
An Exceptional Change in PHP 7.0 - ingve
https://daveyshafik.com/archives/69237-an-exceptional-change-in-php-7-0.html
======
sarciszewski
Amusingly, after months of pointless bikeshedding, we managed to convince the
internals team to throw an exception during the extreme case of a CSPRNG
failure.

[https://www.sammyk.me/security-changes-to-the-
php-7-csprng-i...](https://www.sammyk.me/security-changes-to-the-php-7-csprng-
in-rc3)

You can read my arguments on the mailing list, but basically it amounted to:

    
    
        $chars = 'abcdefghijklmnopqrstuvwxyz234567';
        for ($i = 0; $i < 12; ++$i) {
            $password .= $chars[random_int(0, 31)];
        }
    

If random_int() returned FALSE, $password would be the string 'aaaaaaaaaaaa'
(and you'd have 12 E_WARNING errors in your log).

By making it an exception, random_int() will now fail closed (kill the script
by default), but the developer can still handle it gracefully.

    
    
        $chars = 'abcdefghijklmnopqrstuvwxyz234567';
        try {
            for ($i = 0; $i < 12; ++$i) {
                $password .= $chars[random_int(0, 31)];   
            }
        } catch (Throwable $e) {
            $framework->template->kill('An unrecoverable fatal error occurred.');
        }
    

Or something similar.

Is it a BC break? Sure. Is it worth it? Oh yeah.

~~~
debacle
We need more BC breaks, not fewer. I'd really like to see a lot of functions
that return FALSE on failure throw exceptions in the future. We could also
tidy up the stdlib a bit and give primatives some OO love.

If you're going to break BC, might as well do it right.

~~~
sarciszewski
So, onwards to PHP (gr)8?

~~~
debacle
I'm hoping Hack can liberate us.

------
vatotemking
Wow this thread reeks of negativity

~~~
Jgrubb
It's a thread about PHP on Hacker News. Even if there were no comments at all
it would still reek of negativity.

~~~
spdionis
Honestly I'm amazed that even here on hackernews PHP gets so much hating over
meaningless things.

I mean, hating PHP for copying Java OO model in 2004? Com'on... It's not like
PHP ever wanted to be a fancy language.

EDIT: Apparently PHP5 was released in 2004, not 2003.

EDIT2: One thing PHP got right over Java: type-hinted parameters are not
nullable by default. NullPointerException anyone?

------
draw_down
Why does everything start with a backlash? I do not get this language at all.

~~~
__david__
The namespace separator in PHP is \\. It seems like a horrible idea at first,
but in practice the only place you ever see it is at the top of files:

    
    
        use Psr\Log\NullLogger;
        use Psr\Log\LoggerInterface;
        use Psr\Log\LogLevel;
    

…and then the rest of the code just uses NullLogger, LoggerInterface and
LogLevel.

------
oldmanjay
I just don't get why, of all the OO systems out there to inspire an engineer,
the PHP people picked Java.

~~~
wvenable
PHP is much more of a static language than a dynamic one. Therefore it has
more in common with Java/C++ than with Python, Ruby, or JavaScript. It's also
a very pragmatic choice for an OO system.

~~~
vruiz
PHP wasn't always what it is now, that's OPs point. They are where they chose
to go. Probably in the search of legitimacy, they chose to follow the most
enterprisey language.

~~~
Someone1234
But you, like the OP, fail to communicate exactly WHY this is a bad thing. You
just take it for granted that your point stands on its own without an
explanation.

Why NOT Java?

~~~
oldmanjay
Java is a fairly ugly OO system, basically. It's purely my opinion, of course,
but not an uncommon one.

Since I don't have to use PHP I'm not too upset. I was really just lamenting
the state of the world.

~~~
durrrrrrr
Same thing as before, you've stated it's ugly, but haven't given any specific
examples of why you think this.

~~~
betenoire
do we really need to see bad java examples to understand his opinion?

~~~
smt88
Just because a language is used to write bad code doesn't mean the language
design itself is bad.

~~~
KennyCason
Exactly. I've seen beautifully written Java and I've seen (and written) ugly
Java. The language syntax is by far the least contributing factor to the
'prettiness' of the code. With the exception of BF. :)

------
amyjess
Out of curiosity, why does PHP use backslashes in throwable names?

~~~
dguaraglia
Heh, I was wondering the same. As others have pointed out, it looks like it's
the namespace separator. Now someone has to explain why on Earth you need the
namespace separator if these class names are already in the namespace?

PHP has an incredible knack for _almost_ copying other languages' features,
but making them uglier in some random way, for no particular added benefit.

(I know, I'm a hater... but seriously, why?)

~~~
Washuu
The namespace separator is not required if already in the correct scope. I am
not sure why the author decided to include them in the examples.

~~~
kijin
Modern PHP code rarely uses the global namespace, so almost everyone who cares
about correct handling of the new exceptions will have to prefix them with a
backslash anyway.

------
sadgit
Both the LogicException and the RuntimeException branches seem kind of
pointless... They all describe exceptions that happen with values at runtime
and I expect I'd have trouble picking one in a given circumstance. Mostly I
see it leading to a lot of inconsistent uses in practice. At least 4 of them
would be legitimate choices for a string thats too short, for example.

Ah, PHP.

~~~
debacle
The logic behind the difference is in the fact that PHP doesn't have
assertions - the naming is based on the root cause, not when the occur.

A RuntimeException is something like "Database connection failed." A
LogicException is an implementation issue (e.g. usually requires a code change
to fix).

