Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100419
Return-Path: <nikita.ppv@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 58380 invoked from network); 6 Sep 2017 13:19:13 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Sep 2017 13:19:13 -0000
Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.193 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@gmail.com
X-Host-Fingerprint: 209.85.223.193 mail-io0-f193.google.com  
Received: from [209.85.223.193] ([209.85.223.193:38650] helo=mail-io0-f193.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 35/D6-10715-EC5FFA95 for <internals@lists.php.net>; Wed, 06 Sep 2017 09:19:11 -0400
Received: by mail-io0-f193.google.com with SMTP id q64so4545127iod.5
        for <internals@lists.php.net>; Wed, 06 Sep 2017 06:19:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=zGRQet6qlfmh5kr5fRhrl7rDU6LkHtXP808MVZDl4E8=;
        b=XIowOEo3v4hr0fr9cGm9k9w5eox2xf6zDDmjqG1Ju3WRPwzsPoeDYLrZ2JYaleP/Pa
         T4BS2m9Zon979I5c3N91/+nVdJpB85v2iGhAA9CnwJamyJdfymTHVVXeDGJ0aeC6Q5o6
         mVs0Ias7j2dOypXV/1oPgSSanvrnhMeUHn5vgTVdNtRjIG+L1/L47IwWk5p6SC1z3uFR
         8yGh8FikmLAK9dDkuxPz4MEkhgkNzlXhKv774lF/f0CCV/IVQlqo5hlAhCEtZF33mafA
         YI+THWDRMJCkXsirThyjPw5YaMXfxHGkSJ7UGyFcGO4hBxirxwX+7rtzJ+vTprQO5dAy
         UwUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=zGRQet6qlfmh5kr5fRhrl7rDU6LkHtXP808MVZDl4E8=;
        b=MXF7mcGNszgVmmTv2nJLiBBRP+/x0GZxAdCsuuf9O21Wg76LGjSuujCQ9CJgOX/81I
         tB+Nh9vsrtFSoRQgNUqnHaqYizcJe3tOtD6GQABgTTEwcOo/ANUhJkLSJZkiSHeeb5tM
         JGTtkQHp2/WAtN8G2mDv0JQnD93FAFuqUW9ggMliKnXxBzC16x7OtRGqb1ruPq8nmghq
         ZUamrQSy93SJb5rVCW6OEMQs0M2NYub0FsHd6oayVtH+yPTuE/hDS1JF33EDHgnkFeNO
         CqND8EIs4AQs3VSf03ia1pVnrsnv10Bn/4BQImGbQTVv/tku5Uh3R5gNR8C3UGiZA1sM
         +RUw==
X-Gm-Message-State: AHPjjUhIZsHcbNhwsEQyAT7TAhk3zGKbNee0fyn1EZEZgHQ3g+/DRjkW
	cFe4zb2Tc2Z7wdiukxPdYVO8CkjXDg==
X-Google-Smtp-Source: AOwi7QDRti7Df8py7Npd7EmMDBm5ctirv95ZhH17eaaDH2gm+UHV94Nw9pnSHGYPSxVKaPqc0Ke6pMxjeDBIeFPDucU=
X-Received: by 10.107.205.142 with SMTP id d136mr2550954iog.135.1504703948059;
 Wed, 06 Sep 2017 06:19:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.13.3 with HTTP; Wed, 6 Sep 2017 06:19:07 -0700 (PDT)
In-Reply-To: <BY2PR02MB2989D1A6035072A57D098DDAC970@BY2PR02MB298.namprd02.prod.outlook.com>
References: <BY2PR02MB2989D1A6035072A57D098DDAC970@BY2PR02MB298.namprd02.prod.outlook.com>
Date: Wed, 6 Sep 2017 15:19:07 +0200
Message-ID: <CAF+90c-mHpF8N7tUiggUkO0m2Pxevz3OZ70TBKc1gFkZ2abzPQ@mail.gmail.com>
To: Zeev Suraski <zeev@zend.com>
Cc: Arvids Godjuks <arvids.godjuks@gmail.com>, Dan Ackroyd <danack@basereality.com>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="94eb2c18a11851092005588530bd"
Subject: Re: [PHP-DEV] Providing built-in functionality written in PHP (was
 RE: [PHP-DEV] [VOTE] UUID)
From: nikita.ppv@gmail.com (Nikita Popov)

--94eb2c18a11851092005588530bd
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 6, 2017 at 2:46 PM, Zeev Suraski <zeev@zend.com> wrote:

> I think that actually makes a lot of sense, and not just because of the
> supportability =E2=80=93 but also because of security.  A whole class of =
security
> exploits =E2=80=93 buffer/stack overflows, underruns and all sorts of mem=
ory
> mismanagement become irrelevant when the code is implemented in PHP.  I
> brought this direction up in a discussion on the Security mailing list a
> few weeks ago without any traction =E2=80=93 but it probably makes more s=
ense to
> discuss it here anyway.
>
> I think that currently, there are two main challenges:
>
>   1.  Performance =E2=80=93 compute intensive logic is way slower in PHP =
compared
> to C.
>   2.  Delivery method  =E2=80=93  we don=E2=80=99t currently have a good =
way of providing
> functions that are written in PHP and have them provide the same =E2=80=
=98native=E2=80=99 /
> =E2=80=98builtin=E2=80=99 experience as functions/classes written in C.
>
> Regarding #1, often this isn=E2=80=99t very important as not all pieces o=
f code
> are that compute intensive.  Moreover, if/when JIT materializes, compute
> intensive logic in PHP will become a lot faster than it is today and
> probably in the same ballpark as C =E2=80=93 so it=E2=80=99ll open the do=
or for us
> implementing more and more things in PHP.
>
> Regarding #2 =E2=80=93 I think that=E2=80=99s something that can be solve=
d relatively
> easily, but admittedly I haven=E2=80=99t completely thought it through (r=
ead: I
> barely thought about it).
>
> We could create a mechanism where the contents of certain .php files is
> embedded into the binary, compiled during MINIT, and made available prett=
y
> at the same =E2=80=98builtinness=E2=80=99 level as C extensions.   We=E2=
=80=99d probably have to be
> pretty selective in terms of what goes in there =E2=80=93 probably just a=
s
> selective as we are with the C-based extensions, but I=E2=80=99d imagine =
that
> things like ext/exif, UUID, and perhaps even things like unserialize()
> could find themselves written in pure PHP using such a mechanism.
>
> Thoughts?
>
> Zeev
>

There has been a discussion about this recently:
https://externals.io/message/99366

Nikita

--94eb2c18a11851092005588530bd--