Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:86044 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 44272 invoked from network); 30 Apr 2015 00:02:17 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 30 Apr 2015 00:02:17 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.53 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.218.53 mail-oi0-f53.google.com Received: from [209.85.218.53] ([209.85.218.53:34446] helo=mail-oi0-f53.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 2C/F2-29050-80171455 for ; Wed, 29 Apr 2015 20:02:16 -0400 Received: by oiko83 with SMTP id o83so35488479oik.1 for ; Wed, 29 Apr 2015 17:02:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=9LgEYoqaGvHf/U9kEHinaIH2/EoLglbBEq0mHGggLR0=; b=YQhjdeK0hnvz6xXe22OLj7socd3mOYceGV9tFMwCMFmdH1H0d1Q6N0+nQOWJXE2DWa NCoi7NolZcCMj8OORiJljKjN7TWQKLUtxHsUTR2+z6JOktMCKM6+Pxs6SUwjAs/7bcl8 hGjtFt32gZP9nSoSp4n36OjHGJds6olw6r70LxO4RpN41pmSY9Yeo64FCf+VICzFoCxK g0c78CsWjSui9z0IrsEmS1WSEXyPLciMFJAzbfGLo2uktXZV1Pt15C8DqmpRK4ybYzFH 3swr3gh8pUAc+8CVB/W4A6PI3HFi/W+EW7WPiakW5rF8YHvmPcZq6zLvJRtj7iY8xOL6 zPfg== X-Received: by 10.182.68.103 with SMTP id v7mr1297142obt.82.1430352133662; Wed, 29 Apr 2015 17:02:13 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.202.104.196 with HTTP; Wed, 29 Apr 2015 17:01:33 -0700 (PDT) In-Reply-To: <55416849.9010808@gmail.com> References: <55401F31.9030703@gmail.com> <55416849.9010808@gmail.com> Date: Thu, 30 Apr 2015 09:01:33 +0900 X-Google-Sender-Auth: uKfN-s48Ubo2-7T6YAqDDXlxrYg Message-ID: To: Stanislav Malyshev Cc: Ryan Pallas , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=e89a8fb1ef2cd4accc0514e5ceaf Subject: Re: [PHP-DEV] Adding "numeric" type hint From: yohgaki@ohgaki.net (Yasuo Ohgaki) --e89a8fb1ef2cd4accc0514e5ceaf Content-Type: text/plain; charset=UTF-8 Hi Stas, On Thu, Apr 30, 2015 at 8:24 AM, Stanislav Malyshev wrote: > > The objective to have type "hint" is to remove such checks by users, > > isn't it? > > No, not really. The objective is to ensure type of the parameter. If you > checks are not limited to types, then typing is not going to help, and I > don't think inventing special built-in type for each narrow use case is > a good way to go. > If you need to force to map value to PHP type, you have "strict" mode. "Weak" mode is just too strict currently even if PHP handled int/float/string as "integer"/"float" including invalid values traditionally. New PHP7 type hint doesn't allow "valid" int/float/string as "integer"/"float". This is unintuitive change for most PHP users because of weakly typed tradition. I'm sure there will be so many codes that misuses type hint if there is no "numeric" type hint. > > > Do you really think all users will write such code for database/json/etc > > values? > > No, I don't think all users need such checks. But those that do will > have to write the code for it. > Users must validate all inputs that cannot be trusted. e.g. Users must validate is JSON numeric value has numeric form expected. I think most users will just use type "hint" because users assumes it's a "hint", not type enforcement, and it works well for small values. > The issue is that weak mode type hint is *not* weak at all. It forces to > > have > > machine native type rather than it's data form. > > PHP types are not machine native types. But yes, it forces PHP type - > that's why it is *type* check. > Type hint is better to stay as "hint" under weak mode. IMO. > > > PHP apps are easily broken by too large value because PHP stops execution > > by fatal error. i.e. DoS became easy. I will never write such code, but > > That is a different issue. If you don't want fatal error, a) we have > proposal to make those exceptions, b) it is not fixed by introducing > pseudo-types for narrow use cases, since it is a completely different > issue. > It's alternatives. Resuming execution with exception is harder. Customizable pseudo-type is too late for PHP 7.0. We do decided to introduce basic type hint and it has issue to be resolved. Let's concentrate on resolution. > > > I don't > > want to check and fix library that I would like to use. I don't think I > > can manage > > programmers to do that even if they are under my control. > > You are saying type checking which produces fatal errors does not match > your use case. OK, I can sympathize, but how introducing more > pseudo-types helps? You just fix one narrow use case that you have right > now while leaving the problem still in the same place. That's not a good > way to address it. I'm not concerning myself, but I'm worrying about users to write apps/libraries that can cause DoS easily. I don't want to see my my apps emit fatal error by upgrading library just because library author decided to use type hint wrongly. Current type hint implementation/spec does not have protection/prevention at all. Having "numeric" type hint or StrictSTH RFC concept adoption are possible resolutions. If there is better resolution, I appreciate it. BTW, GMP integer is already integrated into PHP why not treat GMP as int? It's type "hint", isn't it? Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --e89a8fb1ef2cd4accc0514e5ceaf--