rfc:calls_in_constant_expressions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
rfc:calls_in_constant_expressions [2020/02/09 02:25]
tandre created
rfc:calls_in_constant_expressions [2020/03/04 14:01] (current)
tandre link to poll discussion
Line 1: Line 1:
 ====== PHP RFC: Allow function calls in constant expressions ====== ====== PHP RFC: Allow function calls in constant expressions ======
-  * Version: 0.1 +  * Version: 0.5 
-  * Date: 2020-02-20+  * Date: 2020-02-16
   * Author: Tyson Andre <tandre@php.net>   * Author: Tyson Andre <tandre@php.net>
-  * Status: Draft+  * Status: Withdrawn
   * First Published at: https://wiki.php.net/rfc/calls_in_constant_expressions   * First Published at: https://wiki.php.net/rfc/calls_in_constant_expressions
  
Line 9: Line 9:
  
 Currently, constant expressions in declarations allow a limited set of expression types such as literals, constants, and operations. Currently, constant expressions in declarations allow a limited set of expression types such as literals, constants, and operations.
-This RFC proposes allowing calls of global functions in constant expressions (in declarations of constants, instance and static properties, static variables, and parameter defaults).+This RFC proposes allowing calls of a whitelist of global functions in some constant expressions. Calls would be allowed in declarations of class and global constants, defaults of static properties, static variables, and parameter defaults.
 This will allow calling functions such as ''\count()'', ''\array_merge()'', ''\array_keys()'', and ''\in_array()'', This will allow calling functions such as ''\count()'', ''\array_merge()'', ''\array_keys()'', and ''\in_array()'',
 An Error will be thrown if the call would be invalid to use within a constant (due to references or non-constant return values). An Error will be thrown if the call would be invalid to use within a constant (due to references or non-constant return values).
- 
-Two secondary voting options are proposed for this: Allowing any function to be called, or allowing a small whitelist of deterministic functions. 
  
 ===== Proposal ===== ===== Proposal =====
  
 This RFC proposes allowing global function calls by name (in any namespace). This RFC proposes allowing global function calls by name (in any namespace).
-Method call support is not part of this RFC (e.g. ''"MyClass::methodName"()'' or ''MyClass::methodName()'').+Method calls in constant expressions continue to be fatal errors (e.g. ''"MyClass::methodName"()'' or ''MyClass::methodName()'').
  
-There are two secondary voting options in this RFC for adding support to PHP. +Function calls will be allowed in the following types of constant expressions:
-These voting options reflect the differing opinions on what a constant is meant to be. +
-Allowing any function to be called in a constant expression will allow more flexibility for users, +
-but limiting function names to a whitelist will make side effects of uses of constants easier to reason about when developers read php code.+
  
-The first option is to allow any function (user-defined or internalto be called, +  * Defaults of static properties, but **not** instance properties, due to changes required to the PHP internals expanding the scope of this RFC too much. PHP currently evaluates all of the default values of instance properties of a class once, and permanently stores them. \\ This preserves PHP's current evaluation order (the first time a static property is used, all property default values are evaluated) 
-leave it to coding practice guidelines to assert that constants are only +  * Parameter defaults (expressions with function calls will always be evaluated each time the parameter is absent) 
-used in safe ways.+  * Global constants (evaluated immediately) and class constants (evaluated and cached the first time they are successfully fetched) 
 +  * Defaults of static variables (evaluated and cached the first time the expression succeeds)
  
-The second option is to only allow a whitelist functions that are actually deterministic and without side effects, and don't depend on ini+ 
 +Only functions in the following whitelist of functions will be callable in constant expressions. 
 +Attempting to use other functions in constant expressions will be fatal compile error. 
 +This whitelist includes functions that are actually deterministic and without side effects, and don't depend on ini
 settings or locale. The functions must be unambiguously resolved. settings or locale. The functions must be unambiguously resolved.
 This has the same implementation as the first option, with additional compile-time restrictions. This has the same implementation as the first option, with additional compile-time restrictions.
Line 43: Line 42:
 The function ''get_defined_functions_allowed_in_constant_expressions()'' will be added to provide this list of functions the current php version to end users. The function ''get_defined_functions_allowed_in_constant_expressions()'' will be added to provide this list of functions the current php version to end users.
 ''get_defined_functions_allowed_in_constant_expressions()'' will be unaffected by the ''disable_functions'' ini directive, the same way ''get_defined_functions()'' is. ''get_defined_functions_allowed_in_constant_expressions()'' will be unaffected by the ''disable_functions'' ini directive, the same way ''get_defined_functions()'' is.
- 
-==== Function calls must be by name ==== 
  
 ==== Behaviors in any constant expression ==== ==== Behaviors in any constant expression ====
 +
 +Many of these edge cases aren't possible for functions in the whitelist, but will be checked for in the implementation.
  
 If a function call's result contains anything that is invalid for a constant (e.g. objects or reference cycles), If a function call's result contains anything that is invalid for a constant (e.g. objects or reference cycles),
-an ''Error'' will be thrown and the result will be freed. (same as what ''define()'' would accept)+an ''Error'' will be thrown and the result will be freed. (same as what ''define()'' would accept).
  
 If a function call attempts to modify a parameter by reference, an ''Error'' will be thrown. If a function call attempts to modify a parameter by reference, an ''Error'' will be thrown.
Line 56: Line 55:
 will all throw an ''Error'' if they are called in a function expression (through the same mechanism that already forbids them in dynamic calls). will all throw an ''Error'' if they are called in a function expression (through the same mechanism that already forbids them in dynamic calls).
  
-Argument unpacking is allowed. (e.g. ''count(...[[1,2]])'')+Argument unpacking is allowed. (e.g. ''count(...[CONST_ARRAY])'')
  
 Function calls must be by name: Function calls must be by name:
Line 74: Line 73:
 the first time they get used. the first time they get used.
  
-Instance properties and parameter defaults with calls will evaluate constant expressions containing function calls every time a class is instantiated or a function gets called without the parameter (unless a Throwable was thrown).+Parameter defaults of function/method/closure declarations (containing function calls) will get evaluated every time a function gets called without the parameter (unless a Throwable was thrown).
 Opcache is free to cache the result if the parameter values are known and the function is definitely deterministic. Opcache is free to cache the result if the parameter values are known and the function is definitely deterministic.
  
 The behavior of constant expressions that don't contain function calls won't be modified by this RFC. The behavior of constant expressions that don't contain function calls won't be modified by this RFC.
- 
-==== Behaviors in Constant Expressions ==== 
- 
-For class constants, static property defaults, and static variable defaults: 
-If the evaluation of a constant expression throws, the result will not be cached. 
-The expression will be evaluated repeatedly every time the constant expression gets used, 
-and will get cached permanently the first time it doesn't throw. 
  
 ==== Handling functions not in the whitelist ==== ==== Handling functions not in the whitelist ====
  
-A CompileError will be thrown when including a file if any constant expression uses a function name that might be outside of the whitelist.+fatal CompileError will be emitted when including a file if any constant expression uses a function name that is outside of the whitelist.
  
 <code php> <code php>
Line 112: Line 104:
  const VALUES = [1, 0];  const VALUES = [1, 0];
  const C1 = count(self::VALUES);  // this would not throw  const C1 = count(self::VALUES);  // this would not throw
- const C2 = \count(self::VALUES);  // this would not throw+ const C2 = \COUNT(self::VALUES);  // this would not throw
  const C3 = namespace\count(self::VALUES);  // this (namespace-relative) would not throw  const C3 = namespace\count(self::VALUES);  // this (namespace-relative) would not throw
  // const C4 = OtherNS\count();  // this would throw due to being outside of the whitelist  // const C4 = OtherNS\count();  // this would throw due to being outside of the whitelist
Line 120: Line 112:
 ==== Whitelisted Functions ==== ==== Whitelisted Functions ====
  
-The following list of functions is proposed for the whitelist option of the secondary vote. 
 Functions with the following properties were chosen. Functions with the following properties were chosen.
  
-  * Impossible to disable in unpatched php builds (e.g. ''json'' can be disabled with ''--disable-json'')+  * Always return values that can be used in constants (or throw) 
 +  * Impossible to disable in unpatched php builds (e.g. ''json_encode()'' is excluded because ''json'' can be disabled with ''--disable-json'', and because it depends on the ini setting for numeric precision)
   * Reasonably deterministic (e.g. no file/network I/O, not dependent on time zones)   * Reasonably deterministic (e.g. no file/network I/O, not dependent on time zones)
   * Not dependent on locale or ini settings (e.g. ''strtolower'' is different in a Turkish locale, ''(string)$float'' is different in the locale ''de_DE'' due to using a comma instead of a decimal place)   * Not dependent on locale or ini settings (e.g. ''strtolower'' is different in a Turkish locale, ''(string)$float'' is different in the locale ''de_DE'' due to using a comma instead of a decimal place)
Line 129: Line 121:
     For this reason, ''strlen()'', ''sprintf()'', and ''strpos()'' are omitted from the proposed whitelist. Those may be included in a followup RFC.     For this reason, ''strlen()'', ''sprintf()'', and ''strpos()'' are omitted from the proposed whitelist. Those may be included in a followup RFC.
  
-The list of functions is below:+The following list of functions is whitelisted.
  
  abs  abs
Line 146: Line 138:
  array_intersect_key  array_intersect_key
  array_intersect  array_intersect
 + array_key_exists
  array_key_first  array_key_first
  array_key_last  array_key_last
Line 237: Line 230:
 Opcache appears to be unaffected - tests of this RFC are passing. Opcache likely just fails to optimize the constant expressions ahead of time. Opcache appears to be unaffected - tests of this RFC are passing. Opcache likely just fails to optimize the constant expressions ahead of time.
  
-In the future, if this gets adopted widely, support for optimizing calls in constant expressions may be desirable.+In the future, if this gets adopted widely, more aggressive optimizations of calls in constant expressions may be desirable. (e.g. permanently storing parameter defaults if the call is provably deterministic) 
 + 
 +Opcache already has the ability to optimize functions such as ''strlen'' at compile time, when using other constants from the same class.
  
 ==== New Functions ==== ==== New Functions ====
  
-If the whitelist approach is used, ''get_defined_functions_allowed_in_constant_expressions()'' will be added to PHP+''get_defined_functions_allowed_in_constant_expressions()'' will be added to PHP.
-If any call is allowed in the secondary vote, that function won't be added.+
  
 ===== Future Scope ===== ===== Future Scope =====
Line 249: Line 243:
  
   * Allowing even more expression types in constant expressions, such as static method calls.   * Allowing even more expression types in constant expressions, such as static method calls.
-  * Adding more groups of functions to the whitelist, if a whitelist was used+  * Adding more groups of functions to the whitelist, or avoiding the whitelist approach. 
-  * Allowing non-constant defaults for instance properties, such as ''public $x = new Foo()''+  * Allowing function calls in the defaults of instance properties
 +  * Allowing non-constant defaults for instance properties, such as ''public $x = new Foo();''.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
Line 256: Line 251:
 Primary vote: Allow calling global functions that are in the described whitelist (Yes/No, Requires 2/3 majority) Primary vote: Allow calling global functions that are in the described whitelist (Yes/No, Requires 2/3 majority)
  
-Secondary voteAllow calling any global functions, without a whitelist limitation (Yes/No, Requires 2/3 majority for "Yes" to pass)+Also see [[https://externals.io/message/108630|Straw poll: Places to allow function calls in constant expressions]]
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
Line 266: Line 261:
 ===== References ===== ===== References =====
 [[https://externals.io/message/108343|Planning an RFC to allow calls to global functions in constant expressions]] [[https://externals.io/message/108343|Planning an RFC to allow calls to global functions in constant expressions]]
 +
 +[[https://externals.io/message/108630|Straw poll: Places to allow function calls in constant expressions]]
 +
 +https://wiki.php.net/rfc/calls_in_constant_expressions_poll
  
rfc/calls_in_constant_expressions.1581215159.txt.gz · Last modified: 2020/02/09 02:25 by tandre