Hi Niklas, On Sat, Aug 1, 2015 at 7:20 AM, Niklas Keller <m...@kelunik.com> wrote:
> 2015-07-31 23:36 GMT+02:00 Yasuo Ohgaki <yohg...@ohgaki.net>: > >> Hi Niklas, >> >> On Fri, Jul 31, 2015 at 7:20 PM, Niklas Keller <m...@kelunik.com> wrote: >> >>> Using set_error_handler isn't handling errors gracefully. Well, it's >>> better than E_ERROR, but then libraries can't handle those errors >>> gracefully, because the user might override its error handler by setting an >>> own handler. >> >> >> Now I see what do you mean by "gracefully". >> >> TL;DR; >> It's app developer jobs to handle these fatal errors. >> > > Nope. > > >> Most fatal errors shouldn't be recovered by library. e.g. Fallback to non >> CSPRNG when CSPRNG is not >> available. >> > > They should totally be handled. You need to catch the error and throw a > defined exception, otherwise your public API will break if you choose to > use another internal implementation. > Additionally, you seem to assume that the library doesn't have to do > things like cleanups in such a case. > My thought is based on Design by Contract (Contract programming). When parameter or environment does not satisfy contract, contract error should be resulted in program/process termination. Fixing inappropriate parameter or environment is not library/framework author's responsibility, but the developer's. i.e. Caller(function/programmer/system admin) has the responsibility that satisfies parameter/environment requirement. If requirement is not met, it's perfectly OK for library/framework to raise fatal errors/exceptions. e.g. "You need PHP 5.6 or greater" error. Handling these fatal errors in a library/framework make code complex unnecessarily. More complex code has more chances to have bugs including security related bugs. Library/framework may simply raise error/exception telling users "It's impossible to work". PHP is general programing language, so we have to consider long life applications such as standalone apps. I fully agree that exception is far easier for handling errors properly and keep app running. However, making randon_*() a special function does not worth it. IMHO. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net