Colin Tucker wrote:
> I know this issue has most likely been discussed to death here so I
> apologise in advance for starting a new thread about it. I just need to
> get my head around the reasoning for introducing this change to PHP4
> (4.4 branch). I can understand making the change to PHP5, but can
> someone bring me up to speed as to why it was done to PHP4? As I'm sure
> you're aware, it breaks heaps and heaps of existing code out there.
>
> We found this out the hard way yesterday when our server administrator
> upgraded our production server to PHP 4.4.0 (even though the Debian
> package description said it was a PHP 4.3.x release). We ended up with
> hundreds of errors and many, many vhosts stopped working correctly due
> to "variable references should be returned by reference" problems, both
> in my code and in third-party code, such as PHPBB instances.
>
> And now I read that this will not be "fixed" in future PHP4 releases due
> to breaking backwards compatibility? I just don't understand... a
> change that breaks backwards compatibility in a large portion of the
> existing PHP4 code base will not be fixed because it breaks backwards
> compatibility? It's doing my head in, please can someone explain?
>
> This means that either we have to (potentially) change thousands of
> lines of code and upgrade many instances of third-party PHP-based sites
> just to use PHP 4.4.0 and above, or miss out on using this and future
> PHP4 releases and any security vulnerability fixes they may include. Why
> could the change not be made optional by using a php.ini directive?
We have been looking to see if there is a way to fix the memory
corruption issue in a way that has less of an impact on existing code.
This doesn't change the fact that every error you get is actually an
error in the code you are running. The broken code is effectively doing
something similar to:
function foo(&$arg) {
$arg = 4;
}
foo(strlen("abc"));
which makes very little sense. There are many variations of this, but
in every instance it is something that should be fixed, and in some of
the cases it actually leads to memory corruption.
There are many examples of this sort of thing working just fine in PHP
4.3.x because people are passing things in by reference and never
modifying the passed in value. They'll do something along the lines of:
function foo(&$arg) {
return $arg[0] + 1;
}
echo foo(array(1,2,3,4,5,6,7,8,9,10));
possibly because they believe that they are saving memory by not making
a copy of the array with that reference. Of course that is quite
misguided as no copy is done until the arg is modified so if you don't
modify it, you are better off passing it by value.
Right now the change in 4.4 and 5.x is to complain loudly when you pass
a reference to something without any associated storage. In both of the
above examples there is no permanent storage associated with either of
the passed arguments, so trying to get a reference to this storage makes
very little sense. The only feasible way we might be able to work
around this is to make a copy of such bogus reference attempts and
effectively just pretend they were passed by value. I think it is a bit
of a hack, but at the same time the breakage of existing apps has been
more widespread than I think anybody anticipated. I'd still want to
throw a notice to let people know they are doing something odd though.
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
