Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:115848 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 73079 invoked from network); 26 Aug 2021 08:00:09 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 26 Aug 2021 08:00:09 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 6D4571804AD for ; Thu, 26 Aug 2021 01:34:33 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com [209.85.208.175]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 26 Aug 2021 01:34:32 -0700 (PDT) Received: by mail-lj1-f175.google.com with SMTP id s12so3789667ljg.0 for ; Thu, 26 Aug 2021 01:34:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=e21ypuJRCc1zRuJA8NHQH9kvebUZmHniapx+nC/WKLc=; b=lYJLx+ZLKnGuKmh/Uhq1mF+TjZ3D9/cdRk26uBgDN9juBjSK8/ZVF5OlKfs89HUiKd lOzZqFD68T/eLUsRLkambBLGN99nEUw0C1vO6iC9UrPR7y9gmuNwjUT1yIZBwHkhTQDH Bxr3UXyK7eCTS9fCASD1e2SeMF5Jlr9VWS3jqJ37IUgqZCL6kHXQki83gKRjrVMn4q93 lAGe5EfQohkNGbPQKSMgVuFGHKomhIIQcvfLv+0Bo5zD2htug5ceYLTRkOgDuJWQcJvG KeHX05Xo2fCPkY6ufMCW2Opkd+K00r3GTQ1ZCUvxJQ7oWUmLLnZIxGuOzRhGzTMYE7ip s2tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=e21ypuJRCc1zRuJA8NHQH9kvebUZmHniapx+nC/WKLc=; b=HA0VPmdAcqjUBEAsyxBPjT9tJJijyC10TsSdrfXfYUJya1a+GSaXWfBuFaEpwAZHdt 0ouARVWTjDWTDROza0W7WAufJ87o7jiV4idUTm5CSCf1HLG7IQFKoE/SuMhRDV+eAGfl dJQOVqk6wHHmpHVDqSs0j7XCikMY6NWXvW0aHl3SW9IZjU/pvEqfHf+B7fIq9YCg4lGm qBsppctd0a0UwpnNpu7WkIUHFMH2iccIZe6VHF1PHjEiFaB3Kc3uyKecEdCbes2z/FTk S9x6t2oppiY3h5qx03VpotQIzz7r5wg0oeHYMW9PCFgyUuJK6QKRYoK71ANRRITMKtv5 3HUg== X-Gm-Message-State: AOAM533bPdxiuRWtCIXTqdip8nUhrBqps2J6eKHODPBi12/TlniJe2VS 2K3fNKpxOXvLfqz4s30DIjQx2Pyqp7rkhka0hjZLDSrBjkc= X-Google-Smtp-Source: ABdhPJzFk7sC6NnhO14hXmK5oaT8tZlB88Wb5kR1vmC7zzABZ2sWKLRQsUEtQTpH4TWFYdtmzyPdK2Ywr6HjTl4cfIQ= X-Received: by 2002:a2e:b55b:: with SMTP id a27mr2122508ljn.353.1629966869617; Thu, 26 Aug 2021 01:34:29 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 26 Aug 2021 10:34:13 +0200 Message-ID: To: Sara Golemon Cc: PHP internals Content-Type: multipart/alternative; boundary="000000000000425f2d05ca723c2f" Subject: Re: [PHP-DEV] [RFC] Deprecate dynamic properties From: nikita.ppv@gmail.com (Nikita Popov) --000000000000425f2d05ca723c2f Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Aug 25, 2021 at 5:28 PM Sara Golemon wrote: > On Wed, Aug 25, 2021 at 5:03 AM Nikita Popov wrote= : > > I'd like to propose the deprecation of "dynamic properties", that is > > properties that have not been declared in the class (stdClass and > > __get/__set excluded, of course): > > > > https://wiki.php.net/rfc/deprecate_dynamic_properties > > > > > This RFC offers `extends stdClass` as a way to opt-in to the use of > dynamic properties. > > > This makes the assumption that existing uses of dynamic properties are al= l > root classes. I don't think that assumption can be made. > > > Some people have suggested that we could use a magic marker > > interface (implements SupportsDynamicProperties), > > an attribute (#[SupportsDynamicProperties]) > > or a trait (use DynamicProperties;) instead. > > > My gut-check says an Attribute works well enough. This will unlock the > class (disable deprecation warning) in 8.2+ and be ignored in earlier > releases (8.0 and 8.1 would need an auto-loaded polyfill userspace > attribute obviously, but that's a tractable problem). > > #[SupportsDynamicProperties] > class Foo { ... } > The crux of the issue is what our end goal is: 1. Require users to explicitly annotate classes that use dynamic properties, but otherwise keep dynamic properties as a fully supported part of the core language. 2. Remove support for dynamic properties entirely. The core language only has declared properties and __get/__set, and nothing else. stdClass is just a very efficient implementation of __get/__set. The RFC is currently written under the assumption that the end goal is (2). To support that, I believe that "extends stdClass" and "use DynamicProperties" are the only viable approaches. The former, because it inherits stdClass behavior, the latter because it's literally __get/__set. An attribute would require retaining the capability to have arbitrary classes with dynamic properties. Now, if the actual goal is (1) instead, then I fully agree that using a #[SupportsDynamicProperties] attribute is the ideal solution. It can be easily applied anywhere and has no BC concerns. Heck, someone who just doesn't care could easily slap it on their whole codebase without spending brain cycles on more appropriate solutions. I do think that just (1) by itself would already be very worthwhile. If that's all we can reasonably target, then I'd be fine with the #[SupportsDynamicProperties] solution. Though if (2) is viable without too many complications, then I think that would be the better final state to reach. > > The Locked classes RFC took an alternative approach to this problem > space: > > Rather than deprecating/removing dynamic properties and providing an > opt-in > > for specific classes, it instead allowed marking specific classes as > locked in > > order to forbid creation of dynamic properties on them. > > > > I don't believe that this is the right strategy, because in contemporar= y > code, > > classes being =E2=80=9Clocked=E2=80=9D is the default state, while clas= ses that require > dynamic > > properties are a rare exception. Additionally, this requires that class > owners > > (which may be 3rd party packages) consistently add the =E2=80=9Clocked= =E2=80=9D keyword > > to be effective. > > > I struggle here, because the opt-in approach is the most BC, but I > actually think you're right. I think[citation needed] that dynamic props > are probably rare enough that as long as the escape hatch is clear, we ca= n > be a little more bold about nudging the ecosystem forward. I will counte= r > however, that the same issue with 3rd party libraries applies to opt-out = as > opt-in. A third party library that's undermaintained (and uses dynamic > props) won't be able to be used out of the box once we apply this. I don= 't > think that's enough to scare us off, it just means that the opt-in side o= f > that argument cancels out. > I think the argument isn't quite symmetric: A 3rd-party library in maintenance-only mode has essentially no incentive to go out of their way and add a "locked" keyword/attribute to their classes. Adding some missing property declarations to keep working on new PHP versions is a different matter. Regards, Nikita --000000000000425f2d05ca723c2f--