Zend Weekly Summaries Issue #352

      Comments Off on Zend Weekly Summaries Issue #352

TLK: Type-hinted returns revisited
BUG: pcntl_alarm
TLK: Regarding ext/curl
TLK: ICU extension in the core
TLK: SOAP attachments
BUG: Interbase blob_id
NEW: PHP 5.2.4 RC1
REQ: Self-caching PHP files
CVS: About that mystery extension…
PAT: Dynamic static referencing, openssl and more

29th July – 5th August 2007

TLK: Type-hinted returns revisited

David Duong, following up on the exchange a couple of weeks
on the same subject, asked the million-dollar question: ‘If I, or
someone else decided to make a patch for this, and assuming it worked exactly
like I described, would it be accepted?

Stas Malyshev took time to explain that language level is the wrong level to
catch type errors such as the distinction between a FALSE or
NULL value and an object. It would be better to check for that
kind of error in userland code, where the error handling takes place. There
is a difference between restricting external input values to specific types
and restrictions on internal output value types; the latter comes close to
declaring variable types, which have no place in dynamic interpreted
languages. Outside anything else, there’d be no way to know from outside a
library whether the function being called had a return type restriction or
not. All in all, Stas saw no use for the proposed functionality; but he ended
by noting that ‘others may disagree‘.

Larry Garfield and Jeremy Privett both agreed with Stas that any further type
checking should be the responsibility of the application code. David argued
that his entire proposal had been about interface design; where Stas had
written “I’m going to return only type X so I’m making a restriction for
myself to return only type X”, David’s point had been more “Any interface
that implements me must provide a method X that takes Y as input and must
return Z”. One Will Fitch noted that there may well be a place for
type-hinted return values in interface design. The core development team
remained silent on the matter.

Short version: The problem lies in restricting the restriction.

BUG: pcntl_alarm

Someone named Nico Sabbi wrote in to report a bug. He’d found that
pcntl_alarm() fails completely under a multi-threaded Apache
worker; the alarm is never delivered. Richard Lynch promptly quoted the relevant manual page,
which explicitly states that Process Control functions shouldn’t be called in
a Web server environment. Core developer Tony Dovgal relies on other places
for his documentation; he quoted from the alarm manpage, which
explains that the call arranges for a SIGALRM signal to be
delivered to the process.

Short version: Bug reports should go to bugs.php.net. (And yes, this was a
quiet week.)

TLK: Regarding ext/curl

Daniel Stenberg, primary author and maintainer of the libcurl
library, wrote to internals@ asking for help in improving the current
situation with documentation and support for ext/curl users. He wrote
that there is a lot of confusion among PHP users, which he ascribes primarily
to the naming of the curl extension and the mention of
libcurl in the php.net documentation. Daniel’s experience has
been that PHP users believe they are using curl (which is a
command line tool) or libcurl itself (which is a library written
in C). When those users come to his site looking for further advice, they
discover that they are using neither. However, they discover this
after coming across the libcurl documentation, which
(naturally enough) uses the same option names as those used by the PHP wrapper.

I’d been exchanging mail with Daniel over the previous week, having come
across those issues myself in the line of duty, and wrote to fill everyone
else in on the situation. I’d looked at the wrapper and libcurl
sources, found the extension in much need of some love, and felt strongly
that this should be given before the documentation issue is addressed.
However, I was about to disappear on vacation, so I’d put this on my personal
TODO list pending my return.

Rasmus Lerdorf got involved. He pointed out that the CURLOPT documentation on php.net isn’t quite as
minimalist as Daniel seemed to believe. Furthermore, the PHP binding is a very
thin wrapper on top of the libcurl library, and it makes no sense
to hide the fact; the opening paragraph on the relevant page
already introduces the extension adequately in his view. That said, he’d be
prepared to accept any suggestions for changes that Daniel might make.

Stas also got involved, pointing out that most other extensions in PHP are also named for the underlying library: MySQL, JSON, DOM and SOAP, to name but a few. Those PHP users are using libcurl, after all, albeit indirectly. It would make no sense to rename the extension to php/curl, since ext/curl refers to the filepath for the extension source. Calling it PHP/CURL elsewhere (as Daniel does on his site) doesn’t imply ‘PHP’s curl extension’ to a PHP user. In fact, most people wouldn’t know what PHP/CURL was. Stas agreed with Daniel, though, that the documentation on php.net could be improved.

Derick Rethans pointed out that calling the extension something unrelated,
like the ‘mombamoolo‘ suggestion Daniel had thrown out on a whim, has
been tried before with very little success. He cited the satellite and
universe extensions, both of which were related to the CORBA library.
If you didn’t know the extensions themselves, how would you find them?

One Alan Milnes wrote offering help with the documentation, and PHP manual
editor Philip Olsen – who is short of active contributors at present –
promptly pounced on him.

Meanwhile, Gwynne Raskind had contacted me off-list to say that she was also
interested in remedying the problems with the curl extension. We threw
a few ideas at one another, and ended by agreeing to start work on it together
in September.

Short version: Watch out for the cURL gurls (sorry Gwynne, couldn’t
resist it).

TLK: ICU extension in the core

Marcus Börger picked up the news about the
new ICU extension
in PECL rather late. He wrote that he’d like to see
this one in the PHP core. Stas responded; he hoped for this too, but reported
that there is a lot of work yet to be done. Ext/intl at present has
only two functional modules, and needs to have at least seven.

Short version: Coming along slowly.

TLK: SOAP attachments

Lukas Smith wrote to internals@ asking about attachment support in the SOAP
extension. He wanted to know if anyone was working on adding the feature, and
if so, whether there was an anticipated date for the implementation? If not,
perhaps someone had found a way to extend the extension in userland code to
provide support for attachments? Lukas wasn’t sure whether this was actually
the intended approach at this stage.

Short version: The ensuing silence probably means nobody tried this yet.

BUG: Interbase blob_id

Lester Caine, PHP’s only Firebird/Interbase user (probably), wrote that he’d
been working through the issues of getting his legacy applications to run
under PHP 5.2.3. He’d finally tracked down one problem to the wrong kind of
return value (0x %i) for a blob_id in the
extension, and wanted to know whether the same issue had arisen in other

PEAR’s Lorenzo Alberton pointed him to the two existing bug reports about that
particular issue (okay so Lester is not PHP’s only Firebird/Interbase user).
Lester confirmed that bug
describes the problem he’s seeing, and disputed the ‘bogus’ status
of bug #41345 on the grounds that it
reports the visible effects of that same bug. He ended by asking plaintively,
Can who ever messed the code up roll it back please?

Short version: There are better ways to report bugs.

NEW: PHP 5.2.4 RC1

Ilia Alshanetsky, as Release Master for the PHP 5.2 series, announced the
availability of the first Release Candidate for PHP 5.2.4 as follows:

Edin Kadribasic wasn’t far behind with his Windows binaries:


Uwe Schindler was the first to report any problems. He’d found a couple of
configuration issues under Solaris 2.10. Tony managed to reproduce one
of them, which Jani Taskinen promptly fixed while muttering under his breath
about Solaris in general. Uwe, Ilia and Tony worked together on the second,
but were unable to come up with a generic fix for the special case Uwe had
fallen across.

Lester, now that he had a bug report to quote, asked for it to be fixed
before the 5.2.4 release. Tony asked bluntly why he couldn’t just fix it
himself, since he’s one of the few capable of testing it, and offered a
helpful link
showing the code changes in CVS since the last known working
version. Lester, however, demurred; he had no way to build PHP under Windows,
and no time to play around with it either as he was still testing PHP 5.2.3.
Surely fixing the bug was the responsibility of someone with CVS access? Tony
pointed out that that fixing it would need someone with a Windows build
environment, an Interbase installation and the will to help, but that CVS
access isn’t essential when it comes to posting a patch. That said, he’d been
discussing the situation with Marcus and had recently applied a patch that
ought to fix the problem. Would Lester care to test? Pierre-Alain Joye added
meaningfully that the interbase extension lacks tests, which are written in
PHP, and without those in place it’s hard to pick up breakages. Lester
ignored this, but did at least test Tony’s fix and report success there.
Lorenzo did likewise, while Lester got into a debate about PDO and Firebird
(not for the first time) that went on for some time without going anywhere it
hadn’t been before.

Meanwhile Scott MacVicar put in an update request for the bundled MySQL
library used in the Windows build, and Tony added his own for the
t1lib and libtidy libraries.

Finally, one Matteo Beccati wrote that he wasn’t sure if he’d found a bug. A
broken script throwing a fatal error had altered its message from “Nesting
level too deep – recursive dependency?” in PHP 5.2.3 to “Allowed memory size
of 134217728 bytes exhausted (tried to allocated 24 bytes)”.

He hadn’t.

Short version: PHP 5.2.4 feature freeze. Please test.

REQ: Self-caching PHP files

A systems administrator named Constantin B. wrote to the internals list with
a request. His team runs PHP across multiple backend servers. He generally
uses rsync to synchronize the code; some of backends run
entirely on an NFS feed. The problem is that PHP developers like to see their
changes live, and the sysadmins didn’t want to let them touch ‘the holy
rsync script
‘. Constantin’s idea was to allow sysadmins to force every
require/include call to make a local copy of the
included files, perhaps using a new streams wrapper,
localcache:/, that could be set using an INI directive.

Rasmus didn’t like that idea, and wrote that it didn’t sound like something
that should be part of PHP at all. A generic file system caching mechanism
could be implemented using FUSE, and there are implementations of
rsyncfs available that would fulfill Constantin’s needs.
Constantin replied that he’d expect a simple implementation within PHP to be
portable and more readily available for real-world use than ‘experimental
and too abstract
‘ implementations, but – as Rasmus explained – a portable
implementation in PHP would be far from simple. Constantin only needed
something that would work with his own setup, and there are ways to resolve
the issues there without changing PHP. A simple cron job to check the local
files against the remote copy and update files atomically would do the task
even without any fancy file system layers‘. It made no sense to
Rasmus to add a complicated caching layer to the language just to avoid the
need for a little cron script.

Arnold Daniels wondered whether Constantin’s setup couldn’t be simplified,
since it’s pretty complicated as it stands. That said, he recommended DRBD as a tool for low-level file change
detection and synchronization, although noting that DRBD can be difficult to
set up.

Short version: Best to choose the right tool for the job in hand.

CVS: About that mystery extension…

Changes in CVS that you should probably be aware of include:

Prior to the 5.2.4 release candidate:

  • In ext/session, bug
    (Second call of session_start() causes creation of
    SID) was fixed in PHP_5_2 branch only [Ilia]
  • Also in 5_2 only, core bug
    (substr_replace() returns FALSE when
    length > string length) was fixed to work in the same way as
    substr() [Ilia]
  • In ext/xsl, a user specified class can now be returned from
    transformToDoc [Rob Richards]
  • In ext/simplexml, bug
    (addChild() on a non-existent node, no node created,
    getName() segfaults) was fixed [Rob]
  • In ext/oci8, bugs #42134
    (oci_error() returns false after
    oci_new_collection() fails) and #42173 (INTERVAL and
    TIMESTAMP type fixes) were fixed [Tony, Christopher Jones]
  • get_loaded_extensions() now has an additional parameter
    which, if set to TRUE, returns Zend extensions [Johannes
  • PDO bug #41971
    (PDOStatement::fetch and PDOStatement::setFetchMode
    causes unexpected behavior) was fixed in the 5_2 branch [Ilia]
  • There is now a script to generate tokenizer data from
    zend_language_parser.h [Johannes]
  • In the SOAP extension, bug
    (__destruct functions not called after catching a
    SoapFault exception) was fixed [Dmitry Stogov]
  • Zend Engine bug #42119
    (array_push($arr, &$obj) doesn’t work with
    zend.ze1_compatibility_mode=On) was fixed (no merge to HEAD
    required) [Dmitry]
  • Core bug #42164 (Internal
    Sendmail Support is ALWAYS disabled) was fixed [Johannes]
  • In ext/pdo_sqlite, bug
    (pdo_sqlite prepared statements convert resources to
    strings) was fixed in 5_2 only [Ilia]

After the release candidate:

  • The embed SAPI now has a hardcoded INI, the same as in the
    cli SAPI [Stas]
  • Both snprintf() and spprintf() now have
    I, I32 and I64 support [Tony]
  • An elderly leak in the user filters code was fixed, closing bug #36492 [Sara Golemon]

In other CVS news, Andrey Hristov added a bunch of changes into the
mysterious new ext/mysqlnd introduced into CVS HEAD last week. It’s
now possible to switch statistics collection on or off via an INI setting,
among other things.

I tracked down Georg Richter, also of MySQL AB, to get the lowdown on the new
extension. Georg confirmed that mysqlnd is in fact not an
extension as such – in the same way that ext/libxml isn’t – but an
entirely new MySQL library, specifically written for PHP. Because it works
directly with the Zend Engine, mysqlnd is faster than the
external MySQL library currently shipped with the PHP distribution. For the
same reason, mysqlnd also saves on memory usage; it doesn’t need
to copy so many data structures around as does libmysql. Another
distinct advantage is the licensing; because mysqlnd is a
bundled client library that will ship as part of the PHP source, it’s PHP
licensed. The extension you’ll actually be enabling will still be either
ext/mysql or ext/mysqli; only the underlying library will
change, where mysqlnd is available and enabled. As a bonus, ext/mysqli will also now offer persistent connections for the first time.

All this has been planned for some time for PHP 6, but Georg explained that
there are now plans to backport the native driver (yep, that’s what the
nd‘ part means) to the upcoming PHP_5_3 branch, and also to add
full PDO support there eventually. Finally, Ulf Wendel in particular has been working
hard to gain almost complete code coverage in the MySQL related sections of
the test suite – almost 90% in CVS HEAD, according to the gcov page – to ensure
that the transition to the native library is as smooth as is humanly

Short version: You can find more in-depth coverage about mysqlnd
Ulf Wendel’s

PAT: Dynamic static referencing, openssl and

Richard Lynch offered up a
– his first ever – along with a new test script. The patch makes
pg_convert() in ext/pgsql use PCRE rather than POSIX
regex, and also removes a stray closing parenthesis in the
PG_TIME pattern, probably fixing an unreported bug there. Poor
Richard didn’t get any immediate feedback on the list for his efforts.

Etienne Kneuss posted a far
more interesting patch
, this being his third attempt in five months at
extending the language parser to allow dynamically referencing static class
members: $classname::foo(), $classname::CONST and
$classname::$member. Johannes thanked Etienne for his work, and
promptly asked Ilia if the fix could go into the PHP 5.2.4 release. Andi
Gutmans intervened to point out that this isn’t really a fix; besides, he
felt that the Reflection API was the way to approach ‘these dynamic
‘. In fact, Andi added, he’d like to see an E_STRICT
message that recommends that approach to users. A small storm blew up. Arnold
Daniels pleaded
for the dynamic constructs, and gained some heavyweight
backing from Derick, Lukas, Sebastian and Marcus as well as from other PHP
users. Everyone wanted to know why Andi thought the slower Reflection API
should be used here, given that it’s designed for introspection. Andi agreed
to review the patch, given that people felt so strongly about it, and
Johannes was able to commit it into the Zend Engine (in both CVS HEAD and the
PHP_5_2 branch) later in the week.

Meanwhile, Dmitry had been busy looking into ext/openssl, and produced
a patch that extends support for the crypto API. It provides access to OpenSSL
digest and cipher functions (via openssl_get_md_methods(),
openssl_digest(), openssl_get_cipher_methods(),
openssl_encrypt() and openssl_decrypt()), extends
the existing functions openssl_pkey_new() and
openssl_pkey_get_details() to access the internal values of DSA,
RSA and DH keys, provides a new function to compute a shared secret for two DH
keys (openssl_dh_compute_key()) and extends some existing
functions to support the name of a crypto algorithm, as well as numeric
constants. While being similar to Wez Furlong’s existing
in that it implements the OpenID protocol in PHP, Dmitry’s version
has fewer new functions and works with big numbers as strings rather than as
resources. The rest of the team were enthusiastic – particularly Jani, Pierre
and Rob Richards, who needed the functionality for XML Sec. Stas found a
couple of minor errors in the patch, which Dmitry promptly fixed. Then came a
bit of a delay; it seems that Dmitry was holding out for approval for the
patch in the 5_2 branch, which wasn’t immediately forthcoming because of the
timing. Pierre applied some pressure, and the patch eventually went into CVS
HEAD only.

While on the subject of ext/openssl, Moritz Bechler wrote to
internals@ to remind the team about his CRL patch – feature request #40046 – which could, he
noted, also go into CVS HEAD at this point. His most recent copy was available
, although he hadn’t updated the report itself; he’d managed to
lose his password for that in the interim period. Pierre asked Moritz for a
couple of test scripts and examples alongside his proposal, pointing out that
this would make it much easier to test the code.

Stas turned up with a patch to improve Apache module configuration handling.
His new code introduces ZEND_INI_STAGE_HTACCESS, which should be
used for explicitly routing values set in .htaccess to the appropriate
handlers rather than (as currently) ZEND_INI_STAGE_ACTIVATE,
which routes values set in either httpd.conf or .htaccess. The
patch would, Stas noted, provide a proper fix for CVE-2007-3378,
with minimal impact on existing extensions. He knew of no extensions that rely
on ZEND_INI_STAGE_ACTIVATE, but if there were any, they could
easily be fixed. Ilia agreed that this looked like a good solution to the
problem, but hesitated a little over introducing a new INI stage in a minor
release. Marcus thought it should be left until PHP_5_3 for that reason, but
Ilia pointed out that this is a security fix and, as such, really ought to be
in PHP 5.2.4, despite the minor BC breakage. Stas promptly applied the patch
in CVS HEAD and the 5_2 branch, at which point Stefan Esser picked up on it.
He asked whether there were any plans to add a symbol so that extensions
could detect support for the feature at runtime, since it was a required
security fix and would probably end up being backported to PHP 4. Stas
demurred, saying again that he hadn’t come across any extensions using the
INI access stages in a way that could lead to breakage. However, Stefan’s
Suhosin extension apparently does use them in that way, even though the check
had never worked correctly (and now will). In the event, Stefan decided to
simply define INI_STAGE_HTACCESS within his extension where it
doesn’t exist, to get around the BC issue.

Next up was David Soria Parra, with a patch to
make getopt() available on Windows systems. He’d used
getopt.c and getopt.h from the FreeBSD libc to
implement this, alongside a couple of configuration fixes, and reported that
it worked for him on a Windows XP 32-bit machine with a VC 2003 build.

And finally, Richard Quadling offered an untested patch to fix bug #25361, although noting that this
isn’t actually a PHP bug per se. He followed this with a simpler solution – also untested.

Short version: Lots going on, but nothing new for PAT this week.