Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118837 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 9290 invoked from network); 18 Oct 2022 01:39:39 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 18 Oct 2022 01:39:39 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 02CC3180054 for ; Mon, 17 Oct 2022 18:39:37 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-qt1-f177.google.com (mail-qt1-f177.google.com [209.85.160.177]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 17 Oct 2022 18:39:36 -0700 (PDT) Received: by mail-qt1-f177.google.com with SMTP id a24so8872143qto.10 for ; Mon, 17 Oct 2022 18:39:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=newclarity-net.20210112.gappssmtp.com; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=edqVzvWOG0vE2iCqi8txRRTBNwWEdEsvvOfeMCz7V54=; b=z9MaXBgqMEEVfusU3ypD3K2OBFbUUZcxM92yxEyOrvpTOpqMX62RvnEHrLilFqSE3z 3UX6O/czHUQjU2vDYjEDB5fBD0KTnM2QSlPmH4vii+tSqIQEfwDvIKqqSzCWyjQKtSjV 4ghpdGghscrZH5D/hZ4Tmx+rXKuDXZR7umJRke03lv3NKnLodyXPg8wK6yduo3cogkn1 9WRcA+GKmODMZYkZnqdKBKJO2Nh1JxAzg8N1eDJOqgPAMp6FKhOcTbomyXlUN8NRS+ud LXwtsipLyR4oHuOdpaBlpQ//VaEqt8BUueoax+UP3yw7a3STOqZ+11xxRWTew2r/JnUa 3dZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=edqVzvWOG0vE2iCqi8txRRTBNwWEdEsvvOfeMCz7V54=; b=jlfB0/rzV3fxfDnd+fK/7TtCvLDcHNusdOwh55iaTP7WCjiYeDVKA8BHPndkq17ynN KqFmYeLGsIH79HDvDPOxKr4QmZ9SwxwuNcGVGkt7Goixj4kcWIUmOcF7p37bv27ZGGrI 46EOoLghelyJX0G/6knQbVMKcJOKTZEUC3k5g7gjlx7DSERByQbozIoOuoKMBwAHPJap 2/TynolMS1g+fQCyRGhcu2QeyerOzalkMv0U6MBuW9ZW9VIpG/AoacInQ5p5el1nqeh6 4H8aQXFpuN973745ZqIuT+e5fZvA1LOTG3yj8B3MfrmITsL9CSXIHOmzqe2hc7d+KV/k LV7w== X-Gm-Message-State: ACrzQf10l6kUZFH2QbbN3Q6dBfsNrYlCFI956BFr6l2gnLv3hTf+kMeG oBjqd1yMOgm5BjAw2LhjdudoSQ== X-Google-Smtp-Source: AMsMyM7YsT7nxTNX1kAVtT9Bv3yZyuwQE80Sl+E6ZdZ+QhBS1FGpkYQgBCc+DJ5PmJHIqQYITAqIjQ== X-Received: by 2002:ac8:5b89:0:b0:39c:e932:88ca with SMTP id a9-20020ac85b89000000b0039ce93288camr377335qta.257.1666057175498; Mon, 17 Oct 2022 18:39:35 -0700 (PDT) Received: from macbookpro.local (c-24-98-254-8.hsd1.ga.comcast.net. [24.98.254.8]) by smtp.gmail.com with ESMTPSA id h24-20020ac85158000000b00304fe5247bfsm940166qtn.36.2022.10.17.18.39.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Oct 2022 18:39:34 -0700 (PDT) Message-ID: <715F21EA-9707-4C9E-8E02-F8BF981624BE@newclarity.net> Content-Type: multipart/alternative; boundary="Apple-Mail=_24CFC4ED-636F-4281-B48A-180BCC97219C" Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\)) Date: Mon, 17 Oct 2022 21:39:34 -0400 In-Reply-To: <13af26f4-2925-44a7-a5b3-6e282ebc77a0@app.fastmail.com> Cc: php internals To: Larry Garfield References: <22177032-fe72-c39b-63fe-fa4368a70852@bastelstu.be> <0d950416-372b-1ff5-21c2-0c6720d47a07@bastelstu.be> <13af26f4-2925-44a7-a5b3-6e282ebc77a0@app.fastmail.com> X-Mailer: Apple Mail (2.3608.120.23.2.7) Subject: Re: [PHP-DEV] [VOTE] Improve unserialize() error handling From: mike@newclarity.net (Mike Schinkel) --Apple-Mail=_24CFC4ED-636F-4281-B48A-180BCC97219C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Larry, > On Oct 17, 2022, at 6:01 PM, Larry Garfield = wrote: >=20 > On Mon, Oct 17, 2022, at 12:33 PM, Tim D=C3=BCsterhus wrote: >=20 >>>> Okay, now the Exception message changed. Personally I do not = consider >>>> this a BC break: I believe Exception messages are meant for human >>>> consumption, not for programs. Otherwise fixing a typo in the = message >>>> would be a BC break. If the code wants to learn about the cause, it >>>> should either use the '$code' or different types of Exception = should be >>>> thrown to clarify the cause by entering a different catch() block. >>>>=20 >>>=20 >>> Yes, the specific error message should be part of the BC promise. = This >>> allows building test suites that can assert the message in a stable = way. >>=20 >> I'm not talking about test suites here. I believe makes sense to = verify=20 >> the error message to ensure a specific error message is emitted to = the=20 >> human observer in the error log. >>=20 >> I was talking about code that does something like this, which I = consider=20 >> to be inherently unsafe: >>=20 >> try { =E2=80=A6 } >> catch (SomeException $e) { >> if ($e->getMessage() =3D=3D=3D 'Foobar') doSomething(); >> else doSomethingElse(); >> } >>=20 >> As a library author I want to be able to provide the best possible=20 >> Exception message to ease debugging for the user. This is not = possible=20 >> if I am locked into a bad choice forever. >=20 > Just to be clear, such code is sometimes necessary. If the exception = doesn't include sufficient information as dedicated properties, parsing = out the string becomes the only option. I've had to do this myself. >=20 > In 100% of cases, without exception (no pun intended), that's because = the code that throws the exception is bad and wrong and should be fixed. = But such code absolutely exists in the wild, including in php-src. I = recently needed to sscanf() and then explode the message of = \ArgumentCountError as that was the only way I could find to get the = class/method names out of it. I died inside a little. >=20 > So yes, such code is inherently unsafe, but is sadly not as uncommon = as it should be. >=20 > All that said, I agree that we have not and should not treat error = message strings as part of the API guarantee. If anything, maybe that = will help incentivize people to stop writing bad (unparsable) = exceptions. I am curious what you would envision a better, "parsable" exception from = sscanf() would look like? I ask not because I disagree with you here but because maybe the = question of whether errors messages should be part of BC is focusing on = the wrong question? -Mike P.S. Also, looking at https://www.php.net/manual/en/function.sscanf.php = , it is interesting = that the exceptions it triggers are not documented here. (I am not = picking on sscanf() =E2=80=94 AFAIK few if any functions document their = exceptions.) Shouldn't more thought (and documentation) be given to this = information which obviously is part of its API/usage? --Apple-Mail=_24CFC4ED-636F-4281-B48A-180BCC97219C--