Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:117531
Return-Path: <craig@craigfrancis.co.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25161 invoked from network); 14 Apr 2022 10:42:28 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 14 Apr 2022 10:42:28 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 37D3E180510
	for <internals@lists.php.net>; Thu, 14 Apr 2022 05:14:42 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <craig@craigfrancis.co.uk>
Received: from mail-lf1-f50.google.com (mail-lf1-f50.google.com [209.85.167.50])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 14 Apr 2022 05:14:41 -0700 (PDT)
Received: by mail-lf1-f50.google.com with SMTP id y32so8726723lfa.6
        for <internals@lists.php.net>; Thu, 14 Apr 2022 05:14:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=craigfrancis.co.uk; s=default;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=HTSE4LuPtiK4UuZ8OWOKzxTkFRrC6VQpBtzV/B6o4Ck=;
        b=fBuoUIAuGT0a8mvQHq6oNEA7RQkijaVMvhBB2LdsVMOCct6eNIHCSzhTabA2rzSDNv
         K3EijrnaFhexSLgRFSGB0CoWRlbTYGHSV1nc/BOACarLnTGZGQk+p2MyvgbUH5TqA6XB
         gLmDjhFQErMZPwOE1+Kig3DlVHwlt+tUzeOGk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=HTSE4LuPtiK4UuZ8OWOKzxTkFRrC6VQpBtzV/B6o4Ck=;
        b=kyFSgdNt0oB/MzjXFXMpRtGY9UwedxZC4l0Wg0xXz6yXLB7ZtLKtQ3hfGeWjpCvMIi
         y71fKX7J8ihRis/ti8qWjdvJpEe5q/nreIZ/m7e5xVyc1AC3IfQkRb+XgtlpEb0XSLRr
         fl/3p/E5//LKTQxW+YREllPwxXuQU75w/ALFuvQxE7A5/XiCdG/TQHmorv7lPm38OOwN
         kjuCTpO0F9UCcFF2FNXfO/n7EQ1Gb2DGre77/yNefn9qQieitNkvWkEQKwsyySi9i7Dt
         3mazUha+W4ZtV58BmOxD2wx1cMoZpzNOGZ44ZurZBtZc1df8lQjnOmfX27fF6nPp8/JH
         uDwA==
X-Gm-Message-State: AOAM530azd/bavbPniSBu/oiP11iV/lPM+UkcR70ahNUiVW5Bhm2/3LH
	2B79HrLg5IPiTtEp57Il0CiW88NwdY4vGujGkJiKQQ==
X-Google-Smtp-Source: ABdhPJw3PGJ4iAoWYECHVYe0R/wANjbFFvsS9ihPDjJj0bvF/8IU56NUN77sMl6E53lKClrlx995M6HUa9fCtxdtJa4=
X-Received: by 2002:a05:6512:ac4:b0:46b:88a0:e462 with SMTP id
 n4-20020a0565120ac400b0046b88a0e462mr1780505lfu.472.1649938479784; Thu, 14
 Apr 2022 05:14:39 -0700 (PDT)
MIME-Version: 1.0
References: <CAFv4g+Ej4JbM9SzQ0iU-d8C4T+2XNo=8jnJ1uwfQ=skZZXx9Tg@mail.gmail.com>
 <CAFPFaML-dia9d7qhpqsVjaQ1vruF+eODXYtieow8BhZ69HL4YQ@mail.gmail.com>
 <CAFv4g+GQbFVtNvBQrrCYJpNEw-wpzd1QqTFpyyppFQjuMs8dSg@mail.gmail.com>
 <eed7bf5f-572f-11a4-51cd-542737cdacef@gmx.net> <CAFv4g+HOMThq1DKXFRA+_qGT6bw-fqzAvbwUADL-o-g4pwO6oQ@mail.gmail.com>
 <2035695b-b6b5-5982-a5ea-e85693e1f71f@gmx.net> <CAFv4g+Gh2yUdY1n+E3aAXKC46NxVoCLxmf=GR=+TK0f8myrpWg@mail.gmail.com>
 <a2f341b3-915a-aca2-12f9-88cdbee1ee41@gmx.net>
In-Reply-To: <a2f341b3-915a-aca2-12f9-88cdbee1ee41@gmx.net>
Date: Thu, 14 Apr 2022 13:14:26 +0100
Message-ID: <CAFv4g+FTvhDKD==yCsGU7hiMt6PmT78+ZiDXKbEpoDzT7hW4Cg@mail.gmail.com>
To: Andreas Leathley <a.leathley@gmx.net>
Cc: internals@lists.php.net
Content-Type: multipart/alternative; boundary="000000000000fd3ba805dc9c3cde"
Subject: Re: [PHP-DEV] NULL Coercion Consistency
From: craig@craigfrancis.co.uk (Craig Francis)

--000000000000fd3ba805dc9c3cde
Content-Type: text/plain; charset="UTF-8"

On Thu, 14 Apr 2022 at 10:01, Andreas Leathley <a.leathley@gmx.net> wrote:

> I have never used strict_types in any code I have ever written, and I care
> about types and type coercions. Yet I do not like the strict_types
> distinction and I am glad that I do not need to use it, and I think we are
> not that far away from even reconciling these two systems. I do not mind
> that the string "5" can be passed to an int parameter, while passing the
> string "hello" will throw a type exception no matter what mode you use.
> With some adjustments to certain coercions the advantage of strict_types
> would be even more neglible - as you can pass "hello" to a boolean
> parameter without problems currently, and I don't like that.
>


Yep, I agree with everything you have said there, and it's what George
seems to be working towards (which I also agree with):

https://github.com/Girgias/unify-typing-modes-rfc




> Looking at usage numbers and assuming that supports your point seems like
> a big leap to me. You are assuming these developers are making a choice
> while it seems quite possible that a lot of code has been written without
> thinking about all the implications,



Actually, that's exactly what I see happening - NULL is passed to these
internal functions without any thought, and unlike arrays/resources/etc
which cannot be sensibly coerced, NULL coercion has been fine, and has
worked for (as long as I can tell) forever.

Back to the most simple example I can think of:

$search = filter_input(INPUT_GET, 'q'); // Or any of the framework examples.

echo 'Results for ' . htmlspecialchars($search);

It does not matter if the request explicitly set "/?q=" in the URL or not;
`filter_input()` and frameworks show there is a difference by returning
NULL or an Empty String... but most of the time, no thought is given to
that difference, developers just expect it to work.



which is where so many bugs are coming from. In the last months reviewing
> code I noticed quite a few developers are copy-pasting code like crazy, or
> using generated code from other tools - both of which are often not well
> reasoned about. So this has little to do with developers not caring about
> methods of type coercions and more about the language permitting such code,
> leading to many follow-up problems.
>


Yep, and that's why I'm in favour of stopping the broken/weird coercions...
it's just that NULL is different, and it's fine (as noted, there are some
developers who use it part of their strict type checking, but that seems to
be fairly unusual).




> Also, this "problem" only affects the internal functions, yet you want to
> change it for all functions.
>


My RFC is focused on the backwards compatibility problems for internal
functions... user defined functions are only included for consistency
reasons (keeping the spirit of the original RFC), because they probably
should coerce NULL, like how they coerce integers to strings, etc.



If you use a framework and pass a value to a method of that framework, it
> would already have created a type
> error with null and a non-nullable argument for quite some time.
>


Yep, and that has caused... I wouldn't say problems, but minor confusion?

Craig

--000000000000fd3ba805dc9c3cde--