rfc:typecheckingstrictandweak
Differences
This shows you the differences between two versions of the page.
rfc:typecheckingstrictandweak [2010/05/22 15:49] zeev |
rfc:typecheckingstrictandweak [2017/09/22 13:28] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Request for Comments: Strict and weak parameter type checking ====== | ||
- | * Version: 0.5 | ||
- | * Date: 2009-06-03 | ||
- | * Author: Lukas Smith < | ||
- | * Status: In discussion | ||
- | * First Published at: http:// | ||
- | This RFC is provide a proposal for both weak and strict parameter type checking for function/ | ||
- | |||
- | ===== Introduction ===== | ||
- | |||
- | Several people still have asked to expand array/ | ||
- | ===== Why is strict type checking problematic? | ||
- | |||
- | Proponents of [[rfc: | ||
- | |||
- | Furthermore quite often developers need to parse content out of strings and pass this to other methods. With strict type checking one is now forced to explicitly type cast. While its certainly doable, its also additional work that needs to be done while writing the code (" | ||
- | |||
- | It also means that users of such strict typed API's will tend to simply cast and due to laziness (PHP is used for rapid development after all) might forgo validating first if the content is really what they expected. Without type checking the burden would be with the developer providing the API. Since its usually expected that an API is fairly often, it seems illogic to move this burden to the API users. More over due to this, a new kind of bug will be introduced due to over use of cast instead of hand coded parameter validation as is currently necessary. This could lead to even higher bug rates. | ||
- | |||
- | As for outside sources needing validation. This is not always the case as most people do trust that the data returned from a database is in the expected format, even though for most RDBMS it will always be returned as string. Same applies to configuration files, which if defined in something else than PHP code will most likely only return strings, but who's values will usually not be validated. Even with form data - the auto-converting weak type checking detailed here can, in many cases - nullify the need for additional output sanitization. | ||
- | |||
- | Finally, it's important to state that strict type checking, that is - referring to the type property of the C-level zval - is something that's very alien to PHP. Except for very specific (like gettype() or the === operator) - users generally don't have to care about it in the vast majority of cases. | ||
- | |||
- | ===== Introducing weak type checking ===== | ||
- | |||
- | In Ilia's recent [[http:// | ||
- | |||
- | However it does not cover all specific data types. Moreover " | ||
- | |||
- | A weak check would examine the content of the variable in a way that would be more strict than the standard type juggling. If the weak check passes, the value would be type casted appropriately. If the weak check fails it would trigger an E_RECOVERABLE_ERROR just as in the strict case. | ||
- | |||
- | Here is a short list of examples to illustrate the weak type checking. Note that just like the current array/ | ||
- | |||
- | ^ value ^ string ^ float ^ int ^ numeric ^ scalar ^ bool ^ array ^ | ||
- | ^ true (boolean) | ||
- | ^ false (boolean) | ||
- | ^ 0 (integer) | ||
- | ^ 1 (integer) | ||
- | ^ 12 (integer) | ||
- | ^ 12 (double) | ||
- | ^ 12.34 (double) | ||
- | ^ ' | ||
- | ^ ' | ||
- | ^ ' | ||
- | ^ ' | ||
- | ^ ' | ||
- | ^ ' | ||
- | ^ ' | ||
- | ^ ' | ||
- | ^ ' | ||
- | ^ array () (array) | ||
- | ^ array (0 => 12) (array) | fail | fail | fail | fail | fail | fail | pass | | ||
- | ^ NULL (NULL) | ||
- | ^ '' | ||
- | |||
- | Further more weak type checking could also be useful once we have generic type casting support via some magic type cast method along the lines of __toString(). In this case the weak type checking would also allow an object to pass if it provides the relevant casting method, though it would then of course automatically cast the object to the given type. | ||
- | |||
- | ===== Proposed API ===== | ||
- | |||
- | <code php> | ||
- | |||
- | // " | ||
- | function add_user(+string name, +string phone_number, | ||
- | |||
- | // " | ||
- | function add_user(string name, !string phone_number, | ||
- | |||
- | // " | ||
- | function add_user(string name, string phone_number, | ||
- | |||
- | // " | ||
- | function add_user(string name, string phone_number, | ||
- | |||
- | // Keep in mind that the " | ||
- | function add_user(string! name, string! phone_number, | ||
- | |||
- | // Furthermore one of the two modifiers could be the default | ||
- | // optionally + is the default | ||
- | function add_user(+string name, string phone_number, | ||
- | // optionally - is the default | ||
- | function add_user(+string name, +string phone_number, | ||
- | |||
- | </ | ||
- | |||
- | ===== Changelog ===== |
rfc/typecheckingstrictandweak.txt · Last modified: 2017/09/22 13:28 (external edit)