Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:108219
Return-Path: <rasmus@lerdorf.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25521 invoked from network); 23 Jan 2020 09:55:39 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 23 Jan 2020 09:55:39 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0676D180537
	for <internals@lists.php.net>; Thu, 23 Jan 2020 00:04:42 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,
	SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <rasmus@lerdorf.com>
Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 23 Jan 2020 00:04:41 -0800 (PST)
Received: by mail-ed1-f51.google.com with SMTP id c26so2402975eds.8
        for <internals@lists.php.net>; Thu, 23 Jan 2020 00:04:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=lerdorf-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=aMG+ODDPULpHJeNX0QeQJ/fMp2PzvAZ1ZyKSfmuWgFg=;
        b=NROQun3o8xaJ6oRfO27jLWhGjs00iX4FhaMcCo8xa78NzokNFIJXMRQYDagjfJffhP
         LxVUVqrHBP6Avh6xmNqDz/BBvGwHKThsema/M9NnHQHdDGWjEEpreBmhZ+3dpmN47giY
         Hkz3dXSWqA6QvXcdLmsKv1eHAubGRoZoMfuyPu9UH80AoYDzv8Po/EulfWM/lmGLc2Vr
         tayjv64qmBvC/ZukYkBWb4w26RlzysmFN1BPoYzCnwq7nYRl5zZGTdwnCDYU7dPACfUU
         BuyE8gtLFy53gS9z8FdBeKXf/zpOU0IyZFHQ91UzVtgsL72q1j4Nzo0TA3jUlcvza5em
         jUjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=aMG+ODDPULpHJeNX0QeQJ/fMp2PzvAZ1ZyKSfmuWgFg=;
        b=KU4LyVIj8VA7yI/l9eUchOLZLn7sHoBXodUBpINx4TMFsalkPOO7Dewu+bXNGd2k4d
         TzyHSBZhTvDNSRYP7WAhK4LF2fby/Uta8LW1a6WykPUyszIawyIbiiqObVrGpGReynQm
         a6QP1kIBJLMSWCiugJNw1vW/+h/bAY1OvlHZEQisPuyQ3C9gZqoLZfSeOPhcOh+BDOON
         FmRUkKBIyIlV8ewBU5GOJca1Xozj79Qk/uwK+pYGrj6i33wyGevFnPB39AIq8lsn/bLt
         ITOgB1FLH8Ex9yLcE/e0abVYZSEwtAg/4Wigf8JJynmnIgMdS9V7NvfU1CSBGbtTLKIP
         jneA==
X-Gm-Message-State: APjAAAUVYhAKIDC4miTqmE8LqBWOR3SunQUgwftmb8Itquauw5sA3mV9
	6DeP1y/i0ihgnO+QNfObZWJ0bpYNTa8FNDbOq3/a6Qojn5fRIw==
X-Google-Smtp-Source: APXvYqzUFAZTg/ZqFncy0UXEDF6wnMCMwBPx6j+zRl/+Hlml2aPFEMp7bpR2YOT9so+8lA4bMsEJ9tT0JReVPq47dSA=
X-Received: by 2002:a17:906:64cf:: with SMTP id p15mr5834534ejn.259.1579766677655;
 Thu, 23 Jan 2020 00:04:37 -0800 (PST)
MIME-Version: 1.0
References: <CAKtGGAsh-38W1UjgDaoQFzhKNOqTy3QGV8fE1-6-PPob2zw6Vw@mail.gmail.com>
 <CAF+90c8yAqHeLRzeX0sYxnQ30JAtg=Ubp7sDyonCkS5V7goN5A@mail.gmail.com> <5DC86728-1BBF-4DCA-8A6B-9B0B190DB99D@newclarity.net>
In-Reply-To: <5DC86728-1BBF-4DCA-8A6B-9B0B190DB99D@newclarity.net>
Date: Thu, 23 Jan 2020 00:04:01 -0800
Message-ID: <CACXBjuhpy3b0fpKHqtDbWDiwVSruRa_NgNUaLOQrduKY-WAx3g@mail.gmail.com>
To: Mike Schinkel <mike@newclarity.net>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000a67221059cca17f4"
Subject: Re: [PHP-DEV] Typed array properties V2
From: rasmus@lerdorf.com (Rasmus Lerdorf)

--000000000000a67221059cca17f4
Content-Type: text/plain; charset="UTF-8"

On Sun, Jan 19, 2020 at 4:53 PM Mike Schinkel <mike@newclarity.net> wrote:

> Also, Rowan Collins mentioned that checks in Go can be disabled for
> runtime checking; maybe we could support an option that disables said
> checking so that production sites could run w/o checks but we could run
> checks in development, testing and staging. We could also have an option to
> disable checking of array types above a given size of array, maybe
> defaulting to 1024? Clearly both of these would be no worse than what we
> have today.
>

You are getting into static analysis territory here with that. There are
already static analysis tools that do exactly this type of array type
checking during development. For example, there are three type mistakes in
this code:

     1 <?php
     2 class C {
     3   /**
     4    * @param int[] $ints
     5    * @param string[] $strings
     6    * @return array<int,string>
     7    */
     8   static function f(array $ints, array $strings):array {
     9       return array_combine($strings, $ints);
    10   }
    11 }
    12 print_r(C::f([3,2,'1'], ['abc', 'def', 42]));

Running Phan on it produces:

array.php:9 PhanTypeMismatchReturn Returning type array<string,int> but f()
is declared to return array<int,string>
array.php:12 PhanTypeMismatchArgument Argument 1 ($ints) is
array{0:3,1:2,2:'1'} but \C::f() takes int[] defined at array.php:8
array.php:12 PhanTypeMismatchArgument Argument 2 ($strings) is
array{0:'abc',1:'def',2:42} but \C::f() takes string[] defined at
array.php:8

The code itself would run in production without errors, of course, and
would produce:

Array
(
    [abc] => 3
    [def] => 2
    [42] => 1
)

But at Etsy, at least, this code would never make it to production because
static analysis checks are run by all developers and also run automatically
during staging prior to a production push.

Really expensive checks like this belong at the static analysis stage. And
yes, it would be amazing to have a static analyzer built into PHP, which is
basically what you are asking for here, but that is a huge task and goes
way beyond just this particular check.

-Rasmus

--000000000000a67221059cca17f4--