Reference handling change and PHP 4.4.0

19 years ago by Jani Taskinen — view source

unread

 You do understand the difference between 4.3.x and 4.4.x? :)
 (yes, this issue has been beaten to death already)

 --Jani

Hello all,

I know this issue has most likely been discussed to death here so I apologise
in advance for starting a new thread about it. I just need to get my head
around the reasoning for introducing this change to PHP4 (4.4 branch). I can
understand making the change to PHP5, but can someone bring me up to speed as
to why it was done to PHP4? As I'm sure you're aware, it breaks heaps and
heaps of existing code out there.

We found this out the hard way yesterday when our server administrator
upgraded our production server to PHP 4.4.0 (even though the Debian package
description said it was a PHP 4.3.x release). We ended up with hundreds of
errors and many, many vhosts stopped working correctly due to "variable
references should be returned by reference" problems, both in my code and in
third-party code, such as PHPBB instances.

And now I read that this will not be "fixed" in future PHP4 releases due to
breaking backwards compatibility? I just don't understand... a change that
breaks backwards compatibility in a large portion of the existing PHP4 code
base will not be fixed because it breaks backwards compatibility? It's doing
my head in, please can someone explain?

This means that either we have to (potentially) change thousands of lines of
code and upgrade many instances of third-party PHP-based sites just to use PHP
4.4.0 and above, or miss out on using this and future PHP4 releases and any
security vulnerability fixes they may include. Why could the change not be
made optional by using a php.ini directive?

Kind regards,

Colin.

19 years ago by Colin Tucker — view source

unread

Hi Jani,

Yes, the increase in the middle digit. ;)

Ok, so does this mean that the 4.3.x and 4.4.x branches will now be
updated separately? Say, if a serious vulnerability was detected in
4.3.x an 4.4.x, and separate release would be issued for both?

Kind regards,

Colin.

Jani Taskinen wrote:

You do understand the difference between 4.3.x and 4.4.x? :)
(yes, this issue has been beaten to death already)

--Jani

19 years ago by Pierre Joye — view source

unread

Hi Jani,

Yes, the increase in the middle digit. ;)

Ok, so does this mean that the 4.3.x and 4.4.x branches will now be
updated separately? Say, if a serious vulnerability was detected in
4.3.x an 4.4.x, and separate release would be issued for both?

No, 4.3.x is a dead branche. But the problem is much more easier to
fix in 4.4.0. Do what you always do in production servers, do not
display errors/notices, especially as 4.4.0 raises only notices for
the reference problem.

Regards,

--Pierre

19 years ago by Leigh Makewell — view source

unread

Pierre Joye wrote:

No, 4.3.x is a dead branche. But the problem is much more easier to
fix in 4.4.0. Do what you always do in production servers, do not
display errors/notices, especially as 4.4.0 raises only notices for
the reference problem.

Regards,

--Pierre

Well that is exactly why this is a problem. Making large changes that
break BC in php 5 is fine because there are two versions that are being
maintained, php4, and php5. Security updates are made to both.

However, breaking BC between 4.3 and 4.4 when 4.3 is a dead branch
causes can cause some problems for system admins. What happens if the
software being used is never updated to 4.4? There are important
security updates that need to be applied, but they can't apply them
because all of their websites will stop working.

Oh and not displaying the error doesn't make the error go away :p

19 years ago by Rasmus Lerdorf — view source

unread

Leigh Makewell wrote:

Pierre Joye wrote:

No, 4.3.x is a dead branche. But the problem is much more easier to
fix in 4.4.0. Do what you always do in production servers, do not
display errors/notices, especially as 4.4.0 raises only notices for
the reference problem.

Regards,

--Pierre

Well that is exactly why this is a problem. Making large changes that
break BC in php 5 is fine because there are two versions that are being
maintained, php4, and php5. Security updates are made to both.

However, breaking BC between 4.3 and 4.4 when 4.3 is a dead branch
causes can cause some problems for system admins. What happens if the
software being used is never updated to 4.4? There are important
security updates that need to be applied, but they can't apply them
because all of their websites will stop working.

Oh and not displaying the error doesn't make the error go away :p

Once again, it is an E_NOTICE in 4.4. And yes, not displaying it makes
it go away. Staying with 4.3 because of this is nuts. If you are
seeing this notice under 4.4 that means you are most likely getting
random memory corruption under 4.3. Move to 4.4 to fix the memory
corruption. Go through the notices and fix as many of them as you can,
since it indicates a basic problem in the code you are running. If you
are not interested in doing that, just turn them off. It will run
without corruption.

-Rasmus

19 years ago by Colin Tucker — view source

unread

Rasmus Lerdorf wrote:

Once again, it is an E_NOTICE in 4.4. And yes, not displaying it makes
it go away. Staying with 4.3 because of this is nuts. If you are
seeing this notice under 4.4 that means you are most likely getting
random memory corruption under 4.3. Move to 4.4 to fix the memory
corruption. Go through the notices and fix as many of them as you can,
since it indicates a basic problem in the code you are running. If you
are not interested in doing that, just turn them off. It will run
without corruption.

-Rasmus

Hi again Rasmus,

Well, I can tell you that following our unexpected server upgrade
yesterday to 4.4.0, things definately DID break within our code, and the
display of E_NOTICE errors is disabled on our production server. We
quickly rolled back to 4.3, and I have not had a chance to fully
investigate what is going on with the code as yet, but it seemed to be
stemming from a class of mine that acts like a map. Instead of
returning an object associated with a given key, it was returning the
last added object. I think all objects in the map ended up being the
same object, being the last one added - there is definately some
reference weirdness going on. I'm as confused as you probably are, and
will report back on what is going wrong when I have a chance. But one
thing is sure, this code was working absolutely fine until the switch to
4.4.0.

Cheers,

Colin.

19 years ago by Derick Rethans — view source

unread

However, breaking BC between 4.3 and 4.4 when 4.3 is a dead branch causes can
cause some problems for system admins. What happens if the software being used
is never updated to 4.4? There are important security updates that need to be
applied, but they can't apply them because all of their websites will stop
working.

I doubt any application would really stopped working - except for a
friendly notice when people wrote bad code.

Derick

--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

19 years ago by Pierre Joye — view source

unread

I doubt any application would really stopped working - except for a
friendly notice when people wrote bad code.

Derick, I do not know if you ever learn but... Stop saying that people
wrote bad codes and this is why they code could break. This is nothing
else than wrong and respectless.

Regards,

--Pierre

19 years ago by Leigh Makewell — view source

unread

Derick Rethans wrote:

I doubt any application would really stopped working - except for a
friendly notice when people wrote bad code.

Derick

Except if you had read Colin's messages you would see that his code
had stopped working.

Leigh :)

19 years ago by Derick Rethans — view source

unread

Derick Rethans wrote:

I doubt any application would really stopped working - except for a friendly
notice when people wrote bad code.

Except if you had read Colin's messages you would see that his code had
stopped working.

But it just could as well have been because he was relying on the memory
corruptions. Hard to tell without code.

Derick

--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

19 years ago by Colin Tucker — view source

unread

Derick Rethans wrote:

But it just could as well have been because he was relying on the memory
corruptions. Hard to tell without code.

Derick

As I mentioned in my reply to Rasmus above, the problem seems to be
stemming from a class that acts like a map of objects. Most of my PHP4
code would pass objects around by reference to ensure operations were
working on the original object, thus avoiding the creation of copies.
After the upgrade to 4.4.0, the map lost integrity in that returning any
object within the map by key would return the object last added to the
map. I may not have provided any code, but this problem description was
enough for Todd Ruth to send me a very helpful and informative e-mail on
the matter (i.e. "everything the same as the last added" bugs), which
shall help me greatly in tracking it down (thanks again, Todd!).

Regards,

Colin.

19 years ago by Todd Ruth — view source

unread

For the record, I have no idea how the 4.3 -> 4.4 change could trigger
such a bug. I just pointed out that we've hit the symptom Colin
described many times in our company with code (yes, bad code) of
the form:

<?php
function &f(&$y) { return $y; }
$x = array('a','b','c');
foreach ($x as $y) {
// The following line is a bad use of "&". It doesn't
// do any good and ends up causing all the members of $z
// to be references to eachother.
$z[] =& f($y);
}
var_dump($x);
var_dump($z);
?>

I've played with many flavors of this user-bug, adding and
subtracting "&"s, but have been unable to get different
behavior between 4.3 and 4.4. Colin, when you find the code
that went wild in the switch to 4.4, please post it. I'm
sure there are others that are as curious as I am. (There
may even be someone nice enough to fix the BC break if
it doesn't mean reintroducing memory corruptions.)

As long as I'm posting, I might as well put in a "thank you"
note for the notices. I know they're generating a lot of
heat, but it's made it soooo much easier to fix all of the
novice uses of "&"s in our code.

Thanks,
Todd

... I may not have provided any code, but this problem description was
enough for Todd Ruth to send me a very helpful and informative e-mail on
the matter (i.e. "everything the same as the last added" bugs), which
shall help me greatly in tracking it down (thanks again, Todd!).

Regards,

Colin.

19 years ago by Leigh Makewell — view source

unread

Derick Rethans wrote:

Derick Rethans wrote:

I doubt any application would really stopped working - except for a friendly
notice when people wrote bad code.

Except if you had read Colin's messages you would see that his code had
stopped working.

But it just could as well have been because he was relying on the memory
corruptions. Hard to tell without code.

I would like to start by apologising for this message. It's long, it's a
rant, and I know this is probably not the place, but I can't let this
slide. This sort of comment really annoys me.

Zip it up Derick! Who do you think you are to dictate whether Colin's
code is good or bad?

You are very quickly starting to annoy a lot of PHP programmers. A quick
search on this topic will find quite a few news posts, and forum threads
discussing this issue, and I have seen you posting on a lot of them. You
seem to have a "So What" attitude and are very quick to tell all these
people that they are writing bad code and it's not your problem. We
don't appreciate being told that we write bad code. We don't appreciate
being treated as second rate programmers. We don't like being told that
a perfectly legal statement like this $x = current(explode(' ','a b'));
is wrong and bad programming!

Who are we? We are the top 10% of PHP programmers. We are the PHP coders
who take your language and manipulate it, coerce it, and gently push it
into doing things you never imagined it for. We are the few people who
actually use 100% of PHP's abilities. We are the ones who will notice
every time you make a change like this. Do you want PHP to be taken
seriously and used professionaly? Well we are the ones who decide that
PHP is ready for the big time, and if we believe that the floor is
constantly shifting under us and making our job harder then we will
leave. If we leave PHP will be nothing but a toy box language suitable
for nothing but basic little guestbook scripts coded by school children.

I have enjoyed using PHP since the first script I wrote with it. But I
am quickly losing that enjoyment, and not because of anything that has
happened to the language. I am losing it because I feel like the PHP
community does not respect it's users. As someone who works for a
company that specialises in creating, building, and maintaining online
communities I know how important good PR is. Like it or not PHP is an
online community and it can be made or broken by it's people. Letting
people like Derick here mouth off is not a good way to keep your
community happy.

Leigh.

19 years ago by Rasmus Lerdorf — view source

unread

Leigh Makewell wrote:

a perfectly legal statement like this $x = current(explode(' ','a b'));

In this particular case, current() did not need to take a reference
since it doesn't modify anything. This has been fixed in CVS. That's
still not how I'd write that though. I would write:

list($x) = explode(' ','a b');

Another way to write this:

$x = array_shift(explode(' ','a b'));

This is where it gets tricky. Is this legal code? We are modifying the
argument and immediately discarding the modification. The user might
want to know about that, so to me it makes sense that this throws a
NOTICE. I do agree with folks who don't like this being a fatal error.
I don't think it should be either and this is what we have been
discussing. That doesn't change the fact that a lot of these examples
are not optimal coding examples. There are usually more direct ways
that doesn't involve a useless operation that ends up getting discarded
right away. So while the tone of some of these messages may not be
great, often the suggestion that the code in question isn't very good is
accurate.

-Rasmus

19 years ago by Leigh Makewell — view source

unread

Rasmus Lerdorf wrote:

This is where it gets tricky. Is this legal code?

Yes it is legal because it worked. Whether it is strictly "correct" or
not is another argument. People write bad code all the time, but it
doesn't make it any less legal. In minor version changes BC is not a
secondary priority. It must be the first, even if that means allowing
things that are not strictly correct. If this isn't done then PHP will
never be taken seriously.

However, this is completely not the point. My rant was more about
attitude than anything else.

You yourself just admitted that this has been fixed in CVS. If that is
so, then why was the relevant bug marked Bogus?
http://bugs.php.net/bug.php?id=34468 with a wonderfully insightful
comment courtesy of Derick "Feel free to fix the whole engine though
with a patch...". I don't know if you realise this or not, but PHP is
very quickly becoming a joke. People critisise and joke about PHP's
automatic "Bogus" bot that just trolls through the database and marks
any submitted bugs as "Bogus". What is the point of making the bug
database public?

Read Marcus's comment on here in response to the ever eloquent Derick again:
"I will no longer report bugs to php.net and you can leave all your
breakages in (actually they are always marked as bogus even when they
result in repeatable server crashes, so I'd given up anyway)."
http://phplens.com/phpeverywhere/?q=node/view/214

That is just one example. PHP is famous for it's arrogance, and this
just highlights it. Why should we bother to continue to support the
community when the community doesn't support us? We owe PHP nothing.
There are plenty of alternatives out there.

Now don't get me wrong. This is not aimed at everyone. I believe you
Rasmus has tried to be diplomatic about everything, but understand that
in these situations people don't look at individuals, so when a few
individuals act badly people will project that onto the entity as a whole.

Leigh.

19 years ago by Rasmus Lerdorf — view source

unread

Leigh Makewell wrote:

Rasmus Lerdorf wrote:

This is where it gets tricky. Is this legal code?

Yes it is legal because it worked.

Well, that is the point, it didn't actually work. Code similar to this
caused memory corruption. So while you may not have seen an instant
crash, over time and in certain conditions you would get unexplained
crashes. In order to fix this bug we needed to check for this sort of
code and in doing so we were able to fix it and also enhance the warning
levels to let people detect this sort of potentially bogus code.

-Rasmus

19 years ago by Leigh Makewell — view source

unread

Rasmus Lerdorf wrote:

Well, that is the point, it didn't actually work. Code similar to this
caused memory corruption. So while you may not have seen an instant
crash, over time and in certain conditions you would get unexplained
crashes. In order to fix this bug we needed to check for this sort of
code and in doing so we were able to fix it and also enhance the warning
levels to let people detect this sort of potentially bogus code.

-Rasmus

You don't seem to understand. I'll let you in on a secret. We don't care
about the php engine and how it works. What we care about is the PHP
code and whether that works. Like it or not you set a precedent. You
allowed us to write code that worked. Maybe it didn't work 100% and
occasionally caused a crash, but that doesn't change the fact it worked.
It must of worked otherwise people wouldn't of written it that way.

The fact that there was some memory corruption occuring occasionally is
a bug in your system. We don't care why it happens, or what is causing
it. All we do care about is that it gets fixed.

You have now demonstrated to us that the PHP developers can't be
bothered trying to find a real solution so you decided to pass the buck
and make us, your users, fix it for you. That is why we are angry. How
do we know this won't happen again? What happens next time you find a
bug that is just too hard? Will we have to change our code on every
version release? How much is that going to cost us in time and money,
and why should we bother?

19 years ago by Rasmus Lerdorf — view source

unread

Leigh Makewell wrote:

Rasmus Lerdorf wrote:

Well, that is the point, it didn't actually work. Code similar to this
caused memory corruption. So while you may not have seen an instant
crash, over time and in certain conditions you would get unexplained
crashes. In order to fix this bug we needed to check for this sort of
code and in doing so we were able to fix it and also enhance the warning
levels to let people detect this sort of potentially bogus code.

-Rasmus

You don't seem to understand. I'll let you in on a secret. We don't care
about the php engine and how it works. What we care about is the PHP
code and whether that works. Like it or not you set a precedent. You
allowed us to write code that worked. Maybe it didn't work 100% and
occasionally caused a crash, but that doesn't change the fact it worked.
It must of worked otherwise people wouldn't of written it that way.

That's fine, and you shouldn't care, I agree. I argued much the same
point just yesterday in a chat with Ilia. You do however seem to be
glossing over the fact that this new check can be very helpful. Take
this case:

sort(array(3,2,1));

Or any other example where the function in question has no other purpose
than to modify its argument. When you pass in something to a function
like this which has no permanent storage, chances are pretty high that
this is a bug in the code and you probably want to know about that. So
I really don't see this as such a black and white case. I am all for
making this a non-fatal error in all cases to allow scripts to keep
working, but I don't buy the argument that just because we didn't check
for this before we are not allowed to check for it now when it can find
valid bugs like this.

-Rasmus

19 years ago by Leigh Makewell — view source

unread

Rasmus Lerdorf wrote:

That's fine, and you shouldn't care, I agree. I argued much the same
point just yesterday in a chat with Ilia. You do however seem to be
glossing over the fact that this new check can be very helpful. Take
this case:

sort(array(3,2,1));

Or any other example where the function in question has no other purpose
than to modify its argument. When you pass in something to a function
like this which has no permanent storage, chances are pretty high that
this is a bug in the code and you probably want to know about that. So
I really don't see this as such a black and white case. I am all for
making this a non-fatal error in all cases to allow scripts to keep
working, but I don't buy the argument that just because we didn't check
for this before we are not allowed to check for it now when it can find
valid bugs like this.

-Rasmus

No you don't understand me. While I disagree with the way the bug was
solved, and the inconsistancies it seems to introduce, I don't have a
problem with the error message in PHP5. PHP4 however should be stable
and unchanging except for bug fixes, and maybe additions, never
removals. Scripts that worked error free before on 4.3 are now spewing
them out in 4.4. I don't believe programmers should have to deal with
that sort of problem unless they make a major version upgrade.

Anyway, this is getting way off from my original post which was a
critisism of the handling of this whole situation and the treatment of
the community. I don't feel I am qualified to argue this particular
issue because I have never encountered it. I don't use references unless
I absolutely have to.

I believe all of this could of been avoided with careful PR. Now you
need some major PR to repair the damage.

Leigh :)

19 years ago by Pierre Joye — view source

unread

I believe all of this could of been avoided with careful PR. Now you
need some major PR to repair the damage.

All the points I tried to explain in the last 2 months or so were
about that and only that. Every oppinions have been raised.

If you expect a "Yes, you are right and we all love you", move on ;-)

Serioulsy, the goal of Rasmus' answer is to provide a technically
acceptable solution to this problem. 5.0.5 was partially a mistake, we
all agreed on that, but we have to go ahead.

The first goal of my post in my blog (and planet) was to warn people
before they upgrade. And it works for that matter. The second was to
raise a constructive discussions here, it is working out too with
Rasmus answer.

Short versions: Stop pollitic :)

Regards,

--Pierre

19 years ago by Lester Caine — view source

unread

Pierre Joye wrote:

All the points I tried to explain in the last 2 months or so were
about that and only that. Every oppinions have been raised.

Short versions: Stop pollitic :)

Pierre I think ONE problem here was that those of us who have moved on
from PHP4 were probably not taking any notice of the discussion relating
to that, so WHEN people started complaining that our PHP5 based apps
designed to still work with PHP4 were now failing in PHP4 we were not
aware of the problem. Greater care SHOULD have been taken in ensuring
that ISP's and other 'third party users' were informed that there WOULD
be a problem so that they would not just roll out an update. ISP's are
not moving to PHP5 BECAUSE code needs fixing and PHP4.4 introduced
exactly the sort of problems that is preventing PHP5 being the current
PHP base?

Perhaps now IS the time to drop PHP4 compatibility from my own code :)

--
Lester Caine

L.S.Caine Electronic Services

19 years ago by Ron Korving — view source

unread

Yes it is legal because it worked

That's nonsense. Even in the C-language certain things have worked in the
past because of compiler bugs. Newer GCC versions have fixed it and broken
C-code. Too bad for the users, but it improved the compiler's C-compliance.
Something might work, but that doesn't make it "legal" by definition.

You have now demonstrated to us that the PHP developers can't be
bothered trying to find a real solution so you decided to pass the buck
and make us, your users, fix it for you. That is why we are angry. How
do we know this won't happen again? What happens next time you find a
bug that is just too hard? Will we have to change our code on every
version release? How much is that going to cost us in time and money,
and why should we bother?

Define "real solution"? Maybe it just didn't exist. From the sound of it,
you haven't contributed in any way to the project, so who are you to judge
if there was a better solution to fix it?

I do agree with you that some people have attitude problems here and that it
hurts the community as a whole. I'm not in the position to talk to the few
people in question about their certain behavior when I notice it, because
I'm just a user like you are. I can only hope the big kahuna's here will
point this out to eachother. I don't consider PHP to be a joke, nor the
community. This community has given us very much, and we never had to pay a
dime for the amazing work they do. We can only be very greatful, but of
course it sure helps when we (developers and users) are all treated with the
proper respect (which in my case, is 99+% of the time).

Ron

19 years ago by Jani Taskinen — view source

unread

joke. People critisise and joke about PHP's automatic "Bogus" bot that just
trolls through the database and marks any submitted bugs as "Bogus". What is
the point of making the bug database public?

 1) I'm not a bot.
 2) I'm not bogusing automatically anything (except for few exceptions [1])
 3) I spend a LOT of my free time, without getting paid
    testing hundreds of wierd code pieces people send,
    configuring and compiling PHP with wierd configure lines,
    etc.

 Never forget: MOST of us (me included) do NOT get paid for this.
 And handling bug reports is propably the most ungrateful "jobs"
 there is.

 I can count the times I've been thanked personally with one hand.
 Most of the time people send me hate email. :)

highlights it. Why should we bother to continue to support the community when
the community doesn't support us? We owe PHP nothing. There are plenty of
alternatives out there.

 It's the community who should support the developers, not the other
 way around. We owe the community nothing, the community owes us everything.

Now don't get me wrong. This is not aimed at everyone. I believe you Rasmus

 Don't lie. You aimed quite well. :)

 --Jani

 [1] People seem to think their problem is the most important one
 and even if it's been reported before, still send it as new one..
 in which case their report gets very quickly bogused. :)
 There are several other reasons why to do that, but for _valid_
 bug reports this happens VERY rarely. (Try piss me off and you'll see)

19 years ago by Leigh Makewell — view source

unread

Well then I suggest you get out there and find out what you are doing
wrong because there is an increasing number of people out there who are
not happy with how their bugs are being treated.
This is a good place to start.
http://www.sitepoint.com/forums/showthread.php?t=297291

Ask them what their issues have been, what can be done to improve the
process. Most of all don't ever just dismiss a bug report the way you
do. Comments like the one here http://bugs.php.net/bug.php?id=34196 are
not acceptable.

This comment of yours amazes me!
"2) I'm not bogusing automatically anything (except for few exceptions [1])"
You just admited that you do automatically bogus bugs if you don't like
the person. You should never EVER be doing that under any circumstances.
Tell them it's a duplicate and link them to the relevant open bug, and
then close it.

The people who submit bugs are helping you make the product better. You
should never insult a person for trying to help you. Tell them you are
unable to reproduce the error and then point them to the relevant
documentation on how to give you better information. In other words,
help them help you!

If you are getting that much hate mail then you are doing it wrong.

Leigh.

Jani Taskinen wrote:

joke. People critisise and joke about PHP's automatic "Bogus" bot that
just trolls through the database and marks any submitted bugs as
"Bogus". What is the point of making the bug database public?
1) I'm not a bot.
2) I'm not bogusing automatically anything (except for few 
exceptions [1])
3) I spend a LOT of my free time, without getting paid
testing hundreds of wierd code pieces people send,
configuring and compiling PHP with wierd configure lines,
etc.
Never forget: MOST of us (me included) do NOT get paid for this.
And handling bug reports is propably the most ungrateful "jobs"
there is.

I can count the times I've been thanked personally with one hand.
Most of the time people send me hate email. :)
highlights it. Why should we bother to continue to support the
community when the community doesn't support us? We owe PHP nothing.
There are plenty of alternatives out there.
It's the community who should support the developers, not the other
way around. We owe the community nothing, the community owes us 
everything.

Now don't get me wrong. This is not aimed at everyone. I believe you
Rasmus
Don't lie. You aimed quite well. :)

--Jani

[1] People seem to think their problem is the most important one
and even if it's been reported before, still send it as new one..
in which case their report gets very quickly bogused. :)
There are several other reasons why to do that, but for _valid_
bug reports this happens VERY rarely. (Try piss me off and you'll see)

19 years ago by Jani Taskinen — view source

unread

Well then I suggest you get out there and find out what you are doing wrong
because there is an increasing number of people out there who are not happy
with how their bugs are being treated.
This is a good place to start.
http://www.sitepoint.com/forums/showthread.php?t=297291

 You really think I have _time_ to spend reading some rants?
 That'll all be out of handling the bogus reports. :)

Ask them what their issues have been, what can be done to improve the process.
Most of all don't ever just dismiss a bug report the way you do. Comments
like the one here http://bugs.php.net/bug.php?id=34196 are not acceptable.

 Why not? a) the guy uses configure options he doesn't know what they
 really do b) I couldn't reproduce it with proper configure line.
 Hence he's doing something stupid.

 You don't obviously understand how much time it takes to go
 through the reports. Try simulating it by taking the 10 first
 open reports and try reproduce all of them with the given
 information in the initial comment..

This comment of yours amazes me!
"2) I'm not bogusing automatically anything (except for few exceptions [1])"
You just admited that you do automatically bogus bugs if you don't like the

 Yes, should I have lied I don't do that?

person. You should never EVER be doing that under any circumstances. Tell them
it's a duplicate and link them to the relevant open bug, and then close it.

 That's what the s.c. quickfixs are for. Our "how-to-report" etc. pages
 specifically ASK people to FIRST check if the bug has already been
 reported. If they ignore our instructions how to reports, we don't have
 the right to ignore their (duplicate) report? Especially in cases where
 there is an OPEN one. And even more in case there is already 10 bogused
 ones where the reason for bogusing has been explained by 2-3 different
 PHP developers?!

The people who submit bugs are helping you make the product better. You should

 Most of the reports are user errors and plain lazyness in reading the
 friendly manual. Not about making the "product" better. (since when is
 an opensource project a product? :)

never insult a person for trying to help you. Tell them you are unable to
reproduce the error and then point them to the relevant documentation on how
to give you better information. In other words, help them help you!

 I guess this is coming back to the fact that nobody notices the positive
 things, only the negative. And think that "bogus" as status always
 means negative thing. Instead of 2nd hand rants, try read the bug
 mailing list for a week. That should give you better insigh what goes
 on on daily basis rather than these separate and very few cases where
 even more arrogant people than me think their civil rights have been
 violated and that they actually have the right to decide what is a bug
 and what's not..

If you are getting that much hate mail then you are doing it wrong.

 I take it more as fan mail. I have a special folder for it too. (/dev/null :)

 --Jani

19 years ago by Leigh Makewell — view source

unread

If you don't know why it's wrong to tell them they are stupid, and can't
be bother spending an extra 10 seconds formulating a respectable
response instead, then you are the wrong person for the job.

Jani Taskinen wrote:

Well then I suggest you get out there and find out what you are doing
wrong because there is an increasing number of people out there who
are not happy with how their bugs are being treated.
This is a good place to start.
http://www.sitepoint.com/forums/showthread.php?t=297291
You really think I have _time_ to spend reading some rants?
That'll all be out of handling the bogus reports. :)
Ask them what their issues have been, what can be done to improve the
process. Most of all don't ever just dismiss a bug report the way
you do. Comments like the one here
http://bugs.php.net/bug.php?id=34196 are not acceptable.
Why not? a) the guy uses configure options he doesn't know what they
really do b) I couldn't reproduce it with proper configure line.
Hence he's doing something stupid.

You don't obviously understand how much time it takes to go
through the reports. Try simulating it by taking the 10 first
open reports and try reproduce all of them with the given
information in the initial comment..
This comment of yours amazes me!
"2) I'm not bogusing automatically anything (except for few exceptions
[1])"
You just admited that you do automatically bogus bugs if you don't
like the
Yes, should I have lied I don't do that?
person. You should never EVER be doing that under any circumstances.
Tell them it's a duplicate and link them to the relevant open bug, and
then close it.
That's what the s.c. quickfixs are for. Our "how-to-report" etc. pages
specifically ASK people to FIRST check if the bug has already been
reported. If they ignore our instructions how to reports, we don't have
the right to ignore their (duplicate) report? Especially in cases where
there is an OPEN one. And even more in case there is already 10 bogused
ones where the reason for bogusing has been explained by 2-3 different
PHP developers?!
The people who submit bugs are helping you make the product better.
You should
Most of the reports are user errors and plain lazyness in reading the
friendly manual. Not about making the "product" better. (since when is
an opensource project a product? :)
never insult a person for trying to help you. Tell them you are unable
to reproduce the error and then point them to the relevant
documentation on how to give you better information. In other words,
help them help you!
I guess this is coming back to the fact that nobody notices the 
positive
things, only the negative. And think that "bogus" as status always
means negative thing. Instead of 2nd hand rants, try read the bug
mailing list for a week. That should give you better insigh what goes
on on daily basis rather than these separate and very few cases where
even more arrogant people than me think their civil rights have been
violated and that they actually have the right to decide what is a bug
and what's not..

If you are getting that much hate mail then you are doing it wrong.
I take it more as fan mail. I have a special folder for it too. 
(/dev/null :)
--Jani

19 years ago by Stefan Esser — view source

unread

Leigh Makewell wrote:

If you don't know why it's wrong to tell them they are stupid, and
can't be bother spending an extra 10 seconds formulating a respectable
response instead, then you are the wrong person for the job.

Could you guys please stop to respond to Leigh Makewell? He is obviously
a troll and this whole thread is just nonsense.

If you don't like how bugs are handled, then join the team and fix the
bugs yourself. Otherwise just STFU and go back to whereever you came from.

Stefan

19 years ago by Pierre Joye — view source

unread

If you don't know why it's wrong to tell them they are stupid,

You are doning something stupid does not mean that you are stupid.

For example, arguing like you do about Jani, is stupid, but you are
certainly not stupid. Notice the difference?

then you are the wrong person for the job.

It is not a job, or do you want to pay him to bogus more bugs?

That said, nobody else can do what Jani does in bugs.php, and you can
thank him instead

--Pierre

19 years ago by Steph — view source

unread

Leigh, that's kinda the point (and to some degree the problem).

This is not a job.

If you don't know why it's wrong to tell them they are stupid, and can't
be bother spending an extra 10 seconds formulating a respectable
response instead, then you are the wrong person for the job.

19 years ago by Jani Taskinen — view source

unread

If you don't know why it's wrong to tell them they are stupid, and can't be

 Show me the report where I have called someone stupid. Then I can explain
 you why I did so. :)

bother spending an extra 10 seconds formulating a respectable response

 10 seconds? Sheesh. If english was my native language, maybe I could do it
 that fast but as it isn't, and as I have to first think the phrase in finnish
 then traslate it in my head into english and then write it and then fix the typos,
 it takes at least 15 seconds! :)

instead, then you are the wrong person for the job.

 Job? I haven't earned any money directly from dealing with the reports in the
 5 years I have been "working" with PHP so I wouldn't call it a job yet. :)

 --Jani

--
Donate @ http://pecl.php.net/wishlist.php/sniper
Donating money will make me happier and friendlier!

19 years ago by oliver.graetz@arcor.de — view source

unread

Jani Taskinen schrieb:

 10 seconds? Sheesh. If english was my native language, maybe I could do it
 that fast but as it isn't, and as I have to first think the phrase in finnish
 then traslate it in my head into english and then write it and then fix the typos,
 it takes at least 15 seconds! :)

That's fast. I still can't figure out one can think in finnish at all.
Iksi, kaksi, kolme? That language is so totally different from
everything else!

Respect ;-)

AllOLLi

"Oh. Not the nose thing, I hate the nose thing."
[Lone Gunmen 12]

19 years ago by George Schlossnagle — view source

unread

If you don't know why it's wrong to tell them they are stupid, and
can't be bother spending an extra 10 seconds formulating a
respectable response instead, then you are the wrong person for the
job.

A cursory survey of the bugs db suggests that you've resolved zero
bugs, and filed one (which was resolved, successfully, by Derick).
There aren't people lining up to take Jani's position - I can
guarantee that if you want to dedicate a couple hours of every day to
resolving bugs that there will be ample work to fill your time (and
you'ld earn the appreciation of many folks).

George

19 years ago by Adam Maccabee Trachtenberg — view source

unread

Well then I suggest you get out there and find out what you are doing
wrong because there is an increasing number of people out there who are
not happy with how their bugs are being treated.
This is a good place to start.
http://www.sitepoint.com/forums/showthread.php?t=297291

I've filed 41 PHP bugs starting in 2001. Of those, 37 have been marked
closed, 1 won't fix, 2 bogus, and 1 no feedback.

Of the ones not marked closed, the won't fix one was quite hard to do,
the bogus ones were bogus, and the no feedback one didn't include a
short reproducible test case, so I don't fault that reply.

Of the 36 bugs that were fixed, they hit the entire spectrum of PHP:
Zend Engine, ftp, mysqli, SPL, SOAP, reflection, streams, iterators,
shm, DOM, SimpleXML, Tidy, arrays, SQLite, PEAR, PHPUnit, Net_Whois,
documentation, the documention system, the Web site, and even the bug
system itself. :)

That's a lot of work from a lot of different people to fix of my
issues, and I'm quite thankful for all of their work.

I've handled customer services issues, such as these, before. It takes
a lot of time to set up your environment to reproduce the issue. Much
more than you'd expect.

Sometimes, people even conspire against themselves, don't give you
what you ask for making it impossible to duplicate, and then get angry
when you don't fix their problem when it's their own fault. :)

I subscribe to the bug reports list, and I often feel bad about the
bogusing of bugs. I know some of the bug report replies aren't as
polite as they could be. I also agree that the label of "bogus"
triggers quite a bit of anger in someone who feels that their bug is
legitimate, and a differently worded label would be much better in
terms of not generating anger. I wish that would change.

However, then I think about how much time I wish to spend going
through all those reports, and I hold my tongue.

If people really want to help the community, go ahead and verify open
PHP bugs -- you don't need to actually come up with a patch -- you
just need to replicate the issue or tune the report to a short test
case. You'll probably be shocked how long that alone takes.

It would be a great help and time saver for core developers, and you'd
get the chance to provide the community with excellent customer
service while you're at it.

-adam

--
adam@trachtenberg.com | http://www.trachtenberg.com
author of o'reilly's "upgrading to php 5" and "php cookbook"
avoid the holiday rush, buy your copies today!

19 years ago by Steph — view source

unread

Nicely said, Adam.

----- Original Message -----
From: "Adam Maccabee Trachtenberg" adam@trachtenberg.com
To: "Leigh Makewell" leigh@eon.com.au
Cc: internals@lists.php.net
Sent: Saturday, September 17, 2005 1:48 AM
Subject: Re: [PHP-DEV] Re: Bogusing bot (Was: [PHP-DEV] Reference
handlingchange and PHP 4.4.0)

Well then I suggest you get out there and find out what you are doing
wrong because there is an increasing number of people out there who are
not happy with how their bugs are being treated.
This is a good place to start.
http://www.sitepoint.com/forums/showthread.php?t=297291

I've filed 41 PHP bugs starting in 2001. Of those, 37 have been marked
closed, 1 won't fix, 2 bogus, and 1 no feedback.

Of the ones not marked closed, the won't fix one was quite hard to do,
the bogus ones were bogus, and the no feedback one didn't include a
short reproducible test case, so I don't fault that reply.

Of the 36 bugs that were fixed, they hit the entire spectrum of PHP:
Zend Engine, ftp, mysqli, SPL, SOAP, reflection, streams, iterators,
shm, DOM, SimpleXML, Tidy, arrays, SQLite, PEAR, PHPUnit, Net_Whois,
documentation, the documention system, the Web site, and even the bug
system itself. :)

That's a lot of work from a lot of different people to fix of my
issues, and I'm quite thankful for all of their work.

I've handled customer services issues, such as these, before. It takes
a lot of time to set up your environment to reproduce the issue. Much
more than you'd expect.

Sometimes, people even conspire against themselves, don't give you
what you ask for making it impossible to duplicate, and then get angry
when you don't fix their problem when it's their own fault. :)

I subscribe to the bug reports list, and I often feel bad about the
bogusing of bugs. I know some of the bug report replies aren't as
polite as they could be. I also agree that the label of "bogus"
triggers quite a bit of anger in someone who feels that their bug is
legitimate, and a differently worded label would be much better in
terms of not generating anger. I wish that would change.

However, then I think about how much time I wish to spend going
through all those reports, and I hold my tongue.

If people really want to help the community, go ahead and verify open
PHP bugs -- you don't need to actually come up with a patch -- you
just need to replicate the issue or tune the report to a short test
case. You'll probably be shocked how long that alone takes.

It would be a great help and time saver for core developers, and you'd
get the chance to provide the community with excellent customer
service while you're at it.

-adam

--
adam@trachtenberg.com | http://www.trachtenberg.com
author of o'reilly's "upgrading to php 5" and "php cookbook"
avoid the holiday rush, buy your copies today!

19 years ago by George Schlossnagle — view source

unread

I can count the times I've been thanked personally with one hand.
Most of the time people send me hate email. :)

Thank you, Jani, for all the (mostly) thankless work.

George

19 years ago by Sebastian Bergmann — view source

unread

George Schlossnagle schrieb:

Thank you, Jani, for all the (mostly) thankless work.

I second that emotion.

--
Sebastian Bergmann http://www.sebastian-bergmann.de/
GnuPG Key: 0xB85B5D69 / 27A7 2B14 09E4 98CD 6277 0E5B 6867 C514 B85B 5D69

19 years ago by Marcus Boerger — view source

unread

Hello Jani,

Jani, thanks for the work! If it wasn't you we all had to do it and
everybody had to keep track. Having you doing all the checks is quit
econvenient (for us).

best regards
marcus

Thursday, September 15, 2005, 1:25:56 PM, you wrote:

joke. People critisise and joke about PHP's automatic "Bogus" bot that just
trolls through the database and marks any submitted bugs as "Bogus". What is
the point of making the bug database public?

 1) I'm not a bot.
 2) I'm not bogusing automatically anything (except for few exceptions [1])
 3) I spend a LOT of my free time, without getting paid
    testing hundreds of wierd code pieces people send,
    configuring and compiling PHP with wierd configure lines,
    etc.

 Never forget: MOST of us (me included) do NOT get paid for this.
 And handling bug reports is propably the most ungrateful "jobs"
 there is.

 I can count the times I've been thanked personally with one hand.
 Most of the time people send me hate email. :)

highlights it. Why should we bother to continue to support the community when
the community doesn't support us? We owe PHP nothing. There are plenty of
alternatives out there.

 It's the community who should support the developers, not the other
 way around. We owe the community nothing, the community owes us everything.

Now don't get me wrong. This is not aimed at everyone. I believe you Rasmus

 Don't lie. You aimed quite well. :)

 --Jani

 [1] People seem to think their problem is the most important one
 and even if it's been reported before, still send it as new one..
 in which case their report gets very quickly bogused. :)
 There are several other reasons why to do that, but for _valid_
 bug reports this happens VERY rarely. (Try piss me off and you'll see)

Best regards,
Marcus

19 years ago by John Coggeshall — view source

unread

Danke, Jani.

Cheers,

John

Hello Jani,

Jani, thanks for the work! If it wasn't you we all had to do it and
everybody had to keep track. Having you doing all the checks is quit
econvenient (for us).

best regards
marcus

Thursday, September 15, 2005, 1:25:56 PM, you wrote:

joke. People critisise and joke about PHP's automatic "Bogus" bot that just
trolls through the database and marks any submitted bugs as "Bogus". What is
the point of making the bug database public?
 1) I'm not a bot.
 2) I'm not bogusing automatically anything (except for few exceptions [1])
 3) I spend a LOT of my free time, without getting paid
    testing hundreds of wierd code pieces people send,
    configuring and compiling PHP with wierd configure lines,
    etc.
 Never forget: MOST of us (me included) do NOT get paid for this.
 And handling bug reports is propably the most ungrateful "jobs"
 there is.
 I can count the times I've been thanked personally with one hand.
 Most of the time people send me hate email. :)
highlights it. Why should we bother to continue to support the community when
the community doesn't support us? We owe PHP nothing. There are plenty of
alternatives out there.
 It's the community who should support the developers, not the other
 way around. We owe the community nothing, the community owes us everything.
Now don't get me wrong. This is not aimed at everyone. I believe you Rasmus
 Don't lie. You aimed quite well. :)
 --Jani
 [1] People seem to think their problem is the most important one
 and even if it's been reported before, still send it as new one..
 in which case their report gets very quickly bogused. :)
 There are several other reasons why to do that, but for _valid_
 bug reports this happens VERY rarely. (Try piss me off and you'll see)
Best regards,
Marcus

19 years ago by Sara Golemon — view source

unread

Gracis senor Taskinen por todos anos.

Besos!

----- Original Message -----
From: "John Coggeshall" john@coggeshall.org
Newsgroups: php.internals
To: "Marcus Boerger" helly@php.net
Cc: "Jani Taskinen" sniper@iki.fi; "Leigh Makewell" leigh@eon.com.au;
internals@lists.php.net
Sent: Friday, September 16, 2005 10:37 AM
Subject: Re: [PHP-DEV] Bogusing bot (Was: [PHP-DEV] Reference handling
changeand PHP 4.4.0)

Danke, Jani.

Cheers,

John
Hello Jani,

Jani, thanks for the work! If it wasn't you we all had to do it and
everybody had to keep track. Having you doing all the checks is quit
econvenient (for us).

best regards
marcus

Thursday, September 15, 2005, 1:25:56 PM, you wrote:

joke. People critisise and joke about PHP's automatic "Bogus" bot that
just
trolls through the database and marks any submitted bugs as "Bogus".
What is
the point of making the bug database public?
 1) I'm not a bot.
 2) I'm not bogusing automatically anything (except for few 
exceptions [1])
3) I spend a LOT of my free time, without getting paid
testing hundreds of wierd code pieces people send,
configuring and compiling PHP with wierd configure lines,
etc.
 Never forget: MOST of us (me included) do NOT get paid for this.
 And handling bug reports is propably the most ungrateful "jobs"
 there is.
 I can count the times I've been thanked personally with one hand.
 Most of the time people send me hate email. :)
highlights it. Why should we bother to continue to support the
community when
the community doesn't support us? We owe PHP nothing. There are plenty
of
alternatives out there.
 It's the community who should support the developers, not the 
other
way around. We owe the community nothing, the community owes us
everything.
Now don't get me wrong. This is not aimed at everyone. I believe you
Rasmus
 Don't lie. You aimed quite well. :)
 --Jani
 [1] People seem to think their problem is the most important one
 and even if it's been reported before, still send it as new one..
 in which case their report gets very quickly bogused. :)
 There are several other reasons why to do that, but for _valid_
 bug reports this happens VERY rarely. (Try piss me off and you'll 
see)
Best regards,
Marcus

19 years ago by Colin Tucker — view source

unread

Rasmus Lerdorf wrote:

So while the tone of some of these messages may not be great,
often the suggestion that the code in question isn't very good is
accurate.

Rasmus, I think where some of the concern and confusion lies is with
those of us who have been doing, or at least attempting, some "heavy"
OOP with PHP4. Now, PHP4 may not be the most ideal platform for OOP
(hence the changes PHP5 brings), but nevertheless it is there, it is
available to use, and despite it's shortcomings, use it we did.

Many of us who did some crazy OOP in PHP4 have used references heavily
because, like in PHP5, we wanted to avoid making copies of objects
everywhere. Hence, a lot of code returns by reference and assigns by
reference. At the time, I certainly didn't think I was writing "bad"
code - it seemed to make sense, and PHP4 happily ran it as expected
without error or complaint. Code like this, for example:

function &getProcessor()
{
return $this->processor->getInstance();
}

...where the processor attribute is a dynamically-configured object
which may generate a different object instance (from getInstance() call)
depending on it's configuration. Now in 4.4, this of course generates a
notice, and has to be changed to:

function &getProcessor()
{
$instance =& $this->processor->getInstance();

return $instance;

}

...which to me just seems like a waste of space. This raises other
questions, for example, what if we're trying to return something by
reference and encounter a problem with returning that something? For
example, take some sort of collection or list class:

function &at($index=NULL)
{
if ($this->hasIndex($index))
{
return $this->elements[$index];
}

return NULL;

}

...you want to grab an element at the specified index by reference if
it's an object. The above code used to work fine, but now of course it
generates a notice, and needs to be changed to something like:

function &at($index=NULL)
{
$element = NULL;

if ($this->hasIndex($index))
{
   $element =& $this->elements[$index];
}

return $element;

}

These things by themselves are not a big deal, but many of us have these
"little" issues happening throughout our code, resulting in hundreds
upon hundreds of notices per page request. Perhaps according to the
true nature of references these examples were not the ideal way to code,
but I don't consider it "bad code", and it was certainly legal and
fully-functional code for some time now. Call it awful if you like, but
it certainly made sense to me at the time.

Regards,

Colin.

19 years ago by Rasmus Lerdorf — view source

unread

Colin Tucker wrote:

I know this issue has most likely been discussed to death here so I
apologise in advance for starting a new thread about it. I just need to
get my head around the reasoning for introducing this change to PHP4
(4.4 branch). I can understand making the change to PHP5, but can
someone bring me up to speed as to why it was done to PHP4? As I'm sure
you're aware, it breaks heaps and heaps of existing code out there.

We found this out the hard way yesterday when our server administrator
upgraded our production server to PHP 4.4.0 (even though the Debian
package description said it was a PHP 4.3.x release). We ended up with
hundreds of errors and many, many vhosts stopped working correctly due
to "variable references should be returned by reference" problems, both
in my code and in third-party code, such as PHPBB instances.

And now I read that this will not be "fixed" in future PHP4 releases due
to breaking backwards compatibility? I just don't understand... a
change that breaks backwards compatibility in a large portion of the
existing PHP4 code base will not be fixed because it breaks backwards
compatibility? It's doing my head in, please can someone explain?

This means that either we have to (potentially) change thousands of
lines of code and upgrade many instances of third-party PHP-based sites
just to use PHP 4.4.0 and above, or miss out on using this and future
PHP4 releases and any security vulnerability fixes they may include. Why
could the change not be made optional by using a php.ini directive?

We have been looking to see if there is a way to fix the memory
corruption issue in a way that has less of an impact on existing code.
This doesn't change the fact that every error you get is actually an
error in the code you are running. The broken code is effectively doing
something similar to:

function foo(&$arg) {
$arg = 4;
}
foo(strlen("abc"));

which makes very little sense. There are many variations of this, but
in every instance it is something that should be fixed, and in some of
the cases it actually leads to memory corruption.

There are many examples of this sort of thing working just fine in PHP
4.3.x because people are passing things in by reference and never
modifying the passed in value. They'll do something along the lines of:

function foo(&$arg) {
return $arg[0] + 1;
}
echo foo(array(1,2,3,4,5,6,7,8,9,10));

possibly because they believe that they are saving memory by not making
a copy of the array with that reference. Of course that is quite
misguided as no copy is done until the arg is modified so if you don't
modify it, you are better off passing it by value.

Right now the change in 4.4 and 5.x is to complain loudly when you pass
a reference to something without any associated storage. In both of the
above examples there is no permanent storage associated with either of
the passed arguments, so trying to get a reference to this storage makes
very little sense. The only feasible way we might be able to work
around this is to make a copy of such bogus reference attempts and
effectively just pretend they were passed by value. I think it is a bit
of a hack, but at the same time the breakage of existing apps has been
more widespread than I think anybody anticipated. I'd still want to
throw a notice to let people know they are doing something odd though.

-Rasmus

19 years ago by Pierre Joye — view source

unread

but at the same time the breakage of existing apps has been
more widespread than I think anybody anticipated.

Than "anybody" liked to anticipate could better said.

I'd still want to throw a notice to let people know they are doing something odd though.

As I said hundred of times in the past weeks to everyone and his
mother, yes, notices could be a much better choice for a first release
(both branches) than fatal errors or warning :-)

Regards,

--Pierre

19 years ago by Colin Tucker — view source

unread

Hi Rasmus, thanks for replying, I appreciate your feedback.

Rasmus Lerdorf wrote:

We have been looking to see if there is a way to fix the memory
corruption issue in a way that has less of an impact on existing code.
This doesn't change the fact that every error you get is actually an
error in the code you are running.

Yes, I know this now, but I guess at the time it seemed ok, because it
wasn't an error then. :)

Right now the change in 4.4 and 5.x is to complain loudly when you pass
a reference to something without any associated storage. In both of the
above examples there is no permanent storage associated with either of
the passed arguments, so trying to get a reference to this storage makes
very little sense. The only feasible way we might be able to work
around this is to make a copy of such bogus reference attempts and
effectively just pretend they were passed by value. I think it is a bit
of a hack, but at the same time the breakage of existing apps has been
more widespread than I think anybody anticipated. I'd still want to
throw a notice to let people know they are doing something odd though.

Well for one I'm glad that PHP5 handles all objects as references now
because this was primarily the reason I used references in PHP4, i.e. to
ensure that copies of objects were not being passed around. Plus, I'm
now in the process of converting my core code to PHP5 using it's 'proper
OO' features. However, as you mentioned, this still leaves a lot of
broken PHP4 code under 4.4 and above. I completely understand now why
the change was made, I just guess a lot of us were doing funny things
with references that we shouldn't have been. I suppose it's a tricky
situation for you guys as there was no solution that wouldn't cause at
least some breakage.

Cheers,

Colin.

19 years ago by Derick Rethans — view source

unread

Hello all,

I know this issue has most likely been discussed to death here so I apologise
in advance for starting a new thread about it. I just need to get my head
around the reasoning for introducing this change to PHP4 (4.4 branch). I can
understand making the change to PHP5, but can someone bring me up to speed as
to why it was done to PHP4? As I'm sure you're aware, it breaks heaps and
heaps of existing code out there.

It already broke heaps of code - and this problems was affecting
application with hard to find crashes. So yes, it is worth it.

We found this out the hard way yesterday when our server administrator
upgraded our production server to PHP 4.4.0 (even though the Debian package
description said it was a PHP 4.3.x release). We ended up with hundreds of
errors and many, many vhosts stopped working correctly due to "variable
references should be returned by reference" problems, both in my code and in
third-party code, such as PHPBB instances.

Uhm, they're only notices - they shouldn't show up at the website in
production, now should they?

And now I read that this will not be "fixed" in future PHP4 releases due to
breaking backwards compatibility? I just don't understand... a change that
breaks backwards compatibility in a large portion of the existing PHP4 code
base will not be fixed because it breaks backwards compatibility? It's doing
my head in, please can someone explain?

PHP 4 is not going to change the behavior anymore.

Derick

--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

19 years ago by Colin Tucker — view source

unread

Derick Rethans wrote:

We found this out the hard way yesterday when our server administrator
upgraded our production server to PHP 4.4.0 (even though the Debian package
description said it was a PHP 4.3.x release). We ended up with hundreds of
errors and many, many vhosts stopped working correctly due to "variable
references should be returned by reference" problems, both in my code and in
third-party code, such as PHPBB instances.

Uhm, they're only notices - they shouldn't show up at the website in
production, now should they?

Derick, can you show me where I said that they showed up on the website?

And now I read that this will not be "fixed" in future PHP4 releases due to
breaking backwards compatibility? I just don't understand... a change that
breaks backwards compatibility in a large portion of the existing PHP4 code
base will not be fixed because it breaks backwards compatibility? It's doing
my head in, please can someone explain?

PHP 4 is not going to change the behavior anymore.

Sorry, but that doesn't really answer my question.

Regards,

Colin.

19 years ago by oliver.graetz@arcor.de — view source

unread

Hi again from an "ordinary user"!

This thread has some opponents sharpening their knives in the corners.
Hey guys, cool down! It's only ones and zeroes! ;-)

First of all let's find some agreements points:

I think most of you agree that it was a bigger problem
fixing it with warning in PHP4 than it was in PHP5.
Not fixing it was out of question because it caused
memory corruption.

Some time ago there were default options in the php.ini that are
considered very harmful nowadays (register_globals etc) but they are
still there, just carefully defaulting to off. See the similarities? If
some people just want to use it this way the put in an option:

unstored_references = NOTICE|IMPLICIT_TEMP_STORE

So people relying on using it the old way can just switch it to
automagically assigning a temp variable inbetween (or is this standard
procedure since 4.4? Then just allow to switch the log level for such
events.).

On a side note it would help people if there was a possibility to run
all kinds of PHP versons as Apache module in parallel which nowadays has
to be done by patching the sources. Some PHP coders don't like the CGI
variant and prefer the module and just for the sake of using the module
they resign to doing all stuff with a single PHP version. Being able to
run a 4.3.10 module in parallel with a 4.4 module and choosing the one
to use on a per-directory-basis via .htaccess could calm a lot of voices.

AllOLLi

Time is an illusion. Lunchtime doubtly so.
[Douglas Adams]

19 years ago by Colin Tucker — view source

unread

Hello again,

Wow, this thread generated more heat than I thought it would, I
basically just wanted to know the reasoning behind making the change to
PHP4, unfortunate I guess for all involved that it went downhill. I
have learned much in the past few days, at any rate.

As mentioned, my code actually broke following the switch to 4.4.0, in
addition to logging hundreds of E_NOTICE errors. It's taken me some
time to track down where it's going wrong, but I think I've found out
the culprits involved. It's complicated, I'll try to explain it all.

The problem was related to components of my web app framework (which is
similar to Struts, and incidently, now being phased out for a MUCH more
lightweight, PHP5-based framework), in particular, an array of
attributes, view helper classes and the creation of DAOs (data access
objects) at runtime via XML configuration, which would look like this:

This XML would be parsed and the relevant DAO instances would be created
and recorded in attribute scope for the current application module
instance. For each dao node, the following code would be called (where
$daoClass and $daoComponent are extracted from the XML attributes):

$dao =& $this->_createDAO($daoClass,$daoComponent);

if ($dao)
{
$this->module->setAttributeByReference($name,$dao);
}

Notice it assigns by reference, however I discovered that the
_createDAO() method was not returning by reference:

function _createDAO($daoClass=null,$daoComponent=null)
{

// Obtain Database Object:

$database =& $this->module->findDatabase();

if (is_null($database))
{
   trigger_error($this->error(ERROR_DB_COULD_NOT_OBTAIN));
}
else
{

// Obtain Database Connection:

   $connection =& $database->getConnection();

   if (is_null($connection))
   {
      trigger_error($this->error(ERROR_DB_COULD_NOT_CONNECT));
   }
   else
   {

   // Create DAO Instance:

      $cmp =& new ClassComponent($daoClass,$daoComponent);

      $dao =& $cmp->getInstance();

      if ($dao)
      {
         $dao->setConnectionByReference($connection);

         return $dao;
      }
   }
}

return NULL;

}

What was happening under PHP 4.4.0 is when the newly created DAO was
added to the module as an attribute (setAttributeByReference), a new
attribute would be created, but ALL existing DAOs in the attribute scope
would become the newly added DAO, for example:

(create and set the dao.freight attribute):

attributes (array)
{
[dao.freight] => FreightDAO Object
}

(create and set the dao.customer attribute):

attributes (array)
{
[dao.freight] => CustomerDAO Object
[dao.customer] => CustomerDAO Object
}

(create and set the dao.order.status attribute):

attributes (array)
{
[dao.freight] => OrderStatusDAO Object
[dao.customer] => OrderStatusDAO Object
[dao.order.status] => OrderStatusDAO Object
}

Simply by adding the ampersand to the _createDAO() method, like so:

function &_createDAO($daoClass=null,$daoComponent=null)
{
}

...rectified the problem (however did not make hundreds of E_NOTICE's
disappear, of course ;)).

The question is, why did this problem not occur before 4.4.0? Is this
an example of the "memory corruption"?

Regards,

Colin.

19 years ago by Todd Ruth — view source

unread

Aha! That was the inspiration I needed to get the right
combination of "&"s. The following bit of code behaves
differently under 4.3 vs 4.4:

<?php
function f(&$a) { return $a; }
$x = array('a','b','c');
foreach (array_keys($x) as $k) {
// I think the following line disconnects $y in 4.3
// but leaves $y connected in 4.4
$y =& f($x[$k]);
$z[] =& $y;
}
var_dump($x);
var_dump($z);
?>

My guess would be that in 4.3 the engine tries to do the
reference even though it may be dangerous. That would
"disconnect" $y from the previous $z[]. 4.4 knows the
reference is impossible and leaves $y connected to the
previous $z[]. Is that analysis correct, engine gurus?

Thanks, Colin!

Todd

Hello again,

Wow, this thread generated more heat than I thought it would, I
basically just wanted to know the reasoning behind making the change to
PHP4, unfortunate I guess for all involved that it went downhill. I
have learned much in the past few days, at any rate.

As mentioned, my code actually broke following the switch to 4.4.0, in
addition to logging hundreds of E_NOTICE errors. It's taken me some
time to track down where it's going wrong, but I think I've found out
the culprits involved. It's complicated, I'll try to explain it all.

The problem was related to components of my web app framework (which is
similar to Struts, and incidently, now being phased out for a MUCH more
lightweight, PHP5-based framework), in particular, an array of
attributes, view helper classes and the creation of DAOs (data access
objects) at runtime via XML configuration, which would look like this:
<daos> <dao name="dao.freight" class="FreightDAO" component="Generic/Commerce/DAO/FreightDAO.php" /> <dao name="dao.customer" class="CustomerDAO" component="Generic/Commerce/DAO/CustomerDAO.php" /> <dao name="dao.order.status" class="OrderStatusDAO" component="Generic/Commerce/DAO/OrderStatusDAO.php" /> </daos>
This XML would be parsed and the relevant DAO instances would be created
and recorded in attribute scope for the current application module
instance. For each dao node, the following code would be called (where
$daoClass and $daoComponent are extracted from the XML attributes):

$dao =& $this->_createDAO($daoClass,$daoComponent);

if ($dao)
{
$this->module->setAttributeByReference($name,$dao);
}

Notice it assigns by reference, however I discovered that the
_createDAO() method was not returning by reference:

function _createDAO($daoClass=null,$daoComponent=null)
{

// Obtain Database Object:
$database =& $this->module->findDatabase();

if (is_null($database))
{
   trigger_error($this->error(ERROR_DB_COULD_NOT_OBTAIN));
}
else
{

// Obtain Database Connection:

   $connection =& $database->getConnection();

   if (is_null($connection))
   {
      trigger_error($this->error(ERROR_DB_COULD_NOT_CONNECT));
   }
   else
   {

   // Create DAO Instance:

      $cmp =& new ClassComponent($daoClass,$daoComponent);

      $dao =& $cmp->getInstance();

      if ($dao)
      {
         $dao->setConnectionByReference($connection);

         return $dao;
      }
   }
}

return NULL;
}

What was happening under PHP 4.4.0 is when the newly created DAO was
added to the module as an attribute (setAttributeByReference), a new
attribute would be created, but ALL existing DAOs in the attribute scope
would become the newly added DAO, for example:

(create and set the dao.freight attribute):

attributes (array)
{
[dao.freight] => FreightDAO Object
}

(create and set the dao.customer attribute):

attributes (array)
{
[dao.freight] => CustomerDAO Object
[dao.customer] => CustomerDAO Object
}

(create and set the dao.order.status attribute):

attributes (array)
{
[dao.freight] => OrderStatusDAO Object
[dao.customer] => OrderStatusDAO Object
[dao.order.status] => OrderStatusDAO Object
}

Simply by adding the ampersand to the _createDAO() method, like so:

function &_createDAO($daoClass=null,$daoComponent=null)
{
}

...rectified the problem (however did not make hundreds of E_NOTICE's
disappear, of course ;)).

The question is, why did this problem not occur before 4.4.0? Is this
an example of the "memory corruption"?

Regards,

Colin.

19 years ago by Todd Ruth — view source

unread

I should have said something about a fix. I guess the fix
would be to always unset any variable that is attempting
to be assigned by reference before doing anything else
with the variable. Yes? That would at least fix BC
for the example I gave (and I think Colin's example).
If $y were unset (based on the "=&" even the "&" can't
really be used) before being set, the behavior would
have matched 4.3.

Todd

Aha! That was the inspiration I needed to get the right
combination of "&"s. The following bit of code behaves
differently under 4.3 vs 4.4:

<?php
function f(&$a) { return $a; }
$x = array('a','b','c');
foreach (array_keys($x) as $k) {
// I think the following line disconnects $y in 4.3
// but leaves $y connected in 4.4
$y =& f($x[$k]);
$z[] =& $y;
}
var_dump($x);
var_dump($z);
?>

My guess would be that in 4.3 the engine tries to do the
reference even though it may be dangerous. That would
"disconnect" $y from the previous $z[]. 4.4 knows the
reference is impossible and leaves $y connected to the
previous $z[]. Is that analysis correct, engine gurus?

Thanks, Colin!

Todd
Hello again,

Wow, this thread generated more heat than I thought it would, I
basically just wanted to know the reasoning behind making the change to
PHP4, unfortunate I guess for all involved that it went downhill. I
have learned much in the past few days, at any rate.

As mentioned, my code actually broke following the switch to 4.4.0, in
addition to logging hundreds of E_NOTICE errors. It's taken me some
time to track down where it's going wrong, but I think I've found out
the culprits involved. It's complicated, I'll try to explain it all.

The problem was related to components of my web app framework (which is
similar to Struts, and incidently, now being phased out for a MUCH more
lightweight, PHP5-based framework), in particular, an array of
attributes, view helper classes and the creation of DAOs (data access
objects) at runtime via XML configuration, which would look like this:
<daos> <dao name="dao.freight" class="FreightDAO" component="Generic/Commerce/DAO/FreightDAO.php" /> <dao name="dao.customer" class="CustomerDAO" component="Generic/Commerce/DAO/CustomerDAO.php" /> <dao name="dao.order.status" class="OrderStatusDAO" component="Generic/Commerce/DAO/OrderStatusDAO.php" /> </daos>
This XML would be parsed and the relevant DAO instances would be created
and recorded in attribute scope for the current application module
instance. For each dao node, the following code would be called (where
$daoClass and $daoComponent are extracted from the XML attributes):

$dao =& $this->_createDAO($daoClass,$daoComponent);

if ($dao)
{
$this->module->setAttributeByReference($name,$dao);
}

Notice it assigns by reference, however I discovered that the
_createDAO() method was not returning by reference:

function _createDAO($daoClass=null,$daoComponent=null)
{

// Obtain Database Object:
$database =& $this->module->findDatabase();

if (is_null($database))
{
   trigger_error($this->error(ERROR_DB_COULD_NOT_OBTAIN));
}
else
{

// Obtain Database Connection:

   $connection =& $database->getConnection();

   if (is_null($connection))
   {
      trigger_error($this->error(ERROR_DB_COULD_NOT_CONNECT));
   }
   else
   {

   // Create DAO Instance:

      $cmp =& new ClassComponent($daoClass,$daoComponent);

      $dao =& $cmp->getInstance();

      if ($dao)
      {
         $dao->setConnectionByReference($connection);

         return $dao;
      }
   }
}

return NULL;
}

What was happening under PHP 4.4.0 is when the newly created DAO was
added to the module as an attribute (setAttributeByReference), a new
attribute would be created, but ALL existing DAOs in the attribute scope
would become the newly added DAO, for example:

(create and set the dao.freight attribute):

attributes (array)
{
[dao.freight] => FreightDAO Object
}

(create and set the dao.customer attribute):

attributes (array)
{
[dao.freight] => CustomerDAO Object
[dao.customer] => CustomerDAO Object
}

(create and set the dao.order.status attribute):

attributes (array)
{
[dao.freight] => OrderStatusDAO Object
[dao.customer] => OrderStatusDAO Object
[dao.order.status] => OrderStatusDAO Object
}

Simply by adding the ampersand to the _createDAO() method, like so:

function &_createDAO($daoClass=null,$daoComponent=null)
{
}

...rectified the problem (however did not make hundreds of E_NOTICE's
disappear, of course ;)).

The question is, why did this problem not occur before 4.4.0? Is this
an example of the "memory corruption"?

Regards,

Colin.

19 years ago by Derick Rethans — view source

unread

Aha! That was the inspiration I needed to get the right
combination of "&"s. The following bit of code behaves
differently under 4.3 vs 4.4:

<?php
function f(&$a) { return $a; }
$x = array('a','b','c');
foreach (array_keys($x) as $k) {
// I think the following line disconnects $y in 4.3
// but leaves $y connected in 4.4
$y =& f($x[$k]);
$z[] =& $y;
}
var_dump($x);
var_dump($z);
?>

My guess would be that in 4.3 the engine tries to do the
reference even though it may be dangerous. That would
"disconnect" $y from the previous $z[]. 4.4 knows the
reference is impossible and leaves $y connected to the
previous $z[]. Is that analysis correct, engine gurus?

Yes, it is. This has bitten me too a couple of times. But ofcourse, the
new behavior is the correct one.

Derick

--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

19 years ago by Todd Ruth — view source

unread

Wasn't part of the "negotiation" when 4.4 was created that
the behavior would be the same as 4.3 (excluding anything
that happened because of a memory corruption)? (I'm not
counting the notices as behavior.)

I don't see how it can be argued that "$y =& ..." leaving
$y connected to it's old buddies can be considered correct.
I see why $y should not be tied to the rvalue if the rvalue
is not suitable for being used as a reference, but that
doesn't change the fact that this code clearly indicates
$y should be detached from anything it was formerly attached
to. Wouldn't the php philosophy indicate $y should be unset
before being assigned by value in this case? (and after all,
doing that preserves BC!) Please elaborate on the idea
that the new behavior is correct.

BTW, when you say "This has bitten me too a couple of times",
are you saying that you were aware of a BC break beyond
memory corruption and didn't mention it?

Thanks,
Todd

Aha! That was the inspiration I needed to get the right
combination of "&"s. The following bit of code behaves
differently under 4.3 vs 4.4:

<?php
function f(&$a) { return $a; }
$x = array('a','b','c');
foreach (array_keys($x) as $k) {
// I think the following line disconnects $y in 4.3
// but leaves $y connected in 4.4
$y =& f($x[$k]);
$z[] =& $y;
}
var_dump($x);
var_dump($z);
?>

My guess would be that in 4.3 the engine tries to do the
reference even though it may be dangerous. That would
"disconnect" $y from the previous $z[]. 4.4 knows the
reference is impossible and leaves $y connected to the
previous $z[]. Is that analysis correct, engine gurus?

Yes, it is. This has bitten me too a couple of times. But ofcourse, the
new behavior is the correct one.

Derick

--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

19 years ago by ondrej@kmit.sk — view source

unread

Hi

I was lost in this thread. Could someone post resume from this
discussion? How can I deal with this in 4.3, 4.4, 5+?

Thanks

--
Ondrej Ivanič
(ondrej@kmit.sk)

Reference handling change and PHP 4.4.0

-- Lester Caine

--
Lester Caine