Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:116758 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 2481 invoked from network); 2 Jan 2022 10:20:25 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 2 Jan 2022 10:20:25 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 41AD31804B1 for ; Sun, 2 Jan 2022 03:27:06 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS29838 64.147.123.0/24 X-Spam-Virus: No X-Envelope-From: Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 2 Jan 2022 03:27:05 -0800 (PST) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 25BD23200708 for ; Sun, 2 Jan 2022 06:27:04 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Sun, 02 Jan 2022 06:27:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allenjb.me.uk; h=message-id:date:mime-version:subject:to:references:from :in-reply-to:content-type:content-transfer-encoding; s=fm1; bh=l 8TT89+58cySXmOmJ4QlkM0AEBz8udUcgJR5LzRNnmU=; b=SIUWO0jDlKcbgyFRg NFPAJyY5sY3xKcuoa1CVypROEtca+oX+4sJnQdL3iPbaFG6znVzPi/vrYKwYVh2k 280A2hoN4utmlRqbjJp29pG0jmnHYNJTIeqLmqWuceSHbmV3lJ5V6p8l+w4w4ymK I3C7sJF1EbyrMOaDBKr0nkbp/LMapgMeOlrvwKYuSBJbo77/NYLH6BWvhEPFCRDn t5oA4HB5Um3NHLCvZRT8T/isfVbfFas5g6zNbBf35wDkHJ2tvtPl8xDF1eHpez5U uZ+xxljRQDOkNdOioJUQbxG6nSLkBpl9R5hH+YP6q6sAHQP+acTuvFKzTUviWw/b kZ3uw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=l8TT89+58cySXmOmJ4QlkM0AEBz8udUcgJR5LzRNn mU=; b=J5ZWofkMAnj1UBPKoi+uZ3WRCMxAtu54KH+zKOosaCdjFuSzyBitxb40N MYwr/O2qcJtAKOsGfEC5mupNokvhSI+WCW4Z9ohufq0LWu8eXb89sv/JI7g+WG5k s/hVu/ewdRs7th97PzsO0gEvIwhb7pCupv8jrMa30QXsj4iz8I3QrABZnSEvyuco UolqMMZr8PFMaw7Xis50a8mSCLIQVHMSWuYVSNNchrfOXSXgr52ylUfC1SifqsUh roK474wig6bryixC1WaKhHUnd2fDnYxuUQmsJCoy52JNaAfxzZ5R0N4y40MNjl+o NxUIqYWmKTi/UCEoUxY4zzcHtHdnQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddruddvledgvdejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtje ertddtfeejnecuhfhrohhmpeetlhhlvghnlfeuuceophhhphdrlhhishhtshesrghllhgv nhhjsgdrmhgvrdhukheqnecuggftrfgrthhtvghrnhepueeutedvieeigeduudffkeekje egudeiffekgedugfdugfffleduuefgkeefvdeunecuffhomhgrihhnpehphhhprdhnvght pdhgihhthhhusgdrtghomhdpfhhunhgtthhiohhnshdqtghhrghnghgvrdhmugdpvgigth gvrhhnrghlshdrihhopdhphihthhhonhdrohhrghenucevlhhushhtvghrufhiiigvpedt necurfgrrhgrmhepmhgrihhlfhhrohhmpehphhhprdhlihhsthhssegrlhhlvghnjhgsrd hmvgdruhhk X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sun, 2 Jan 2022 06:27:02 -0500 (EST) Message-ID: <1174b73a-9e79-15f1-7fd3-497ad4f5ef31@allenjb.me.uk> Date: Sun, 2 Jan 2022 11:26:59 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.4.1 To: internals@lists.php.net References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Allowing NULL for some internal functions From: php.lists@allenjb.me.uk (AllenJB) On 01/01/2022 23:17, Craig Francis wrote: > I've spent a few days coming up with a short(ish) list of parameters that > are likely to receive `NULL`. > > The focus is on making it easier for developers to upgrade to newer > versions of PHP. I'm thinking of the typical developer, probably using > WordPress, isn't using Psalm (at levels 1 to 3, with no baseline), and > isn't using `strict_types`; where they don't really have the time to add > strval() to everything that could be NULL. > > Draft RFC: > https://wiki.php.net/rfc/allow_null > > And the list, where I'm proposing we only relax this requirement for the > *bold* parameters: > https://github.com/craigfrancis/php-allow-null-rfc/blob/main/functions-change.md > > I'll give it a few weeks to see if there are any parameter suggestions > (welcome via email, pull request, carrier pigeon, etc), then I'll start > looking for the best way to implement this. > > Craig > > > PS; starting new thread, as I have gone a bit off topic, original one at: > https://externals.io/message/116519#116556 This RFC has come out of a similar discussion around deprecating dynamic properties (and this isn't the first time "upgrading is hard" / "the language is moving too fast" has come up), so it's not just this one change that's affected. I think this RFC is trying to solve the wrong problem / only fixing one small portion of the "immediate" problem without paying attention to the bigger picture. Alternative solutions: I feel that effort would be better spent on improving and encouraging use of tooling such as the PHPCompatibility CodeSniffer ruleset (which has unfortunately fallen behind for changes in PHP 8+) and Rector to improve the upgrading process for everyone. I recognize that there's arguments against the project being seen to endorse / contribute to specific tools / libraries / frameworks, but I feel that in this area the benefits outweigh the costs. The project could provide guides (or link to selected existing articles) for upgrading older code. Whilst significant documentation does already exist on this it's not always easy to find or contains errors (a lot of - probably copy-paste - blog articles that I've seen focus on PHPCompatibility for upgrading to 8.0 / 8.1 even tho its coverage of the changes in these versions is poor). This could be done via something like a user-contributed wiki similar to what Python and other projects do: https://wiki.python.org/moin/FrontPage - I recognize that there's significant work in this suggestion, but I feel it also offers good opportunities for further improvements to the PHP ecosystem / community. The migration guides could include documentation on updating existing code for each change (could / should more be done to encourage this being done at the time the change is made rather than trying to compile migration docs just before release?) - they do this sometimes but I feel this is an area with room for improvement. The above mentioned alternatives solve the entire class of problem whilst also maintaining PHP's work towards being a stricter language that's that much harder to create bugs with and needs less "boilerplate" for more defensive programming. Which leads to the argument that in trying to solve a one-time problem for some developers, this RFC creates work for developers both in debugging code, and for developers with defensive programming styles to (re-)add checks to detect the exact class of problem these deprecations / warnings highlight. Developers also already have tools to selectively silence deprecation notices using custom error handlers. On the proposed changes / RFC content: The RFC uses retrieving request parameters (get/post/cookie) values using various frameworks as a (primary) example. With the exception of CodeIgniter (it may be possible, but wasn't immediately obvious from the quickest of glances at their docs) all the frameworks used in the example have an additional default value parameter. This makes all of these (and the null coalesce alternative) relatively trivial to update using a regular expression find and replace, that most text editors can do. The RFC focuses on changing string parameters, but uses mysqli_fetch_row(), json_decode() and error_get_last() in its arguments - none of which are usually used to return a string (or anything you'd want to treat as a string). Accessing properties of non-objects (since PHP 5.0) and accessing non-existant array indexes (since PHP 7.4) have been warnings / notices for a signifcant time already. Some of the suggested functions (parameters) to change are strange selections in my opinion - gz functions, bcmath parameters, password_hash() and mail() (subject / message) are not usually values you want to pass either null or an empty value to (and are almost certainly bugs if the code does that). (And similarly from the maybe list, I would apply this to most of the date_create functions, dns functions hostname and logging functions message parameter) If this change were to be made, I think it would be better to severely restrict the list to only the most commonly used functions. How many codebases affected by the null parameter deprecation are using sodium or MessageFormatter? While this might leave some work for developers upgrading codebases, I feel the long list of functions affected by this RFC (even without considering the maybe list) goes too far. How would code that declares strict_types be affected by this RFC? This isn't clearly defined in the RFC. I would prefer it if these function continue to not accept null (and throw a TypeError) if strict_types is declared.