On 21 February 2015 at 18:13, Zeev Suraski <z...@zend.com> wrote: >> -----Original Message----- >> From: Anthony Ferrara [mailto:ircmax...@gmail.com] >> Sent: Saturday, February 21, 2015 8:12 PM >> To: Zeev Suraski >> Cc: PHP internals >> Subject: Re: [PHP-DEV] Coercive Scalar Type Hints RFC >> >> Zeev, >> >> First off, thanks for putting forward a proposal. I look forward to a >> patch >> that can be experimented with. >> >> There are a few concerns that I have about the proposal however: >> >> > Proponents of Strict STH cite numerous advantages, primarily around code >> safety/security. In their view, the conversion rules proposed by Dynamic >> STH >> can easily allow ‘garbage’ input to be silently converted into arguments >> that >> the callee will accept – but that may, in many cases, hide >> difficult-to-find >> bugs or otherwise result in unexpected behavior. >> >> I think that's partially mis-stating the concern. > > I don't think it is, based
The sentence stresses garbage in too much to read as accurate. To clarify, there is a) garbage in due to weak coercion and b) a function being called with a string when the typehint says int. Both are separate concerns around error detection. Stricter coercion can enable only one of these two, for example. That's better than neither, of course! The coercion rules were stricter than I expected based on previous emails. Stressing one too much might suggest to a reader that the second concern does not exist. Other pedantic comment: "numerous" is probably too strong a word there. The advantages may vary by person, but usually fit within basic five-finger math. It would be more important to enumerate them rather than selecting one as primary. On the RFC rules themselves, a few comments: 1. Happy to see leading/trailing spaces excluded. 2. Rules don't make mention of leading zeroes, e.g. 0003 3. "1E07" might be construed as overly generous assuming we are excluding stringy integers like hex, oct and binary 4. I'm assuming the stringy ints are rejected? 5. Is ".32" coerced to float or only "0.32"? Merely for clarification. 6. Boolean coercion from other types... Not entirely sure myself. Completely off the cuff: <=0: false, >0:true, floats and strings need not apply. 7. In string to float, only capital E or also small e? 8. I'll never stop call them "stringy" ints. Paddy -- Pádraic Brady http://blog.astrumfutura.com http://www.survivethedeepend.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
