rfc:range_checks_for_64_bit

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
rfc:range_checks_for_64_bit [2015/08/24 15:26] abrfc:range_checks_for_64_bit [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== PHP RFC: Range checks for external libary APIs in 64-bit builds ======+====== PHP RFC: Range checks for external and internal APIs in 64-bit builds ======
   * Version: 0.9   * Version: 0.9
   * Date: 2015-08-24   * Date: 2015-08-24
   * Author: Anatol Belski, ab@php.net   * Author: Anatol Belski, ab@php.net
-  * Status: Draft+  * Status: withdrawn
  
 ===== Introduction ===== ===== Introduction =====
Line 13: Line 13:
 ===== Proposal ===== ===== Proposal =====
  
-It is suggested to implement two additional formats for ZPP, that are explicitly require+It is suggested to implement additional formats for ZPP, that are explicitly require
  
-  * strings with 32-bit length +  * strings with 32-bit length (both signed and unsigned) 
-  * 32-bit integers+  * 32-bit integers (both signed and unsigned)
  
 on affected platforms only. In addition, it is suggested to implement a set of macros for range checks and comparison. on affected platforms only. In addition, it is suggested to implement a set of macros for range checks and comparison.
Line 33: Line 33:
 # define ZEND_LONG_INT_OVFL(zlong) ((zlong) > (zend_long)INT_MAX) # define ZEND_LONG_INT_OVFL(zlong) ((zlong) > (zend_long)INT_MAX)
 # define ZEND_LONG_INT_UDFL(zlong) ((zlong) < (zend_long)INT_MIN) # define ZEND_LONG_INT_UDFL(zlong) ((zlong) < (zend_long)INT_MIN)
 +#endif
 +
 +#if SIZEOF_INT == SIZEOF_ZEND_LONG
 +# define ZEND_LONG_UINT_OVFL(zl) (0)
 +#else
 +# define ZEND_LONG_UINT_OVFL(zlong) ((zlong) < 0 || (zlong) > (zend_long)UINT_MAX)
 #endif #endif
  
 #define ZEND_SIZE_T_INT_OVFL(size) ((size) > (size_t)INT_MAX) #define ZEND_SIZE_T_INT_OVFL(size) ((size) > (size_t)INT_MAX)
 +
 +#if SIZEOF_INT == SIZEOF_SIZE_T
 +# define ZEND_SIZE_T_UINT_OVFL(size) (0)
 +#else
 +# define ZEND_SIZE_T_UINT_OVFL(size) ((size) > (size_t)UINT_MAX)
 +#endif
  
 </code> </code>
 +
 +==== Proposed additional macros to simplify signed/unsigned comparisons ====
 +
 +<code c>
 +#define ZEND_SIZE_T_GT_ZEND_LONG(size, zlong) ((zlong) < 0 || (size) > (size_t)(zlong))
 +#define ZEND_SIZE_T_GTE_ZEND_LONG(size, zlong) ((zlong) < 0 || (size) >= (size_t)(zlong))
 +#define ZEND_SIZE_T_LT_ZEND_LONG(size, zlong) ((zlong) >= 0 && (size) < (size_t)(zlong))
 +#define ZEND_SIZE_T_LTE_ZEND_LONG(size, zlong) ((zlong) >= 0 && (size) <= (size_t)(zlong))
 +</code>
 +
 +All the macros should be put into a dedicated header, so any extensions and improvements can follow up in the scope. 
  
 ==== Proposed ZPP changes ==== ==== Proposed ZPP changes ====
Line 43: Line 66:
 Introducing new formats Introducing new formats
  
-  * 'q' - string with 32-bit length +  * 'q' - string with signed 32-bit length 
-  * 'i' - 32-bit integer+  * 'r' - string with unsigned 32-bit length 
 +  * 'i'signed 32-bit integer 
 +  * 'u' - unsigned 32-bit integer
  
 The behaviour of the options: The behaviour of the options:
Line 56: Line 81:
  
 Here is the real case from the current code base, the irrelevant declarations and code are removed. Consider the signature in the underlaying API [[http://xmlsoft.org/html/libxml-parser.html#xmlReadMemory]] Here is the real case from the current code base, the irrelevant declarations and code are removed. Consider the signature in the underlaying API [[http://xmlsoft.org/html/libxml-parser.html#xmlReadMemory]]
 +
 +The original piece of code
  
 <code c> <code c>
Line 126: Line 153:
 } }
 </code> </code>
- 
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
-Several new warnings or harder error handling might be introduced with the new range checks. This +Several new warnings or harder error handling might be introduced with the new range checks. However this should only affect the edge cases where the errors are actually happen and are catched. The general behaviour has to comply with the behavior in the core.
  
 ===== Proposed PHP Version(s) ===== ===== Proposed PHP Version(s) =====
Line 157: Line 183:
  
 ===== Future Scope ===== ===== Future Scope =====
-This sections details areas where the feature might be improved in future, but that are not currently proposed in this RFC.+ 
 +Having this minimalistic start as a base, the topic of overflows in the mathematical operations can be entered. This topic is not handled by this RFC
 + 
 +Also, some good patterns for other cases can be added later by need. Like compare int vs size_t, or compare variables with different sizes.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
Line 164: Line 193:
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
-TBD.+The implementation of the base functionality is trivial and can be done if the proposed strategy is accepted. Many places in the core extensions related to libxml2, openssl, tidy, etc. are obvious and will be addressed already before merging.
  
 ===== Implementation ===== ===== Implementation =====
rfc/range_checks_for_64_bit.1440430005.txt.gz · Last modified: 2017/09/22 13:28 (external edit)