Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87310 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 54368 invoked from network); 27 Jul 2015 06:54:06 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Jul 2015 06:54:06 -0000 Authentication-Results: pb1.pair.com header.from=anatol.php@belski.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=anatol.php@belski.net; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain belski.net from 85.214.73.107 cause and error) X-PHP-List-Original-Sender: anatol.php@belski.net X-Host-Fingerprint: 85.214.73.107 klapt.com Received: from [85.214.73.107] ([85.214.73.107:57803] helo=h1123647.serverkompetenz.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7A/C5-06606-B85D5B55 for ; Mon, 27 Jul 2015 02:54:04 -0400 Received: by h1123647.serverkompetenz.net (Postfix, from userid 1006) id 878D06D2038; Mon, 27 Jul 2015 08:54:00 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on h1123647.serverkompetenz.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.5 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: from w530phpdev (pD9FD268F.dip0.t-ipconnect.de [217.253.38.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by h1123647.serverkompetenz.net (Postfix) with ESMTPSA id 8BE0823D6003; Mon, 27 Jul 2015 08:53:46 +0200 (CEST) To: "'Aaron Piotrowski'" , "'Sammy Kaye Powers'" , "'Scott Arciszewski'" Cc: , =?iso-8859-2?Q?'Jakub_Kub=ED=E8ek'?= , "'Stanislav Malyshev'" , , , , "'Dean Eigenmann'" , "'Yasuo Ohgaki'" , "'PHP Internals'" References: <836BA21C-AE99-4E7B-AB06-EBC30E41BA0E@icicle.io> <0AD335F5-35F3-4D98-8F82-800A1EDF8FD8@icicle.io> In-Reply-To: <0AD335F5-35F3-4D98-8F82-800A1EDF8FD8@icicle.io> Date: Mon, 27 Jul 2015 08:53:44 +0200 Message-ID: <05f101d0c838$fcdab5e0$f69021a0$@belski.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQDrJ9+0MU8FOQ/rKelUCzkNPL+2ggHtSrGPAjHl/tYB/wuMm5+JJJSg Content-Language: en-us Subject: RE: [PHP-DEV] Core functions throwing exceptions in PHP7 From: anatol.php@belski.net ("Anatol Belski") Hi Aaron, > -----Original Message----- > From: Aaron Piotrowski [mailto:aaron@icicle.io] > Sent: Monday, July 27, 2015 5:32 AM > To: Sammy Kaye Powers ; Scott Arciszewski > > Cc: Anatol Belski ; larry@garfieldtech.com; = Jakub > Kub=ED=E8ek ; Stanislav Malyshev > ; scott@paragonie.com; rowan.collins@gmail.com; > pierre.php@gmail.com; Dean Eigenmann ; > Yasuo Ohgaki ; PHP Internals = > Subject: Re: [PHP-DEV] Core functions throwing exceptions in PHP7 >=20 >=20 > > I must have overlooked a detail here. > > > > According to > > https://github.com/tpunt/PHP7-Reference#throwable-interface > > there are Throwables called Error, as a separate designation from an > > exception. I didn't see this in the engine exceptions RFC, so I was > > unaware that was even a thing. > > > > In this case, yes, as long as you can wrap it in try/catch blocks, > > SecurityError which extends Error and/or implements Throwable is an > > excellent suggestion. > > > > Previously, I thought the suggestion was to stick to triggering = errors > > (E_ERROR, E_RECOVERABLE_ERROR, etc.). > > > > Scott Arciszewski > > Chief Development Officer > > Paragon Initiative Enterprises > > > > -- > > PHP Internals - PHP Runtime Development Mailing List To unsubscribe, > > visit: http://www.php.net/unsub.php > > >=20 > I believe some were suggesting triggering an E_ERROR, though most = E_ERRORs > in the engine have been replaced with thrown Error exceptions, so I = think using > E_ERROR in this case would be inappropriate. >=20 > As I suggested in my prior email, I think throwing an instance of = Error would be > appropriate when the functions random_bytes() and random_int() fail. >=20 > There are several conditions that already cause the engine to throw an Error (or > subclass thereof): >=20 > (1)->method(); // Throws Error > declare(strict_types=3D1); array_map(1, 1); // Throws TypeError = require 'file-with- > parse-error.php'; // Throws ParseError eval("$a[ =3D 1;"); // Throws ParseError > 1 << -1; // Throws ArithmeticError > intdiv(1, 0); // Throws DivisionByZeroError > 1 % 0; // Throws DivisionByZeroError >=20 > Of particular interest in the above examples is intdiv(), an internal function that > can throw an instance of Error if the denominator is zero. >=20 > I propose that random_bytes() and random_int() should throw an = instance of > Error if the parameters are not as expected or if generating a random number > fails. (To avoid further debate about a subclass, the function should throw just a > plain instance of Error, it can always be subclassed later without BC concerns). >=20 > random_bytes() and random_int() failing closed is very important to prevent > misguided or lazy programmers from using false in place of a random = value. A > return of false can easily be overlooked and unintentionally be cast = to a zero or > empty string. A thrown instance of Error must be purposely caught and ignored > to produce the same behavior. As Larry pointed out, it is a very = common error > for programmers to not do a strict check using =3D=3D=3D against false = when calling > strpos(). >=20 > Does anyone have a strong objection to the above proposal? If not, = then I think > Sammy should update his PRs to throw an Error so they can be merged = before > the next beta release. >=20 Yes, there is an objection at least on my side. As we was discussing the = PR on the github page, the primary goal of the suggestion to move the discussion to the intarnals list was to create an approach about = exceptions in functions. This seems not be the case here. It is not the question whether exceptions should be thrown in functions - it's almost obvious = that they should now after it's the engine behavior. But it is a huge = question of the consistency with anything else. That was also the reason why me and Kalle have changed our minds about your PR converting fatals in the functions. The only case where exception is thrown in a function is intdiv() now. = But also as mentioned elsewhere - it's something tightly coupled with the behavior of div/mod in the engine. IMHO it is not building any base for randomly adding exceptions elsewhere. Neither I don't see as a base that = the CSPRNG functions are new. Neither the argument "we can change it later = to xyz". The main concern is still not addressed, and even wasn't started = to be addressed. It is for nothing to have new "nice" functions with nice and correct behavior while leaving the old "ugly" functions ugly. IMO we should stop building special cases and move to the = conceptualization as first. The more special cases exist, the harder it will be in the = future to bring the behaviors inline without BC breaks. Till now I haven't seen even any gentle hint about such conceptualization work going on, no RFC = page still exists, but it's being continued pushing on a special case. = Solving an immediate issue might be tactically justifiable, but without a = strategical thinking will lead to even a bigger issue. It is not something we want = to leave behind us for the next generations. I would kindly call therefore, = to think about this in a more global way, discuss and show at least a rough draft about what should be done regarding the existing functions, new functions, backward compatibility, exact warning/error types and how = they should be converted, etc. before pushing further on this case. Thanks Anatol