Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:86050
Return-Path: <cmbecker69@gmx.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 53886 invoked from network); 30 Apr 2015 00:27:08 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 30 Apr 2015 00:27:08 -0000
Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.17.22 as permitted sender)
X-PHP-List-Original-Sender: cmbecker69@gmx.de
X-Host-Fingerprint: 212.227.17.22 mout.gmx.net  
Received: from [212.227.17.22] ([212.227.17.22:55118] helo=mout.gmx.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 7F/05-29050-7D671455 for <internals@lists.php.net>; Wed, 29 Apr 2015 20:27:07 -0400
Received: from [192.168.0.100] ([88.134.68.210]) by mail.gmx.com (mrgmx102)
 with ESMTPSA (Nemesis) id 0MPIvU-1Ys01q1kI4-004WJY; Thu, 30 Apr 2015 02:26:58
 +0200
Message-ID: <554176D6.2030007@gmx.de>
Date: Thu, 30 Apr 2015 02:27:02 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Yasuo Ohgaki <yohgaki@ohgaki.net>, 
 Stanislav Malyshev <smalyshev@gmail.com>
CC: Ryan Pallas <derokorian@gmail.com>, 
 "internals@lists.php.net" <internals@lists.php.net>
References: <CAGa2bXYzp3XimLXxC+Py2t1DWhCfX8coTdYHzf6zEiKdxA7r8Q@mail.gmail.com> <55401F31.9030703@gmail.com> <CAObuZduZBM0GyWJMA1Fd7eCgPE4vFFZrrhpREQ50a4QJhG6Nvg@mail.gmail.com> <CAGa2bXar_oXrsPAErNx5BUdkFAy-p8-D0tfhc3pAnDTGBGJJ7Q@mail.gmail.com> <55416849.9010808@gmail.com> <CAGa2bXbkCx2Nqb9YBut3id4N=nhjLBGPN8Ucrx7R6mRnGjB2og@mail.gmail.com>
In-Reply-To: <CAGa2bXbkCx2Nqb9YBut3id4N=nhjLBGPN8Ucrx7R6mRnGjB2og@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Provags-ID:  V03:K0:Wd62W9h7HEPdh45icCpO+ZM1ap+bzsC0TzDuHtHboUjeOUbbzKm
 Hd/rYIlAb6EwHDFcPIO2pGQ8w25hCO/NwXCNbj3RiSDLbTqRF8OijZt7imaFv93UbrdRZSe
 Dhk8Hd4mlbmgrKo+TpZgEsHXqeEFlJdD5tcQKZIkQ80o1ql4rqB7Kmjkuu69BlkBYQf0WKf
 o4Qvytx6RxOBmpDVExsfA==
X-UI-Out-Filterresults: notjunk:1;
Subject: Re: [PHP-DEV] Adding "numeric" type hint
From: cmbecker69@gmx.de (Christoph Becker)

Yasuo Ohgaki wrote:

> On Thu, Apr 30, 2015 at 8:24 AM, Stanislav Malyshev <smalyshev@gmail.com>
> wrote:
> 
>> PHP types are not machine native types. But yes, it forces PHP type -
>> that's why it is *type* check.
> 
> Type hint is better to stay as "hint" under weak mode. IMO.

"Type hints" have never been hints.  The wording is a misnomer.  Try to
pass an int to a parameter declared as array, for instance.

>> You are saying type checking which produces fatal errors does not match
>> your use case. OK, I can sympathize, but how introducing more
>> pseudo-types helps? You just fix one narrow use case that you have right
>> now while leaving the problem still in the same place. That's not a good
>> way to address it.
> 
> I'm not concerning myself, but I'm worrying about users to write
> apps/libraries
> that can cause DoS easily. I don't want to see my my apps emit fatal error
> by upgrading library just because library author decided to use type hint
> wrongly.

A fatal error wouldn't constitute a DoS vulnerability, would it?

> BTW, GMP integer is already integrated into PHP why not treat GMP as int?
> It's type "hint", isn't it?

The basic idea of the STHs is to guarantee that the value is of the
respective type inside the function (parameter type "hints") resp. the
return value (return value type "hints") has the respective type.

Accepting GMP for int just won't fit to this definition -- or it would
lead to a potentially considerable data loss.

-- 
Christoph M. Becker