Add #[NoSerialize] attribute support to prevent property serialization.

Zend/tests/attributes/no_serialize/001-base-serialization.phpt

@@ -0,0 +1,53 @@
+--TEST--
+#[\NoSerialize]: Basic test.
+--FILE--
+<?php
+
+class Base {
+    #[\NoSerialize]
+    public $b1 = 'a';
+    protected $b2 = 'b';
+    private $b3 = 'c';
+}
+
+class Child extends Base {
+    public $b1 = 'b';
+
+    function __construct (
+        #[\NoSerialize]
+        public $c = 'c',
+        public $d = 'd',
+    ) {}
+}
+
+class Unserializable {
+    #[\NoSerialize]
+    public $a;
+    public $b;
+}
+
+$base = new Base;
+echo serialize($base), PHP_EOL;
+echo serialize(new Child), PHP_EOL;
+$base->b1 = 'b';
+var_dump(unserialize(serialize($base)));
+var_dump(unserialize('O:14:"Unserializable":2:{s:1:"a";s:1:"a";s:1:"b";s:1:"b";}'));
+
+?>
+--EXPECTF--
+O:4:"Base":2:{s:5:"%0*%0b2";s:1:"b";s:8:"%0Base%0b3";s:1:"c";}
+O:5:"Child":4:{s:2:"b1";s:1:"b";s:5:"%0*%0b2";s:1:"b";s:8:"%0Base%0b3";s:1:"c";s:1:"d";s:1:"d";}
+object(Base)#%d (3) {
+  ["b1"]=>
+  string(1) "a"
+  ["b2":protected]=>
+  string(1) "b"
+  ["b3":"Base":private]=>
+  string(1) "c"
+}
+object(Unserializable)#2 (2) {
+  ["a"]=>
+  string(1) "a"
+  ["b"]=>
+  string(1) "b"
+}

Zend/tests/attributes/no_serialize/002-static-prop.phpt

@@ -0,0 +1,13 @@
+--TEST--
+#[\NoSerialize]: Error on static prop.
+--FILE--
+<?php
+
+class Base {
+    #[\NoSerialize]
+    static public $b1 = 'a';
+}
+
+?>
+--EXPECTF--
+Fatal error: Cannot apply #[\NoSerialize] to static property Base::$b1 in %s on line %d

Zend/tests/attributes/no_serialize/003-virtual-prop.phpt

@@ -0,0 +1,15 @@
+--TEST--
+#[\NoSerialize]: Error on virtual prop.
+--FILE--
+<?php
+
+class Base {
+    #[\NoSerialize]
+    protected $b2 {
+        get => 1;
+    }
+}
+
+?>
+--EXPECTF--
+Fatal error: Cannot apply #[\NoSerialize] to virtual property Base::$b2 in %s on line %d

Zend/tests/attributes/no_serialize/004-promoted-virtual-prop.phpt

@@ -0,0 +1,17 @@
+--TEST--
+#[\NoSerialize]: Error on promoted virtual prop.
+--FILE--
+<?php
+
+class Base {
+function __construct(
+    #[\NoSerialize]
+    protected $b2 {
+        get => 1;
+    }
+) {}
+}
+
+?>
+--EXPECTF--
+Fatal error: Cannot apply #[\NoSerialize] to virtual property Base::$b2 in %s on line %d

Zend/tests/attributes/no_serialize/005-trait-properties.phpt

@@ -0,0 +1,28 @@
+--TEST--
+#[\NoSerialize]: Traits properties test.
+--FILE--
+<?php
+
+trait T {
+    #[\NoSerialize]
+    public $a = 'a';
+    public $b = 'b';
+}
+
+class Base {
+    use T;
+}
+
+$base = new Base;
+echo serialize($base), PHP_EOL;
+var_dump(unserialize('O:4:"Base":2:{s:1:"a";s:1:"a";s:1:"b";s:1:"b";}'));
+
+?>
+--EXPECTF--
+O:4:"Base":1:{s:1:"b";s:1:"b";}
+object(Base)#2 (2) {
+  ["a"]=>
+  string(1) "a"
+  ["b"]=>
+  string(1) "b"
+}

Zend/zend_attributes.c

@@ -33,6 +33,7 @@ ZEND_API zend_class_entry *zend_ce_override;
 ZEND_API zend_class_entry *zend_ce_deprecated;
 ZEND_API zend_class_entry *zend_ce_nodiscard;
 ZEND_API zend_class_entry *zend_ce_delayed_target_validation;
+ZEND_API zend_class_entry *zend_ce_no_serialize;
 
 static zend_object_handlers attributes_object_handlers_sensitive_parameter_value;
 
@@ -606,6 +607,9 @@ void zend_register_attribute_ce(void)
 
 	zend_ce_delayed_target_validation = register_class_DelayedTargetValidation();
 	attr = zend_mark_internal_attribute(zend_ce_delayed_target_validation);
+
+	zend_ce_no_serialize = register_class_NoSerialize();
+	attr = zend_mark_internal_attribute(zend_ce_no_serialize);
 }
 
 void zend_attributes_shutdown(void)

Zend/zend_attributes.h

@@ -51,6 +51,7 @@ extern ZEND_API zend_class_entry *zend_ce_override;
 extern ZEND_API zend_class_entry *zend_ce_deprecated;
 extern ZEND_API zend_class_entry *zend_ce_nodiscard;
 extern ZEND_API zend_class_entry *zend_ce_delayed_target_validation;
+extern ZEND_API zend_class_entry *zend_ce_no_serialize;
 
 typedef struct {
 	zend_string *name;

Zend/zend_attributes.stub.php

@@ -103,3 +103,11 @@ public function __construct(?string $message = null) {}
  */
 #[Attribute(Attribute::TARGET_ALL)]
 final class DelayedTargetValidation {}
+
+/**
+ * @strict-properties
+ */
+#[Attribute(Attribute::TARGET_PROPERTY)]
+final class NoSerialize
+{
+}

Zend/zend_compile.c

@@ -8000,6 +8000,16 @@ static void zend_compile_params(zend_ast *ast, zend_ast *return_type_ast, uint32
 				if (override_attribute) {
 					prop->flags |= ZEND_ACC_OVERRIDE;
 				}
+
+				zend_attribute *no_serialize_attribute = zend_get_attribute_str(prop->attributes, "noserialize", sizeof("noserialize")-1);
+				if (no_serialize_attribute) {
+					if (prop->flags & ZEND_ACC_VIRTUAL) {
+						zend_error(E_COMPILE_ERROR,
+						"Cannot apply #[\\NoSerialize] to virtual property %s::$%s",
+						ZSTR_VAL(scope->name), ZSTR_VAL(name));
+					}
+					prop->flags |= ZEND_ACC_NO_SERIALIZE;
+				}
 			}
 		}
 	}
@@ -8989,6 +8999,21 @@ static void zend_compile_prop_decl(zend_ast *ast, zend_ast *type_ast, uint32_t f
 			if (override_attribute) {
 				info->flags |= ZEND_ACC_OVERRIDE;
 			}
+
+			zend_attribute *no_serialize_attribute = zend_get_attribute_str(info->attributes, "noserialize", sizeof("noserialize")-1);
+			if (no_serialize_attribute) {
+				if (info->flags & ZEND_ACC_STATIC) {
+					zend_error(E_COMPILE_ERROR,
+					"Cannot apply #[\\NoSerialize] to static property %s::$%s",
+					ZSTR_VAL(ce->name), ZSTR_VAL(name));
+				}
+				if (info->flags & ZEND_ACC_VIRTUAL) {
+					zend_error(E_COMPILE_ERROR,
+					"Cannot apply #[\\NoSerialize] to virtual property %s::$%s",
+					ZSTR_VAL(ce->name), ZSTR_VAL(name));
+				}
+				info->flags |= ZEND_ACC_NO_SERIALIZE;
+			}
 		}
 
 		CG(context).active_property_info_name = old_active_property_info_name;

Zend/zend_compile.h

@@ -261,7 +261,7 @@ typedef struct _zend_oparray_context {
 /* has #[\Override] attribute                             |     |     |     */
 #define ZEND_ACC_OVERRIDE                (1 << 28) /*     |  X  |  X  |     */
 /*                                                        |     |     |     */
-/* Property Flags (unused: 13-27,29...)                   |     |     |     */
+/* Property Flags (unused: 13-27,29,30)                   |     |     |     */
 /* ===========                                            |     |     |     */
 /*                                                        |     |     |     */
 /* Promoted property / parameter                          |     |     |     */
@@ -275,6 +275,9 @@ typedef struct _zend_oparray_context {
 #define ZEND_ACC_PROTECTED_SET           (1 << 11) /*     |     |  X  |     */
 #define ZEND_ACC_PRIVATE_SET             (1 << 12) /*     |     |  X  |     */
 /*                                                        |     |     |     */
+/* has #[\NoSerialize] attribute                          |     |     |     */
+#define ZEND_ACC_NO_SERIALIZE            (1U << 31) /*    |     |  X  |     */
+/*                                                        |     |     |     */
 /* Class Flags (unused: 31)                               |     |     |     */
 /* ===========                                            |     |     |     */
 /*                                                        |     |     |     */

ext/standard/var.c

@@ -1248,7 +1248,7 @@ static void php_var_serialize_intern(smart_str *buf, zval *struc, php_serialize_
 					count = ce->default_properties_count;
 					for (i = 0; i < ce->default_properties_count; i++) {
 						prop_info = ce->properties_info_table[i];
-						if (!prop_info) {
+						if (!prop_info || prop_info->flags & ZEND_ACC_NO_SERIALIZE) {
 							count--;
 							continue;
 						}
@@ -1263,7 +1263,7 @@ static void php_var_serialize_intern(smart_str *buf, zval *struc, php_serialize_
 						smart_str_appendl(buf, ":{", 2);
 						for (i = 0; i < ce->default_properties_count; i++) {
 							prop_info = ce->properties_info_table[i];
-							if (!prop_info) {
+							if (!prop_info || prop_info->flags & ZEND_ACC_NO_SERIALIZE) {
 								continue;
 							}
 							prop = OBJ_PROP(obj, prop_info->offset);