In Python 3, users should always import the standard version, which attempts to import the accelerated version and falls back to the pure Python version.
|This computing article is a stub. You can help Wikipedia by expanding it.|