As I describe below, I agree with Nikita on spl_object_id().

> Am 02.08.2015 um 08:52 schrieb Stanislav Malyshev <smalys...@gmail.com>:
> 
> Hi!
> 
> Some suspicious use of spl_object_hash() out there...
> 
>> https://github.com/symfony/symfony/blob/master/src/Symfony/Component/VarDumper/Cloner/VarCloner.php
> 
> Not sure what this one does... but calculations with spl_object_hash()
> look very suspicious.

Actually, it's doing the right thing… calculating the value the object id is 
xor'ed with (as we know that consecutively defined objects have consecutive 
ids).
It's relying on the implementation of spl_object_hash() and will even continue 
to work when we remove that part of randomness as that value it's xor'ed with 
is then nothing else than 0.

That's why we should expose spl_object_id()… so that such hacks are unnecessary.

>> https://github.com/horde/horde/blob/master/imp/lib/Factory/MimeViewer.php
> 
> This one _might_ be doing it right, but not sure as basing caching
> instances on hash of a (mutable) object may produce weird results.

It works and I'm using it that way too… that's currently what spl_object_hash 
is good for. The only issue is when it overflows after 2^32 objects. Though it 
isn't an issue on 64 bit systems…

>> https://github.com/horde/horde/blob/master/framework/Support/lib/Horde/Support/Randomid.php
> 
> Oh wow, what's going on there? That's obviously not a proper use of
> spl_object_hash().

Yup, that one is misuse as source of entropy… while it doesn't really provide 
much more entropy as it's internally anyway xor'ed with mt_rand().

>> https://github.com/WordPress/WordPress/blob/master/wp-includes/plugin.php
> 
> I guess this one is wrong too, as it mentions storage, and storing
> object ID is pointless. Maybe I am misunderstanding what "storage" means
> there.

The storage is only used in case spl_object_hash() does not exist for trying to 
get an unique identifier for that object (Wordpress has 5.2 compatibility, 
yeah…).

The object id / hash is basically just an identifier for an object in PHP, just 
like we sometimes put pointers in e.g. a binary tree to easily map two pointers 
together in C.

> -- 
> Stas Malyshev
> smalys...@gmail.com

Bob
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to