Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87010
Return-Path: <nikita.ppv@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 62638 invoked from network); 3 Jul 2015 15:57:36 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 3 Jul 2015 15:57:36 -0000
Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.54 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@gmail.com
X-Host-Fingerprint: 74.125.82.54 mail-wg0-f54.google.com  
Received: from [74.125.82.54] ([74.125.82.54:35394] helo=mail-wg0-f54.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 76/D1-24259-FE0B6955 for <internals@lists.php.net>; Fri, 03 Jul 2015 11:57:35 -0400
Received: by wgjx7 with SMTP id x7so91559382wgj.2
        for <internals@lists.php.net>; Fri, 03 Jul 2015 08:57:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=V1XQptqaQop8dvY0Xp3k0Pi9c1t40R9IIthN6Ox3EOc=;
        b=Z9RgOiM4+vdi1mcgFRgnodRFc/3xMktVju53VqbuNxfzo30R0EppBde8UyHzCZXZ8C
         I5zeKpp40UDCNidTLbiY89jj0MBH+YSay4CjHTBXYfX5YaaXEunFkOlJEJoUk/XKe2zc
         Zo71ecLAWuBQR01l4mWfc8zpRWbouc/1WQ04OvNAzPr5yWJ56APQUWkG3JXRYKy8GZrm
         zy7qJFTc09BNaHe6PtoCcVw9P9bZ62AOIKJPJSjKk2wODvAqgtOlEJ2zvP+bjQWLxKLG
         347r0ZymWkwh9fPDXgyrJLhY4nZGuiPxO/OZ4LmsIiKYXwyC4dL9BrGLrYS3/m67sWXp
         oFlw==
MIME-Version: 1.0
X-Received: by 10.194.82.38 with SMTP id f6mr20880661wjy.16.1435939052578;
 Fri, 03 Jul 2015 08:57:32 -0700 (PDT)
Received: by 10.27.79.200 with HTTP; Fri, 3 Jul 2015 08:57:32 -0700 (PDT)
In-Reply-To: <1435240516.15676.7.camel@kuechenschabe>
References: <CAF+90c9jJVVOwXGrCYo4yWx=LtfqycccNNS3e8AvAO7PhLkiyA@mail.gmail.com>
	<1435240516.15676.7.camel@kuechenschabe>
Date: Fri, 3 Jul 2015 17:57:32 +0200
Message-ID: <CAF+90c9beR6aFaTHiPKXA-sjydOcLSeu8+8_7N9z4MaMaVYkjw@mail.gmail.com>
To: =?UTF-8?Q?Johannes_Schl=C3=BCter?= <johannes@schlueters.de>
Cc: PHP internals <internals@lists.php.net>, Dmitry Stogov <dmitry@zend.com>
Content-Type: multipart/alternative; boundary=047d7bf0bfc225ed390519fa9dfb
Subject: Re: [PHP-DEV] Allow exceptions in __toString()
From: nikita.ppv@gmail.com (Nikita Popov)

--047d7bf0bfc225ed390519fa9dfb
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Thu, Jun 25, 2015 at 3:55 PM, Johannes Schl=C3=BCter <johannes@schlueter=
s.de>
wrote:

> On Thu, 2015-06-25 at 14:52 +0200, Nikita Popov wrote:
> > However what it doesn't do, and what I wouldn't consider feasible to do=
,
> is
> > ensure that every single string conversion in library functions is
> > exception safe. Personally I don't think this is a blocking issue, as t=
he
> > worst that can happen is usually an additional superfluous warning to b=
e
> > thrown, or something similar. If cases like this turn up, we can
> > specifically target them.
>
> I don't agree to the assesment that this isn'T a problem. Consider this
> extension pseudo-code:
>
>
>    zval *data =3D get_data();
>    convert_to_string(data);
>    store_into_database(Z_STRVAL_P(data));
>    return TRUE;
>
> This will store wrong data in the database and report to the user that
> there was an error before storing, so the user assumes nothing was
> stored.
>

I can see your concern here -- however this is nothing specific to
exceptions thrown from __toString(). There is are a number of ways you can
end up in this situation, the two most common being:

a) Error handlers can (and often do) throw. E.g. it is possible to convert
the two recoverable fatal errors that __toString() currently throws into
exceptions and end up in the situation you describe, only with even less
safety and more leaks. However this applies to all occurrences of
zend_error or php_error_docref that generate a non-fatal error. From a
quick grep I estimate we have about 4000 places in the codebase where this
can occur and I'm sure many of them do not check for EG(exception)
immediately after throwing the error.

b) Destructors can throw. We have approximately 2500 places in php-src
destroying a zval, which could potentially throw. I don't think I've ever
seen an EG(exception) check after a zval_ptr_dtor().

Given that we rely on best-effort exception handling in so many cases, it's
not clear to me why exceptions thrown from __toString() should be expressly
forbidden.

If you want to protect against side-effects after exceptions in critical
places like database interaction, we can introduce exception checks right
before the operation is executed and prevent anything bad from happening
regardless of where the exception came from. But as said, I think this is
only tangential to the question of __toString(), as this is a general issue=
.

Nikita

--047d7bf0bfc225ed390519fa9dfb--