Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:120453
Return-Path: <rowan.collins@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 30636 invoked from network); 30 May 2023 12:17:08 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 30 May 2023 12:17:08 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 6FA33180083
	for <internals@lists.php.net>; Tue, 30 May 2023 05:17:07 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <rowan.collins@gmail.com>
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 30 May 2023 05:17:07 -0700 (PDT)
Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-3f60804faf4so29407305e9.3
        for <internals@lists.php.net>; Tue, 30 May 2023 05:17:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1685449026; x=1688041026;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id:from
         :to:cc:subject:date:message-id:reply-to;
        bh=DuTilKwwAGkILaHEKM39s2n/mBkCIpnLCqGAGvuU3yE=;
        b=h6HtYI4Tr1Y/U2O4K23aJuAM6iuyh/V4hNHhFenapjOSK4xfT0AeDT0YYtjGiQI7YE
         GJulIgYPfUsKcfIEXRHLVsb3848YY3JFhIRst2qa4kylA3xH/wU1Oy1pc5tBgnk4Ku7b
         HvmJ/2JLgsUad5bmTPmHRwRflhr+88QJgsfZBPabsI3y4wijk8c9f9TTc87bYTOhFEB6
         0NbEwEToamf41ytX575CUr/j155eKy3oFD7Mo3poVnqv5aIYg3htTozFtobuYf/Q8Utk
         k7WRqiraVGQwHOj4f4squCJ2dYzlZLj0DLBBG+twrDT3Csdbwt2ptjFp5Vs6r9F4Zhg8
         idGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1685449026; x=1688041026;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=DuTilKwwAGkILaHEKM39s2n/mBkCIpnLCqGAGvuU3yE=;
        b=NIlH26zUyQnHRg0mZs7xX4yLkT2/xPmZk8xDKMuCea74oFidX5nbOCmnRbpu8jEw8h
         gjgEbp0ab4XdibqR729DDQ/UkbZ7mGET77d2wBWGD8w+lOHCwIQl3EYw64CKIWykZDbS
         by81TDnyc/TaMiHI2AVVGS6CHn6fVzREF5dWMGG29kTpLCFY9hXK6/+s/I1keSd3wUwj
         Ylv8jhJbY4eO3VNULgR8rmx3OKUAstfrylZfIwYcdoiGQQ4+Zwp+UQi22fGUllzJrvKC
         zEYsg+1OBGO8x7RIELf1asbkAntXt2STa1kzRgmYoRRpP7CUUbWy2WPdLY0Z5EoBl2E3
         L+Dg==
X-Gm-Message-State: AC+VfDwZ3LFzXtBYF3AJl5gjzZaroEbTr63Bcr0IxkWFtypHNO5hpEnK
	xQhHt3ZPYsy6GEQiaAqxyx7YLzpr7as=
X-Google-Smtp-Source: ACHHUZ5B5+1s+iy0n7zKdlK+KbU6H+esVl/XiVXjvGiNbtwmv+7Xg4TNSVbNtM8rrSNDTOADxc9odA==
X-Received: by 2002:a1c:7206:0:b0:3f7:5d:4a08 with SMTP id n6-20020a1c7206000000b003f7005d4a08mr1674017wmc.1.1685449025904;
        Tue, 30 May 2023 05:17:05 -0700 (PDT)
Received: from [192.168.0.22] (cpc83311-brig21-2-0-cust191.3-3.cable.virginm.net. [86.20.40.192])
        by smtp.googlemail.com with ESMTPSA id o11-20020a05600c378b00b003f195d540d9sm20928475wmr.14.2023.05.30.05.17.04
        for <internals@lists.php.net>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 30 May 2023 05:17:05 -0700 (PDT)
Message-ID: <b2c0a7ab-71bd-a799-495e-9a6e1e84c25f@gmail.com>
Date: Tue, 30 May 2023 13:17:03 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.11.0
To: internals@lists.php.net
References: <e58dde83-654d-b0ad-de77-d0450a56ef75@bastelstu.be>
 <CADyq6sJ3aaipfagKtoqksOm2JFp-UN5H0hkrOndgKad2W9x3fg@mail.gmail.com>
 <CA+p1FabKB1K2P9ZidyNgva+mfe1xzTtracyKkQGFKeWYcW1+_Q@mail.gmail.com>
 <CA+kxMuRse5=y_+XKk1LyQ3MpkLan75DzbE=sxtmeiaZf7W0yLQ@mail.gmail.com>
 <CA+p1FaZmagr9Js_a2wp2SOrbhb-uZAhcknXKRLQHonw45gBBOg@mail.gmail.com>
 <c2ea6b97-5ecd-ca12-c748-f0b5e37402c4@bastelstu.be>
 <CA+p1FaYpnRGwG35=a3X8eBGoONvJkyLiqFgcGr+BV0_XMM61pg@mail.gmail.com>
 <c8dcba49-2f76-1812-a9af-7930662e3b5b@bastelstu.be>
Content-Language: en-GB
In-Reply-To: <c8dcba49-2f76-1812-a9af-7930662e3b5b@bastelstu.be>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] RFC [Discussion]: Marking overridden methods
 (#[\Override])
From: rowan.collins@gmail.com (Rowan Tommins)

On 29/05/2023 19:29, Tim Düsterhus wrote:
> I think this is a flawed premise: Any sort of analysis that PHP itself 
> performs can also be performed in userland. 


This isn't actually true. There is a lot of dynamic functionality in PHP 
where correctness can't be proven ahead of time, and run-time checks are 
the only way. That's why Hack evolved away from being a superset of PHP 
to being a related but incompatible language, and why languages like 
Dart continue to include run-time type checks despite mandatory 
pre-compilation analysis.



> It's part of the language and thus will *always* be available. If it's 
> not always available, then folks who switch jobs or contribute to 
> various open source projects that made a different choice with regard 
> to analyzers will possibly:
>
> - Be unable to rely on a specific check that they found useful in the 
> past, because the new SA tool doesn't implement it.
> - Be unable to rely on a specific check working as they learned it, 
> because the new SA tool implements it differently.


This is a reasonable argument, but it basically comes down to PHP 
Internals becoming the controller of a standardised set of static 
analysis attributes, because a lot of the functionality will still only 
exist in each of those tools.

I don't know how those tools currently collaborate on designing the 
syntax and semantics for extra attributes or docblock annotations, but 
it's not clear that this would be the right place to do it.


> As the proposal is a compile time check, the mistake would also be 
> immediately apparent just by loading the class (e.g. as part of *any* 
> kind of test), it is not necessary to actually execute the method in 
> question. So it should be sufficiently visible and usable even in 
> codebases that are in a less-than-stellar state.


The reason I'm so skeptical of this feature is that the category of 
mistake the engine would be able to catch seems like it would be rather 
rare. And I really do think it makes a difference that the author of the 
*inheriting* class is the only one that can trigger the check.

For example: if the maintainer of Guzzle decides this check is useful, 
they can add the attribute to appropriate methods in that code base. 
Guzzle itself already has both PHPStan and Psalm configured with 
automated CI checks, and will likely be able to configure them to warn 
if an Override attribute is missing, which the engine can't do. So the 
only benefit to them is standardising the attribute for use with SA tools.

Users of Guzzle won't see any impact from the Guzzle code base adding 
those attributes; they would have to add them to their own code 
separately. If they are not using any kind of static analysis tools, 
they will not be reminded to add them. They will then only see a benefit 
from remembering to add them in the rare case that a parent class 
removes a method they were previously overriding.

It all seems rather a small niche for the engine to care about, unless 
it's the beginning of a larger project to standardise and encourage such 
attributes.

Regards,

-- 
Rowan Tommins
[IMSoP]