rfc:calls_in_constant_expressions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Next revisionBoth sides next revision
rfc:calls_in_constant_expressions [2020/02/09 02:25] – created tandrerfc:calls_in_constant_expressions [2020/02/09 20:46] tandre
Line 1: Line 1:
 ====== PHP RFC: Allow function calls in constant expressions ====== ====== PHP RFC: Allow function calls in constant expressions ======
-  * Version: 0.1 +  * Version: 0.3 
-  * Date: 2020-02-20+  * Date: 2020-02-21
   * Author: Tyson Andre <tandre@php.net>   * Author: Tyson Andre <tandre@php.net>
-  * Status: Draft+  * Status: Under Discussion
   * First Published at: https://wiki.php.net/rfc/calls_in_constant_expressions   * First Published at: https://wiki.php.net/rfc/calls_in_constant_expressions
  
Line 9: Line 9:
  
 Currently, constant expressions in declarations allow a limited set of expression types such as literals, constants, and operations. Currently, constant expressions in declarations allow a limited set of expression types such as literals, constants, and operations.
-This RFC proposes allowing calls of global functions in constant expressions (in declarations of constants, instance and static properties, static variables, and parameter defaults).+This RFC proposes allowing calls of global functions in some constant expressions. Calls would be allowed in declarations of class and global constants, defaults of static properties, static variables, and parameter defaults.
 This will allow calling functions such as ''\count()'', ''\array_merge()'', ''\array_keys()'', and ''\in_array()'', This will allow calling functions such as ''\count()'', ''\array_merge()'', ''\array_keys()'', and ''\in_array()'',
 An Error will be thrown if the call would be invalid to use within a constant (due to references or non-constant return values). An Error will be thrown if the call would be invalid to use within a constant (due to references or non-constant return values).
Line 18: Line 18:
  
 This RFC proposes allowing global function calls by name (in any namespace). This RFC proposes allowing global function calls by name (in any namespace).
-Method call support is not part of this RFC (e.g. ''"MyClass::methodName"()'' or ''MyClass::methodName()'').+Method calls in constant expressions continue to be fatal errors (e.g. ''"MyClass::methodName"()'' or ''MyClass::methodName()'').
  
-There are two secondary voting options in this RFC for adding support to PHP+Function calls will be allowed in the following types of constant expressions: 
-These voting options reflect the differing opinions on what a constant is meant to be.+ 
 +  * Defaults of static properties, but **not** instance properties, due to changes required to the PHP internals expanding the scope of this RFC too much.PHP currently evaluates all of the default values of instance properties of a class once, and permanently stores them. \\ This preserves PHP's current evaluation order (the first time a static property is used, all property default values are evaluated) 
 +  * Parameter defaults (expressions with function calls will always be evaluated each time the parameter is absent) 
 +  * Global constants (evaluated immediately) and class constants (evaluated and cached the first time they are successfully fetched) 
 +  * Defaults of static variables (evaluated and cached the first time the expression succeeds) 
 + 
 +secondary Yes/No voting option is part of this RFCto allow calling any global function, not just those in the whitelist
 +That voting option reflects the differing opinions on what a constant is meant to be.
 Allowing any function to be called in a constant expression will allow more flexibility for users, Allowing any function to be called in a constant expression will allow more flexibility for users,
 but limiting function names to a whitelist will make side effects of uses of constants easier to reason about when developers read php code. but limiting function names to a whitelist will make side effects of uses of constants easier to reason about when developers read php code.
  
-The first option is to allow any function (user-defined or internal) to be called, + 
-leave it to coding practice guidelines to assert that constants are only+==== Proposal for Whitelisting ==== 
 + 
 +If the secondary vote passes, any function (user-defined or internal) can be called. 
 +It will be left to coding practice guidelines to assert that constants are only
 used in safe ways. used in safe ways.
  
-The second option is to only allow a whitelist functions that are actually deterministic and without side effects, and don't depend on ini+If the secondary vote fails, then only functions in a whitelist of functions will be callable in constant expressions. 
 +Attempting to use other functions in constant expressions will be fatal compile error. 
 +This whitelist includes functions that are actually deterministic and without side effects, and don't depend on ini
 settings or locale. The functions must be unambiguously resolved. settings or locale. The functions must be unambiguously resolved.
 This has the same implementation as the first option, with additional compile-time restrictions. This has the same implementation as the first option, with additional compile-time restrictions.
Line 43: Line 55:
 The function ''get_defined_functions_allowed_in_constant_expressions()'' will be added to provide this list of functions the current php version to end users. The function ''get_defined_functions_allowed_in_constant_expressions()'' will be added to provide this list of functions the current php version to end users.
 ''get_defined_functions_allowed_in_constant_expressions()'' will be unaffected by the ''disable_functions'' ini directive, the same way ''get_defined_functions()'' is. ''get_defined_functions_allowed_in_constant_expressions()'' will be unaffected by the ''disable_functions'' ini directive, the same way ''get_defined_functions()'' is.
- 
-==== Function calls must be by name ==== 
  
 ==== Behaviors in any constant expression ==== ==== Behaviors in any constant expression ====
Line 56: Line 66:
 will all throw an ''Error'' if they are called in a function expression (through the same mechanism that already forbids them in dynamic calls). will all throw an ''Error'' if they are called in a function expression (through the same mechanism that already forbids them in dynamic calls).
  
-Argument unpacking is allowed. (e.g. ''count(...[[1,2]])'')+Argument unpacking is allowed. (e.g. ''count(...[CONST_ARRAY])'')
  
 Function calls must be by name: Function calls must be by name:
Line 74: Line 84:
 the first time they get used. the first time they get used.
  
-Instance properties and parameter defaults with calls will evaluate constant expressions containing function calls every time a class is instantiated or a function gets called without the parameter (unless a Throwable was thrown).+Parameter defaults of function/method/closure declarations (containing function calls) will get evaluated every time a function gets called without the parameter (unless a Throwable was thrown).
 Opcache is free to cache the result if the parameter values are known and the function is definitely deterministic. Opcache is free to cache the result if the parameter values are known and the function is definitely deterministic.
  
 The behavior of constant expressions that don't contain function calls won't be modified by this RFC. The behavior of constant expressions that don't contain function calls won't be modified by this RFC.
- 
-==== Behaviors in Constant Expressions ==== 
- 
-For class constants, static property defaults, and static variable defaults: 
-If the evaluation of a constant expression throws, the result will not be cached. 
-The expression will be evaluated repeatedly every time the constant expression gets used, 
-and will get cached permanently the first time it doesn't throw. 
  
 ==== Handling functions not in the whitelist ==== ==== Handling functions not in the whitelist ====
  
-A CompileError will be thrown when including a file if any constant expression uses a function name that might be outside of the whitelist.+fatal CompileError will be emitted when including a file if any constant expression uses a function name that might be outside of the whitelist.
  
 <code php> <code php>
Line 112: Line 115:
  const VALUES = [1, 0];  const VALUES = [1, 0];
  const C1 = count(self::VALUES);  // this would not throw  const C1 = count(self::VALUES);  // this would not throw
- const C2 = \count(self::VALUES);  // this would not throw+ const C2 = \COUNT(self::VALUES);  // this would not throw
  const C3 = namespace\count(self::VALUES);  // this (namespace-relative) would not throw  const C3 = namespace\count(self::VALUES);  // this (namespace-relative) would not throw
  // const C4 = OtherNS\count();  // this would throw due to being outside of the whitelist  // const C4 = OtherNS\count();  // this would throw due to being outside of the whitelist
Line 123: Line 126:
 Functions with the following properties were chosen. Functions with the following properties were chosen.
  
-  * Impossible to disable in unpatched php builds (e.g. ''json'' can be disabled with ''--disable-json'')+  * Always return values that can be used in constants (or throw) 
 +  * Impossible to disable in unpatched php builds (e.g. ''json_encode()'' is excluded because ''json'' can be disabled with ''--disable-json'', and because it depends on the ini setting for numeric precision)
   * Reasonably deterministic (e.g. no file/network I/O, not dependent on time zones)   * Reasonably deterministic (e.g. no file/network I/O, not dependent on time zones)
   * Not dependent on locale or ini settings (e.g. ''strtolower'' is different in a Turkish locale, ''(string)$float'' is different in the locale ''de_DE'' due to using a comma instead of a decimal place)   * Not dependent on locale or ini settings (e.g. ''strtolower'' is different in a Turkish locale, ''(string)$float'' is different in the locale ''de_DE'' due to using a comma instead of a decimal place)
Line 129: Line 133:
     For this reason, ''strlen()'', ''sprintf()'', and ''strpos()'' are omitted from the proposed whitelist. Those may be included in a followup RFC.     For this reason, ''strlen()'', ''sprintf()'', and ''strpos()'' are omitted from the proposed whitelist. Those may be included in a followup RFC.
  
-The list of functions is below:+The list of functions that would be included in the whitelist is below:
  
  abs  abs
Line 146: Line 150:
  array_intersect_key  array_intersect_key
  array_intersect  array_intersect
 + array_key_exists
  array_key_first  array_key_first
  array_key_last  array_key_last
Line 249: Line 254:
  
   * Allowing even more expression types in constant expressions, such as static method calls.   * Allowing even more expression types in constant expressions, such as static method calls.
-  * Adding more groups of functions to the whitelist, if a whitelist was used. +  * Adding more groups of functions to the whitelist, if the secondary vote fails and a whitelist is used. (e.g. string functions such as ''strlen()''
-  * Allowing non-constant defaults for instance properties, such as ''public $x = new Foo()''+  * Allowing function calls in the defaults of instance properties
 +  * Allowing non-constant defaults for instance properties, such as ''public $x = new Foo();''.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
  
-Primary vote: Allow calling global functions that are in the described whitelist (Yes/No, Requires 2/3 majority)+Primary vote: Allow calling global functions **that are in the described whitelist** (Yes/No, Requires 2/3 majority)
  
 Secondary vote: Allow calling any global functions, without a whitelist limitation (Yes/No, Requires 2/3 majority for "Yes" to pass) Secondary vote: Allow calling any global functions, without a whitelist limitation (Yes/No, Requires 2/3 majority for "Yes" to pass)
rfc/calls_in_constant_expressions.txt · Last modified: 2020/03/04 14:01 by tandre

Page Tools