Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:127827
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by lists.php.net (Postfix) with ESMTPS id 571901A00BC
	for <internals@lists.php.net>; Tue,  1 Jul 2025 15:18:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1751382991; bh=nY+7WQyzsrY705N3DjTjKpQK3Xm6dAcaK/AMf/AEfZI=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=lPJcFLGvRriH9s2xQNDb9z1JxzDEZxQlNvJSjsGcCeYmAAF/IhKlspgVyRW2MNfHg
	 JSSVgCeN3l9OeZ/KpEGdTto0CWOwrSDL3pDVDuDwsksbM506BETRbxMdDdjoBsfvCp
	 By3XMkBLrkPAnxynm3/+uE+iLa5UdMlVzasv/YooVGyCKa1XfqCScor4Yillwh3r2h
	 yy1uThkge6hXoUYO0XmXzxTlNJXkGc3TdNOtAEqcFHtfzvuwh3foV6Xq0h/luTDr9w
	 ouZ33eNJNs75dfPlVCKJPzW43AxUWbvS/hkhQOpZartUo3st3tnQ+idwLZqmDDaWin
	 Pm8KugT7bdEOQ==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id E09B718033A
	for <internals@lists.php.net>; Tue,  1 Jul 2025 15:16:30 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=4.0.1
X-Spam-Virus: Error (Cannot connect to unix socket
	'/var/run/clamav/clamd.ctl': connect: Connection refused)
X-Envelope-From: <tim@bastelstu.be>
Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue,  1 Jul 2025 15:16:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be;
	s=mail20171119; t=1751383102;
	bh=+916UE28ZDm90Wjbhjf35JOZfAmoTfepXlN0zlwXxqk=;
	h=MIME-Version:Date:From:To:Cc:Subject:In-Reply-To:References:
	 Message-ID:Content-Type:from:to:cc:subject:message-id;
	b=iD4jYt8hvCqaav0Ksr+lh366A0TFZXE2fJM5bMp6y7OoGTN6ZXT/CLbfeqg5lx+oS
	 CifPxKajKypnuGwZN1ASHojJwhgBagp2eWI5r1lUJA3Z+unoZhS1FxCLcxfPjVr66g
	 3dbhmvbw+l9e+yMNJfM13ouPhhFGbJ4cdRn7c8RrAdUbvsD1cvClPj68ZSOszJYtMx
	 9moJLPFPu6ta6/EJUFSZL8OOefXSMuqCGuAGw8LLtkEiQ77P40Vj+jN5eqlmdna4Nb
	 DDfSWRaN/ZXrhq0e8E40oHVSVy6UzyKVTlnFvo+zijPlFU+dt6JHDR7qydvnEoVbwv
	 6YMHWBQA5Pdxg==
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
Date: Tue, 01 Jul 2025 17:18:21 +0200
To: Kenta Usami <tadsan@zonu.me>
Cc: internals@lists.php.net
Subject: Re: [PHP-DEV] Expanding the scope of the #[NoDiscard] attribute
In-Reply-To: <CAHR_AjSDq878GKVXcQk+UNFcTwFEEA_s0VgP=xZWn6vtviXy-w@mail.gmail.com>
References: <CAHR_AjSDq878GKVXcQk+UNFcTwFEEA_s0VgP=xZWn6vtviXy-w@mail.gmail.com>
Message-ID: <b00a8bbf86b5655624f57b1edf4ab0a1@bastelstu.be>
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=C3=BCsterhus?=)

Hi

Am 2025-07-01 16:41, schrieb Kenta Usami:
> I'm writing to start a discussion about expanding the use of the newly
> accepted #[NoDiscard] attribute.
> I believe this attribute is a fantastic addition that will help
> prevent many subtle bugs, and we can make it even more effective by
> applying it to a broader set of core functions.
> 
> My initial thoughts for strong candidates are:
> 
> - All is_* prefixed functions
> - The password_*() functions
> - Most string functions: Many string functions like strlen(),
>   substr(), trim(), and str_replace() are also clear candidates.
>   We would naturally exclude functions with output side effects, such
>   as the printf() family.
> - Mathematical functions
> - Pure array_*() functions: Functions that don't accept callbacks,
>   such as array_keys(), array_values(), array_reverse(), and
>   array_unique(), are also strong candidates. Their return value is
>   their only result.

As one of the RFC authors, adding `#[\NoDiscard]` to every pure function 
was an explicit non-goal of the RFC. Please let me refer to: 
https://wiki.php.net/rfc/marking_return_value_as_important#recommended_usage

The goal of the attribute is to prevent 
hard-to-detect-but-easy-to-create bugs. Forgetting to use the return 
value of `str_contains()` is not particularly easy to do 
unintentionally.

> This nuance extends to other areas, like many filesystem functions
> which require case-by-case evaluation. A tricky example is
> file_get_contents(). At first glance, it seems like an obvious
> candidate. However, despite its name, it can be used to send external
> HTTP requests where the primary goal might be the side effect of the
> request itself (like a webhook ping), and the returned content is
> intentionally ignored. Adding #[NoDiscard] here could create issues

`file_get_contents()` on the other hand might be a good candidate, since 
even for a “ping” request you are generally interested in finding out 
whether or not the request succeeded. However `file_get_contents()` 
already emits warnings and notices in this case (and would probably 
throw an Exception if it was newly introduced).

Best regards
Tim Düsterhus