Both sides previous revisionPrevious revisionNext revision | Previous revision |
rfc:is_trusted [2021/06/21 17:01] – craigfrancis | rfc:is_trusted [2021/06/21 19:36] (current) – craigfrancis |
---|
* Contributors: Joe Watkins, Máté Kocsis, Dan Ackroyd | * Contributors: Joe Watkins, Máté Kocsis, Dan Ackroyd |
* Status: Under Discussion | * Status: Under Discussion |
* First Published at: https://wiki.php.net/rfc/is_trusted | * First Published at: https://wiki.php.net/rfc/is_literal |
* GitHub Repo: https://github.com/craigfrancis/php-is-literal-rfc | * GitHub Repo: https://github.com/craigfrancis/php-is-literal-rfc |
| |
===== Try it ===== | ===== Try it ===== |
| |
[[https://3v4l.org/#focus=rfc.literals|Have a play with it on 3v4l.org]] - Note, the function has not yet been re-named and is still //is_literal()//, but all current functionality is the same. | [[https://3v4l.org/#focus=rfc.literals|Have a play with it on 3v4l.org]] |
| |
[[https://github.com/craigfrancis/php-is-literal-rfc/blob/main/justification/example.php?ts=4|How it can be used by libraries]] - Notice how this example library just raises a warning, to simply let the developer know about the issue, **without breaking anything**. And it provides an //"unsafe_value"// value-object to bypass the //is_trusted()// check, but none of the examples need to use it (can be useful as a temporary thing, but there are much safer/better solutions, which developers are/should already be using). | [[https://github.com/craigfrancis/php-is-literal-rfc/blob/main/justification/example.php?ts=4|How it can be used by libraries]] - Notice how this example library just raises a warning, to simply let the developer know about the issue, **without breaking anything**. And it provides an //"unsafe_value"// value-object to bypass the //is_trusted()// check, but none of the examples need to use it (can be useful as a temporary thing, but there are much safer/better solutions, which developers are/should already be using). |
| |
**What about the performance impact?** | **What about the performance impact?** |
| |
| These stats from an early version of the implementation (new tests will be completed soon). |
| |
Máté Kocsis has created a [[https://github.com/kocsismate/php-version-benchmarks/|php benchmark]] to replicate the old [[https://01.org/node/3774|Intel Tests]], and the [[https://github.com/craigfrancis/php-is-literal-rfc/blob/main/tests/results/with-concat/kocsismate.pdf|preliminary testing on this implementation]] has found a 0.124% performance hit for the Laravel Demo app, and 0.161% for Symfony (rounds 4-6, which involved 5000 requests). These tests do not connect to a database, as the variability introduced makes it impossible to measure that low of a difference. | Máté Kocsis has created a [[https://github.com/kocsismate/php-version-benchmarks/|php benchmark]] to replicate the old [[https://01.org/node/3774|Intel Tests]], and the [[https://github.com/craigfrancis/php-is-literal-rfc/blob/main/tests/results/with-concat/kocsismate.pdf|preliminary testing on this implementation]] has found a 0.124% performance hit for the Laravel Demo app, and 0.161% for Symfony (rounds 4-6, which involved 5000 requests). These tests do not connect to a database, as the variability introduced makes it impossible to measure that low of a difference. |
First, there is no perfect name. | First, there is no perfect name. |
| |
We did start with //is_literal()// as a placeholder name (at a time we only trusted literals). This name wasn't perfect, but it would have allowed developers to search and get an idea of what a literal was. When [[#integer_values|integer values]] were deemed necessary to help adoption, the name became more of a problem. We also need to keep to a single word name (to support a dedicated type in the future). This is where //is_trusted()// and //is_known()// was proposed. We had a [[https://strawpoll.com/bd2qed2xs/r|vote on the name]], which gave us a 18 to 3 result in favour of //is_trusted()//. | We did start with //is_literal()// as a placeholder name (at a time we only trusted literals). This name wasn't perfect, but it would have allowed developers to search and get an idea of what a literal was. When [[#integer_values|integer values]] were deemed necessary to help adoption, the name became more of a problem. We also need to keep to a single word name (to support a dedicated type in the future). This is where //is_trusted()// and //is_known()// was proposed. We had a [[https://github.com/craigfrancis/php-is-literal-rfc/blob/main/name/2021-07-20.png|vote on the name]], which gave us a 18 to 3 result in favour of //is_trusted()//. |
| |
==== Support Functions ==== | ==== Support Functions ==== |