Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:84089 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 66043 invoked from network); 1 Mar 2015 02:29:27 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Mar 2015 02:29:27 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.52 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.192.52 mail-qg0-f52.google.com Received: from [209.85.192.52] ([209.85.192.52:46894] helo=mail-qg0-f52.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 0B/50-63732-68972F45 for ; Sat, 28 Feb 2015 21:29:26 -0500 Received: by mail-qg0-f52.google.com with SMTP id l89so8133899qgf.11 for ; Sat, 28 Feb 2015 18:29:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=1PBASG/GYHfCSpiISko/tisJ71LwfpMwli43qtiqJeU=; b=UDbrBR7HvsD6pcB2MzVB/4d7iuTcZ8tWrGvw5AnKRbyRvLFOa5wr+4ASHRdgs0dRaj pv4Dm2WbPoEZNmRoRXlh5raxqAykau/vgcRiVZCPYwKQaSg7ti4QWwPmGT+uIJvOsaUD 8YJT/TU5tVAAUHu14Uo/WFoKLI+mrd5K3B9VCMq54gsRJGDR4UHUWUY0Fw3rbuXokY1Z Muee2Y5Hp2K9OMvajce37qA9GbzfMmKDq6/8r+vHQJpQIO73GGsNell16aHt75RO+rOS NemjFwqNJWevTve+0aK9S6x7gjKzkBjyuG6bRJ/8rIWqNU3NsMd5lAbOsWlbnbXeZgkW o4/w== X-Received: by 10.140.16.99 with SMTP id 90mr8181977qga.105.1425176963973; Sat, 28 Feb 2015 18:29:23 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.229.198.8 with HTTP; Sat, 28 Feb 2015 18:28:43 -0800 (PST) In-Reply-To: <54F209B9.5020200@googlemail.com> References: <54E5F77D.9090406@fischer.name> <54E6F48A.9040906@fischer.name> <54E72FE7.9030803@googlemail.com> <54E7312D.9090404@googlemail.com> <54E73E70.5020403@googlemail.com> <54F209B9.5020200@googlemail.com> Date: Sun, 1 Mar 2015 11:28:43 +0900 X-Google-Sender-Auth: Wc60iXC3ggd4yBAwj6URwln07KU Message-ID: To: Crypto Compress Cc: PHP Developers Mailing List Content-Type: multipart/alternative; boundary=001a11c067a0ae06f6051030de1a Subject: Re: [PHP-DEV] [VOTE] Expectations From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a11c067a0ae06f6051030de1a Content-Type: text/plain; charset=UTF-8 Hi Crypto, On Sun, Mar 1, 2015 at 3:32 AM, Crypto Compress < cryptocompress@googlemail.com> wrote: > sorry for the late answer. My point is about throwing exceptions > (assert.exceptions=1). I think it is wrong to allow to change code-flow by > ini-setting and in current context it is wrong to throw exceptions > altogether. Let's assume this code example in dev-mode with exceptions: > > class BankAccount { > function Add($amount) { > assert($amount > 0); > // ... code block ... > } > } > > Now the programmer implementing "code block" to gracefully handle $amount > > 0 has a problem. There is no way to (Unit)test failing path on > development machine. Code after assertion is never called for failing > contitions. What to do? Delete assertion is out of question. Disable > zend.assertions on development machine seems to be the wrong way too. The > only way to handle this is to disable exceptions (assert.exceptions=0) so > expected code flow is restored. This, if allowed to be changed, should be > at least the default. > > IMO ability to run and test code broadly outweighs "provides stacktrace by > default" argument and for some reason i fear assert.exceptions=1 will be > the only case soon. > I understand that removing assert conditions may seem to increase bugs in code. Wrong usage of assertion actually creates bugs. I agree. However, assertion is not for production checks, but development time checks. Code example you're presented requires "caller" to make sure "$amount > 0" condition is met. Unit tests has to make sure "$amount > 0" condition is kept without assertion. Assertion (as well as DbC) helps to make sure if conditions/expectations of "callee" are fulfilled by "caller". Since caller must fulfill condition in the first place, removing assertions should not be problem under production environment and production codes execute faster. Under structured programming, developers tend error condition check responsibility to "callee", just like your example. Use of assertion is DbC style programming which forces error condition checks to "caller". It changes why of thinking and these changes may be difficult to adopt for some developers, but the basic idea is simple enough to be understood by all developers. I hope. What good about DbC is it can achieve both robust development and faster execution at the same time if it is used _properly_. I understand your concern. Developers must think what/where is the error condition check responsibility. Without this, the result can be fatal. Even if assertion/DbC has cons, its pros outweigh cons, IMHO. Assertion/DbC - Promotes caller to validate inputs. Input validation is the most important for secure code. - Underlying simple APIs that are called many times can omit various condition checks in production. (Faster execution) - Prevents wrong usage of API during development by assert failure. - Makes developers to think where/how to implement "defense in depth" properly. (Since no assertion checks in production, developers have to think where/how to implement additional systematic defense in their code. This is good for better security.) I fully agree that users can misuse. We must make effort that users understand proper usage and idea behind assertions/DbC. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a11c067a0ae06f6051030de1a--