On Fri, 2008-01-04 at 20:13 +0100, Stefan Esser wrote:
> Stanislav Malyshev schrieb:
> >> * the code gets smaller because not so many typechecks in every function
> > What do you mean "not so many"? You need one per checked parameter.
> There is a difference in complexity between a userlevel type check and a
> low level type check.
Definitely. User-level is 10 times more written code and is slower.
> >> * with type hints byte code optimizer can optimize the code far better
> > Do you have any optimizer that can do that? Any plans to make one? Any
> > tests showing you can optimize real-life application this way?
> How should one have an optimizer for that as long PHP does not have this
> feature? Noone would implement one that is capable of doing this not
> knowing if the feature ever makes it into PHP.
Very true, thank you for pointing that out.
> > That is true, type hints do make static analysis easier - strict
> > typing is created exactly for that purpose. However, it only helps if
> > all the code is strictly typed - otherwise you just move point of
> > failure around. And in any case, type won't help you much form most
> > real static analysis purposes, such as security - "string" can hold
> > anything.
> That is not completely true. If for example 10 functions use type
> hinting and other functions not, then you have atleast 10 functions
> where you can analyse better.
>
> A "simple" example is:
>
> function decryptID($id)
> {
> return $id ^ SOME_RUNTIME_CONSTANT;
> }
>
> function getUserFromId($id)
> {
> $sql = "select * from user where id=".decrypt($id);
> ...
> }
>
> To analyse this construct a static code analyser has a lot todo and it
> still needs to check every call to getUserFromId() to verify if this is
> an actual security hole, because it doesn't know the content of
> SOME_RUNTIME_CONSTANT and therefore the return value of decryptID could
> be a binary xored string. However a type hint of int in the decryptID()
> function would allow the analyser to know that decryptID() always return
> int and this would tell it that this is not a security hole. You see in
> this example that just partial usage of type hinting can mean the
> difference between a false positive and a definitive unexploitability.
In general, type hinting gives you more control over your code. Also, if
$id is an int, you prevent having to escape the data to avoid sql
injection.
> Greetings,
> Stefan Esser
>
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
