Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:83423
Return-Path: <padraic.brady@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 81307 invoked from network); 21 Feb 2015 20:10:08 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Feb 2015 20:10:08 -0000
Authentication-Results: pb1.pair.com smtp.mail=padraic.brady@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=padraic.brady@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.48 as permitted sender)
X-PHP-List-Original-Sender: padraic.brady@gmail.com
X-Host-Fingerprint: 209.85.213.48 mail-yh0-f48.google.com  
Received: from [209.85.213.48] ([209.85.213.48:35854] helo=mail-yh0-f48.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B7/72-08895-026E8E45 for <internals@lists.php.net>; Sat, 21 Feb 2015 15:10:08 -0500
Received: by yhaf73 with SMTP id f73so6720004yha.3
        for <internals@lists.php.net>; Sat, 21 Feb 2015 12:10:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=nyBzNH6W8AhVXjG6z+RGDSXSXGusR2PGyUs7DY64nSY=;
        b=M8IGj8h+kfL8DC+jodMvCvbvj55ErYPeMCV5bN5OFpdp/ebC9pMMgSw2ZAmXyygHdU
         7QnBTk0pkjrGLTlsj/P+yE76MtwRuSt8Z6IB/3bVH2cqEIz5k2V50yl0WVdHJpIGkQJf
         IytgHn1OfVqdy7sErcIPIOQoOR8qe/KpmOXiKp2xlONpxWhSSsjxv1lvAtIOoXtrw4ax
         oecHM8GEi0KwuH7sDY+8ugKvA5buoJT+j6yUat8zoIieLlvVXNvoqnvXNFGDzpopZD+4
         iA2CWauSDNE/Zj0S+a3NwrInrzxrm63Mlpnf35VJGZlIzg++ilrSGIfKCw5ZDUdHx1mw
         zsUg==
MIME-Version: 1.0
X-Received: by 10.236.28.129 with SMTP id g1mr3306547yha.7.1424549405333; Sat,
 21 Feb 2015 12:10:05 -0800 (PST)
Received: by 10.170.222.86 with HTTP; Sat, 21 Feb 2015 12:10:05 -0800 (PST)
In-Reply-To: <CAEZPtU5J8nnGw5Zf6FosR7=OROP8HuzFXFoExQ8+H2VOLq97HA@mail.gmail.com>
References: <1504122f9eb01ea8d37c38d30e4b677d@mail.gmail.com>
	<CAEZPtU5J8nnGw5Zf6FosR7=OROP8HuzFXFoExQ8+H2VOLq97HA@mail.gmail.com>
Date: Sat, 21 Feb 2015 20:10:05 +0000
Message-ID: <CALwr1GkAaA=BpcbjUUff+H=tt2nVSy=ub1BiRjGt6d8wVnL__w@mail.gmail.com>
To: Pierre Joye <pierre.php@gmail.com>
Cc: Zeev Suraski <zeev@zend.com>, PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] [RFC] Coercive Scalar Type Hints
From: padraic.brady@gmail.com (=?UTF-8?Q?P=C3=A1draic_Brady?=)

Copying from old thread...please ignore the original.

On 21 February 2015 at 18:13, Zeev Suraski <zeev@zend.com> wrote:
>> -----Original Message-----
>> From: Anthony Ferrara [mailto:ircmaxell@gmail.com]
>> Sent: Saturday, February 21, 2015 8:12 PM
>> To: Zeev Suraski
>> Cc: PHP internals
>> Subject: Re: [PHP-DEV] Coercive Scalar Type Hints RFC
>>
>> Zeev,
>>
>> First off, thanks for putting forward a proposal. I look forward to a
>> patch
>> that can be experimented with.
>>
>> There are a few concerns that I have about the proposal however:
>>
>> > Proponents of Strict STH cite numerous advantages, primarily around co=
de
>> safety/security. In their view, the conversion rules proposed by Dynamic
>> STH
>> can easily allow =E2=80=98garbage=E2=80=99 input to be silently converte=
d into arguments
>> that
>> the callee will accept =E2=80=93 but that may, in many cases, hide
>> difficult-to-find
>> bugs or otherwise result in unexpected behavior.
>>
>> I think that's partially mis-stating the concern.
>
> I don't think it is, based

The sentence stresses garbage in too much to read as accurate. To
clarify, there is a) garbage in due to weak coercion and b) a function
being called with a string when the typehint says int. Both are
separate concerns around error detection. Stricter coercion can enable
only one of these two, for example. That's better than neither, of
course! The coercion rules were stricter than I expected based on
previous emails. Stressing one too much might suggest to a reader that
the second concern does not exist.

Other pedantic comment: "numerous" is probably too strong a word
there. The advantages may vary by person, but usually fit within basic
five-finger math. It would be more important to enumerate them rather
than selecting one as primary.

On the RFC rules themselves, a few comments:

1. Happy to see leading/trailing spaces excluded.
2. Rules don't make mention of leading zeroes, e.g. 0003
3. "1E07" might be construed as overly generous assuming we are
excluding stringy integers like hex, oct and binary
4. I'm assuming the stringy ints are rejected?
5. Is ".32" coerced to float or only "0.32"? Merely for clarification.
6. Boolean coercion from other types... Not entirely sure myself.
Completely off the cuff: <=3D0: false, >0:true, floats and strings need
not apply.
7. In string to float, only capital E or also small e?
8. I'll never stop call them "stringy" ints.


Paddy


--
P=C3=A1draic Brady

http://blog.astrumfutura.com
http://www.survivethedeepend.com