Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:83420
Return-Path: <padraic.brady@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 76510 invoked from network); 21 Feb 2015 19:56:12 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Feb 2015 19:56:12 -0000
Authentication-Results: pb1.pair.com smtp.mail=padraic.brady@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=padraic.brady@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.46 as permitted sender)
X-PHP-List-Original-Sender: padraic.brady@gmail.com
X-Host-Fingerprint: 209.85.213.46 mail-yh0-f46.google.com  
Received: from [209.85.213.46] ([209.85.213.46:46710] helo=mail-yh0-f46.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B3/71-08895-BD2E8E45 for <internals@lists.php.net>; Sat, 21 Feb 2015 14:56:12 -0500
Received: by yhzz6 with SMTP id z6so6640211yhz.13
        for <internals@lists.php.net>; Sat, 21 Feb 2015 11:56:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=S2PwTXmf8eAZGjZNQzcpf6FK44dwH7Mtgaw/v+A9XYM=;
        b=zPH3+43Ix7JBF3Z9D7LOv8wE/r2CSG+4ulgtyF/VnT5MLhvrU5ohqT5oibNe+x5ANK
         VkLG6w2oB7n/Sn8rKFz30Z3WDJj0qNO/SoVRrB3shbjqDBNBLiU2+ipSGnPYuN3ch/m+
         v1epQ0jQbwRjNUyh9JqwOgUbdmlx+g1p8QRP04q3gtv2CVZfGf3d+J6VRKTXiKlnlQSb
         DfGO5mEgDf6mGpXpkjgjLDHKVKSjF9O90mm1ksvQv9tgbhdWcm1LrQTlBCNWLby/0Htt
         XgHGUg2cHloXbU6bTO1PYZfzwNEMRbJVIoi8NuMtYiOtJiR5WjfGf5UNjHwWeJqXfpU0
         71ug==
MIME-Version: 1.0
X-Received: by 10.170.54.84 with SMTP id 81mr3850208ykw.84.1424548568564; Sat,
 21 Feb 2015 11:56:08 -0800 (PST)
Received: by 10.170.222.86 with HTTP; Sat, 21 Feb 2015 11:56:08 -0800 (PST)
In-Reply-To: <c8b54c9828154c7e07810461db03bd4d@mail.gmail.com>
References: <7ef509ef10bb345c792f9d259c7a3fbb@mail.gmail.com>
	<CAAyV7nHq_-9jyRcwJmiAxthmEo3u3MDXcyOC09LV2DETABzCoA@mail.gmail.com>
	<c8b54c9828154c7e07810461db03bd4d@mail.gmail.com>
Date: Sat, 21 Feb 2015 19:56:08 +0000
Message-ID: <CALwr1GmzNOFUgZGxC+vRri6btdh=QQaUnE+d0Wr8XLbQOEuMmQ@mail.gmail.com>
To: Zeev Suraski <zeev@zend.com>
Cc: Anthony Ferrara <ircmaxell@gmail.com>, PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Coercive Scalar Type Hints RFC
From: padraic.brady@gmail.com (=?UTF-8?Q?P=C3=A1draic_Brady?=)

On 21 February 2015 at 18:13, Zeev Suraski <zeev@zend.com> wrote:
>> -----Original Message-----
>> From: Anthony Ferrara [mailto:ircmaxell@gmail.com]
>> Sent: Saturday, February 21, 2015 8:12 PM
>> To: Zeev Suraski
>> Cc: PHP internals
>> Subject: Re: [PHP-DEV] Coercive Scalar Type Hints RFC
>>
>> Zeev,
>>
>> First off, thanks for putting forward a proposal. I look forward to a
>> patch
>> that can be experimented with.
>>
>> There are a few concerns that I have about the proposal however:
>>
>> > Proponents of Strict STH cite numerous advantages, primarily around co=
de
>> safety/security. In their view, the conversion rules proposed by Dynamic
>> STH
>> can easily allow =E2=80=98garbage=E2=80=99 input to be silently converte=
d into arguments
>> that
>> the callee will accept =E2=80=93 but that may, in many cases, hide
>> difficult-to-find
>> bugs or otherwise result in unexpected behavior.
>>
>> I think that's partially mis-stating the concern.
>
> I don't think it is, based

The sentence stresses garbage in too much to read as accurate. To
clarify, there is a) garbage in due to weak coercion and b) a function
being called with a string when the typehint says int. Both are
separate concerns around error detection. Stricter coercion can enable
only one of these two, for example. That's better than neither, of
course! The coercion rules were stricter than I expected based on
previous emails. Stressing one too much might suggest to a reader that
the second concern does not exist.

Other pedantic comment: "numerous" is probably too strong a word
there. The advantages may vary by person, but usually fit within basic
five-finger math. It would be more important to enumerate them rather
than selecting one as primary.

On the RFC rules themselves, a few comments:

1. Happy to see leading/trailing spaces excluded.
2. Rules don't make mention of leading zeroes, e.g. 0003
3. "1E07" might be construed as overly generous assuming we are
excluding stringy integers like hex, oct and binary
4. I'm assuming the stringy ints are rejected?
5. Is ".32" coerced to float or only "0.32"? Merely for clarification.
6. Boolean coercion from other types... Not entirely sure myself.
Completely off the cuff: <=3D0: false, >0:true, floats and strings need
not apply.
7. In string to float, only capital E or also small e?
8. I'll never stop call them "stringy" ints.


Paddy

--
P=C3=A1draic Brady

http://blog.astrumfutura.com
http://www.survivethedeepend.com