Re: [PHP-DEV] [RFC][Vote] Auto-capture closures

[Anton Smirnov]

On Fri, 2022-07-01 at 16:11 +0200, Hans Henrik Bergan wrote:
> > As far as we are aware, only two languages in widespread use
> > require variables to be explicitly closed over: PHP and C++. All
> > other major languages capture implicitly, as is proposed here.

But do any of them auto-capture by value?

> to be fair to c++, it supports [&] to capture everything, like
> int a=1,b=2,c=3;[&]()->void{std::cout << a << b << c;}();

I think that's still explicit

-- 
Anton

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

[PHP-DEV] Re: [RFC] [Under Discussion] Constants in traits

[shinji igarashi]

Hello, everyone!

I have updated the RFC for constants in traits to reflect the discussion at
ML and answer some additional questions, as well as add sections on
comparisons to other languages and future scope, and modify some
sentences for clarity.
https://wiki.php.net/rfc/constants_in_traits

If there is no additional discussion, I will open the voting around
2022-07-05 22:00 (UTC) .

Thanks!

--
Shinji Igarashi

2022年6月22日(水) 6:33 shinji igarashi :
>
> Hello everyone!
>
> I'd like to start a discussion on an RFC to allow defining constants in 
> traits.
> https://wiki.php.net/rfc/constants_in_traits
>
> I'm looking forward to your feedback, including corrections on English 
> wordings.
>
> Thanks!
>
> --
> Shinji Igarashi

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] [RFC] [Under Discussion] Random Extension Improvement

[Go Kudo]

2022年6月29日(水) 17:40 Guilliam Xavier :

> >> > https://wiki.php.net/rfc/random_extension_improvement
> >>
> >> I just realized a little thing: in the array_rand() example, for
> >> $beforeSingle, it would probably be "more realistic" to omit `, 1`
> >> (which is already the default for $num).
> >>
> >> Note: for `Randomizer::pickArrayKeys(array $array, int $num): array`,
> >> it makes sense that $num does *not* have a default value (1 would be
> >> "weird" because the method always returns a *list of keys*, and
> >> count($array) [via null] would be "useless" because keys are returned
> >> *in their original order* [so it would make the method equivalent to
> >> array_keys($array) by default]),
> >> and that's probably a good thing (it forces to update the call by
> >> adding an explicit `, 1` argument and reminds to add a `[0]` or
> >> similar on the returned value).
> >>
> >> An alternative design would be `Randomizer::pickArrayKey(array
> >> $array): int|string`, but migrating existing uses with $num != 1 would
> >> be harder, so probably not better.
> >
> > This is certainly a complicated issue.
> >
> > I proposed the signature `Randomizer::arrayPickKeys(array $array, int
> $num): array` because it can be solved with the current PHP sugar syntax
> and the default value of $num is 1 despite the name "arrayPickKeys".
> >
> > However, this is a bit tricky and may not be user-friendly for the
> average user.
> >
> > So, how about adding two methods, `Randomizer::arrayPickKey(array
> $array): int|string` and `Randomizer::arrayPickKeys(array $array, int
> $num): array`?
> >
> > This may seem redundant, but it may avoid user confusion.
>
> Sorry if I wasn't clear: I just suggested to make this little change
> in the example:
>
> ```diff
> -$beforeSingle = array_rand(['foo' => 'foo', 'bar' => 'bar', 'baz' =>
> 'baz'], 1); // (string) foo
> +$beforeSingle = array_rand(['foo' => 'foo', 'bar' => 'bar', 'baz' =>
> 'baz']); // (string) foo
> ```
>
> to make it more "realistic".
>
> As concerns the rest (about pickArrayKeys): sorry for the digression,
> I was just "thinking out loud", I *don't* want any change there
> (first, it makes sense that pickArrayKeys has `int $num` *without* a
> default value [even if array_rand has 1]; second, "pickArrayKey" [if
> really wanted] is trivial to implement in userland as a wrapper around
> pickArrayKeys [but the opposite would not be so], and I don't think
> that adding *both* methods to Randomizer is desirable either [better
> keep it simple/minimal]).
>
> Regards,
>
> --
> Guilliam Xavier
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: https://www.php.net/unsub.php
>
>
Hi

Thank you. That feels true.
I will try to keep the RFC as it currently stands.

Sorry for the delay in replying. I was a little held up with personal
business.
I will delay the start of voting by one day.

Best regards
Go Kudo

Re: [PHP-DEV] [RFC][Vote] Auto-capture closures

[Dan Ackroyd]

On Fri, 1 Jul 2022 at 15:05, Larry Garfield  wrote:
>
> The vote for auto-capture closures is now open.  It will run until 15 July.

Voting no as:

i) changes in the implementation need more than 1.5 hours discussion
between that change and the voting opening.

ii) The inconsistency of capturing rules between this RFC and arrow
functions are "not obviously" the correct choice. And definitely need
more than 90 minutes of thinking about.

iii) Some of the phrases in the RFC are still just not true.

"Capture is by-value, no unintended side-effects"
"A by-value capture means that it is not possible to modify any
variables from the outer scope"
"Because variables are bound by-value, the confusing behaviors often
associated with closures do not exist."

They are true for scalar values, but not for objects.

RFCs need to be written clearly so that people don't get the wrong
impression if the don't read every single word.

btw for my concerns about object capturing and RAII, the manual could
probably say something like:

> If you want to ensure an object is captured you can either assign it to 
> itself:
>
> $foo = $foo;
>
> Or create an empty function:
>
> function ensure_variables_stays_alive(mixed $variable)
> {
>/* function is intentionally blank */
> }
>
> and call that function with the variable you want to stay alive inside the 
> closure.

But again, this is "not obviously" the correct choice.

Dan
Ack

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] [RFC][Vote] Auto-capture closures

[Hans Henrik Bergan]

>As far as we are aware, only two languages in widespread use require
variables to be explicitly closed over: PHP and C++. All other major
languages capture implicitly, as is proposed here.

to be fair to c++, it supports [&] to capture everything, like
int a=1,b=2,c=3;[&]()->void{std::cout << a << b << c;}();


On Fri, 1 Jul 2022 at 16:05, Larry Garfield  wrote:

> Greetings, Internalians.
>
> The vote for auto-capture closures is now open.  It will run until 15 July.
>
> https://wiki.php.net/rfc/auto-capture-closure
>
> --
>   Larry Garfield
>   la...@garfieldtech.com
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: https://www.php.net/unsub.php
>
>

[PHP-DEV] [RFC][Vote] Auto-capture closures

[Larry Garfield]

Greetings, Internalians.

The vote for auto-capture closures is now open.  It will run until 15 July.

https://wiki.php.net/rfc/auto-capture-closure

-- 
  Larry Garfield
  la...@garfieldtech.com

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

[PHP-DEV] [RFC][Voting] Fetch properties of enums in const expressions

[Ilija Tovilo]

Hi everyone

I opened voting for the "Fetch properties of enums in const expressions" RFC.
https://wiki.php.net/rfc/fetch_property_in_const_expressions

Voting closes on 2022-07-15.

Ilija

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] [RFC] Short Closures 2, aka auto-capture take 3

[Arnaud Le Blanc]

Hi Björn,

On Wed, Jun 29, 2022 at 8:09 PM Björn Larsson via internals <
internals@lists.php.net> wrote:

> Would it be an option to include a "Future scope" with the features:
> - Explicit capture that list only the variables to be captured by value
> or reference, nothing else.
> - Extending the traditional anonymous function with use(*) for capturing
> everything.
>
> Anyway, hope this passes for PHP 8.2!
>

Thank you for the suggestion. The RFC now includes a Future Scope section.
The extension of traditional anonymous functions is discussed separately in
the "Alternative implementations" section.

Regards,

Re: [PHP-DEV] [RFC] Short Closures 2, aka auto-capture take 3

[Arnaud Le Blanc]

Hi Rowan,

Since this still has a small chance of breaking existing code, we preferred
to exclude arrow functions from this change, for now. We have added this in
Future Scope. This is something we could do in a follow-up RFC.

Regards,

Re: [PHP-DEV] [RFC] Short Closures 2, aka auto-capture take 3

[Arnaud Le Blanc]

Hi Guilliam,

Thank you for noticing.

The PR is now fully in sync with the RFC (no arrow function changes, no
explicit use support).

The RFC also now clarifies that arrow functions are not changed by the RFC.

Re: [PHP-DEV] [RFC] [Under Discussion] New Curl URL API

[Tim Düsterhus]

Hi

On 7/1/22 12:07, Rowan Tommins wrote:

My concern is rather the opposite: if it is not obvious *to someone writing
PHP code* how the API should be used, there is a higher chance of them
using it incorrectly, and introducing errors.

A good example of this mindset is the password_* functions: they do not
expose the options of underlying implementations, they present an
easy-to-use *opinionated* set of behaviours, that solves a common use case
for their audience. They allow users to "fall into the pit of success",
because the easy thing is also the correct thing.


The difference to me is that "curl" is a well-established library with 
an existing API. By faithfully representing the original API (e.g. the 
naming of the options/flags), I can leverage the existing documentation 
or Stack Overflow Q to learn what exactly a specific option does.


This would be different for an "url" or "http" or "uri" extension. That 
one might use cURL currently and might use 
https://github.com/uriparser/uriparser in a future version if there are 
good arguments to change the underlying library. It would just guarantee 
you that it can process URIs correctly according to whatever API one 
creates.


The password_* family uses such a generic term: "password". It does not 
pretend to be "libargon2".


In other words: If it says "curl" on the box, then I expect to have 
"curl" within the box.



However, to me at least, it's not entirely clear who the target audience
for this API is, what tasks it should be making easy, and what correct
usage looks like. Just providing a bunch of functions, in whatever form,
doesn't provide security unless users can understand how to use them
securely.


Best regards
Tim Düsterhus

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] [RFC] [Under Discussion] New Curl URL API

[Rowan Tommins]

On Thu, 30 Jun 2022 at 23:21, Levi Morrison via internals <
internals@lists.php.net> wrote:

> On Thu, Jun 30, 2022 at 10:48 AM Pierrick Charron 
> wrote:
> > One of the goal of this API is to tighten a problematic vulnerable area
> > for applications where the URL parser library would believe one thing
> > and libcurl another. This could and has sometimes led to security
> > problems.
>
> Designing another API on top of what libcurl provides _could make the
> problem worse_.



My concern is rather the opposite: if it is not obvious *to someone writing
PHP code* how the API should be used, there is a higher chance of them
using it incorrectly, and introducing errors.

A good example of this mindset is the password_* functions: they do not
expose the options of underlying implementations, they present an
easy-to-use *opinionated* set of behaviours, that solves a common use case
for their audience. They allow users to "fall into the pit of success",
because the easy thing is also the correct thing.

However, to me at least, it's not entirely clear who the target audience
for this API is, what tasks it should be making easy, and what correct
usage looks like. Just providing a bunch of functions, in whatever form,
doesn't provide security unless users can understand how to use them
securely.

Regards,
-- 
Rowan Tommins
[IMSoP]

Re: [PHP-DEV] [RFC] Short Closures 2, aka auto-capture take 3

[Guilliam Xavier]

On Thu, Jun 30, 2022 at 7:37 PM Arnaud Le Blanc  wrote:
>
> On jeudi 30 juin 2022 18:29:44 CEST Guilliam Xavier wrote:
> > Ah? Sorry, I had interpreted
> > https://github.com/php/php-src/pull/8330/files#diff-85701127596aca0e597bd796
> > 1b5d59cdde4f6bb3e2a109a22be859ab7568b4d2R7318-R7320 as "capture the
> > *minimal* set of variables for *both* arrow functions and short closures",
> > but I was wrong?
>
> No, you are right, the PR changes arrow functions too. But in the RFC we
> decided to not touch the arrow functions for now.

Ah, I see that you have updated the PR indeed:
https://github.com/php/php-src/pull/8330/commits/5bb0a1c8d032666079db5dab94b4b22b2afa9dac
(and thanks for the test).

PS: so the link I gave before is now outdated ^^' I should have given
https://github.com/php/php-src/pull/8330/commits/9dec265adba44dcf9d2cadc05dd5ad842fc4ae66#diff-85701127596aca0e597bd7961b5d59cdde4f6bb3e2a109a22be859ab7568b4d2R7318-R7320

-- 
Guilliam Xavier

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php