Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:85021 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 63366 invoked from network); 16 Mar 2015 11:00:22 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Mar 2015 11:00:22 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.48 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.218.48 mail-oi0-f48.google.com Received: from [209.85.218.48] ([209.85.218.48:34633] helo=mail-oi0-f48.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 9C/7B-00492-5C7B6055 for ; Mon, 16 Mar 2015 06:00:22 -0500 Received: by oier21 with SMTP id r21so34134026oie.1 for ; Mon, 16 Mar 2015 04:00:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=ZTG1tFQQb/2e/JR0zNAGexqKbyOKCxRntJ9SdkAg8P4=; b=GFXq9e6pM30Z9Lw891sdtLeW5eRe3TUAUDXyKvRZ+n+QCk9ELbOOcp+FcnqatcdJeb j7v2dY8bda7q7wBq8OXOstBcZfq13Gl/ScYxo8HCNCtrGEjxscltC4qR/yLAlWrwFcOu NgWynMjUaIiTjiEBzfknN6Ny6383mxcR/bVnAAVCYBsF/PLwMF/MNf4QKIXgayeNdpSD o29yoCYtBqyCyAzr+pyuX2aDsK3GOV3JMaMlGJqz36+1xcdtRtuo/jitRxau25O8EgKA TKCTdO2DnGA4gvBZwuRa0+JOMwp8crDlkBQ1aXKcYSKlKhpyRgKIIzCr/cHPB64SLz9u sntQ== X-Received: by 10.202.74.147 with SMTP id x141mr10749080oia.118.1426503618823; Mon, 16 Mar 2015 04:00:18 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.202.58.2 with HTTP; Mon, 16 Mar 2015 03:59:38 -0700 (PDT) In-Reply-To: References: <55066F07.80308@birkholz.biz> <5506794B.8090008@birkholz.biz> Date: Mon, 16 Mar 2015 19:59:38 +0900 X-Google-Sender-Auth: FFDz8X9ayd-Kx84yPKKJzyWKxcQ Message-ID: To: Pierre Joye Cc: PHP internals , Dennis Birkholz Content-Type: multipart/alternative; boundary=001a1134fbc2788d1b051165c1d6 Subject: Re: [PHP-DEV] About declare(strict_types = 1) From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a1134fbc2788d1b051165c1d6 Content-Type: text/plain; charset=UTF-8 Hi Pierre, On Mon, Mar 16, 2015 at 5:17 PM, Pierre Joye wrote: > On Mar 16, 2015 6:46 PM, "Yasuo Ohgaki" wrote: > > > > Hi Dennis, > > > > On Mon, Mar 16, 2015 at 3:33 PM, Dennis Birkholz > > wrote: > > > > > Am 16.03.2015 um 07:22 schrieb Yasuo Ohgaki: > > > > Caller _must_ satisfy callee requirements. This is simple principle > to > > > > write a secure code. > > > > > > > > With this RFC, caller overrides security related setting. This means > > > > scripts > > > > that are prepared for type safety is "ignored" and it leads security > > > breach. > > > > > > that is simply not true! The callee always gets the type it expects. > > > There is no security problem involved here. The only difference is if > > > type conversion rules apply or if an error is raised for a type > mismatch. > > > > > > You clearly dislike the RFC (you voted no), that is OK, but don't > scream > > > of "security" bugs that don't exist. If they would exist, all type hint > > > RFCs would have them in general. > > > > > > > Not only Java/etc programmers but also PHP programmers will assume type > > safety by types. > > > > Programmers assume integer type data is safe once it passes as integer > type > > parameter. > > I'm sure PHP programmer do assume the same thing. > > > > I posted "bad code" > > > > > function check_num_range(int $num) { if ($num < 0 || $num > 100) > > trigger_error('Invalid range'); } > > // Somewhere far from function definition. > > $num = $GET['num']; > > // Somewhere far from $num definition. > > check_num_range($num); // Trying to check validity, int and range. > > echo 'You have '.$num. ' now
'; // But $num could have any string. > > // > > "check_num_range((int)$num)" wouldn't help also. > > ?> > > > > Caller controlled strict typing makes this worse... i.e. > > > declare(strict_types=1); > > // We are safe since $num is strictly int. Callee has responsibility to > > pass valid int . (But it's not) > > function check_num_range(int $num) { if ($num < 0 || $num > 100) > > trigger_error('Invalid range'); } > > ?> > > > > Setting register_globals=On while callee script assumes > > register_globals=Off is bad thing to do. > > Similar argument applies to declare(strict_types=1) also. > > > > As I suggested in other thread, we are better to sit down and make > > reasonable decision. > > It's not religion, but technical issue. We can reach reasonable consensus > > if we try to. If we > > cannot, it is better to introduce weak type hint only for the time being. > > So basically you mixed topics and voted no for the one RFC that would > allow what you want to do later while allowing strict hinting already. > Accepting the other means changing casting rules again later at best. Not > sure you did well here ;-) > I thought majority of us see the benefit of StrictSTH over this RFC. You're right about it. This RFC will have serious consequence. We made mistake with "safe_mode". The main reason it failed is "it did not force caller to have responsibility to make it work as it should". This RFC does the same for how declare(strict_types=1) works. Aren't we learned from "safe_mode" lessons? Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a1134fbc2788d1b051165c1d6--