[RFC] Add #[\DelayedTargetValidation] attribute

[DanielEScherzer]

https://wiki.php.net/rfc/delayedtargetvalidation_attribute

[DanielEScherzer]

CC @TimWolla @edorian for the NoDiscard-related changes, the "don't apply on property hooks" error was moved around so that it could be delayed

[TimWolla]

Currently on vacation, so can't review, but I trust that you are capable of correctly moving error messages 😄

[TimWolla]

Some first thoughts. I don't currently have the mental capacity to perform an in-depth review (diff is larger than anticipated) and didn't look at the entire PR.

[iluuu1994]

After sleeping on this, my preferred approach would be:

• Stop using zend_error_noreturn() in validator in favor of zend_throw_error() for target validation, instruct from UPGRADING.INTERNALS to do the same for extensions.
• Use EG(exception) from zend_compile_attributes() to understand whether the validator succeeded.
• Without #[DelayedTargetValidation], promote to a fatal error with zend_exception_uncaught_error().
• With #[DelayedTargetValidation], record whether the validator has succeeded and store it in zend_attribute. EG(exception) would have to be removed/freed.
• When it failed, repeat the validation on ReflectionAttribute::newInstance(). Skipping for successful validators prevents writing to locked shm. Validators should be idempotent, i.e. we should be able to rely on the fact that calling it again will also throw.

The benefit is that we don't need to handle this for every validator, and we don't need the ZEND_ATTRIBUTE_NO_TARGET_VALIDATION/ZEND_ATTRIBUTE_DELAYED_TARGET_VALIDATION flags. Then, this feature should work mostly automatically.

WDYT?

[iluuu1994]

Same with this.

[DanielEScherzer]

Stop using zend_error_noreturn() in validator in favor of zend_throw_error() for target validation, instruct from UPGRADING.INTERNALS to do the same for extensions.

zend_throw_error() will just use zend_error_noreturn() if I'm reading correctly,

php-src/Zend/zend.c

Lines 1831 to 1836 in 222f751

	//TODO: we can't convert compile-time errors to exceptions yet???
	if (EG(current_execute_data) && !CG(in_compilation)) {
	zend_throw_exception(exception_ce, message, 0);
	} else {
	zend_error_noreturn(E_ERROR, "%s", message);
	}

when validators are run, CG(in_compilation) is true, see the validate_nodiscard() logic

Skipping for successful validators prevents writing to locked shm.

No validators should be writing anything at runtime, e.g. for allow dynamic properties the validator just ZEND_ASSERTs that it passed the first time

[iluuu1994]

zend_throw_error() will just use zend_error_noreturn() if I'm reading correctly,

RIght, at least when EG(current_execute_data) is empty, which can occur for the main script. You would have to install a fake frame.

No validators should be writing anything at runtime, e.g. for allow dynamic properties the validator just ZEND_ASSERTs that it passed the first time

Yes, but every validator must abort to avoid this, which is a potential foot gun. What I'm suggesting is a way for #[DelayTargetValidation] to mostly just work.

[DanielEScherzer]

zend_throw_error() will just use zend_error_noreturn() if I'm reading correctly,

RIght, at least when EG(current_execute_data) is empty, which can occur for the main script. You would have to install a fake frame.

Even if it is not empty, the && means that noreturn would be used? Or am I missing something?

[iluuu1994]

Yes, you can change this value as well. But there are alternatives. E.g. validator could return a zend_string containing the error message or null on success, which could be attached to zend_attribute and then re-thrown by reflection. Then you don't need to trigger validator twice at all.

[DanielEScherzer]

I switched it so that validators return error messages instead of emitting them, which allowed removing the ZEND_ATTRIBUTE_NO_TARGET_VALIDATION flag. For some reason I kept getting segfaults if I tried to add a field to the zend_attribute struct to hold the error message, even if I didn't actually touch the field, I'll try to debug

[iluuu1994]

Valgrind or sanitizers might help. Adding -m to run-tests.php is a simple way to run Valgrind on some tests without having to recompile with sanitizers.

[DanielEScherzer]

Valgrind or sanitizers might help. Adding -m to run-tests.php is a simple way to run Valgrind on some tests without having to recompile with sanitizers.

Pretty sure the issue was that I was putting the new field after the zend_attribute_arg args[1]; and so breaking the struct hack

[iluuu1994]

Thanks for the changes thus far. It seems simpler to me, hopefully you agree.

[TimWolla]

C stuff LGTM now, didn't look into the (very verbose) tests.

[iluuu1994]

Thanks for the changes!

[DanielEScherzer]

Addressed the notes about comments, and rebased
I'll plan to merge this tomorrow, I want to take another look myself with fresh eyes
In the meantime I'll go write up a blog post explaining the feature that can be used to help with the process of updating php/doc-en later

[TimWolla]

Seeing this, I wonder if we should export zend_throw_exception_zstr.

[DanielEScherzer]

Don't think that is necessary at the moment, this worked fine