Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:114868
Return-Path: <rowan.collins@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 78909 invoked from network); 14 Jun 2021 18:27:40 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 14 Jun 2021 18:27:40 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id BA06D1804C9
	for <internals@lists.php.net>; Mon, 14 Jun 2021 11:43:59 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_05,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <rowan.collins@gmail.com>
Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 14 Jun 2021 11:43:59 -0700 (PDT)
Received: by mail-wm1-f54.google.com with SMTP id n35-20020a05600c3ba3b02901cdecb6bda8so47710wms.5
        for <internals@lists.php.net>; Mon, 14 Jun 2021 11:43:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-transfer-encoding:content-language;
        bh=SNU79SiyWpgF3XYzlIQ5AJlbuOParbQm0eo4xMYgpig=;
        b=lRwvo0fsIQ1hIDXZiADgaXvu5xnP7rZ4Iu2cgaPK28XiGg281J4d1NZcurQV6iH6Ze
         T3Ma2Y5Z0qEl0s9jUBQtUILfRtq6TL/L4G6pD0zF1Be23ZrtJMoTLcv0WK4rbCx7XaN5
         +5mQYXOjA+9bB/jPR9DjRx8Q3i9CHi7HujJVHtF89QC4fLALaiOfhU91u2PJo/yqkwiI
         0kX4cO5br5wLQJ+nGoClVXBOQq7vus5yqaAnMY3PoQPRcgeaWWKse6KGwQbFaVx1UaRF
         mPXSTUEoeimvRNNy8IYcW7TVjJwrvRvyL58zSfT9f0rCRrThpjptJLoVBJE+rblcfWSt
         aVkg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding
         :content-language;
        bh=SNU79SiyWpgF3XYzlIQ5AJlbuOParbQm0eo4xMYgpig=;
        b=cUk2v3X01SBYzWHAu8oALhbpTfRW44xLk9QJSWq3iHWIDOGyH/pucw+W67G+FSLqTo
         69tC2j9sKBwFChAkEKVIFzsji9XndtKlSbU1FrtYn2hv47DZMpvwiSjuNk6xCSkFz/RK
         mLxqc1TqNBqSZ5N0w+CutFYq3qQqj3d2NVl8wkygCOsjUgD8Req43jNXeiUCuQDd2/ub
         pOYsADtxijWXzVDw0x1qQZn7A057Qb891X8vD/8LCkdjqMmMJ2uMuIVgYWoEiX7G+NcI
         vk4lEljGlKHtXMQYJHKi4Xwh05YsRuRqX3al5ODQnC0wK+B6Rr0Cu8zkOm29JBQllCOe
         WEuw==
X-Gm-Message-State: AOAM530YBbUGXUB6GgOkj+ytReXVWH8DKlOaV7BhkBw5VRm57VMug7aa
	OmnQYfwDCcZRpwmGjhjzfsBLMBFJ2Vk=
X-Google-Smtp-Source: ABdhPJx43Miwlc2A4ybxbTMKWESwyk2GIvUcv6hMBaSNX6vcULcAfO4twFpYHhvul6JnzCLV95SThw==
X-Received: by 2002:a1c:b783:: with SMTP id h125mr546932wmf.182.1623696235654;
        Mon, 14 Jun 2021 11:43:55 -0700 (PDT)
Received: from [192.168.0.22] (cpc104104-brig22-2-0-cust548.3-3.cable.virginm.net. [82.10.58.37])
        by smtp.googlemail.com with ESMTPSA id r18sm16877084wro.62.2021.06.14.11.43.54
        for <internals@lists.php.net>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 14 Jun 2021 11:43:54 -0700 (PDT)
To: internals@lists.php.net
References: <CAFv4g+F-7F7o6va5wCrojKe+Uysx2Ec3H4yV_mUZYEyNm3MkdQ@mail.gmail.com>
 <CAOwTYAt3rztsZ1BTjEbsonqPR_thgG7UqEUO2pKeN=dEg1jqgg@mail.gmail.com>
 <CA+kxMuSJvk2bDM1dQnZHxgiO+YrYhbjS8BziAy+YGSSW8cR1nw@mail.gmail.com>
Message-ID: <eff0cd38-1084-d4e9-a2ab-4e3eedd461c6@gmail.com>
Date: Mon, 14 Jun 2021 19:43:52 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CA+kxMuSJvk2bDM1dQnZHxgiO+YrYhbjS8BziAy+YGSSW8cR1nw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Subject: Re: [PHP-DEV] [RFC] is_literal
From: rowan.collins@gmail.com (Rowan Tommins)

Hi Dan,

On 14/06/2021 13:29, Dan Ackroyd wrote:

> While I think the idea behind this RFC is great, the current
> implementation is terrible, as it will cause some fatal errors in
> production.


I think you have raised a legitimate concern here, but agree with 
Matthew Brown that calling the implementation "terrible" is neither 
warranted nor helpful.

It's also a bit bizarre to criticise the RFC for causing fatal errors 
even though it doesn't introduce any, then propose a different version 
which *does* introduce fatal errors.


> The only information would be that the html string is not
> literal....but there wouldn't be any info about which bit was the
> problem. Someone would have to manually check which code had been
> called to produce the non-literal string.


The difficulty of tracing why something is not in the expected state is 
indeed a tricky one, but I don't think mandating literal_implode solves 
it well enough to be worth the pain. Essentially, changing getInfoPanel 
to use literal_implode is equivalent to this:



> function getInfoPanel(UserPreferences $up): string
> {
>      $html = "<div style='color: " . $up->getColor() . "'>";
>      $html .= // more html here
>      $html .= "</div>"
>
>      assert( is_literal($html) );
>      return $html;
> }


However, there could still be an arbitrarily long code path between the 
user input and that assertion (or call to literal_implode), so tracking 
the root cause could be just as difficult.

The actual root cause is in getColor(), so the actual assertion needed 
is there:


> class UserPreferences {
>      private DB $db;
>
>      function getColor(): string {
>          $preferredColor = $this->db->getColor();
>
>          if ($preferredColor === 'light') {
>              return '#fff';
>          }
>
>          if ($preferredColor === 'dark') {
>              return '#000';
>          }
>          assert( is_literal($preferredColor) );
>          return $preferredColor; // user has set custom color.
>      }
> }

Adding that assertion would be easier and more elegant if it was 
possible to set a "literal_string" return type, but it would still be up 
to the user to add it. That leads to the original problem, but in 
reverse: when writing the getColor() function, the author needs to know 
where it will eventually be used to know that an assertion is relevant.

It would also not solve the problem of the assertion only triggering in 
production without a careful integration test. That can only be solved 
with a static analyser, which would also have enough information to 
isolate the cause.

Regards,

-- 
Rowan Tommins
[IMSoP]