Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:123249
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id D643E1A009C
	for <internals@lists.php.net>; Wed,  1 May 2024 21:26:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1714598820; bh=EBb4yfu3EVL26rHvpQVuwbATpz3vyE2u8SjZlZ1vxtE=;
	h=From:Date:Subject:To:References:In-Reply-To:From;
	b=eFVs3YK1677aM2W6ze6ZKvDwLQn5b9xIA5Nz9aGnBjqm978rBn4G4LMCl45oESK9v
	 UZOr9cd+Fhgpmoeh3hYg4Vg6r+zbqbFooxMqqfjUKqOYmmOUntvc8zKt8+W3FokXhx
	 Fl00BhIx7kZayDAK3EcGoRdLZKlCK3DJyTHAMSlZlYf0ZxFRvnta/ccQWIT38NiThb
	 2/Nd9SXA/Vt0Xj8haH4Tzap6xfN/iLG1Hz1S/Q2aAP3A0lE/8jesPkvRZ2MXoEBC3a
	 EU8r1cXceJQbSAqnW//HyS1ojmnAYvp0y2mtCFix+Y2/IL7KZlsX3uKM7xA0q74PSb
	 f78kTO2eV5A7g==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0BEC91801D4
	for <internals@lists.php.net>; Wed,  1 May 2024 21:26:59 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <josh@wcflabs.de>
Received: from mail-lf1-f66.google.com (mail-lf1-f66.google.com [209.85.167.66])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed,  1 May 2024 21:26:58 +0000 (UTC)
Received: by mail-lf1-f66.google.com with SMTP id 2adb3069b0e04-51dc5c0ffdbso4371878e87.2
        for <internals@lists.php.net>; Wed, 01 May 2024 14:26:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=wcflabs.de; s=google; t=1714598772; x=1715203572; darn=lists.php.net;
        h=content-transfer-encoding:in-reply-to:content-language:references
         :to:subject:user-agent:mime-version:date:message-id:from:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Ak3xaDs6KARrs9AXd2iNhr/49WtTVpVpqrih9LjX/EQ=;
        b=AM25MBoQS+7Om+TCN1vuGEiZpxEudekyn9P4tn0Dc1+YoFQJn3vzNYzcv1vJGWgZbc
         hytW4pJa6BQbIeN31mMZIiijysYdPqz89LHaj1Jhpc8HJwRXrqDMc6kt+T63mh5+YVVu
         flAgY4aaTxYmqNnsqYf3uLC45PQ1ipnEW0s/9jViOfpJUgfVQVmsgYfw1FPI99WVygw3
         hi8Gex+5SQXb0LQndU+Y6r/gTyi2mGIsMJEEmKEwAbsvAFyIpMpGtbE9adZuOkWOfXbi
         5UJI6tTw41PYM01FUaYq/6j7RXMA3sRIX3lbjQV537jP6RI0/CgdXISj7gfB9UnehnFv
         VX5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1714598772; x=1715203572;
        h=content-transfer-encoding:in-reply-to:content-language:references
         :to:subject:user-agent:mime-version:date:message-id:from
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Ak3xaDs6KARrs9AXd2iNhr/49WtTVpVpqrih9LjX/EQ=;
        b=NozY3/5q42AvtGpoPrCx6Fdl/9iQ/XqiYGJMrTm24W4zhlTUv580ffkzTwcCIVvDbi
         n5tGUF5HFyD3u17NCL2tS0OU22kCbzqbZQk1qDH8HKhop7moKpLkLuk32L6DNA2XFKkm
         cCaO/FnCLfc8IT/q30XcNL1B+PYzp3Kj/WORFXH8RUTNK+jg99y7EIJiMaUwudTv9/bK
         CyUCniX3oe8hb6t3wnT1IP0oyMTsSIO45qjnL/hE54Cm+YZDyeYTRup0x3LfKDHU4Q3c
         8zOLYo6oy8Ucj41b+xPgaavwAmYNQZQsmFAqFpNPhn2fbs0DGH0idpMAomvWb+RWDfNu
         UTrw==
X-Gm-Message-State: AOJu0YySfKrdj+eN5845CHkoWV6jv5CjoWCjBbNlqO/i4jo4Ceq9f255
	7sHtOfqm/AZabs1Wv1dkREYS5euOgj49GaCM8l8wsSRGmn+c1DCBRRO7A2OU5VPD+kTq3IYRRiJ
	vjhFFQQ==
X-Google-Smtp-Source: AGHT+IGUKKdj/WgLFKKL7OT7XwZeAE0kEWF4Y42H7QNy6g4uuphxL06550MbE7TP81vIf8Qg17x6dA==
X-Received: by 2002:a05:6512:3043:b0:51d:8882:cd69 with SMTP id b3-20020a056512304300b0051d8882cd69mr2713716lfb.53.1714598770172;
        Wed, 01 May 2024 14:26:10 -0700 (PDT)
Received: from ?IPV6:2a01:598:c000:f1a6:15de:df28:b7b9:4797? ([2a01:598:c000:f1a6:15de:df28:b7b9:4797])
        by smtp.gmail.com with ESMTPSA id ev9-20020a056402540900b005725de35790sm5951167edb.61.2024.05.01.14.26.09
        for <internals@lists.php.net>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 01 May 2024 14:26:09 -0700 (PDT)
X-Google-Original-From: =?UTF-8?Q?Joshua_R=C3=BCsweg?= <josh+phpinternals@wcflabs.de>
Message-ID: <41ad56d9-8b27-420e-ba85-a3e9a6122bcf@wcflabs.de>
Date: Wed, 1 May 2024 23:26:08 +0200
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PHP-DEV] RFC [Discussion]: array_find
To: PHP internals <internals@lists.php.net>
References: <24e4529d-0b75-44de-90ef-34de5dfb1c99@wcflabs.de>
 <278889be-82ab-4827-a9e7-801b5ba2d8f8@app.fastmail.com>
 <CAAKU0ukwfF+D5L+23BEqL053ktCp5AQOjRGdha-8pXN-yf1HBQ@mail.gmail.com>
 <06373f2b-5de0-4582-96c5-29c3b474c01d@wcflabs.de>
 <45e6365b-4963-4969-8cc1-80bae6922fc8@wcflabs.de>
 <60bb55a5-16c9-4df0-8521-75f82d3dbf5b@app.fastmail.com>
Content-Language: de-DE
In-Reply-To: <60bb55a5-16c9-4df0-8521-75f82d3dbf5b@app.fastmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
From: josh@wcflabs.de ("=?UTF-8?Q?Joshua_R=C3=BCsweg?=")

Hi

On 01.05.24 12:26, Larry Garfield wrote:
> This looks good to me, with one remaining exception, which isn't specific to this function but should still be discussed: Always passing the value and key to the callback is unsafe, for two reasons.
> 
> 1. If the callback is an internal function rather than a user-land one, and it has only one argument, it will error confusingly.  That makes the current implementation incompatible with unary built-in functions.  See, for instance, https://www.php.net/is_string (and friends)

I think, that this problem can easily be detected with static analysers. 
Currently neither PHPStan [1] nor psalm [2] does detect this issue, but 
as the tools already validate the signature (e.g. str_contains is 
rejected) this can probably be integrated and might even be considered a 
bug.

The proper fix from PHP's side would be something like the proposal in 
https://externals.io/message/122928 (RFC idea: using the void type to 
control maximum arity of user-defined functions).


> 2. If the callback takes two arguments but the second is optional, it's highly unlikely that the key is the value expected as the second argument.  This could lead to confusingly hilarious errors.  See, for instance, https://www.php.net/intval.
> 
> These won't come up in the typical case of passing an inline closure (either short or long form), but are still hidden landmines for anyone using functions not tailor made for these functions.

I see the problem, but don't think, that this is a problem, that we can 
solve. As a note: Such problems exists in JavaScript, too [3] and is 
handled in the same way.

> I'm not sure of a good solution here, honestly, so I don't know what to recommend.  In Crell/fp, I ended up just making two different versions of the function that pass one or two arguments.  I don't think that's a good answer for this RFC, but I'm not sure what is.  At the very least, it should be mentioned as a known-limitation that gets documented., unless we can come up with something better.

I have added this problem in the section "Open Issues" in the RFC to 
document this behavior.


[1] https://phpstan.org/r/bd0866cd-6a76-4c18-8eb3-0f3848de7f4a
[2] https://psalm.dev/r/1baa3f8e0d
[3] https://wirfs-brock.com/allen/posts/166