Lazy objects

RFC: https://wiki.php.net/rfc/lazy-objects

Closes GH-15019

ext/standard: Improve checking of allowed_classes option (#15267)

* ext/standard: Add some unserializing tests

* ext/standard: Add proper type checking for values of the allowed_cla

ext/standard: Improve checking of allowed_classes option (#15267)

* ext/standard: Add some unserializing tests

* ext/standard: Add proper type checking for values of the allowed_classes option array

* ext/standard: Check that class names are somewhat sensible for the allowed_classes option array

* Indicate type of value

* Add test for Stringable objects

show more ...

[RFC] Property hooks (#13455)

RFC: https://wiki.php.net/rfc/property-hooks

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>

ext/standard: make debug_zval_dump() output whether the array is packed (#12641)

Use a single version of mempcpy(3) (#12257)

While __php_mempcpy is only used by ext/standard/crypt_sha*, the
mempcpy "pattern" is used everywhere.

This commit removes __php_memp

Use a single version of mempcpy(3) (#12257)

While __php_mempcpy is only used by ext/standard/crypt_sha*, the
mempcpy "pattern" is used everywhere.

This commit removes __php_mempcpy, adds zend_mempcpy and transforms
open-coded parts into function calls.

show more ...

Introduce Zend guard recursion protection

This PR introduces a new way of recursion protection in JSON, var_dump
and friends. It fixes issue in master for __debugInfo and also improves

Introduce Zend guard recursion protection

This PR introduces a new way of recursion protection in JSON, var_dump
and friends. It fixes issue in master for __debugInfo and also improves
perf for jsonSerializable in some cases. More info can be found in
GH-10020.

Closes GH-11812

show more ...

Fix serialization of RC1 objects appearing in object graph twice

Previously, if an object had RC1 it would never be recorded in
php_serialize_data.ht because it was assumed that it could

Fix serialization of RC1 objects appearing in object graph twice

Previously, if an object had RC1 it would never be recorded in
php_serialize_data.ht because it was assumed that it could not be encountered
again. This assumption is incorrect though as the object itself may be saved
inside an array with RCn. This results in a new instance of the object, instead
of a second reference to the same object.

This is solved by tracking these objects in php_serialize_data.ht. To retain
performance, track if the current object resides in a potentially nested RCn
array. If not, and if the object is RC1 itself it may be omitted from
php_serialize_data.ht.

Additionally, we may treat the array root itself as RC1 because it may not
appear in the object graph again without recursion. Recursive arrays are still
somewhat broken even with this change, as the tracking of the array only happens
when the reference is encountered, thus resulting in a -> a' -> a' for a self
recursive array a -> a. Recursive arrays have limited support in serialize
anyway, so we ignore this case for now.

Co-authored-by: Dmitry Stogov <dmitry@zend.com>
Co-authored-by: Martin Hoch <martin@littlerobot.de>

Closes GH-11349
Closes GH-11305

show more ...

RFC: Make unserialize() emit a warning for trailing bytes (#9630)

Use zend_call_known_instance_method() instead of building FCI/FCC in serializer subroutine (#9955)

Co-authored-by: Tyson Andre <tyson.andre@uwaterloo.ca>

Zend/zend_types.h: deprecate zend_bool, zend_intptr_t, zend_uintptr_t (#10597)

These types are standard C99.

For compatibility with out-of-tree extensions, keep the typedefs
in

Zend/zend_types.h: deprecate zend_bool, zend_intptr_t, zend_uintptr_t (#10597)

These types are standard C99.

For compatibility with out-of-tree extensions, keep the typedefs
in main/php.h.

show more ...

Fix GH-8329 Print true/false instead of bool in error and debug messages (#8385)

Revert GH-10220

Cf. <https://github.com/php/php-src/pull/10220#issuecomment-1383739816>.

This reverts commit ecc880f491d66081298a16634629f149459706a9.
This reverts commit 588a07

Revert GH-10220

Cf. <https://github.com/php/php-src/pull/10220#issuecomment-1383739816>.

This reverts commit ecc880f491d66081298a16634629f149459706a9.
This reverts commit 588a07f7371ee2b5fac17de147926780e427fae6.
This reverts commit f377e15751d3aa48b69cd9bcc366ede7803d511f.
This reverts commit b4ba16fe189b109144aff669e11d81365160104b.
This reverts commit 694ec1deea36e366b28b6349a52be49824e1a1a8.
This reverts commit 6b34de8eba9f66882ae16e6073af28783670ac53.
This reverts commit aa1cd02a4367834026ea2205ea13a2f904455aa1.
This reverts commit 308fd311ea6fcf3094b448df7f2b264f08e4fe4f.
This reverts commit 16203b53e1822a37b6ba6f2ab198bb435d05fdad.
This reverts commit 738fb5ca5412f5e833a7fab82b11519e635a3357.
This reverts commit 9fdbefacd3c382d731aa175b7bdc002ec9cb2b30.
This reverts commit cd4a7c1d90562ebb5f89caf94d00d579631b9fbe.
This reverts commit 928685eba2b2f0ded90e7f78fd806ea164002f6e.
This reverts commit 01e5ffc85cd4357fd7b5b7ceefa29f2d10ca26b7.

show more ...

ext/{standard,json,random,...}: add missing includes

Promote unserialize() notices to warning (#9629)

* Unserialize: Migrate "Unexpected end of serialized data" to E_WARNING

* Unserialize: Migrate "Error at offset %d of %d bytes" to E

Promote unserialize() notices to warning (#9629)

* Unserialize: Migrate "Unexpected end of serialized data" to E_WARNING

* Unserialize: Migrate "Error at offset %d of %d bytes" to E_WARNING

* Unserialize: Migrate "%s is returned from __sleep() multiple times" to E_WARNING

* Add NEWS for “Promote unserialize() notices to warning”

show more ...

Make var_export/debug_zval_dump check for infinite recursion on the *object* (#9448)

Switch the recursion check from the result of `get_properties_for`
(the returned hash table of proper

Make var_export/debug_zval_dump check for infinite recursion on the *object* (#9448)

Switch the recursion check from the result of `get_properties_for`
(the returned hash table of properties) to just checking for
infinite recursion on the object.

- In order for a native datastructure to correctly implement
`*get_properties_for` for var_export's cycle detection,
it would need to return the exact same array every time prior to this PR.

Prior to this commit, the requirements for cycle detection
would prevent SplFixedArray or similar classes from returning a
temporary array that:

1. Wouldn't be affected by unexpected mutations from error handlers
2. Could be garbage collected instead.

show more ...

Reduce memory allocated by var_export, json_encode, serialize, and other (#8902)

smart_str uses an over-allocated string to optimize for append operations. Functions that use smart_str tend

Reduce memory allocated by var_export, json_encode, serialize, and other (#8902)

smart_str uses an over-allocated string to optimize for append operations. Functions that use smart_str tend to return the over-allocated string directly. This results in unnecessary memory usage, especially for small strings.

The overhead can be up to 231 bytes for strings smaller than that, and 4095 for other strings. This can be avoided for strings smaller than `4096 - zend_string header size - 1` by reallocating the string.

This change introduces `smart_str_trim_to_size()`, and calls it in `smart_str_extract()`. Functions that use `smart_str` are updated to use `smart_str_extract()`.

Fixes GH-8896

show more ...

Fix GH-8232 - always reference classes in `var_export()` via their FQCN

Closes GH-8233

This fix corrects a behavior of `var_export()` that was mostly "hidden" until PHP 8.1 introduc

Fix GH-8232 - always reference classes in `var_export()` via their FQCN

Closes GH-8233

This fix corrects a behavior of `var_export()` that was mostly "hidden" until PHP 8.1 introduced:

* properties with object initializers
* constants containing object references
* default values of class properties containing `enum`s

Since `var_export(..., true)` is mostly used in conjunction with code generation,
and we cannot make assumptions about the generated code being placed in the root
namespace, we must always provide the FQCN of a class in exported code.

For example:

```php
<?php

namespace MyNamespace { class Foo {} }

namespace { echo "<?php\n\nnamespace Example;\n\n" . var_export(new \MyNamespace\Foo(), true) . ';'; }
```

produces:

```php
<?php

namespace Example;

MyNamespace\Foo::__set_state(array(
));
```

This code snippet is invalid, because `Example\MyNamespace\Foo::__set_state()` (which
does not exist) is called.

With this patch applied, the code looks like following (valid):

```php
<?php

namespace Example;

\MyNamespace\Foo::__set_state(array(
));
```

Ref: https://github.com/php/php-src/issues/8232
Ref: https://github.com/Ocramius/ProxyManager/issues/754
Ref: https://externals.io/message/117466

show more ...

Added: [zend_]memory_reset_peak_usage() (#8151)

Fix infiniry recursion during serialize() of "tricky" object

Fixes oss-fuzz #44954

Use zend_long for resource ID

Currently, resource IDs are limited to 32-bits. As resource IDs
are not reused, this means that resource ID overflow for
long-running processes is very

Use zend_long for resource ID

Currently, resource IDs are limited to 32-bits. As resource IDs
are not reused, this means that resource ID overflow for
long-running processes is very possible.

This patch switches resource IDs to use zend_long instead, which
means that on 64-bit systems, 64-bit resource IDs will be used.
This makes resource ID overflow practically impossible.

The tradeoff is an 8 byte increase in zend_resource size.

Closes GH-7436.

show more ...

Add additional double to string APIs

zend_double_to_str() converts a double to string in the way that
(string) would (using %.*H using precision).

smart_str_append_double() prov

Add additional double to string APIs

zend_double_to_str() converts a double to string in the way that
(string) would (using %.*H using precision).

smart_str_append_double() provides some more fine control over
the precision, and whether a zero fraction should be appeneded
for whole numbers.

A caveat here is that raw calls to zend_gcvt and going through
s*printf has slightly different behavior for the degenarate
precision=0 case. zend_gcvt will add a dummy E+0 in that case,
while s*printf convert this to precision=1 and will not. I'm
going with the s*printf behavior here, which is more common,
but does result in a minor change to the precision.phpt test.

show more ...

Move php_gcvt to zend_gcvt

Also move PHP_DOUBLE_MAX_LENGTH to ZEND_DOUBLE_MAX_LENGTH.

Remove leading underscore for _zend_hash_find_known_hash (#7260)

Convert zend_hash_find_ex(..., 1) to zend_hash_find_known_hash(...)
Convert zend_hash_find_ex(..., 0) to zend_hash_find(.

Remove leading underscore for _zend_hash_find_known_hash (#7260)

Convert zend_hash_find_ex(..., 1) to zend_hash_find_known_hash(...)
Convert zend_hash_find_ex(..., 0) to zend_hash_find(...)

Also add serializable changes to UPGRADING.INTERNALS summary

show more ...

Add ZEND_ACC_NOT_SERIALIZABLE flag

This prevents serialization and unserialization of a class and its
children in a way that does not depend on the zend_class_serialize_deny
and zend

Add ZEND_ACC_NOT_SERIALIZABLE flag

This prevents serialization and unserialization of a class and its
children in a way that does not depend on the zend_class_serialize_deny
and zend_class_unserialize_deny handlers that will be going away
in PHP 9 together with the Serializable interface.

In stubs, `@not-serializable` can be used to set this flag.

This patch only uses the new flag for a handful of Zend classes,
converting the remainder is left for later.

Closes GH-7249.
Fixes bug #81111.

show more ...

Fix false positive recursion warning for var_export of enums (#7201)