Am 21.02.2020 um 00:04 schrieb Larry Garfield <la...@garfieldtech.com>:
> On Thu, Feb 20, 2020, at 8:47 AM, Levi Morrison via internals wrote:
>> Just chiming in to voice strong support for this RFC. This is a key
>> piece toward making PHP code statically analyzable. If it becomes
>> required at the call site, such as in an edition of the language, it
>> will significantly enhance the ability to reason about code and
>> probably make it more correct as well. As a small example, consider
>> this method on an Optional type class:
>>
>> function map(callable $f): Optional {
>> if ($this->enabled) {
>> return new Optional($f($this->data));
>> } else {
>> return $this;
>> }
>> }
>>
>> The intent is to return a new optional or an empty one, but if you
>> pass a closure that accepts something by reference you can change the
>> original, which is not intended at all. For people who defend against
>> it, it requires saving `$this->data` to a local variable, then passing
>> in the local. Then if the user does a call-by-reference it will affect
>> the local, not the object's data.
>
>
> If $this->data is itself an object, then you have a concern for data
> manipulation (spooky action at a distance) even if it's passed by value.
> Given how much data these days is objects, and thus the problem exists
> regardless of whether it's by value or by reference passing, adding steps to
> make pass-by-reference harder doesn't seem to help much.
+1
The whole discussion about being worried about 'malicious' libraries altering
your precious scalar values misses the fact that PHP is not a pure language,
there are many ways a function can have side-effects, Larry pointing out one
obvious one.
Speaking of language editions: Trying to solve one obscure case (and one which
is easily enough detectable by statical analysis) by introducing such a big BC
break could render a whole edition ineligible for a software project. So
beware, features bundled in one (hypothetical) edition better not break too
many different things at the same time.
If you don't trust your library code then you're in deep trouble anyway.
- Chris
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
