Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:114861
Return-Path: <ocramius@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 44714 invoked from network); 14 Jun 2021 13:13:58 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 14 Jun 2021 13:13:58 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 6384D180508
	for <internals@lists.php.net>; Mon, 14 Jun 2021 06:30:14 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <ocramius@gmail.com>
Received: from mail-oi1-f175.google.com (mail-oi1-f175.google.com [209.85.167.175])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 14 Jun 2021 06:30:14 -0700 (PDT)
Received: by mail-oi1-f175.google.com with SMTP id u11so14334582oiv.1
        for <internals@lists.php.net>; Mon, 14 Jun 2021 06:30:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=6gGgTyz8mXyEJviDzsNJVMxI3DcqeF2RjWSLCKprHYE=;
        b=AO5nLV6W35RlkwNrEafGYLKLOC8pEH8AjCFRID6oOYfj9fSO9R716PH7eTHv5kxxTJ
         t2Ji6/+ef0xlAVjuLxMyM/DzwbMeGsuFzVxCwQjX2oftpNKQSVKhue7tDIQzGyQZLarE
         55SV+2XlpLqsFjzZmcCu4DyVR/iQ0dzRYj3YmLJ6q9VeIEng9DkbWF2dPM5oSxMGPH+p
         LdpH8Ct4+mQDX1vwVlWMUpQ/l7FFGdOGAjus6fo6jXaDL13jTAYvf1fsfRX9ExSloAq9
         drl7qOsJANrGssjJV3YtlfuS6qy1yi6JET7tpRzAarXTgktTgmDHtN+uwPnunpCOxVln
         Nvww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=6gGgTyz8mXyEJviDzsNJVMxI3DcqeF2RjWSLCKprHYE=;
        b=SOk3ZXQ2wVFqCW1Aw2h+QZ25+SQBBd91jc2XC6V/wXACBRmgH6DQat5ibU6qUTyrvE
         36NexYEHJ8k2baYFexl4VnI9DJWR2FbhXM4OCMI/21RnhQBiZBP4CvS40KXp2oKFY1EY
         2UkUvItXmVk+JnLIVxw1RJ8K9M0+f7KXfkkL2OWcOO5XGmdj8nCywMpUjVHMOr5GxfAL
         szZOeCDwXJTDfeuZgANUQs/BNoIaA7L729aVkbQKxkCRhlIrBSY3Znu6hSTUkVtp7zHa
         ZUGSQ/WxmsK/kzhWvSjoBDz24ejocmkrQVhiMRpw+Nqui/uITA7MRJZPjgODdIXhNdvt
         d76A==
X-Gm-Message-State: AOAM530rDzR6ZSoE+Rd3ZsvTOpUxkv29uZhu5EyBXjceYeACCgax6Die
	cF9Dk3zDx7kuuRwnVNbs5uqZf82zzrnq9Rn9vl4=
X-Google-Smtp-Source: ABdhPJw9wYylRKEc1A+fo93y3nbJvs6XGjuNzO1NIzvu40nZrbaxAjh/a/Crf0grra0Ydbac/69KG5pX6S4+jICRhD0=
X-Received: by 2002:aca:4143:: with SMTP id o64mr10256032oia.105.1623677411726;
 Mon, 14 Jun 2021 06:30:11 -0700 (PDT)
MIME-Version: 1.0
References: <CAFv4g+F-7F7o6va5wCrojKe+Uysx2Ec3H4yV_mUZYEyNm3MkdQ@mail.gmail.com>
 <CAOwTYAt3rztsZ1BTjEbsonqPR_thgG7UqEUO2pKeN=dEg1jqgg@mail.gmail.com>
 <CA+kxMuSJvk2bDM1dQnZHxgiO+YrYhbjS8BziAy+YGSSW8cR1nw@mail.gmail.com> <f7288bfd-e9e6-f77e-358b-c0d6fe12a9d9@nunninger.info>
In-Reply-To: <f7288bfd-e9e6-f77e-358b-c0d6fe12a9d9@nunninger.info>
Date: Mon, 14 Jun 2021 15:29:59 +0200
Message-ID: <CADyq6s+LZrcQEoHHObWrDzHXFtVw1TcnC-8sMVeYGNngcuK4BQ@mail.gmail.com>
To: Thomas Nunninger <thomas@nunninger.info>
Cc: Dan Ackroyd <Danack@basereality.com>, Joe Watkins <krakjoe@gmail.com>, 
	Craig Francis <craig@craigfrancis.co.uk>, PHP internals <internals@lists.php.net>, 
	Matthew Brown <matthewmatthew@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000005b174d05c4b9db9e"
Subject: Re: [PHP-DEV] [RFC] is_literal
From: ocramius@gmail.com (Marco Pivetta)

--0000000000005b174d05c4b9db9e
Content-Type: text/plain; charset="UTF-8"

Hey Thomas,

On Mon, Jun 14, 2021, 15:27 Thomas Nunninger <thomas@nunninger.info> wrote:

> Hi!
>
> > class UserPreferences {
> >      private DB $db;
> >
> >      function getColor(): string {
> >          $preferredColor = $this->db->getColor();
> >
> >          if ($preferredColor === 'light') {
> >              return '#fff';
> >          }
> >
> >          if ($preferredColor === 'dark') {
> >              return '#000';
> >          }
> >          return $preferredColor; // user has set custom color.
> >      }
> > }
> >
> > Assume that both UserPreferences and getInfoPanel code is covered by
> > unit tests. The developer who made that change would run the tests,
> > see the tests pass and then push their code live. At which point, it
> > would cause an error in production, as the string returned would not
> > pass the is_literal check.
> >
> > This would be a complete pain in the butt to fix.
>
> When you write about testing in this database scenario, I find some
> additional issue: When you try to create pure unit tests you would
> somehow mock/stubb or replace the database with some test double. In
> that situation your tests will still pass even if testing the variant
> that the value comes from the database. Only some (infrastructure or
> end-to-end) test that covers the business logic plus the corresponding
> infrastructure by accident would uncover an error.
>
> I wonder if we would need some method to mark a value/variable as
> non-literal. Or perhaps mark some return value (or input parameters?) in
> an interface/class as non-literal using some annotation?
>
> That still puts the burden on the developer to think about that issue.
> But it's probably better than nothing.
>
> Perhaps someone has a better idea?
>

A small userland utility that writes the data to an in-memory stream, then
reads from it, is sufficient.

>

--0000000000005b174d05c4b9db9e--