Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:114882 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 63371 invoked from network); 15 Jun 2021 10:21:06 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 15 Jun 2021 10:21:06 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id D15511804C8 for ; Tue, 15 Jun 2021 03:37:35 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,URIBL_SBL, URIBL_SBL_A autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 15 Jun 2021 03:37:35 -0700 (PDT) Received: by mail-wm1-f54.google.com with SMTP id k5-20020a05600c1c85b02901affeec3ef8so1452444wms.0 for ; Tue, 15 Jun 2021 03:37:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=dWa/LjVHCln17grCZmJTvyzwXtHZSojJlfSwP7dxDpk=; b=eurQ3prRyvxjphThUrVgdiJK2e4CTo9Uh62nNwCFhmuzTYKomGScEKssfwKt/t5iGe RDMAmKMvwNASLSU1DCQk314IxP5oR98NZAO9UthAStwLwD4tEmoHCu8YRTNHqaEIfda7 Zz2lbTQiVA8W5kqCVu4JYwrQLRkTl+sWrOx9DH0zQO1VX0PV0zkJHnTmUPTt3dFyfE8Q yWiX/R0uKln084fzMVFkNITeGGDF+8Amd+svPeIjnlxi9L6WTV2PBH3nXQRVc6RqWpDT zxFnrVIJZycN0lGJWMDx+LDFBfMf7dJy9TiOVZzesdJ/fd860xcvq0iYzvIGmlZViOcB HZCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=dWa/LjVHCln17grCZmJTvyzwXtHZSojJlfSwP7dxDpk=; b=TI9uy89ShBjNqZLZSAJeNcLSHPT7bowHQnTq9+46oBYZOo6bSlXznK9Kzuq+Ssvlo3 q+oifPGCROBV3TWBoeTU/5DRa8B30n1qoVA9SDT7vHuqpAtAgoNMirlOIUNYJ5dxcfGA ne1Bt3/gO+ZQQkiuwK6XBJNFX47IL95ADLcQxfC0ehGiZzTUvSzQ/hAHk9d7bQjSMyka MgB1zqnN6axR00fFy5jNWXaAeYGUMJR9+Vao96IH+QvkT9pga4+Z27mHga2RMJQALOng ZQQ8tuFUseZqf9vTA8v6m2dPGEyG7I7s2PIWZaG57zmev9WXkCXAgxwP+bTwfWxlqiS+ rXlQ== X-Gm-Message-State: AOAM530qNG2eNGefcGklCTVPQRGUQCf4X1qK/rP6CeZczDDnLY37RvMA 84cH/Zp1kfA96IIruiGNe0o3TMsKHaY= X-Google-Smtp-Source: ABdhPJwkMKVX/MgdIoxTyFF4FaOQMcCh5M+B0EUU/pt/PbDrhWRzkxzI+eR7Q0gxeEu8mEbDVoHurQ== X-Received: by 2002:a1c:e343:: with SMTP id a64mr22252733wmh.114.1623753453937; Tue, 15 Jun 2021 03:37:33 -0700 (PDT) Received: from [192.168.0.22] (cpc104104-brig22-2-0-cust548.3-3.cable.virginm.net. [82.10.58.37]) by smtp.googlemail.com with ESMTPSA id e16sm18547472wrw.49.2021.06.15.03.37.32 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 15 Jun 2021 03:37:33 -0700 (PDT) To: internals@lists.php.net References: Message-ID: <1bc5bab6-abcf-ed4e-b504-c7389215ae59@gmail.com> Date: Tue, 15 Jun 2021 11:37:31 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-GB Subject: Re: [PHP-DEV] [RFC] is_literal From: rowan.collins@gmail.com (Rowan Tommins) On 15/06/2021 08:19, Joe Watkins wrote: > https://3v4l.org/nJhc1/rfc#focus=rfc.literals > > It's not so much a bug as a side effect or quirk. > > Note that, the result is correct, in the sense that you do have a literal > string - it is not marking an unsafe string as safe. It's possible to create more complex cases of this, e.g. https://3v4l.org/GFCQC/rfc#focus=rfc.literals $literal = 'p'; $ord = ord('o'); $chr = chr($ord+1); // the whole of chr(ord('o')+1) is optimized to a literal 'p' var_dump($chr, is_literal($chr)); // 'p', true There's a lot of potential for optimizations to leak there, but it's *probably* safe, as long as the optimizations all rely on compile-time information, and therefore can't be controlled by the user.  Are there any run-time optimizations that could also be leaked, e.g. JIT? Regards, -- Rowan Tommins [IMSoP]