PHP 5.4 Alpha

Last month PHP 5.4 was released. I figured there would be a post in here by now but guess not. Here’s a rundown of the changes.

PHP                                                                        NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
20 Jun 2011, PHP 5.4.0 Alpha 1
- autoconf 2.59+ is now supported (and required) for generating the
  configure script with ./buildconf. Autoconf 2.60+ is desirable
  otherwise the configure help order may be incorrect.  (Rasmus, Chris Jones)

- Removed legacy features:
  . break/continue $var syntax. (Dmitry)
  . Safe mode and all related ini options. (Kalle)
  . register_globals and register_long_arrays ini options. (Kalle)
  . import_request_variables(). (Kalle)
  . allow_call_time_pass_reference. (Pierrick)
  . define_syslog_variables ini option and its associated function. (Kalle)
  . highlight.bg ini option. (Kalle)
  . Session bug compatibility mode (session.bug_compat42 and
    session.bug_compat_warn ini options). (Kalle)
  . session_is_registered(), session_register() and session_unregister() 
    functions. (Kalle)
  . y2k_compliance ini option. (Kalle)

- Moved extensions to PECL: (Johannes)
  . ext/sqlite.

- Changed $_SERVER['REQUEST_TIME'] to include microsecond precision. (Ilia)
- Changed default value of "default_charset" php.ini option from ISO-8859-1 to
  UTF-8. (Rasmus)
- Changed array_combine() to return empty array instead of FALSE when both 
  parameter arrays are empty. FR #34857. (joel.perras@gmail.com)
- Changed third parameter of preg_match_all() to optional. FR #53238. (Adam)
- Changed silent casting of null/''/false into an Object when adding
  a property into a warning. (Scott)
- <?= is now always available regardless of the short_tags setting (Rasmus)

- General improvements:
  . Added multibyte support by default. Previously php had to be compiled
    with --enable-zend-multibyte. Now it can be enabled or disabled through
    zend.multibyte directive in php.ini. (Dmitry)
  . Removed compile time dependency from ext/mbstring (Dmitry)
  . Added support for Traits. (Stefan)
  . Added closure $this support back. (Stas)
  . Added array dereferencing support. (Felipe)
  . Added indirect method call through array. FR #47160. (Felipe)
  . Added support for object references in recursive serialize() calls.
    FR #36424. (Mike)
  . Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle)
  . Added header_register_callback() which is invoked immediately
    prior to the sending of headers and after default headers have
    been added. (Scott)
  . Added DTrace support. (David Soria Parra)
  . Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike)
  . Improved unserialize() performance.
    (galaxy dot mipt at gmail dot com, Kalle)
  . Improved unix build system to allow building multiple PHP binary SAPIs and
    one SAPI module the same time. FR #53271, FR #52410. (Jani)
  . Added optional argument to debug_backtrace() and debug_print_backtrace()
    to limit the amount of stack frames returned. (Sebastian, Patrick)
  . Added stream metadata API support and stream_metadata() stream class
    handler. (Stas)

- Improved Zend Engine memory usage: (Dmitry)
  . Replaced zend_function.pass_rest_by_reference by 
    ZEND_ACC_PASS_REST_BY_REFERENCE in zend_function.fn_flags.
  . Replaced zend_function.return_reference by ZEND_ACC_RETURN_REFERENCE
    in zend_function.fn_flags.
  . Removed zend_arg_info.required_num_args as it was only needed for internal
    functions. Now the first arg_info for internal functions (which has special
    meaning) is represented by zend_internal_function_info structure.
  . Moved zend_op_array.size, size_var, size_literal, current_brk_cont,
    backpatch_count into CG(context) as they are used only during compilation.
  . Moved zend_op_array.start_op into EG(start_op) as it's used only for 
    'interactive' execution of single top-level op-array.
  . Replaced zend_op_array.done_pass_two by ZEND_ACC_DONE_PASS_TWO in
    zend_op_array.fn_flags.
  . op_array.vars array is trimmed (reallocated) during pass_two.
  . Replaced zend_class_entry.constants_updated by ZEND_ACC_CONSTANTS_UPDATED
    in zend_class_entry.ce_flags.
  . Reduced the size of zend_class_entry by sharing the same memory space
    by different information for internal and user classes.
    See zend_class_entry.info union. 
  . Reduced size of temp_variable.

- Changed the structure of op_array.opcodes. The constant values are moved from
  opcode operands into a separate literal table. (Dmitry)

- Improved Zend Engine, performance tweaks and optimizations: (Dmitry)
  . Inlined most probable code-paths for arithmetic operations directly into
    executor.
  . Eliminated unnecessary iterations during request startup/shutdown.
  . Changed $GLOBALS into a JIT autoglobal, so it's initialized only if used.
    (this may affect opcode caches!)
  . Improved performance of @ (silence) operator.
  . Simplified string offset reading. $str[1][0] is now a legal construct.
  . Added caches to eliminate repeatable run-time bindings of functions,
    classes, constants, methods and properties.
  . Added concept of interned strings. All strings constants known at compile
    time are allocated in a single copy and never changed.
  . Added an optimization which saves memory and emalloc/efree calls for empty
    HashTables. (Stas, Dmitry)
  . ZEND_RECV now always has IS_CV as its result.
  . ZEND_CATCH now has to be used only with constant class names.
  . ZEND_FETCH_DIM_? may fetch array and dimension operands in different order.
  . Simplified ZEND_FETCH_*_R operations. They can't be used with the
    EXT_TYPE_UNUSED flag any more. This is a very rare and useless case.
    ZEND_FREE might be required after them instead.
  . Split ZEND_RETURN into two new instructions ZEND_RETURN and
    ZEND_RETURN_BY_REF.
  . Optimized access to global constants using values with pre-calculated
    hash_values from the literals table.
  . Optimized access to static properties using executor specialization.
    A constant class name may be used as a direct operand of ZEND_FETCH_*
    instruction without previous ZEND_FETCH_CLASS.
  . zend_stack and zend_ptr_stack allocation is delayed until actual usage.

- Improved CLI SAPI: (Johannes)
  . Added command line option --rz <name> which shows information of the
    named Zend extension.
  . Interactive readline shell improvements:
    . Added "cli.pager" php.ini setting to set a pager for output.
    . Added "cli.prompt" php.ini setting to configure the shell prompt.
    . Added shortcut #inisetting=value to change ini settings at run-time.
    . Changed shell not to terminate on fatal errors.
    . Interactive shell works with shared readline extension. FR #53878.

- Improved FastCGI SAPI: (Dmitry)
  . Added apache compatible functions: apache_child_terminate(),
    getallheaders(), apache_request_headers() and apache_response_headers()
  . Improved performance of FastCGI request parsing.

- Improved core functions:
  . number_format() no longer truncates multibyte decimal points and thousand
    separators to the first byte. FR #53457. (Adam)
  . Added hex2bin() function. (Scott)

- Improved CURL extension:
  . Added support for CURLOPT_MAX_RECV_SPEED_LARGE and
    CURLOPT_MAX_SEND_SPEED_LARGE. FR #51815. (Pierrick)

- Improved Date extension:
  . Added the + modifier to parseFromFormat to allow trailing text in the
    string to parse without throwing an error. (Stas, Derick)

- Improved DBA extension:
  . Added Tokyo Cabinet abstract DB support. (Michael Maclean)
  . Added Berkeley DB 5 support. (Johannes, Chris Jones)

- Improved filesystem functions:
  . scandir() now accepts SCANDIR_SORT_NONE as a possible sorting_order value.
    FR #53407. (Adam)

- Improved HASH extension:
  . Added Jenkins's one-at-a-time hash support. (Martin Jansen)
  . Added FNV-1 hash support. (Michael Maclean)
  . Made Adler32 algorithm faster. FR #53213. (zavasek at yandex dot ru)

- Improved intl extension:
  . Added Spoofchecker, allows checking for visibly confusable characters and
    other security issues. (Scott)

- Improved JSON extension:
  . Added JsonSerializable interface. (Sara)
  . Added JSON_BIGINT_AS_STRING, extended json_decode() sig with $options.
    (Sara)
  . Added support for JSON_NUMERIC_CHECK option in json_encode() that converts 
    numeric strings to integers. (Ilia)
  . Added new json_encode() option JSON_PRETTY_PRINT. FR #44331. (Adam)
  . Added new json_encode() option JSON_UNESCAPED_SLASHES. FR #49366. (Adam)

- Improved LDAP extension:
  . Added paged results support. FR #42060. (ando@OpenLDAP.org,
    iarenuno@eteo.mondragon.edu, jeanseb@au-fil-du.net, remy.saissy@gmail.com)

- Improved MySQL extensions:
  . MySQL: Deprecated mysql_list_dbs(). FR #50667. (Andrey)
  . mysqlnd: Added named pipes support. FR #48082. (Andrey)
  . MySQLi: Added iterator support in MySQLi. mysqli_result implements 
    Traversable. (Andrey, Johannes)
  . PDO_mysql: Removed support for linking with MySQL client libraries older
    than 4.1. (Johannes)

- Improved OpenSSL extension:
  . Added AES support. FR #48632. (yonas dot y at gmail dot com, Pierre)
  . Added a "no_ticket" SSL context option to disable the SessionTicket TLS
    extension. FR #53447. (Adam)
  . Added no padding option to openssl_encrypt()/openssl_decrypt(). (Scott)

- Improved PDO DB-LIB: (Stanley)
  . Added nextRowset support.
  . Fixed bug #50755 (PDO DBLIB Fails with OOM).

- Improved PostgreSQL extension:
  . Added support for "extra" parameter for PGNotify().
    (r dot i dot k at free dot fr, Ilia)

- Improved Reflection extension: (Johannes)
  . Added ReflectionExtension::isTemporary() and
    ReflectionExtension::isPersistent() methods.
  . Added ReflectionZendExtension class.
  . Added ReflectionClass::isCloneable(). (Felipe)

- Improved Session extension:
  . Added support for storing upload progress feedback in session data. (Arnaud)
  . Changed session.entropy_file to default to /dev/urandom or /dev/arandom if
    either is present at compile time. (Rasmus)

- Improved SPL extension:
  . Added RegexIterator::getRegex() method. (Joshua Thijssen)
  . Added SplObjectStorage::getHash() hook. (Etienne)
  . Added CallbackFilterIterator and RecursiveCallbackFilterIterator. (Arnaud)

- Improved ZLIB extension:
  . Re-implemented non-file related functionality. (Mike)

- Improved SNMP extension (Boris Lytochkin):
  . Added OO API. FR #53594 (php-snmp rewrite). 
  . Sanitized return values of existing functions. Now it returns FALSE on
    failure.
  . Allow ~infinite OIDs in GET/GETNEXT/SET queries. Autochunk them to max_oids
    upon request.
  . Introducing unit tests for extension with ~full coverage.
  . Fixed bugs
    . #44193 (snmp v3 noAuthNoPriv doesn't work)
    . #45893 (Snmp buffer limited to 2048 char)
    . #46065 (snmp_set_quick_print() persists between requests)
    . #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly)
    . #53862 (snmp_set_oid_output_format does not allow returning to default)

## UNSORTED ##

- Fixed PDO objects binary incompatibility. (Dmitry)
- Fixed bug #52211 (iconv() returns part of string on error). (Felipe)

Some major things. Register Globals go bye bye. Same with magic quotes and safe mode. Traits are incoming. <?= will always be available, that’s a major bugbear for my current framework’s template engine and something I’m glad to see included.

Anyone else have thoughts/reactions/questions on what is coming in. With luck this will be coming out sooner than you think.

Further to the changes that Michael lists, here are the lastest lists from the alpha releases (or not-yet-releases).

Alpha 2

14 Jul 2011, PHP 5.4.0 Alpha 2
- General improvements:
  . Zend Signal Handling. (Lucas Nealan,Arnaud Le Blanc,Brian Shire, Ilia)

- Improved Zend Engine
  . Improved parse error messages. (Felipe)

- Improved CLI SAPI:
  . Added built-in web server that is intended for testing purpose.
    (Moriyoshi)

- Improved PHP-FPM SAPI:
  . Added partial syslog support (on error_log only). FR #52052. (fat)
  . Lowered default value for Process Manager. FR #54098. (fat)
  . Enhance security by limiting access to user defined extensions.
    FR #55181. (fat)

- Improved core functions:
  . Changed http_response_code() to be able to set a response code. (Kalle)
  . Fixed crypt_blowfish handling of 8-bit characters. (Stas) (CVE-2011-2483)
  . Fixed bug#55084 (Function registered by header_register_callback is
    called only once per process). (Hannes)

- Improved DOM extension:
  . Added the ability to pass options to loadHTML (Chregu, fxmulder at gmail dot com)

- OpenSSL extension:
  . Use php's implementation for Windows Crypto API in 
    openssl_random_pseudo_bytes. (Pierre)

My favourites out of this alpha release are the built-in web server and the ability to pass options to DOMDocument::loadHTML().

The built in web server is a little addition to the PHP CLI, which via a command like php -S localhost:8080 starts a web server based in the current directory (configurable). It must be stressed that the intention is for this to be a development server only, to quickly test applications without having to hook into Apache, Nginx and the like.

The change to DOMDocument::loadHTML() brings it in line with its loadXML() neighbour.

Alpha 3 (subject to change)

?? ??? 2011, PHP 5.4.0 Alpha 3
- Added features:
 . Short array syntax, see UPGRADING guide for full details (rsky0711 at gmail 
   . com, sebastian.deutsch at 9elements . com, Pierre)
 
- Removed features:
  . Removed magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase ini options.
    get_magic_quotes_gpc, get_magic_quotes_runtime are kept but always return
    false, set_magic_quotes_runtime raises an E_CORE_ERROR. (Pierrick, Pierre)

- Changed E_ALL to include E_STRICT. (Stas)

- Improved PHP-FPM SAPI:
  . Added process.max to control the number of process FPM can fork. FR #55166.
    (fat)
  . Dropped restriction of not setting the same value multiple times, the last
    one holds. (giovanni at giacobbi dot net, fat)

- SPL extension:
  . Added missing class_uses(..) as pointed out by #55266 (Stefan)

Changes in this release (which has not happened yet, things may change!) are potentially wide-reaching. The two key points of interest for existing code are; firstly, E_ALL will include E_STRICT so that it, finally, really is E_ALL; secondly, the various magic_quotes_* php.ini options are forced as “Off” and related setting function, set_magic_quotes_runtime(TRUE) will issue an E_CORE_ERROR. The associated get_magic_quotes_*() functions are unchanged, no warnings at all.

An addition with this release will be a short array declaration syntax like the following. I’m not a big fan, but lots of people really (really!) wanted this new syntax.

$foo = ['a', 'b', 'c', 'd' => 'dance'];
// $foo = array('a', 'b', 'c', 'd' => 'dance');

$nested = [
    'cake',
    'fruits' => [
        'tomato',
        'rhubarb',
    ],
    'pie',
];

There was some talk at somepoint to allow array referencing of a function’s return immediately like this…

$val = myFunction($param)[3];

This sort of thing gets used a lot in javascript. Was it included or dropped?

array dereferencing is in I believe.

I can’t help but think how long it would take for 5.4 to become the “accepted” version on most hosting company servers. I’m only now just seeing 5.2 as a standard option. 5.3 still seems to be hit-or-miss.

Reading over the changes it would appear that if you are already using 5.3 then the migration to 5.4 shouldn’t be as big of deal as going to 5.3 was. Hopefully that will be the case and adoption will go much quicker this time around.

To be “accepted” and to be available in most server are different things in my opinion. I totally agreed here that we still don’t have the (hosting) servers having 5.3 whereas there are still some servers having PHP 4.x too. We as developers have to ask the client about their hosting server’s PHP version before starting development if we can use latest functions/features of PHP since it is quite difficult to write script compatible with PHP 4 and 5.x.

So it is one side where the developers’ work to upgrade PHP (or any software) with features and other side the users upto them whether to grab the features added in new version or not.

As Anthony mentioned this is included. It’s in the notes for the first alpha, as Added array dereferencing support. (Felipe).

I didn’t know what it was formally called. One of the drawbacks of being self-taught.

Finally, the ability to call a closure within the context of an object via Closure::bind() – sexxyyy! Now we just need to wait 5 years until hosts install it…

Have they renamed it, Closure::bindTo() it was originally.

But yes, makes working with closures alot nicer, event handlers can be bound to actually something useful like and event object.

bottom

I was trying to find the docs for it but have come up short.

When I am able to do the below in production I will be happy – jquery syntax for ORMs, I can see it now.

<?php

class Blog {

	public $id;

	public function __construct($id) {
		$this->id = $id;
	}
	
}

$entities = array(
	 new Blog(1)
	,new Blog(2)
	,new Blog(4)
);

$each = function() {
	echo "<p>id: {$this->id}</p>";
};

foreach($entities as $entity) {
	$binded = Closure::bind($entity,$each);
	$binded();
}
?>

I didn’t think we were meant to use the Closure object at all?

Anonymous functions are currently implemented using the Closure class. This is an implementation detail and should not be relied upon.

Or am I (more likely) misunderstanding this?

There is a non OO equivalent, so don’t have to explicitly use Closure.

closure_bindto() or something like that.

Scratch that. The functions seem to have been removed/not implemented.

They are still planning on phasing out ‘<?’ short tags by PHP 6 but, after much yelling on the PHP dev mailing list, they decided to integrate ‘<?=’ into the permanent code of the 5.4 branch - that is, regardless of the php.ini setting for short tags, ‘<?=’ is always available.

• OpenSSL extension:
  . Use php’s implementation for Windows Crypto API in
  openssl_random_pseudo_bytes. (Pierre)

This one is contentious on the PHP dev mailing list at the moment.

Why? Why would it cause contentious? What is wrong with offering a cryptographically secure pseudo-random number generator, in a function meant for cryptographically secure stuff? Linux has the /dev/*random stuff, Windows has an CryptoAPI.

Edit, I see one guy dislikes using a faster (Windows-native) method instead of the slow (non-Windows-native) openssl method.

I’ll be glad to see them phasing out <? completely. I always have to turn it off if I start mixing XML files with PHP (which I do sometimes for various reasons, like an autogenerating SVG image). I may actually put <?= into use now that it’s going to always be available. =p

I also like seeing the use of an array right away. I always feel like it’s a bit overkill to have to assign it to a variable when I just want to use one value one time.