Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:126716 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id BDF981A00BC for ; Tue, 11 Mar 2025 11:54:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1741693944; bh=oc7xg2+cuNeMM7qDfjXjv+tcX+palTrgM7rk8vlCc9c=; h=Date:To:From:Cc:Subject:In-Reply-To:References:From; b=AhzEn/5ax6K6EgvQlZj4D78vVYD77DbXXF0sg//uGdPfh7Yt2QX9GOqTt02fdzcnS VFCjOv5KWuNRSsa2WiZpvdGyD9rJUULU9YRWEWi3jbtyc08TIBDlMg1xsoU6CPsllJ Z8XeFBy5Z6/6Z5j5v1iYUc/Ok+H4RCjsjK7aRMWR2aFayxNRWM6CoWBa5PhhjXDW96 LkQQmEKTct9r/dL05/NjCHEW5NHXRoN0sEDirS76MmQC3B5+jfDU9h2gAEHyQ1oTmg GIM44s+xzZnTI4MOLODqS+o/rSrnOalOwLmiBOAl/tHjSdhHFmjjZBhr2/GaV1lN1w 9HwIu/4NvGCMA== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 8204718004B for ; Tue, 11 Mar 2025 11:52:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from mail-4018.protonmail.ch (mail-4018.protonmail.ch [185.70.40.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 11 Mar 2025 11:52:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gpb.moe; s=protonmail3; t=1741694094; x=1741953294; bh=oc7xg2+cuNeMM7qDfjXjv+tcX+palTrgM7rk8vlCc9c=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=lWno+y5XJBgy+h06YX63wls8DJUPUcrc6y3V9YPHwkTXfEslp9CHADQuQHkU0CQ4L 9DQ9D/t8DJl3v1ROni0B7o4qmgw3uK+XmqT3vk+QMHrFjIA7qANcfdcTveg0zoJ7+X FwPMHZsCFZ2i3xSZNCWFuRBpqCm7Y68iadskzYSzBjsJcaD3Vyoi5admZwwP7Vppwo kkVC9S2tbYW0YHqVmnglXPjo0vRYTyXE05OQ2W4kZbKttB/seVbvULxgHKwgf391KA U9BQJ3422FhfrGYMA0UYxWOi7wslLkFpQK6v35pocXCwG0QkHj2wHRnx3kDNM6Rjgf Vk/ki+yS8+z1w== Date: Tue, 11 Mar 2025 11:54:50 +0000 To: "Rowan Tommins [IMSoP]" Cc: internals@lists.php.net Subject: Re: [PHP-DEV] Consensus on argument validation for built-in functions Message-ID: In-Reply-To: References: <041d1a8c-dd43-4592-b997-ad4d2f91aeac@app.fastmail.com> Feedback-ID: 96993444:user:proton X-Pm-Message-ID: ba8b4b381be25108ac56f65465f939f8f447f717 Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: internals@gpb.moe ("Gina P. Banyard") On Tuesday, 11 March 2025 at 11:12, Rowan Tommins [IMSoP] wrote: >=20 > On 11 March 2025 10:20:52 GMT, Rob Landers rob@bottled.codes wrote: >=20 > > Well, when you make it an exception, it usually gets upgraded/fixed fas= ter :) >=20 >=20 > Not necessarily. When people see long lists of breaking changes in a rele= ase, they may just put off upgrading / marking the library compatible. >=20 > I think we should be very wary of how far we bend the difference between = "minor" and "major" releases. >=20 > For these changes, I'd like to hear the argument against starting with a = Warning. Is there any significant burden to waiting until 9.0 for these to = become errors? >=20 > Rowan Tommins > [IMSoP] Consistency. Just staring at ext/pcntl and the git blame you can see that some functions= validate the signal number (or flags) since PHP 8.0, others do not or only= recently (commit from November 2023). The reason being that the code was inconsistent in when it would actually w= arn in the first place. The other one is data loss concerns, many functions that forward strings to= C APIs don't check that they do not contain nul bytes, and thus the C API = receives a truncated string. Or C API require a C int, which is 32bit compared to a PHP int which can be= 64 bit, so truncation may happen for large negative/positive values. It also means that we need to do *multiple* passes, on the same code path, = resulting in somewhat of a code churn and possibly not using a common abstr= action. Considering that we didn't even have the time to properly remove some depre= cations from PHP 7 with the PHP 8.0.0 release, nor convert all relevant E_W= ARNINGs to Value/Type errors, I expect that we would be missing some of the= m again when PHP 9 comes around. (and this is ignoring the fact that PHP does not follow semver, and I'm sta= rting to really believe that any "semver-like" versioning system just does = not work for a PL, especially not one like PHP which has an insanely vast A= PI surface.) Moreover, changing a silent error condition to throwing a ValueError on a p= rogramming error that really never should be happening in the first place i= s not a disruptive BC break IMHO. And I will be repeating what I've been saying again and again, none of thes= e issues would exist if bundled extensions did not exist. The fact that these extensions are tied to the "core PHP language" release = cadence is.... incredibly annoying for everyone, from maintainers to users. Taking the example of ext/pcntl again, if it were a standalone extension, h= aving it follow semver is a way more reasonable proposition. Because we could just release 2 versions the same day, a x.y+1.0 introducin= g a warning, and a x+1.0.0 which would convert them into proper errors. Meaning as a user, you could be running whatever PHP version and have the s= tricter behaviour, or upgrade PHP while still holding the ext/pcntl version= behind while you deal with the issues. (Bonus points, the issue where PIE is currently unable to install bundled e= xtension [1] would be solved with unbundling too.) Best regards, Gina P. Banyard [1] https://github.com/php/pie/issues/133