Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:125653
Message-ID: <042AF6B3-ACAD-498E-99FA-CD7EDE8778FC@newclarity.net>
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_366378A4-C7A9-44B5-9FA3-C3AA962BF99C"
Precedence: bulk
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.10\))
Subject: Re: [PHP-DEV] Zephir, and other tangents
Date: Mon, 23 Sep 2024 02:14:26 -0400
In-Reply-To: <CAL0xaBHKUxwbzAYaPHevLSAEvWOQRPLsraxEg3oQtJ=wTxAkiw@mail.gmail.com>
Cc: Dennis Snell <dennis.snell@automattic.com>,
 Rob Landers <rob@bottled.codes>,
 Adam Zielinski <adam.zielinski@automattic.com>,
 PHP internals <internals@lists.php.net>
To: Arvids Godjuks <arvids.godjuks@gmail.com>,
 Niels Dossche <dossche.niels@gmail.com>,
 Larry Garfield <larry@garfieldtech.com>,
 "Rowan Tommins [IMSoP]" <imsop.php@rwec.co.uk>,
 Hammed Ajao <hamiegold@gmail.com>
References: <A247BB36-9FD1-4AAF-AAB8-82DBD9DE3550@newclarity.net>
 <CA697780-BC2D-4054-A9FD-523E08236732@rwec.co.uk>
 <8D420123-4ECF-48FD-A9C3-F80C60457A37@newclarity.net>
 <CA+Jpajkx0OraH7GQyB5gECtPOo2JP=RzuSwqfv4AZGY+a+ryPw@mail.gmail.com>
 <AACF228F-53D3-480F-9127-77FBC4AE6A84@newclarity.net>
 <CAGnYymDhy1dov+4HcFWhAx1Ga9bXR=Urew9RbN5KEXcgHmk=Ew@mail.gmail.com>
 <f433fbe1-bee4-4a61-ba18-90053975b29e@app.fastmail.com>
 <BB0310CD-8134-4B3F-9C51-B59B5A24405F@automattic.com>
 <CA+Jpajnk9i=EhqXaKnYUTHhA_1TfzB1qiLfRh1whPoO8Y8ECqA@mail.gmail.com>
 <7EA884D2-0F37-4BF1-AC97-DB6953C944E6@automattic.com>
 <CAL0xaBHKUxwbzAYaPHevLSAEvWOQRPLsraxEg3oQtJ=wTxAkiw@mail.gmail.com>
From: mike@newclarity.net (Mike Schinkel)


--Apple-Mail=_366378A4-C7A9-44B5-9FA3-C3AA962BF99C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

> On Sep 20, 2024, at 3:56 AM, Arvids Godjuks <arvids.godjuks@gmail.com> =
wrote:
> I want to chip in here, since reading the thread lead me into a state =
of cognitive dissonance.
> I've been in PHP world for a long time, about 3 years shy of how old =
Wordpress is. When I'm reading "shared hosting" and "WASM" and knowing =
how managed hosting works, I have to ask: What type of la-la land is =
this conversation is taking place in?

See these lists above showing the required and recommended extensions =
for WordPress, Laravel and Drupal where all(?) other CMS/frameworks have =
an equivalent list:

- =
https://make.wordpress.org/hosting/handbook/server-environment/#php-extens=
ions =
<https://make.wordpress.org/hosting/handbook/server-environment/#php-exten=
sions>
- https://laravel.com/docs/11.x/deployment#server-requirements =
<https://laravel.com/docs/11.x/deployment#server-requirements>=20
- =
https://www.drupal.org/docs/getting-started/system-requirements/php-requir=
ements#extensions =
<https://www.drupal.org/docs/getting-started/system-requirements/php-requi=
rements#extensions>=20

Managed hosts that want to sell to users of a CMS or frameworks operate =
in the "la-la land" you speak of.


> what managed hoster in their right mind and sanity will allow WASM to =
be enabled to bypass ____A L L _____ PHP security features and allow PHP =
code do anything it wants?

That is a false assertion. WASM cannot bypass all PHP security; it is =
by-nature sandboxed.

Yes, there are ways that a good C++ developer could get around that, but =
as part of this discussion we have been discussing ways to avoid =
allowing that, such as potentially enabling WASM for PHP to only allow =
using AssemblyScript, at least initially.

> On a shared hosting... I seriously want to know answer to this =
question, because I firmly believe there was zero risk and security =
assessment not only done, but it hasn't been even a twinkle in the eye.
>=20
> On VPS/Decicated you can run whatever you want, so you don't have the =
limitations.

Shared hosting vs. VPS/Dedicated is a false dichotomy.=20

There is also managed hosting =E2=80=93 typically run in sandboxed =
containers =E2=80=94 that specialize in running specific CMS and/or =
frameworks.

> On other note - people have pointed out how big body of work it is. If =
you want to sponsor WASM development for PHP, I suggest Automatic open =
their wallet and put in 2-3 million $ a year for the next 5-10 years to =
PHPFoundation and find devs who are capable and willing to do this job. =
Honestly, I think you might find people to want to do that rather than =
lack of money being the cause of it.

Well, that is an option, and I would be glad to see it.=20

However, my guess is that Automattic (spelled correctly) is not likely =
to do that given how dismissive PHP Internals and by extension the PHP =
Foundation has been regarding the needs of WordPress users for as long =
as you Arvids have been doing PHP. =20

But who knows, maybe there could be a d=C3=A9tente?  Who on this list =
would be more open than in the past to treat concerns of WordPress users =
as legitimate rather than dismiss them because (I am paraphrasing) "how =
bad their code is?"

> On Sep 20, 2024, at 3:39 PM, Niels Dossche <dossche.niels@gmail.com> =
wrote:
> Perhaps I'm missing something in this discussion, as this discussion =
has all sorts of tangents and is quite lengthy. Also easy to forget =
what's been said and not.
> Anyway, there is already a wasm extension for PHP: =
https://github.com/veewee/ext-wasm

The something you might be missing is the discussion is about =
potentially having WASM as a bundled extension in PHP core rather than =
there just having one be available, and the reason is so that it can =
become a viable option for CMS & Framework vendors to include on their =
list of required or at least recommended extensions.

> On Sep 20, 2024, at 7:27 PM, Rowan Tommins [IMSoP] =
<imsop.php@rwec.co.uk> wrote:
> It's absolutely possible to build a PHP extension that interfaces to a =
WASM runtime, and links have been shared to at least two projects doing =
just that. Adding that to the php-src repo doesn't change what that =
extension can do, it just marks it as "approved" in some slightly =
ill-defined way, and restricts it to having new releases only once per =
year.
>=20
> I think there's an impression that somehow by proposing that "we" add =
some complex functionality "to the language", it will suddenly attract =
developers and become stable and universally adopted; but it's really =
the other way around: once there's a mature implementation, and some =
people offering to maintain it, we can consider moving it to the php-src =
repo, if that seems beneficial. (And if other constraints are met, such =
as licensing.)

No, it is not "the other way around," it is *both*, and =
mischaracterizing it to say that the only way hosting providers will =
install something is if it becomes popular dismisses the valid approach =
we've been advocating for, or at least for installations on a reasonably =
widespread basis (~1/3rd of hosts or more)

What your dismissal ignores is that many hosts won't install something =
unless a Framework or CMS requires or at least recommends it. And no =
Framework or CMS that cares anything at all about risk management =E2=80=94=
 e.g. none with a large userbase =E2=80=94 would require or at least =
recommend an extension that is not bundled with PHP unless there is =
overwhelming need for it and it targets a business vs. a technical need.

I absolutely love that Larry called the question if it were technically =
possible.  Maybe Larry will read this and can answer the question =E2=80=94=
 since he was heavily involved with Drupal =E2=80=94 "Would Drupal be =
willing to require or at least recommend a 3rd party WASM extension vs. =
a bundled one here? =
https://www.drupal.org/docs/getting-started/system-requirements/php-requir=
ements#extensions =
<https://www.drupal.org/docs/getting-started/system-requirements/php-requi=
rements#extensions>"

> At which point, some managed hosting servers might be more willing to =
install it. Not the ones who don't even install ext/curl, those are =
never going to benefit from this.=20

There are very few (if any) that won't install curl as you cannot run =
WordPress w/o curl.  Your knowledge of what hosting providers will and =
will not install seems to be rather dated.

> But maybe the ones who install a reasonable list of features, but are =
a bit wary of installing PECL extensions they don't know much about, can =
be persuaded to trust their users with a WASM sandbox.

Or the ones who want to target the users of the CMS or Framework that =
recommend or require the extension.

If the extension were bundled then I expect it could become a =
recommended extension for hosts to enable and WordPress could start =
shipping WASM extensions for the use-cases Dennis Snell mentioned that =
can optionally run if the WASM extension is enabled vs. if not it would =
just run the old slower PHP code.

BTW, Dennis, could you see WordPress recommending a WASM extension if =
PHP bundled one here? =
https://make.wordpress.org/hosting/handbook/server-environment/#php-extens=
ions =
<https://make.wordpress.org/hosting/handbook/server-environment/#php-exten=
sions>

> On Sep 20, 2024, at 8:51 PM, Hammed Ajao <hamiegold@gmail.com> wrote:
> Ah so you want to make huge changes to the engine for even less users?

Why make such a leading yet false assertion?

The fact it can be implemented in an PHP extension discretions your =
assert that it would require "huge changes to the engine."  In fact, it =
would not require *any* changes to the engine.

> If you insist, I'll await your MVP.

Here it is:  https://github.com/wasmerio/wasmer-php/releases/tag/1.1.0

> So maybe those companies should implement it themselves or pay to have =
it implemented.

Or maybe those companies just give up on using PHP rather than =
constantly deal with intransigence among community members when =
improvements are even mentioned? Most of my work has been in Go lately, =
motivated in large part because of PHP's governance model that centers =
around this list and the hostile and non-constructive reactions that are =
far too common on this list.

> How would we handle the JS-like stdlib of assembly script? Another =
abstraction layer? That seems easier to you than a DSL created =
specifically for this?=20

You mischaracterize, but yes, an existing working WASM is easier IMO =
than a DSL that is just "concepts of a plan."

(Those quotes were not yours, I am just making a pun on something that =
was said recently by someone well-known in the USA.)

> With PHP like syntax?=20

Why is "PHP like syntax" a blocking requirement?  C does not have a =
PHP-like syntax, or at least one that is not more similar to =
AssemblyScript than PHP.  Why then is C acceptable for extensions but =
AssemblyScript is not?

And even so, there is no reason a PHP-like syntax is required. PHP =
developers work with JS or TS every day, and AssemblyScript is just a =
variant of TypeScript.

> Using the parser already in the engine? With a PHP-like stdlib?
> =20
>=20
> > > In essence, WebAssembly is great for certain scenarios, but PHP =
has existing mechanisms that make the addition of a Wasm runtime =
potentially redundant for most use cases.=20
>=20
> Then for those cases where it is redundant, don't use it.
>=20
> That's most use cases. It doesn't make any sense to burden all users =
and contributors just so some companies can maybe decide to enable wasm =
to make more money.

First, it would not burden all users nor all contributors; that is an =
invalid claim I have discredited above.

Second, that sounded like a Freudian slip where you said the quiet part =
out loud. Is this about you somehow having a hot button about "some =
people wanting to make money" rather than accepting people just want to =
be able to write better and faster websites in PHP? If "some people =
wanting to make money" were the discrediting bar then (almost?) every =
feature request could be denied on that basis.=20

> Honestly, a DSL would be the perfect solution here. Anyone familiar =
with writing PHP extensions knows about `gen_stub.php`, which scans PHP =
stubs and generates the corresponding binding C code.=20

When and where does the C code get compiled?=20

And isn't that what Zephir actually is?

> I've often thought this process could be extended to handle more =
complex scenarios like promoted properties, simple expressions (e.g., =
assignments, property access, comparisons), and anything that can be =
easily translated into C code.
>=20
> V8 has a similar tool called Torque, and I've always wondered what =
something like that would look like for PHP. It would result in a =
strict, statically typed subset of PHP that satisfies all the =
requirements, except for the last one (which it would only partially =
fulfill).
>=20
> Since the generated code would interface directly with the Zend API, =
we can consider the DSL code as safe as the PHP implementation itself. =
While there wouldn't be CPU throttling, hosts shouldn't have major =
objections since it would essentially be as safe as PHP.
>=20
> Most importantly, this approach would benefit everyone. It would have =
no third-party dependencies and would only need to evolve alongside =
PHP/Zend as they grow.
>=20
> That=E2=80=99s how I would approach it.

I await your proposal.  Sincerely.=20

And I don't mean to the level of an RFC, but a document that details how =
it would work, and one that could be discussed and commented on as you =
can on a Github repo.

Note I am not advocating fro a *specific* approach =E2=80=94 e.g. WASM =
=E2=80=94 I am advocated to achieved the stated goal, e.g. an extension =
mechanism that can run at near native speed for low-level string parsing =
and maths that realistically will be able to be run on managed hosts =
which IMO means they have to be adopted by major CMS and/or Frameworks =
as requirements if not at least recommendations.=20

If your ideas can achieve those goals, I would fully be behind them.  (I =
am however skeptical that what you proposal can achieve all those goals; =
prove me wrong.)

> On Sep 20, 2024, at 4:18 AM, Rowan Tommins [IMSoP] =
<imsop.php@rwec.co.uk> wrote:
> On 20 September 2024 06:20:46 BST, Mike Schinkel <mike@newclarity.net> =
wrote:
>> Moot point as it cannot be run on a managed hosted server.
>=20
> Why not? Only because the people managing that server haven't been =
persuaded to include it as an option. And that is mostly because it's =
currently experimental, and there isn't wide demand for it.

You can hypothetical all day long, but the reality is that if something =
is not shipped with PHP, someone wanting to write PHP code that a =
library, CMS or frameworks depends on would have to play a =
failure-guaranteed game of whack-a-mole to get a lot of managed hosting =
providers to support it.=20

And the larger CMS and frameworks are rightly not going to support =
something that does not get bundled into php-src.

>>> Just to reiterate, if by "built-in to PHP core", you mean "every =
copy of PHP includes a functional WASM runtime", that's not going to =
happen. It would mean bundling (or requiring every user to install) a =
huge third-party dependency, with all of its dependencies and platform =
requirements, even if they weren't interested in using it.
>>=20
>> So why do you claim that bundling a third-party dependency is a =
"never going to happen" scenario? =20
>>=20
>> By that logic PHP would have none of these functionalities:
>>=20
>> =E2=80=A2 cURL
>> =E2=80=A2 GD
>> =E2=80=A2 PDO
>> =E2=80=A2 OpenSSL
>> =E2=80=A2 MBString
>> =E2=80=A2 Zlib
>> =E2=80=A2 Zip
>> =E2=80=A2 XSL
>> =E2=80=A2 EXIF
>> =E2=80=A2 BCMath
>=20
> None of those are "built into PHP core" in the sense of "every copy of =
PHP includes them". Nor do any of them bundle their third-party =
dependencies.They are all optional extensions, which the user has to =
provide the dependencies for if they want to install and enable them.

Fine, we can treat WASM the same as all those other extensions and =
bundling it with PHP meaning `;extension=3Dwasm` line in production.ini, =
the internal code needed to link in the library, and compiler switches =
to compile it in.

If PHP were to ship in this way then CMS and Frameworks could choose to =
add WASM to their list of required or recommended extensions, as it =
sounds like from Dennis Snell's really excellent messages that WordPress =
would likely want to do that:

- =
https://make.wordpress.org/hosting/handbook/server-environment/#php-extens=
ions =
<https://make.wordpress.org/hosting/handbook/server-environment/#php-exten=
sions>
- https://laravel.com/docs/11.x/deployment#server-requirements =
<https://laravel.com/docs/11.x/deployment#server-requirements>=20
- =
https://www.drupal.org/docs/getting-started/system-requirements/php-requir=
ements#extensions =
<https://www.drupal.org/docs/getting-started/system-requirements/php-requi=
rements#extensions>=20

Once CMS & Frameworks are empowered to use WASM as part of their core =
offering then they could start recommending WASM and managed web hosts =
that want to cater to their users would start offering WASM enabled on =
their platforms.

BTW, very few CMS or Frameworks make any extensions not referenced in =
production.ini as requirements, and for very good reason because doing =
so would be too risky.=20

> They are what is sometimes referred to as "bundled extensions", which =
just means they have source code in the php-src repository, and get new =
releases at the same time as PHP. Being in that list doesn't mean =
managed hosts have to provide them (who would force them?) and not being =
in that list doesn't mean managed hosts can't provide them (it's as easy =
to install "php-mongodb" on Ubuntu as "php-mysqli", even though one is =
"bundled" and the other hosted on PECL).
>=20
> Being "bundled" may be interpreted as something of a "stamp of =
approval", indicating that an extension is mainstream and stable. That's =
something that has to be earned - many extensions started out in their =
own projects, with releases listed on PECL or elsewhere, and were =
proposed for adoption into the php-src repo once they became stable.
>=20
> Which is why I say your energies for now are best spent on a project =
like extism, or wasmer-php - build that stable extension, and then we =
can discuss whether it would be beneficial to adopt it into the php-src =
repo.

Then let us redirect our discussion as to whether it would be beneficial =
to adopt wasmer-php into php-src repo, an objective list of reasons it =
would not, if not, and an objective list of things it could do to =
resolve those objections.=20

That would be much more productive than debating hypotheticals.

-Mike=

--Apple-Mail=_366378A4-C7A9-44B5-9FA3-C3AA962BF99C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" =
class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D"">On =
Sep 20, 2024, at 3:56 AM, Arvids Godjuks &lt;<a =
href=3D"mailto:arvids.godjuks@gmail.com" =
class=3D"">arvids.godjuks@gmail.com</a>&gt; wrote:</div><div =
class=3D""><div dir=3D"ltr" class=3D""><div class=3D"">I want to chip in =
here, since reading the thread lead me into a state of cognitive =
dissonance.</div><div class=3D"">I've been in PHP world for a =
long&nbsp;time, about 3 years shy of how old Wordpress is. When I'm =
reading "shared hosting" and "WASM" and knowing how managed hosting =
works, I have to ask: What type of la-la land is this conversation is =
taking place in?</div></div></div></blockquote><div><br =
class=3D""></div>See these lists above showing the required and =
recommended extensions for WordPress, Laravel and Drupal where all(?) =
other CMS/frameworks have an equivalent list:</div><div><br =
class=3D""></div><div><div>-&nbsp;<a =
href=3D"https://make.wordpress.org/hosting/handbook/server-environment/#ph=
p-extensions" =
class=3D"">https://make.wordpress.org/hosting/handbook/server-environment/=
#php-extensions</a></div><div>-&nbsp;<a =
href=3D"https://laravel.com/docs/11.x/deployment#server-requirements" =
class=3D"">https://laravel.com/docs/11.x/deployment#server-requirements</a=
>&nbsp;</div><div>-&nbsp;<a =
href=3D"https://www.drupal.org/docs/getting-started/system-requirements/ph=
p-requirements#extensions" =
class=3D"">https://www.drupal.org/docs/getting-started/system-requirements=
/php-requirements#extensions</a>&nbsp;</div><div><br =
class=3D""></div></div><div>Managed hosts that want to sell to users of =
a&nbsp;CMS or frameworks operate in the "la-la land" you speak =
of.</div><div><br class=3D""></div><div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div dir=3D"ltr" class=3D""><div =
class=3D"">what managed hoster in their right mind and sanity will allow =
WASM to be enabled&nbsp;to bypass ____A L L _____ PHP security features =
and allow PHP code do anything it wants? =
</div></div></div></blockquote><div><br class=3D""></div><div>That is a =
false assertion. WASM cannot bypass all PHP security; it is by-nature =
sandboxed.</div><div><br class=3D""></div><div>Yes, there are ways that =
a good C++ developer could get around that, but as part of this =
discussion we have been discussing ways to avoid allowing that, such as =
potentially enabling WASM for PHP to only allow using AssemblyScript, at =
least initially.</div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><div dir=3D"ltr" class=3D""><div class=3D"">On =
a shared hosting... I seriously want to know answer to this question, =
because I firmly believe there was zero risk and security assessment not =
only done, but it hasn't been even a twinkle in the eye.</div><div =
class=3D""><br class=3D""></div><div class=3D"">On VPS/Decicated you can =
run whatever you want, so you don't have the =
limitations.</div></div></div></blockquote><div><br =
class=3D""></div><div>Shared hosting vs. VPS/Dedicated is a false =
dichotomy.&nbsp;</div><div><br class=3D""></div><div>There is also =
managed hosting =E2=80=93 typically run in sandboxed containers =E2=80=94 =
that specialize in running specific CMS and/or frameworks.</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
dir=3D"ltr" class=3D""><div class=3D"">On other note - people have =
pointed out how big body of work it is. If you want to sponsor WASM =
development for PHP, I suggest Automatic open their wallet and put in =
2-3 million $ a year for the next 5-10 years to PHPFoundation and find =
devs who are capable and willing to do this job. Honestly, I think you =
might find people to want to do that rather than lack of money being the =
cause of it.</div></div></div></blockquote><br class=3D""></div><div>Well,=
 that is an option, and I would be glad to see it.&nbsp;</div><div><br =
class=3D""></div><div>However, my guess is that Automattic (spelled =
correctly) is not likely to do that given how dismissive PHP Internals =
and by extension the PHP Foundation has been regarding the needs of =
WordPress users for as long as you Arvids have been doing PHP. =
&nbsp;</div><div><br class=3D""></div><div>But who knows, maybe there =
could be a d=C3=A9tente? &nbsp;Who on this list would be more open than =
in the past to treat concerns of WordPress users as legitimate rather =
than dismiss them because (I am paraphrasing) "how bad their code =
is?"</div><div><br class=3D""></div><div><div><blockquote type=3D"cite" =
class=3D""><div class=3D"">On Sep 20, 2024, at 3:39 PM, Niels Dossche =
&lt;<a href=3D"mailto:dossche.niels@gmail.com" =
class=3D"">dossche.niels@gmail.com</a>&gt; wrote:</div><div =
class=3D"">Perhaps I'm missing something in this discussion, as this =
discussion has all sorts of tangents and is quite lengthy. Also easy to =
forget what's been said and not.<br class=3D"">Anyway, there is already =
a wasm extension for PHP: <a href=3D"https://github.com/veewee/ext-wasm" =
class=3D"">https://github.com/veewee/ext-wasm</a><br =
class=3D""></div></blockquote></div><br class=3D""><div class=3D"">The =
something you might be missing is the discussion is about potentially =
having WASM as a bundled extension in PHP core rather than there just =
having one be available, and the reason is so that it can become a =
viable option for CMS &amp; Framework vendors to include on their list =
of required or at least recommended extensions.</div><div class=3D""><br =
class=3D""></div></div><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" =
class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D"">On =
Sep 20, 2024, at 7:27 PM, Rowan Tommins [IMSoP] &lt;<a =
href=3D"mailto:imsop.php@rwec.co.uk" =
class=3D"">imsop.php@rwec.co.uk</a>&gt; wrote:</div><div class=3D"">It's =
absolutely possible to build a PHP extension that interfaces to a WASM =
runtime, and links have been shared to at least two projects doing just =
that. Adding that to the php-src repo doesn't change what that extension =
can do, it just marks it as "approved" in some slightly ill-defined way, =
and restricts it to having new releases only once per year.<br =
class=3D""><br class=3D"">I think there's an impression that somehow by =
proposing that "we" add some complex functionality "to the language", it =
will suddenly attract developers and become stable and universally =
adopted; but it's really the other way around: once there's a mature =
implementation, and some people offering to maintain it, we can consider =
moving it to the php-src repo, if that seems beneficial. (And if other =
constraints are met, such as licensing.)<br =
class=3D""></div></blockquote><div><br class=3D""></div><div>No, it is =
not "the other way around," it is *both*, and mischaracterizing it to =
say that the only way hosting providers will install something is if it =
becomes popular dismisses the valid approach we've been advocating for, =
or at least for installations on a reasonably widespread basis (~1/3rd =
of hosts or more)</div><div><br class=3D""></div><div>What your =
dismissal ignores is that many hosts won't install something unless a =
Framework or CMS requires or at least recommends it. And no Framework or =
CMS that cares anything at all about risk management =E2=80=94 e.g. none =
with a large userbase =E2=80=94 would require or at least recommend an =
extension that is not bundled with PHP unless there is overwhelming need =
for it and it targets a business vs. a technical need.</div><div><br =
class=3D""></div><div>I absolutely love that Larry called the question =
if it were technically possible. &nbsp;Maybe Larry will read this and =
can answer the question =E2=80=94 since he was heavily involved with =
Drupal =E2=80=94 "Would Drupal be willing to require or at least =
recommend a 3rd party WASM extension vs. a bundled one here?&nbsp;<a =
href=3D"https://www.drupal.org/docs/getting-started/system-requirements/ph=
p-requirements#extensions" =
class=3D"">https://www.drupal.org/docs/getting-started/system-requirements=
/php-requirements#extensions</a>"</div><div><br =
class=3D""></div><blockquote type=3D"cite" class=3D"">At which point, =
some managed hosting servers might be more willing to install it. Not =
the ones who don't even install ext/curl, those are never going to =
benefit from this.&nbsp;</blockquote><div><br class=3D""></div>There are =
very few (if any) that won't install curl as you cannot run WordPress =
w/o curl. &nbsp;Your knowledge of what hosting providers will and will =
not install seems to be rather dated.</div><div><br class=3D""><blockquote=
 type=3D"cite" class=3D"">But maybe the ones who install a reasonable =
list of features, but are a bit wary of installing PECL extensions they =
don't know much about, can be persuaded to trust their users with a WASM =
sandbox.<br class=3D""></blockquote><div><br class=3D""></div>Or the =
ones who want to target the users of the CMS or Framework that recommend =
or require the extension.</div><div><br class=3D""></div><div>If the =
extension were bundled then I expect it could become a recommended =
extension for hosts to enable and WordPress could start shipping WASM =
extensions for the use-cases Dennis Snell mentioned that can optionally =
run if the WASM extension is enabled vs. if not it would just run the =
old slower PHP code.</div><div><br class=3D""></div><div>BTW, Dennis, =
could you see WordPress recommending a WASM extension if PHP bundled one =
here?&nbsp;<a =
href=3D"https://make.wordpress.org/hosting/handbook/server-environment/#ph=
p-extensions" =
class=3D"">https://make.wordpress.org/hosting/handbook/server-environment/=
#php-extensions</a></div><div><br class=3D""></div><div><div =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; line-break: =
after-white-space;" class=3D""><div><blockquote type=3D"cite" =
class=3D""><div class=3D"">On Sep 20, 2024, at 8:51 PM, Hammed Ajao =
&lt;<a href=3D"mailto:hamiegold@gmail.com" =
class=3D"">hamiegold@gmail.com</a>&gt; wrote:</div><div class=3D""><div =
dir=3D"ltr" class=3D""><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">Ah so you want to make huge changes to the engine =
for even less users?</div></div></div></div></blockquote><div><br =
class=3D""></div><div>Why make such a leading yet false =
assertion?</div><div><br class=3D""></div><div>The fact it can be =
implemented in an PHP extension discretions your assert that it would =
require "huge changes to the engine." &nbsp;In fact, it would not =
require *any* changes to the engine.</div><div><br =
class=3D""></div><blockquote type=3D"cite" class=3D""><div dir=3D"ltr" =
class=3D""><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" =
style=3D"margin: 0px 0px 0px 0.8ex; border-left-width: 1px; =
border-left-style: solid; border-left-color: rgb(204, 204, 204); =
padding-left: 1ex;">If you insist, I'll await your =
MVP.</blockquote></div></div></blockquote><div><br =
class=3D""></div><div>Here it is: &nbsp;<a =
href=3D"https://github.com/wasmerio/wasmer-php/releases/tag/1.1.0" =
class=3D"">https://github.com/wasmerio/wasmer-php/releases/tag/1.1.0</a></=
div><div><br class=3D""></div><blockquote type=3D"cite" class=3D""><div =
dir=3D"ltr" class=3D""><div class=3D"gmail_quote"><div class=3D"">So =
maybe those companies should implement it themselves or pay to have it =
implemented.</div></div></div></blockquote><div><br =
class=3D""></div><div>Or maybe those companies just give up on using PHP =
rather than constantly deal with intransigence among community members =
when improvements are even mentioned? Most of my work has been in Go =
lately, motivated in large part because of PHP's governance model that =
centers around this list and the hostile and non-constructive reactions =
that are far too common on this list.</div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div dir=3D"ltr" class=3D""><div =
class=3D"gmail_quote"><div class=3D"">How would we handle the JS-like =
stdlib of assembly script? Another abstraction layer? That seems easier =
to you than a DSL created specifically for =
this?&nbsp;</div></div></div></blockquote><div><br =
class=3D""></div><div>You mischaracterize, but yes, an existing working =
WASM is easier IMO than a DSL that is just "concepts of a =
plan."</div><div><br class=3D""></div><div>(Those quotes were not yours, =
I am just making a pun on something that was said recently by someone =
well-known in the USA.)</div><div><br class=3D""></div><blockquote =
type=3D"cite" class=3D""><div dir=3D"ltr" class=3D""><div =
class=3D"gmail_quote"><div class=3D"">With PHP like =
syntax?&nbsp;</div></div></div></blockquote><div><br =
class=3D""></div><div>Why is "PHP like syntax" a blocking requirement? =
&nbsp;C does not have a PHP-like syntax, or at least one that is not =
more similar to AssemblyScript than PHP. &nbsp;Why then is C acceptable =
for extensions but AssemblyScript is not?</div><div><br =
class=3D""></div><div>And even so, there is no reason a PHP-like syntax =
is required. PHP developers work with JS or TS every day, and =
AssemblyScript is just a variant of TypeScript.</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div dir=3D"ltr" =
class=3D""><div class=3D"gmail_quote"><div class=3D"">Using the parser =
already in the engine? With a PHP-like stdlib?</div><div =
class=3D"">&nbsp;</div><blockquote class=3D"gmail_quote" style=3D"margin: =
0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; =
border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><br =
class=3D"">&gt; &gt; In essence, WebAssembly is great for certain =
scenarios, but PHP has existing mechanisms that make the addition of a =
Wasm runtime potentially redundant for most use cases.&nbsp;<br =
class=3D""><br class=3D"">Then for those cases where it is redundant, =
don't use it.<br class=3D""></blockquote><div class=3D""><br =
class=3D""></div><div class=3D"">That's most use cases. It doesn't make =
any sense to burden all users and contributors just so some companies =
can maybe decide to enable wasm to make more =
money.</div></div></div></blockquote><div><br class=3D""></div><div>First,=
 it would not burden all users nor all contributors; that is an invalid =
claim I have discredited above.</div><div><br =
class=3D""></div><div>Second, that sounded like a Freudian slip where =
you said the quiet part out loud. Is this about you somehow having a hot =
button about "some people wanting to make money" rather than accepting =
people just want to be able to write better and faster websites in PHP? =
If&nbsp;"some people wanting to make money" were the discrediting bar =
then (almost?) every feature request could be denied on that =
basis.&nbsp;</div><div><br class=3D""></div><blockquote type=3D"cite" =
class=3D""><div dir=3D"ltr" class=3D""><div class=3D"gmail_quote"><div =
class=3D"">Honestly, a DSL would be the perfect solution here. Anyone =
familiar with writing PHP extensions knows about `gen_stub.php`, which =
scans PHP stubs and generates the corresponding binding C =
code.&nbsp;</div></div></div></blockquote><div><br =
class=3D""></div><div>When and where does the C code get =
compiled?&nbsp;</div><div><br class=3D""></div><div>And isn't that what =
Zephir actually is?</div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div dir=3D"ltr" class=3D""><div class=3D"gmail_quote"><div =
class=3D"">I've often thought this process could be extended to handle =
more complex scenarios like promoted properties, simple expressions =
(e.g., assignments, property access, comparisons), and anything that can =
be easily translated into C code.<br class=3D""><br class=3D"">V8 has a =
similar tool called Torque, and I've always wondered what something like =
that would look like for PHP. It would result in a strict, statically =
typed subset of PHP that satisfies all the requirements, except for the =
last one (which it would only partially fulfill).<br class=3D""><br =
class=3D"">Since the generated code would interface directly with the =
Zend API, we can consider the DSL code as safe as the PHP implementation =
itself. While there wouldn't be CPU throttling, hosts shouldn't have =
major objections since it would essentially be as safe as PHP.<br =
class=3D""><br class=3D"">Most importantly, this approach would benefit =
everyone. It would have no third-party dependencies and would only need =
to evolve alongside PHP/Zend as they grow.<br class=3D""><br =
class=3D"">That=E2=80=99s how I would approach it.<br =
class=3D""></div></div></div></blockquote><div><br class=3D""></div>I =
await your proposal. &nbsp;Sincerely.&nbsp;</div><div><br =
class=3D""></div><div>And I don't mean to the level of an RFC, but a =
document that details how it would work, and one that could be discussed =
and commented on as you can on a Github repo.</div><div><br =
class=3D""></div><div>Note I am not advocating fro a *specific* approach =
=E2=80=94 e.g. WASM =E2=80=94 I am advocated to achieved the stated =
goal, e.g. an extension mechanism that can run at near native speed for =
low-level string parsing and maths that realistically will be able to be =
run on managed hosts which IMO means they have to be adopted by major =
CMS and/or Frameworks as requirements if not at least =
recommendations.&nbsp;</div><div><br class=3D""></div><div>If your ideas =
can achieve those goals, I would fully be behind them. &nbsp;(I am =
however skeptical that what you proposal can achieve all those goals; =
prove me wrong.)</div><div><br =
class=3D""></div></div></div><div><div><blockquote type=3D"cite" =
class=3D""><div class=3D"">On Sep 20, 2024, at 4:18 AM, Rowan Tommins =
[IMSoP] &lt;<a href=3D"mailto:imsop.php@rwec.co.uk" =
class=3D"">imsop.php@rwec.co.uk</a>&gt; wrote:</div><div class=3D"">On =
20 September 2024 06:20:46 BST, Mike Schinkel &lt;<a =
href=3D"mailto:mike@newclarity.net" class=3D"">mike@newclarity.net</a>&gt;=
 wrote:<br class=3D""><blockquote type=3D"cite" class=3D"">Moot point as =
it cannot be run on a managed hosted server.<br =
class=3D""></blockquote><br class=3D"">Why not? Only because the people =
managing that server haven't been persuaded to include it as an option. =
And that is mostly because it's currently experimental, and there isn't =
wide demand for it.<br class=3D""></div></blockquote><div><br =
class=3D""></div>You can hypothetical all day long, but the reality is =
that if something is not shipped with PHP, someone wanting to write PHP =
code that a library, CMS or frameworks depends on would have to play a =
failure-guaranteed game of whack-a-mole to get a lot of managed hosting =
providers to support it.&nbsp;</div><div><br class=3D""></div><div>And =
the larger CMS and frameworks are rightly not going to support something =
that does not get bundled into php-src.</div><div><br =
class=3D""></div><div><blockquote type=3D"cite" class=3D""><blockquote =
type=3D"cite" class=3D""><blockquote type=3D"cite" class=3D"">Just to =
reiterate, if by "built-in to PHP core", you mean "every copy of PHP =
includes a functional WASM runtime", that's not going to happen. It =
would mean bundling (or requiring every user to install) a huge =
third-party dependency, with all of its dependencies and platform =
requirements, even if they weren't interested in using it.<br =
class=3D""></blockquote><br class=3D"">So why do you claim that bundling =
a third-party dependency is a "never going to happen" scenario? =
&nbsp;<br class=3D""><br class=3D"">By that logic PHP would have none of =
these functionalities:<br class=3D""><br class=3D"">=E2=80=A2 cURL<br =
class=3D"">=E2=80=A2 GD<br class=3D"">=E2=80=A2 PDO<br class=3D"">=E2=80=A2=
 OpenSSL<br class=3D"">=E2=80=A2 MBString<br class=3D"">=E2=80=A2 =
Zlib<br class=3D"">=E2=80=A2 Zip<br class=3D"">=E2=80=A2 XSL<br =
class=3D"">=E2=80=A2 EXIF<br class=3D"">=E2=80=A2 BCMath<br =
class=3D""></blockquote><br class=3D"">None of those are "built into PHP =
core" in the sense of "every copy of PHP includes them". Nor do any of =
them bundle their third-party dependencies.They are all optional =
extensions, which the user has to provide the dependencies for if they =
want to install and enable them.<br class=3D""></blockquote><div><br =
class=3D""></div><div>Fine, we can treat WASM the same as all those =
other extensions and bundling it with PHP meaning `;extension=3Dwasm` =
line in production.ini, the internal code needed to link in the library, =
and compiler switches to compile it in.</div><div><br =
class=3D""></div><div>If PHP were to ship in this way then CMS and =
Frameworks could choose to add WASM to their list of required or =
recommended extensions, as it sounds like from Dennis Snell's really =
excellent messages that WordPress would likely want to do =
that:</div><div><br class=3D""></div><div>-&nbsp;<a =
href=3D"https://make.wordpress.org/hosting/handbook/server-environment/#ph=
p-extensions" =
class=3D"">https://make.wordpress.org/hosting/handbook/server-environment/=
#php-extensions</a></div><div>-&nbsp;<a =
href=3D"https://laravel.com/docs/11.x/deployment#server-requirements" =
class=3D"">https://laravel.com/docs/11.x/deployment#server-requirements</a=
>&nbsp;</div><div>-&nbsp;<a =
href=3D"https://www.drupal.org/docs/getting-started/system-requirements/ph=
p-requirements#extensions" =
class=3D"">https://www.drupal.org/docs/getting-started/system-requirements=
/php-requirements#extensions</a>&nbsp;</div><div><br =
class=3D""></div><div>Once CMS &amp; Frameworks are empowered to use =
WASM as part of their core offering then they could start recommending =
WASM and managed web hosts that want to cater to their users would start =
offering WASM enabled on their platforms.</div><div><br =
class=3D""></div><div>BTW, very few CMS or Frameworks make any =
extensions not referenced in production.ini as requirements, and for =
very good reason because doing so would be too =
risky.&nbsp;</div><div><br class=3D""></div><blockquote type=3D"cite" =
class=3D"">They are what is sometimes referred to as "bundled =
extensions", which just means they have source code in the php-src =
repository, and get new releases at the same time as PHP. Being in that =
list doesn't mean managed hosts have to provide them (who would force =
them?) and not being in that list doesn't mean managed hosts can't =
provide them (it's as easy to install "php-mongodb" on Ubuntu as =
"php-mysqli", even though one is "bundled" and the other hosted on =
PECL).<br class=3D""><br class=3D"">Being "bundled" may be interpreted =
as something of a "stamp of approval", indicating that an extension is =
mainstream and stable. That's something that has to be earned - many =
extensions started out in their own projects, with releases listed on =
PECL or elsewhere, and were proposed for adoption into the php-src repo =
once they became stable.<br class=3D""><br class=3D"">Which is why I say =
your energies for now are best spent on a project like extism, or =
wasmer-php - build that stable extension, and then we can discuss =
whether it would be beneficial to adopt it into the php-src repo.<br =
class=3D""></blockquote><div><br class=3D""></div><div>Then let us =
redirect our discussion as to whether it would be beneficial to adopt =
wasmer-php into php-src repo, an objective list of reasons it would not, =
if not, and an objective list of things it could do to resolve those =
objections.&nbsp;</div><div><br class=3D""></div><div>That would be much =
more productive than debating hypotheticals.</div><div><br =
class=3D""></div><div><div>-Mike</div></div></div></div></div></body></htm=
l>=

--Apple-Mail=_366378A4-C7A9-44B5-9FA3-C3AA962BF99C--