Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:110420
Return-Path: <danack@basereality.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 34566 invoked from network); 8 Jun 2020 11:57:44 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 8 Jun 2020 11:57:44 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 498C1180088
	for <internals@lists.php.net>; Mon,  8 Jun 2020 03:41:10 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <danack@basereality.com>
Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com [209.85.222.49])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon,  8 Jun 2020 03:41:09 -0700 (PDT)
Received: by mail-ua1-f49.google.com with SMTP id c9so5643907uao.11
        for <internals@lists.php.net>; Mon, 08 Jun 2020 03:41:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=basereality-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=VKixrTyQ/Qr8DQQ7MGruTaGlvozFRdC8fVdvX2w/LQw=;
        b=LmjtPg5Y7SZfKoeHREIMczdGvSTwBT0rDQJLTRI5vFhKYGN7QSHLbo/5BizcHOcB28
         ZvT7mgEVX7VjM64WUiouB+I6evrkPkHDe+Ig44rI01/+2GSjSIUy6AecveSuVsXn+qoj
         TDjnHhEAEzPKX645LO8uDBpo2R/uHf+Pra+bOFIzWbb2TTXAoTNGqifTmpM8QENgADpk
         QCdzANUzX//vM2n9ABlbsYHBlqVtAOCDS6CQmTt/ogBRMG7BxjPYgy31UKpSDWmFLYEN
         I4CDTC426LM+3N28555q1s8RhfwiSltRRqlt8jKBb8V/LVsF/K9PBMIPPmNXIOGx6Xvf
         z4ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=VKixrTyQ/Qr8DQQ7MGruTaGlvozFRdC8fVdvX2w/LQw=;
        b=d5n3S+9ZLTLUL9XO/gLDUbg/IQEqe+7xyYjDYACGMGejzM1ShyORlyjsbsKv5w5CsN
         G+Z1C2Ygat78GM0osY2Pw4TytSQroMh8ArPej/G3Ax0WhVz23M+ytWakd2il994iGkIQ
         oZgk02oNgmtWRRrzUeU9bJ0R5JacCdeO4nxRJzix6CYB9xaTgwdn533m6br4svhvWs0D
         XONs0HKg7p9iSTyi7o52gE1my0Tfy0eQx4ZlJqP75s420kMkCk1RVdXnjtRpUqd9AB5c
         EYFIOs3lEWHaj5ojrS4FlyF5YdjaaVZDdExMDUz+DL46luEpS5mwvtyznqazpgSOPuvp
         Vf1A==
X-Gm-Message-State: AOAM533ZtG1liAc2l2mHXPLiIYOquU7q+NBkGlg2s1MCEuM7njQx0FMu
	S4Gx78iDV5xdsVbRAi3pTqg2Fx7CyHlTsKLL5YvR/w==
X-Google-Smtp-Source: ABdhPJwDUm8cNKBf3Ibd+gL8Hg17JxXm/HY6MlztUPH4scjwhVF/1d+YVpO2Eudv4WyWEYa4xA0VkDWZmmqnH70xjiY=
X-Received: by 2002:ab0:1c55:: with SMTP id o21mr15333402uaj.114.1591612868046;
 Mon, 08 Jun 2020 03:41:08 -0700 (PDT)
MIME-Version: 1.0
References: <CAGgaK7KScGnNaCSnz6szCzJ3jndoipH0=yonW6FPKR7GbkPdLw@mail.gmail.com>
 <CA+kxMuRVwhMjZxA0ctz4PK9VNvNTYSga6bg1V54KeqHXMguQgw@mail.gmail.com> <CAGgaK7JJO8bit-dADUpP013PgiyvKzd6Jy6anemwzTkx4UpiUA@mail.gmail.com>
In-Reply-To: <CAGgaK7JJO8bit-dADUpP013PgiyvKzd6Jy6anemwzTkx4UpiUA@mail.gmail.com>
Date: Mon, 8 Jun 2020 11:40:57 +0100
Message-ID: <CA+kxMuSMq+Ttd2bUzwV3Uh=pAiyotdLFQr0d6O7h=fMwmTOXpw@mail.gmail.com>
To: Max Semenik <maxsem.wiki@gmail.com>
Cc: Internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] RFC: Error backtraces
From: Danack@basereality.com (Dan Ackroyd)

On Tue, 2 Jun 2020 at 21:57, Max Semenik <maxsem.wiki@gmail.com> wrote:
>
> Thanks for your input!
>

> The problem with this is that it doesn't get called on fatal errors,

That would be an easier and smaller thing to fix, rather than also
changing error/warning handling.

A stack trace shown on fatal errors that doesn't include any variables
would be a useful thing imo.

> I don't see leaks via traces as a serious problem.

That is an opinion not universally shared.

I know one company that failed a security audit, and so failed to win
a contract, due to variables being exposed in stacktraces that reached
their log files.

> Your solution requires programmers to write code
> supporting this kind of workflow,

Sorry, not sure what you mean.

The changes would be internal, and then would naturally reach the
users outer exception handler, where they should already have logging
of uncaught exceptions. So can't see why it would be a problem.

> Sorry, didn't realize the word is, uh, "informal".

Informal? _Infernal_ more like. *ba-dum-tish*

Danack wrote:
>> That depends on what callback function has been set for
>> 'set_exception_handler'.
Max wrote:
> From my reading of the code, backtraces are generated on object creation,

I meant that whether the trace is converted to a string and logged
anywhere is dependent on what the exception handler chooses to do.

> INI setting should take care of this.

People really, really really, _really_ don't  like ini settings.

Although application level ini settings can be appropriate in some
cases, a new ini setting here doesn't feel like a great choice.

Combine that with "As shown in the example output, traces are saved as
string" and I really don't like it.

We want to make it possible to decide what to do with errors programmatically.

Converting stack traces to strings before a user handler can decide
what to do with them is not a good approach.

To summarise, adding stack trace to fatal error output (without
variables) sounds good to me, and the idea I said before of adding
exceptions to errors/warning would allow better user control over what
happens also sounds good, but more ini settings and traces as strings
sounds not good.

cheers
Dan
Ack