Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:126386 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 10E201A00BC for ; Thu, 13 Feb 2025 08:17:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1739434463; bh=XNYTr/TuBHCUHpoYKIR6VcsWISdTV64m/BUlhfrazw0=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=EnepedQrx4W2JhugTW4B/agNFFi3wF2J3T1jgaZjkeI9TXODGXheBBcegt86AlrM/ dNKUiegzsDdsIROAi21ufwDnDs3HmiVrkgwjy4JIGuHXBg8H0yADRHWLGpRAoASrkX FiXoOq93tjtPFC/OxuBvg92kSfrUQIdT575S2gzf5a4M8XYeSYCX5P9oFiDRowBYuN l7nvvZs0UI9lHS+EEuXDZwxZNir5Lh46azfPRQbJ0NoyMaVyPC8RLZxiXC5qWVvbJv bed+RhTL2fbVL5IGEMIILyz7h7Oq/vu+C4J7ImO9ROmBRpsEUijpdxcY9VqENL7aBz M8TlfbsbgwurA== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 2B8B0180072 for ; Thu, 13 Feb 2025 08:14:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,HTML_MESSAGE, RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from smtp-out3.simply.com (smtp-out3.simply.com [94.231.106.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 13 Feb 2025 08:14:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.simply.com (Simply.com) with ESMTP id 4Ytp1p3dGbz1DHc0 for ; Thu, 13 Feb 2025 09:17:02 +0100 (CET) Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by smtp.simply.com (Simply.com) with ESMTPSA id 4Ytp1p0c0fz1DDhF for ; Thu, 13 Feb 2025 09:17:02 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=givoni.dk; s=unoeuro; t=1739434622; bh=XNYTr/TuBHCUHpoYKIR6VcsWISdTV64m/BUlhfrazw0=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=Nj40W5BmKCwHECP9WkRbP51Hjk2BxhPsFDqkyIrCqrI0uk1KkgliKQSPwLV+olWxE Qkkuk/CR76/jGWDxnhQa6FJiA4saRxRar6CM26HWseyRc6b4177fatGxYxWXOHlaB6 08cPiX/DwIjGx/cHHTWkbBeJeDjGz4WEJB0KNMYE= Received: by mail-pj1-f51.google.com with SMTP id 98e67ed59e1d1-2f44353649aso987280a91.0 for ; Thu, 13 Feb 2025 00:17:02 -0800 (PST) X-Gm-Message-State: AOJu0YwUwfmH3EVyQB8S9GkoixcOaN2/CCWR5IZum7YaYMv+cPjO3fjR bXcG4GF3yJy6u3F255hqI5wOxOzioiFSTVsNn3I+t+eT9TM57Lsr2Ax2NFHjC5Lmn7Y41PuEMpV XH51db9IvYEoOYDIa+cbcKIGm5vI= X-Google-Smtp-Source: AGHT+IEk5r7CyIX/+ELg0rP+Cmm8qqvFdaeFPuN6vum1rH/2NACJC560gGt8kkFvzK4qGk94Dfy8vyCkSr5e9tpXlu4= X-Received: by 2002:a17:90b:278c:b0:2fa:1f1b:3db9 with SMTP id 98e67ed59e1d1-2fbf9106ad2mr7205360a91.26.1739434620423; Thu, 13 Feb 2025 00:17:00 -0800 (PST) Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 References: <5c142df3-94f8-45ba-b5c6-af3b4f7caa8b@varteg.nz> In-Reply-To: <5c142df3-94f8-45ba-b5c6-af3b4f7caa8b@varteg.nz> Date: Thu, 13 Feb 2025 09:16:49 +0100 X-Gmail-Original-Message-ID: X-Gm-Features: AWEUYZlEapQXmTjK4mzf-uC5H43vr9ATI7xICjKW3MO_EpTctoSIpxm0xqoe5FQ Message-ID: Subject: Re: [PHP-DEV] Re: RFC: Marking return values as important (#[\NoDiscard]) To: tim@bastelstu.be, volker@tideways-gmbh.com Cc: internals@lists.php.net Content-Type: multipart/alternative; boundary="000000000000a92124062e01ae42" From: jakob@givoni.dk (Jakob Givoni) --000000000000a92124062e01ae42 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable My thoughts overall on this: 0. I'm not against introducing the attribute, only how it's used/enforced etc. (And, incidentally, what it actually MEANS, see if you can spot that from the rest of my comments....) 1. Static analysers and IDEs: I agree with everyone who's said that whether or not the return value is "used" should be a concern for tooling like static analysers and the IDE, and ideally not for PHP runtime. Attributes were added as a structured replacement for docblock props and I don't like it when they affect how a program actually runs (as long as you're not using reflection). 2. If it must be a concern for PHP at runtime, a warning is preferred over an exception. It only makes sense =E2=80=93 it's in the name: Exceptions ar= e for exceptional situations, warnings are for warning you. 3. Naming of the attribute: I think the most precise name (if I understand the purpose correctly) is: #[ReturnValueMayContainCriticalInformation] 4. Should all internal functions, such as fopen() (which may return false on error instead of throwing an exception), have this attribute? I understand that ideally we only want to add it where the failure to inspect the return value could result in something outright dangerous, but I think that's a really hard call to make. If we scale it back to mean "Look, this function may not behave the way you'd expect it to, - the return value may actually contain some information you might be interested in, so you better check it man", then I think it could be a small but useful addition. Best, Jakob --000000000000a92124062e01ae42 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
My thoughts overall on this:

0. I'm not against introducing the attribute, only how it's used/e= nforced etc. (And, incidentally, what it actually MEANS, see if you can spo= t that from the rest of my comments....)

1. Static analysers and IDEs: I agree = with everyone who's said that whether or not the return value is "= used" should be a concern for tooling like static analysers and the ID= E, and ideally not for PHP runtime.
Attributes were added as a structure= d replacement for docblock props and I don't like it when they affect h= ow a program actually runs (as long as you're not using reflection).

2. If it must be a concern for PHP at runtime, a war= ning is preferred over an exception. It only makes sense =E2=80=93 it's= in the name: Exceptions are for exceptional situations, warnings are for w= arning you.

3. Naming of the attribute: I think the most = precise name (if I understand the purpose correctly) is: #[ReturnValueMayCo= ntainCriticalInformation]

4. Should all internal f= unctions, such as fopen() (which may return false on error instead of throw= ing an exception), have=C2=A0this attribute?
I understand that id= eally we only want to add it where the failure to inspect the return value = could result in something outright dangerous, but I think that's a real= ly hard call to make.
If we scale it back to mean "Look, this funct= ion may not behave the way you'd expect it to, - the return value may a= ctually contain some information you might be interested in, so you better = check it man", then I think it could be a small but useful addition.

Be= st,
Jakob
=C2=A0
--000000000000a92124062e01ae42--