Hi internals,
The FFI RFC is turned into voting state.
There were very few minor changes since the initial proposal, e.g. renaming FFI:array_type() into FFI::arrayType()
Thanks. Dmitry.
Am Do., 20. Dez. 2018, 16:13 hat Dmitry Stogov dmitry@zend.com
geschrieben:
Hi internals,
The FFI RFC is turned into voting state.
As the other one, lagging hugely behind, I'll refrain my vote.
Regards,
Mike
Hi internals,
The FFI RFC is turned into voting state.
There were very few minor changes since the initial proposal, e.g.
renaming FFI:array_type() into FFI::arrayType()Thanks. Dmitry.
My main concern here is that this is a very new extension and I think that
apart from you barely anyone had a chance to actually implement something
based on it and gain experience using the proposed API. Bundling an
extension with PHP means that the API becomes frozen in time and it becomes
very hard to change anything.
I think that having FFI support is important, but I'm afraid that once we
bundle this extension and it will see more usage, it will quickly turn out
that the API needs to change to make it easier to use or accommodate more
use-cases.
My other concern is platform support. FFI is by nature a rather platform
dependent. The RFC says that the extension is currently tested on Linux and
Windows. It would be great if someone using such a system can confirm
whether it also works on OSX and FreeBSD, so we at least have coverage of
the major platforms.
Nikita
Am Sa., 22. Dez. 2018 um 11:32 Uhr schrieb Nikita Popov nikita.ppv@gmail.com:
Hi internals,
The FFI RFC is turned into voting state.
There were very few minor changes since the initial proposal, e.g.
renaming FFI:array_type() into FFI::arrayType()Thanks. Dmitry.
My main concern here is that this is a very new extension and I think that
apart from you barely anyone had a chance to actually implement something
based on it and gain experience using the proposed API. Bundling an
extension with PHP means that the API becomes frozen in time and it becomes
very hard to change anything.
Same here, I think it's better to have it as an extension for now, so
people have time to experiment with it.
In case the vote passes, do we want to mark the feature explicitly as
experimental and not covered by the usual BC guarantee?
Regards, Niklas
I think that having FFI support is important, but I'm afraid that once we
bundle this extension and it will see more usage, it will quickly turn out
that the API needs to change to make it easier to use or accommodate more
use-cases.My other concern is platform support. FFI is by nature a rather platform
dependent. The RFC says that the extension is currently tested on Linux and
Windows. It would be great if someone using such a system can confirm
whether it also works on OSX and FreeBSD, so we at least have coverage of
the major platforms.Nikita
Dmitry,
I am very interested in FFI behavior. I voted no only because I do not
believe this extension is mature enough for inclusion in core. Getting
TensorFlow to work in PHP-land using the FFI is definitely an
interesting and noteworthy achievement, but I think it is insufficient
for inclusion in core. For such a powerful (and dangerous) feature I
believe it needs more usage for inclusion in core. Again, good work.
Levi Morrison
On Thu, Dec 20, 2018 at 4:13 PM Dmitry Stogov <dmitry@zend.com
mailto:dmitry@zend.com> wrote:Hi internals, The FFI RFC is turned into voting state. https://wiki.php.net/rfc/ffi There were very few minor changes since the initial proposal, e.g. renaming FFI:array_type() into FFI::arrayType() Thanks. Dmitry.My main concern here is that this is a very new extension and I think
that apart from you barely anyone had a chance to actually implement
something based on it and gain experience using the proposed API.
Bundling an extension with PHP means that the API becomes frozen in time
and it becomes very hard to change anything.
I think that having FFI support is important, but I'm afraid that once
we bundle this extension and it will see more usage, it will quickly
turn out that the API needs to change to make it easier to use or
accommodate more use-cases.My other concern is platform support. FFI is by nature a rather platform
dependent. The RFC says that the extension is currently tested on Linux
and Windows. It would be great if someone using such a system can
confirm whether it also works on OSX and FreeBSD, so we at least have
coverage of the major platforms.
The API almost completely repeats LuaJIT and Python CFFI (that are
stable). Something might need to be improved, of course, but only in
case the extension is going to be widely used.
The main reason, I like to have this in core - future integration with JIT.
Thanks. Dmitry.
Nikita
My main concern here is that this is a very new extension and I think
that apart from you barely anyone had a chance to actually implement
something based on it and gain experience using the proposed API.
Bundling an extension with PHP means that the API becomes frozen in time
and it becomes very hard to change anything.
I think that having FFI support is important, but I'm afraid that once
we bundle this extension and it will see more usage, it will quickly
turn out that the API needs to change to make it easier to use or
accommodate more use-cases.The API almost completely repeats LuaJIT and Python CFFI (that are
stable). Something might need to be improved, of course, but only in
case the extension is going to be widely used.
If we are concerned about the API stability, we could mark the extension
as experimental and exempt it from our usual BC guarantee, as suggested
by Niklas[1]. On the other hand, if PHP 8 will be next after PHP 7.4,
this may not even be necessary.
The main reason, I like to have this in core - future integration with JIT.
It seems to me that JIT integration of FFI isn't the whole story, but
rather an intermediate step to be able to offer built-in functionality
written in PHP in the long run, which could be a huge enhancement. Am I
correct?
Anyhow, my main concerns regarding the proposal are that people could
easily be led into thinking that FFI is the new way to interface with
external code, rendering classic extensions obsolete, and that
interfacing on the ABI level is even more error-prone than interfacing
on the C API level. Both concerns could be alleviated by good
documentation, though.
[1] https://externals.io/message/103613#103623
--
Christoph M. Becker
My main concern here is that this is a very new extension and I think
that apart from you barely anyone had a chance to actually implement
something based on it and gain experience using the proposed API.
Bundling an extension with PHP means that the API becomes frozen in time
and it becomes very hard to change anything.
I think that having FFI support is important, but I'm afraid that once
we bundle this extension and it will see more usage, it will quickly
turn out that the API needs to change to make it easier to use or
accommodate more use-cases.The API almost completely repeats LuaJIT and Python CFFI (that are
stable). Something might need to be improved, of course, but only in
case the extension is going to be widely used.If we are concerned about the API stability, we could mark the extension
as experimental and exempt it from our usual BC guarantee, as suggested
by Niklas[1]. On the other hand, if PHP 8 will be next after PHP 7.4,
this may not even be necessary.
Right.
The main reason, I like to have this in core - future integration with JIT.
It seems to me that JIT integration of FFI isn't the whole story, but
rather an intermediate step to be able to offer built-in functionality
written in PHP in the long run, which could be a huge enhancement. Am I
correct?
In current state FFI is more like a great toy. It allows to quickly
prototype on top of binary interfaces, but the resulting performance is
going to be poor, because of interpretation overhead.
However, LuaJIT proved that it's possible to integrate JIT and FFI and
achieve almost C performance. This could open a real door for writing
PHP extensions in PHP itslef.
Anyhow, my main concerns regarding the proposal are that people could
easily be led into thinking that FFI is the new way to interface with
external code, rendering classic extensions obsolete, and that
interfacing on the ABI level is even more error-prone than interfacing
on the C API level. Both concerns could be alleviated by good
documentation, though.
Agree. FFI is dangerous, especially for programmers without C
background. Without FFI they just can't make a lot of harm.
However, the proposal offers to enable FFI only for preloaded files (and
CLI), by default.
Thanks. Dmitry.
Dmitry Stogov wrote:
Hi internals,
The FFI RFC is turned into voting state.
There were very few minor changes since the initial proposal, e.g. renaming FFI:array_type() into FFI::arrayType()
Thanks. Dmitry.
Hi Dmitry,
Reading Sara's concern about it being dangerous made me decide to vote
against this. I do think it's a useful thing to have, but if it just
lives in PECL then it ia less of a risk. As Nikita points out, it's also
quite a young thing and I wonder if now is the right moment to add it to
PHP. I can see myself using the extension myself though. :)
Thanks,
Andrea
Is sad to see people voting against this feature, which would help move
PHP into territories outside of the web development landscape. For those
developers not interested in learning the zend engine (lack of time) but
with enough knowledge about C, this extension would surely help a lot
when in need of writing a php cli application that needs access to some
C library. This would further help move PHP into the general purpose
scripting language arena which is currently dominated by Python and
others. And I know many people have this mindset of "use the right tool
for the job" but, actually a programming language is already a set of
tools, so why buy a fully brand new tool set when you can clearly extend
the existing one by adding the missing pieces.
Can people explain why they are voting no to a feature that seems really
well put and thought? Without disrespecting anyone but, in my opinion
seems to me like a lack of vision.
I think that shipping this extension as part of the 7.4 release would be
an opportunity for people to easily test it before the JIT/8.0 milestone
is reached, giving people with time the opportunity to start writing
stuff that then would be optimized(more practical) when JIT/8.0 lands,
heck, this implementation is even faster than Python one and you can
still find lots of stuff on the Python world that uses FFI...
I just hope such a feature which is a core part of most scripting
languages is not kept as just an optional and forgotten pecl option.
Hi,
I agree with the comments about safety here however I still vote yes. FFI
and Jit integration will be a critical part of php in a near future. As I
have seen in the past, it is extremely time consuming to maintain such
implementation outside the core, especially if performance and tight
integration are required. That's why I prefer to give this project more
chances to succeed.
best
Pierre
Hi internals,
The FFI RFC is turned into voting state.
There were very few minor changes since the initial proposal, e.g.
renaming FFI:array_type() into FFI::arrayType()Thanks. Dmitry.
Hi!
I like the idea of having such an agile API in the language. But I am,
like many others, somewhat worried about security implication of this
extension.
In theory, it does not give the attacker anything they don't already
have - if you have PHP code access, you can probably execute anything on
the server under PHP user, given enough work, regardless of the
settings, more or less. In practice, however, "enough work" can be a
very different thing - a difference between having to be a rather
skilled low-level programmer with code exploitation background to find
specific venues to circumvent PHP engine, and direct highlighted
easy-to-use highway to accessing arbitrary memory and running arbitrary
code.
Again, it's not a security issue per se, especially given the default of
ffi.enable=preload, but what if we have a bug that somehow allows to
circumvent those?
If this extension were not enabled by default and required explicit
enabling action to build - that's fine, if you did it, we assume you
know what you're doing enough to assume the risk. But if it's present
and enabled by default in a common PHP build, I am concerned that we're
creating a small stepstone making PHP systems easier to exploit. Again,
it's not a security issue per se, and there are layers of that should
prevent any problem - but that's the thing, security works in layers,
and FFI would make it one layer weaker.
If we said default build has it not compiled in (and would recommend
distros to also ship it as a separate extension, requiring explicit
action to install) then I'd be fully confident to vote yes for it.
--
Stas Malyshev
smalyshev@gmail.com
If this extension were not enabled by default and required explicit
enabling action to build - that's fine, if you did it, we assume you
know what you're doing enough to assume the risk. But if it's present
and enabled by default in a common PHP build, I am concerned that we're
creating a small stepstone making PHP systems easier to exploit. Again,
it's not a security issue per se, and there are layers of that should
prevent any problem - but that's the thing, security works in layers,
and FFI would make it one layer weaker.
As I understand it, the extension would not be compiled by default, but
rather has to be enabled using an explicit --with-ffi configure
option[1] (or --enable-ffi on Windows[2]). Furthermore, the extension
can't be compiled statically (I presume this is by design), so some
action would already be required before ffi.enable=preload would be
effective.
[1]
https://github.com/dstogov/php-ffi/blob/6c43a0072da2879e77bffd21d10fb28c0e3c2878/config.m4#L3-L6
[2]
https://github.com/dstogov/php-ffi/blob/6c43a0072da2879e77bffd21d10fb28c0e3c2878/config.w32#L1-L3
--
Christoph M. Becker
"Christoph M. Becker" in php.internals (Sat, 29 Dec 2018 12:27:58 +0100):
As I understand it, the extension would not be compiled by default, but
rather has to be enabled using an explicit --with-ffi configure
option[1] (or --enable-ffi on Windows[2]).
A strange difference. Is not the convention that it should be --with-ffi when
external libraries are needed?
[1]
https://github.com/dstogov/php-ffi/blob/6c43a0072da2879e77bffd21d10fb28c0e3c2878/config.m4#L3-L6
[2]
https://github.com/dstogov/php-ffi/blob/6c43a0072da2879e77bffd21d10fb28c0e3c2878/config.w32#L1-L3
And as a BTW: in a snapshot build the extension will be enabled by force.
Something like
snapshot: forcing ffi on
Jan