Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118505 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 80819 invoked from network); 26 Aug 2022 11:08:16 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 26 Aug 2022 11:08:16 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 22ACA180544 for ; Fri, 26 Aug 2022 04:08:16 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-ua1-f54.google.com (mail-ua1-f54.google.com [209.85.222.54]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 26 Aug 2022 04:08:15 -0700 (PDT) Received: by mail-ua1-f54.google.com with SMTP id ay32so438918uab.5 for ; Fri, 26 Aug 2022 04:08:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=nP4y+/rZlidYNw+lB1KKWhwjxNpIK8umttxY0uBxdxw=; b=i+e4D7Nd4I+2IrMHP2CpjX8lOoCtjjpvoH2/hR392If5TkarfllmgBrPbw5K8kXXUW 1YHqOmzZ+jKGu3KTylFOEDC2o4zCzhVDowmcAZYi+NMrgD4zN2GELxmrmvzvxOKY3QMI zx/y8fM64m3pa+r3ysMOSuCQk8UDUDp8J3DXoDGoDRZpZHqwqtfOFx99AHP9rz7Lnz+3 dXj4fICzGCYW0rPmoRffj3HNuY5zmMEEA4qZc9te+wcpn5GY8bdr7WNNs/xrRmqoQJY/ a4ZCIRchPWGwIODIwr4Wc2/63j3LCgvHBGBnWK6T99l3/Y2SKnVLrgyl9zRv50MBbvm+ sezg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=nP4y+/rZlidYNw+lB1KKWhwjxNpIK8umttxY0uBxdxw=; b=GMIS4BaQYxU9u1EklpHHQRhrYOt10QnbjcWre7wcoIs4ZOv85QGVdj3KJwCHSnNWVq sN32MGyP2q64RcIoMcdeHEA32Zn5OPLOHEC6XUMhNpgM7RvqQyx+/odegXURHn8l2S+h Cm3X3OeAwWdRsO2NHQf2kL27lH3xdqNcUCvaYUWLGQcIa/gw731UysxGOAChR2wCOre8 ToK8yo5Lw4bGMHWPS2uQqdTqrc5d3I+wWKV0hrnXYrUfHjFK3uq4M/FVXwkYAiAyw+ru dDssMxjBcICCDK+4p4i+s6ByCstIk/sPIN2KvRVxgj2vGJtG9V2FIy+GmK9B8iYlW0dk Xpzw== X-Gm-Message-State: ACgBeo2iSh9HriHsWpJJsiPUrI8d7gvol6R4QnK2NeeG2ktHEtCg2YfF rk8qZ96O28gdxjoDz73ntpB7Y1RW5g21pWwgj1M= X-Google-Smtp-Source: AA6agR6iCbmh173YqlchlX7kmLIQaHuSWiA2A8qQ/qsw+ahKfE0u+Tbz5Jm5G4yVRJzreJNpLu9bY5uzrAqohedMmg8= X-Received: by 2002:a9f:2c8b:0:b0:387:ac4b:de53 with SMTP id w11-20020a9f2c8b000000b00387ac4bde53mr2949326uaj.25.1661512095120; Fri, 26 Aug 2022 04:08:15 -0700 (PDT) MIME-Version: 1.0 References: <8D53AD5B-7CFC-4820-9EE4-FEB365D327A8@woofle.net> <4e9741c0-a338-f9af-4d78-705db6bcf5b4@bastelstu.be> In-Reply-To: Date: Fri, 26 Aug 2022 13:08:03 +0200 Message-ID: To: =?UTF-8?Q?Micha=C5=82_Marcin_Brzuchalski?= Cc: =?UTF-8?Q?Tim_D=C3=BCsterhus?= , Hans Henrik Bergan , Dusk , David Gebler , PHP Internals List Content-Type: multipart/alternative; boundary="00000000000038439e05e722ee5a" Subject: Re: [PHP-DEV] RFC json_validate() - status: Under Discussion From: dev.juan.morales@gmail.com (juan carlos morales) --00000000000038439e05e722ee5a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Just Want to remind that this discussion is not about "a json parser can be written in PHP or not?". We Have a JSON parser already in the core, ready to be use for validation. Does it make sense to have another parser in User land to do validation if We already have one? Is there a better way to do validation other than json_decode? El vie., 26 de agosto de 2022 12:48, Micha=C5=82 Marcin Brzuchalski < michal.brzuchalski@gmail.com> escribi=C3=B3: > Hi Tim, > > pt., 26 sie 2022 o 12:15 Tim D=C3=BCsterhus napisa=C5= =82(a): > >> Hi >> >> On 8/26/22 11:14, Hans Henrik Bergan wrote: >> >> you can't efficiently validate JSON in userland >> > >> > Has anyone actually put that claim to the test? Has anyone actually >> made a >> > userland json validator (not just wrap json_decode()/json_last_error()= ) >> for >> > performance comparison? >> > ( if not, https://www.json.org/JSON_checker/JSON_checker.c would >> probably >> > be a good start) >> > >> >> Worded like "you can't efficiently" the claim is false. Of course you >> can memory-efficiently validate the input by traversing the string byte >> by byte and keeping track of the nesting. >> >> However the points that make a userland implementation infeasible are: >> >> 1. Writing a JSON parser is non-trivial as evidenced by: >> https://github.com/nst/JSONTestSuite. I expect userland implementations >> to be subtly buggy in edge cases. The JSON parser in PHP 7.0+ is >> certainly more battle-tested and in fact it appears to pass all of the >> tests in the linked test suite. >> >> 2. Even if the userland implementation is written very carefully, it >> might behave differently than the native implementation used by >> json_decode() (e.g. because the latter is buggy for some reason or >> because the correct behavior is undefined). This would imply that an >> input string that was successfully validated by your userland parser >> might ultimately fail to parse when passed to json_decode(). This is >> exactly what you don't want to happen. >> > > Now this is an argument I could think of. > But that one is not even mentioned in RFC. > > The JSON_checker.c example delivered by json.org is probably not > something impossible > as it required around 1h of work to port it see working implementation > here https://gist.github.com/brzuchal/37e888d9b13937891c3e05fead5042bc > > Cheers, > Micha=C5=82 Marcin Brzuchalski > --00000000000038439e05e722ee5a--