Just Want to remind that this discussion is not about "a json parser can be written in PHP or not?".
We Have a JSON parser already in the core, ready to be use for validation. Does it make sense to have another parser in User land to do validation if We already have one? Is there a better way to do validation other than json_decode? El vie., 26 de agosto de 2022 12:48, Michał Marcin Brzuchalski < michal.brzuchal...@gmail.com> escribió: > Hi Tim, > > pt., 26 sie 2022 o 12:15 Tim Düsterhus <t...@bastelstu.be> napisał(a): > >> Hi >> >> On 8/26/22 11:14, Hans Henrik Bergan wrote: >> >> you can't efficiently validate JSON in userland >> > >> > Has anyone actually put that claim to the test? Has anyone actually >> made a >> > userland json validator (not just wrap json_decode()/json_last_error()) >> for >> > performance comparison? >> > ( if not, https://www.json.org/JSON_checker/JSON_checker.c would >> probably >> > be a good start) >> > >> >> Worded like "you can't efficiently" the claim is false. Of course you >> can memory-efficiently validate the input by traversing the string byte >> by byte and keeping track of the nesting. >> >> However the points that make a userland implementation infeasible are: >> >> 1. Writing a JSON parser is non-trivial as evidenced by: >> https://github.com/nst/JSONTestSuite. I expect userland implementations >> to be subtly buggy in edge cases. The JSON parser in PHP 7.0+ is >> certainly more battle-tested and in fact it appears to pass all of the >> tests in the linked test suite. >> >> 2. Even if the userland implementation is written very carefully, it >> might behave differently than the native implementation used by >> json_decode() (e.g. because the latter is buggy for some reason or >> because the correct behavior is undefined). This would imply that an >> input string that was successfully validated by your userland parser >> might ultimately fail to parse when passed to json_decode(). This is >> exactly what you don't want to happen. >> > > Now this is an argument I could think of. > But that one is not even mentioned in RFC. > > The JSON_checker.c example delivered by json.org is probably not > something impossible > as it required around 1h of work to port it see working implementation > here https://gist.github.com/brzuchal/37e888d9b13937891c3e05fead5042bc > > Cheers, > Michał Marcin Brzuchalski >
