Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:117625
Return-Path: <drealecs@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 87541 invoked from network); 26 Apr 2022 15:13:22 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 26 Apr 2022 15:13:22 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 13ACE180550
	for <internals@lists.php.net>; Tue, 26 Apr 2022 09:48:39 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <drealecs@gmail.com>
Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 26 Apr 2022 09:48:38 -0700 (PDT)
Received: by mail-ed1-f47.google.com with SMTP id b24so23077427edu.10
        for <internals@lists.php.net>; Tue, 26 Apr 2022 09:48:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=fFG55iztaib+guHESkHIxg5DnymrLV69+Vd6ytKguMs=;
        b=NKak4GOYV4d77wmDODdzuvS+XgMRKgBHAu9tcwJy937lUsNfSLmA5mFrPb7aG3VSZn
         3woK0pyhuO3uGCwEShO6QGIIvOHkTpuaaCSHeLPxTnaSRkYrx/kw6x4mYKeVSPV4eSxa
         CdI4ncNYGHPqK0gsPub7HjgjVQew8hN/A12i2xxgpatbUG+5+JdZ4890M9XIDpcShx4N
         nLofHKrqRGsjb6BPoB3QXkKyQ5xcH2amJrValp87Kq7GyEMFrPyEP+2ivqZTzWcyfhvl
         DbqMU1xO5l7qhy4GWnu/epuEyISpv7CcJ+c+4I8IDE/cb8bHDofIhFJ+oHdbw9BYrKkF
         hQTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=fFG55iztaib+guHESkHIxg5DnymrLV69+Vd6ytKguMs=;
        b=nQQo5JB1irECEhuGErVTGi8lCaXSEI7sHplgu+yUnbRDrEOdA7/+++V+NaHxyb7ceS
         gCSmGcJF4aBsW2F8ghfeFATb2SnlSPyr0zs14FGHqUmjazeT/It+A0sgbtzFCnN12NCP
         CRwR7Do9KMjRKRuBCrEaQjWUq9VSY5iaT8f3h24r97THRzfwtObB9bAfXu4UmLxW+f1p
         6EBq1jMK3/x87iRlqKfdsEbaJIzc6XXVYqMCr2A/FZUKrrTatCC+rSoaJ8nWHxLZOk16
         clLS8ldU70cZIP2ZiybCl1dJXbrLLMBzJMtibpscjMoyZAWlc5xOCTZvRB8VBARw2EEN
         /A5w==
X-Gm-Message-State: AOAM532UnnzPvivBtDNAzSqUxuOJiFLevV55BUFLKA+0+auoz+H50E9S
	yzq0XwT80Pks2Vq5vh4dywED1U4MvZNVzKKPZ4Qqv3c3hJHc1Q==
X-Google-Smtp-Source: ABdhPJxdFETB6syP+05SNUfHZdFNOyDF+a+qrxxqeRueRfQYRa6PMO71OhvhEuAoTIuZ6AnoPFDCAzN+fTMLYWgRLJA=
X-Received: by 2002:a05:6402:2c4:b0:425:ac5c:4376 with SMTP id
 b4-20020a05640202c400b00425ac5c4376mr26199584edx.10.1650991716874; Tue, 26
 Apr 2022 09:48:36 -0700 (PDT)
MIME-Version: 1.0
References: <3fcdfa2c-7a9c-d634-ea56-8b1e5bf1a911@gmx.net>
In-Reply-To: <3fcdfa2c-7a9c-d634-ea56-8b1e5bf1a911@gmx.net>
Date: Tue, 26 Apr 2022 19:48:20 +0300
Message-ID: <CAAwdEzB9WUpsHs0-oqcQC_C4tBtF7tr12MO2YoCu67iEJ9jN8Q@mail.gmail.com>
To: Andreas Leathley <a.leathley@gmx.net>
Cc: PHP Developers Mailing List <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000cfbfda05dd91761e"
Subject: Re: [PHP-DEV] Stricter implicit boolean coercions
From: drealecs@gmail.com (=?UTF-8?Q?Alexandru_P=C4=83tr=C4=83nescu?=)

--000000000000cfbfda05dd91761e
Content-Type: text/plain; charset="UTF-8"

On Tue, Apr 26, 2022 at 12:54 PM Andreas Leathley <a.leathley@gmx.net>
wrote:

> Hello Internals,
>
> Implicit type coercions (when not using strict_types) have become
> increasingly less lossy/surprising in PHP, especially coercions to
> integer and float, where you get a TypeError if you pass a non-numeric
> string to an integer parameter, and a deprecation notice if you pass a
> float(-string) with a fractional part to an integer parameter. The big
> exception so far is coercions to boolean, where you can provide any
> scalar value and never get an error or a notice.
>
> Any non-empty string (except "0") is converted to true and any non-zero
> integer or float is converted to true. From my perspective this can
> easily lead to hidden bugs, for example when passing the wrong variable
> to a boolean argument or boolean property. Passing a string like "hello"
> as a boolean is probably a bug, just like passing the number 854 or the
> float 0.1 . "on" and "off" and "true" and "false" all lead to a boolean
> true, as examples of strings that could be used in applications and
> might not all be meant as a value of true.
>
> I have not found any past proposals or discussions to change boolean
> coercions, so I would like to find out how the thoughts on internals are
> to change this, or if there are any reasons not to change this that I
> have not thought of. Only allowing the following values would make sense
> from my perspective:
>
> '1' => true
> 1 => true
> 1.0 => true
> '' => false
> '0' => false
> 0 => false
> 0.0 => false
>
> I can also see a case for allowing the strings 'true' and 'false', and
> changing 'false' to be coerced to false, but that would be a BC break. I
> am not sure if that is worthwhile.
>
> Anything else would emit either a notice or a warning as a first step
> (to be determined). My main goal would be to make these
> probably-not-boolean usages more visible in codebases. Depending on the
> feedback here I would create an RFC and try to do an implementation (to
> then discuss it in more detail), so as of now this is mostly about
> getting some basic feedback on such a change, and if someone else has
> had any similar thoughts/plans.
>

I thought about coercion on parameters, return value and property types a
few weeks ago as well, both to and from bool:
In my opinion, only int should be coerced:
- bool to int: false to 0 and true to 1
- int to bool: 0 to false and anything else to true
That's because sometimes boolean values are stored numerically as 0 or 1.

What can be coerced but it might be good to remove as well:
- int numeric string to bool: '0' to false and anything else to true,
validity of a int numeric string, being considered the same as when
coercing string to int (empty string is not valid).

What should not be coerced:
- bool to string: false to '' and true to '1'
- string to bool: '' to false and anything else to true
- bool to float: false to 0.0 and true to 1.0
- float to bool: 0.0 to false and anything else to true
To me, all of these look like possible bugs and an explicit conversion
should be used if correctly intended.

Other types already raise errors to and from bool:
null|object|resource|array.

In terms of RFC, it would be pretty controversial as there's a lot of BC
breaks.
"bool to string" and "bool to float" are probably the most clear cases.

I have no plans to initiate a RFC in the near future, just sharing my
thoughts about it mostly.

Regards,
Alex

--000000000000cfbfda05dd91761e--