SlideShare a Scribd company logo
1 of 60
Download to read offline
PHP 7.0's
error messages
Having fun with errors
Washington DC, USA, 2015
Agenda
• 2200 error messages to review
• New features, new traps, new messages
Speaker
• Damien Seguy
• CTO at exakat
• PHP static auditing engine
Evolution of error messages
Searching for messages
• PHP-src repository
• zend_error
• zend_throw
• zend_throw_exception
• zend_error_throw
TOP 5 (from the source)
1. Using $this when not in object context (192)
2. Cannot use string offset as an array (74)
3. Cannot use string offset as an object (56)
4. Only variable references should be yielded by
reference (52)
5. Undefined variable: %s (43)
TOP 5 (Google)
1. Call to undefined function
2. Class not found
3. Allowed memory size of
4. Undefined index
5. Undefined variable
Exceptions are on the rise
%
%
%
%
Agenda
• New error messages
• Better linting
• Removed messages
• Cryptic messages
New features
Return value of %s%s%s()
must %s%s, %s%s returned
<?php   
  function x(): myClass {  
   return false;  
} 
   
?>
Uncaught TypeError: Return value of x() must be of the type myClass,
boolean returned in…
Return value of %s%s%s()
must %s%s, %s%s returned
<?php   
  function x(): array {  
   return ;  
  } 
   
?>
Uncaught TypeError: Return value of x() must be of the type array,
none returned in…
Argument %d passed to %s%s%s() must %s
%s, %s%s given, called in %s on line %d
<?php   
function x(array $a)  {  
  return false;  
} 
x(false); 
   
?>
Uncaught TypeError: Argument 1 passed to x() must be of the type
array, boolean given, called in
Default value for parameters with
a float type hint can only be float
<?php   
    function foo(float $a = "3"){  
        return true;  
    }  
?> 
Default value for parameters with
a float type hint can only be float
<?php   
    function foo(float $a =  3 ){  
        return true;  
    }  
?> 
Cannot use temporary
expression in write context
<?php  
$a = 'foo'[0];  
'foo'[0] = 'b';  
?>
Parse error: syntax error, unexpected '=' in
Cannot use temporary
expression in write context
<?php   
$a = 'foo';  
$a[0] = 'b';   
print $a;  
?>
Cannot use "%s" when no
class scope is active
<?php    
  function x(): parent {   
    return new bar();  
 }  
x();  
?>
• self • parent • static
Cannot use "%s" when no
class scope is active
<?php    
class bar extends baz {}   
class foo extends bar {  
  function x(): parent {   
    return new foo();  
 }  
}  
$x = new foo();  $x->x();  
?>
Cannot use "%s" when no
class scope is active
<?php    
class bar extends baz {}   
class foo extends bar {  
  function x(): parent {   
    return new bar();  
 }  
}  
$x = new foo();  $x->x();  
?>
Cannot use "%s" when no
class scope is active
<?php    
class baz {}   
class bar extends baz {}   
class foo extends bar {  
  function x(): parent {   
    return new baz();  
 }  
}  
$x = new foo(); $x->x();  
?>Uncaught TypeError: Return value of foo::x() must be an instance of
bar, instance of baz returned in
Different parents
class great-great-grandparent
class great-grandparent
class parent
class self
class child
class grand-child
class great-grandchild
class great-great-grandchild
<?php 
class self {
  function x() {
    parent::y();
 }
}
<?php 
class self {
  function x() : parent {
    return $something;
 }
}
Cannot use "%s" when no
class scope is active<?php    
class baz {}   
class bar extends baz {}   
class foo extends bar {  
  function x(): grandparent {   
    return new baz();  
 }  
}  
$x = new foo(); $x->x();  
?>
Uncaught TypeError: Return value of foo::x() must be an instance of
grandparent, instance of bar returned
Useful in traits
Fatal error: Cannot access parent:: when current
class scope has no parent
<?php 
trait t {
  function x() : parent {
    return $something;
 }
}
class c {
  use t;
}
cannot declare a return type
• __construct
• __destruct
• __clone
• "PHP 4 constructor"
<?php   
class x {  
    function __construct() : array {  
        return true;  
    }  
    function x() : array {  
        return true;  
    }  
}  
?>
Methods with the same name as their
class will not be constructors in a
future version of PHP; %s has a
deprecated constructor
<?php   
class x {  
    function x() : array {  
        return true;  
    }  
}  
?> M
ost
frequent
error
(95%
)
Invalid UTF-8 codepoint
escape sequence
我爱你
<?php   
$a = "u{6211}u{7231}u{4f60}";  
echo $a;  
?> 
Invalid UTF-8 codepoint
escape sequence
• Incompatible with PHP 5.6
• Good for literals
• Alternatives?
<?php   
$a = "u{de";  
echo $a;  
?> 
<?php  
echo json_decode('"u'.$unicode.'"');  
echo mb_convert_encoding('&#x'.$unicode.';', 'UTF-8', 'HTML-ENTITIES');  
echo html_entity_decode('&#'.hexdec($unicode).';', 0, 'UTF-8');  
     eval('"u{'.$unicode.'}n"');  
?>
New linting
A class constant must not be called 'class';
it is reserved for class name fetching
• Used to be a parse error. Now a nice message.
• Still a bad idea
<?php   
class x {  
    const class = 1;  
    const const = 2;  
}  
?>
A class constant must not be called 'class';
it is reserved for class name fetching
• Outside class will 

generate

the old error
<?php   
//class x {  
    const class = 1;  
//}  
?>
Parse error: syntax error, unexpected 'class' (T_CLASS), expecting
identifier (T_STRING)
Dynamic class names are not
allowed in compile-time ::class fetch
<?php    
$c = new class { 
function f() { 
echo $x::class; 
}
}; 
$c->f(); 
?>
Redefinition of parameter $%s
<?php  
function foo($a, $a, $a) {  
  echo "$an";  
}  
foo(1,2,3);  
?>
Switch statements may only
contain one default clause
<?php   
switch($x) {   
    case '1' :    
        break;   
    default :    
        break;   
    default :    
        break;   
    case '2' :    
        break;   
}   
?>
Switch statements may only
contain one default clause
<?php   
switch($x) {   
    case 1 :    
        break;   
    case 0+1 :    
        break;   
    case '1' :    
        break;   
    case true :    
        break;   
    case 1.0 :    
        break;   
    case $y :    
        break;   
Exceptions must
implement Throwable
<?php    
throw new stdClass();
?> 
Fatal error: Uncaught Error: Cannot throw objects that do not
implement Throwable
Exceptions must
implement Throwable
<?php    
class e implements Throwable {
/* Methods */
 public function  getMessage() {}
 public function  getCode() {}
 public function  getFile() {}
 public function  getLine() {}
 public function  getTrace() {}
 public function  getTraceAsString() {}
 public function  getPrevious() {}
 public function  __toString() {}
}
?> 
Class e cannot implement interface Throwable, extend Exception or
Error instead
Retired messages
Gone for good
	 It is not safe to rely on the system's timezone
settings. You are *required* to use the date.timezone
setting or the date_default_timezone_set() function. In
case you used any of those methods and you are still
getting this warning, you most likely misspelled the
timezone identifier.
Catchable fatal error
<?php  
function x(string $s) {
    echo "$sn";
}
x('php');
?>
Catchable fatal error: Argument 1 passed to x() must be an instance of
string, string given
New scalar typehint
• string, real, bool, float, int
• resource, mixed, numeric, object
• Can't be used for a class name anymore
Catchable fatal error
<?php  
function x(resource $s) {
    echo "$sn";
}
x(fopen('a.php','w+'));
?>
Catchable fatal error: Argument 1 passed to x() must be an instance of
resource, resource given
Fatal Error
<?php 
interface t{} 
trait t{} 
?>
Fatal error: Cannot redeclare class t in
Call-time pass-by-reference
has been removed;
<?php  
$a = 3;  
function f($b) {  
    $b++;  
}  
f(&$a);  
print $a;  
?>
Fatal error: Call-time pass-by-reference has been removed; If you would
like to pass argument by reference, modify the declaration of f(). in
has been removed
Call-time pass-by-reference
has been removed;
<?php  
$a = 3;  
function f($b) {  
    $b++;  
}  
f(&$a);  
print $a;  
?>
PHP Parse error: syntax error, unexpected '&' in
Cryptic messages
Minimum value must be less than
or equal to the maximum value
<?php 
var_dump(random_int(100, 999)); 
var_dump(random_int(-1000, 0)); 
var_dump(random_bytes(10)); 
?>
PHP Parse error: Could not gather sufficient random data
Division of PHP_INT_MIN
by -1 is not an integer
• PHP_INT_MAX : 9223372036854775807
• PHP_INT_MIN is the smallest integer on PHP
• PHP_INT_MIN : -9223372036854775808
• Division or multiplication leads to non-integer
• Uses the Integer Division intdiv()
WebP decode: realloc failed
• New image format for the Web
• Lossless compression, small files
• gdImageCreateFromWebpCtx emit this
• Probably very bad
Function name must be
a string
<?php  
if ($_GET('X') == 'Go') {  
    ProcessFile();  
    return;  
}  
?>
Encoding declaration pragma
must be
the very first statement
in the script
Namespace declaration
statement
has to be
the very first statement
in the script
Namespace declaration
statement
has to be
the very first statement
in the script
Encoding declaration pragma
must be
the very first statement
in the script
<?php 
namespace myNamespace; 
declare(encoding='ISO-8859-1'); 
// code here 
// --enable-zend-multibyte
?>
First STATEMENT EVER
<?php 
declare(encoding='ISO-8859-1'); 
namespace myNamespace;
 
// code here 
// --enable-zend-multibyte
?>
First STATEMENT EVER
<?php
declare(encoding='UTF8'); 
namespace ⼈人 {
echo __NAMESPACE__;
}
?>
You seem to be trying to
use a different language...
<?php  
use strict;
What about my code?
Fun with errors
• Check the errors messages in your application
• die, exit
• echo, print, display, debug, wp_die

(depends on conventions)
• new *Exception()
• What does your application tells you?
• die('I SEE ' . $action . ' - ' . $_POST['categories_id']);
• die("Error: application_top not found.nMake sure you have placed the currency_cron.ph
file in your (renamed) Admin folder.nn");
• die('ERROR: admin/includes/configure.php file not found. Suggest running zc_install/
index.php?');
• die('I WOULD NOT ADD ' . $new_categories_sort_array[$i] . '<br>');
• die('NOTCONFIGURED');
• die('halted');
• die('<pre>' . print_r($inputs, true));
• die('HERE_BE_MONSTERS - could not open file');}
• die('HERE_BE_MONSTERS');}
• die($prod_id);
• die('here');
• die('Sorry. File not found. Please contact the webmaster to report this error.<br />c/
f: ' . $origin_filename);
Thanks
@exakat

More Related Content

What's hot

PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)Nikita Popov
 
PHP 良好實踐 (Best Practice)
PHP 良好實踐 (Best Practice)PHP 良好實踐 (Best Practice)
PHP 良好實踐 (Best Practice)Win Yu
 
SPL: The Missing Link in Development
SPL: The Missing Link in DevelopmentSPL: The Missing Link in Development
SPL: The Missing Link in Developmentjsmith92
 
PHP Conference Asia 2016
PHP Conference Asia 2016PHP Conference Asia 2016
PHP Conference Asia 2016Britta Alex
 
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)Muhamad Al Imran
 
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)Muhamad Al Imran
 
PHP Enums - PHPCon Japan 2021
PHP Enums - PHPCon Japan 2021PHP Enums - PHPCon Japan 2021
PHP Enums - PHPCon Japan 2021Ayesh Karunaratne
 
Typed Properties and more: What's coming in PHP 7.4?
Typed Properties and more: What's coming in PHP 7.4?Typed Properties and more: What's coming in PHP 7.4?
Typed Properties and more: What's coming in PHP 7.4?Nikita Popov
 
Preparing for the next PHP version (5.6)
Preparing for the next PHP version (5.6)Preparing for the next PHP version (5.6)
Preparing for the next PHP version (5.6)Damien Seguy
 
PHP 8.1 - What's new and changed
PHP 8.1 - What's new and changedPHP 8.1 - What's new and changed
PHP 8.1 - What's new and changedAyesh Karunaratne
 
A Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsA Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsMark Baker
 
Overview changes in PHP 5.4
Overview changes in PHP 5.4Overview changes in PHP 5.4
Overview changes in PHP 5.4Tien Xuan
 

What's hot (20)

PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)
 
PHP 良好實踐 (Best Practice)
PHP 良好實踐 (Best Practice)PHP 良好實踐 (Best Practice)
PHP 良好實踐 (Best Practice)
 
SPL: The Missing Link in Development
SPL: The Missing Link in DevelopmentSPL: The Missing Link in Development
SPL: The Missing Link in Development
 
PHP Conference Asia 2016
PHP Conference Asia 2016PHP Conference Asia 2016
PHP Conference Asia 2016
 
PHP Basics
PHP BasicsPHP Basics
PHP Basics
 
Php i basic chapter 3
Php i basic chapter 3Php i basic chapter 3
Php i basic chapter 3
 
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
 
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
 
PHP Enums - PHPCon Japan 2021
PHP Enums - PHPCon Japan 2021PHP Enums - PHPCon Japan 2021
PHP Enums - PHPCon Japan 2021
 
Typed Properties and more: What's coming in PHP 7.4?
Typed Properties and more: What's coming in PHP 7.4?Typed Properties and more: What's coming in PHP 7.4?
Typed Properties and more: What's coming in PHP 7.4?
 
Basic PHP
Basic PHPBasic PHP
Basic PHP
 
New in php 7
New in php 7New in php 7
New in php 7
 
SPL, not a bridge too far
SPL, not a bridge too farSPL, not a bridge too far
SPL, not a bridge too far
 
Preparing for the next PHP version (5.6)
Preparing for the next PHP version (5.6)Preparing for the next PHP version (5.6)
Preparing for the next PHP version (5.6)
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
 
PHP 8.1 - What's new and changed
PHP 8.1 - What's new and changedPHP 8.1 - What's new and changed
PHP 8.1 - What's new and changed
 
A Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsA Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP Generators
 
Data Types In PHP
Data Types In PHPData Types In PHP
Data Types In PHP
 
Workshop unittesting
Workshop unittestingWorkshop unittesting
Workshop unittesting
 
Overview changes in PHP 5.4
Overview changes in PHP 5.4Overview changes in PHP 5.4
Overview changes in PHP 5.4
 

Similar to errors in php 7

PHP 8: Process & Fixing Insanity
PHP 8: Process & Fixing InsanityPHP 8: Process & Fixing Insanity
PHP 8: Process & Fixing InsanityGeorgePeterBanyard
 
PHP unserialization vulnerabilities: What are we missing?
PHP unserialization vulnerabilities: What are we missing?PHP unserialization vulnerabilities: What are we missing?
PHP unserialization vulnerabilities: What are we missing?Sam Thomas
 
関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐい関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐいHisateru Tanaka
 
What's new in PHP 8.0?
What's new in PHP 8.0?What's new in PHP 8.0?
What's new in PHP 8.0?Nikita Popov
 
Giới thiệu PHP 7
Giới thiệu PHP 7Giới thiệu PHP 7
Giới thiệu PHP 7ZendVN
 
Quality assurance for php projects with PHPStorm
Quality assurance for php projects with PHPStormQuality assurance for php projects with PHPStorm
Quality assurance for php projects with PHPStormMichelangelo van Dam
 
Zend Certification PHP 5 Sample Questions
Zend Certification PHP 5 Sample QuestionsZend Certification PHP 5 Sample Questions
Zend Certification PHP 5 Sample QuestionsJagat Kothari
 
Building Testable PHP Applications
Building Testable PHP ApplicationsBuilding Testable PHP Applications
Building Testable PHP Applicationschartjes
 
TAKING PHP SERIOUSLY - Keith Adams
TAKING PHP SERIOUSLY - Keith AdamsTAKING PHP SERIOUSLY - Keith Adams
TAKING PHP SERIOUSLY - Keith AdamsHermes Alves
 
Object Oriented PHP - PART-2
Object Oriented PHP - PART-2Object Oriented PHP - PART-2
Object Oriented PHP - PART-2Jalpesh Vasa
 
Lecture-10_PHP-OOP.pptx
Lecture-10_PHP-OOP.pptxLecture-10_PHP-OOP.pptx
Lecture-10_PHP-OOP.pptxShaownRoy1
 
PHP 5.4 New Features
PHP 5.4 New FeaturesPHP 5.4 New Features
PHP 5.4 New FeaturesHaim Michael
 
PHP traits, treat or threat?
PHP traits, treat or threat?PHP traits, treat or threat?
PHP traits, treat or threat?Nick Belhomme
 
Strong typing @ php leeds
Strong typing  @ php leedsStrong typing  @ php leeds
Strong typing @ php leedsDamien Seguy
 
Advanced Python, Part 1
Advanced Python, Part 1Advanced Python, Part 1
Advanced Python, Part 1Zaar Hai
 
Review unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphpReview unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphpDamien Seguy
 

Similar to errors in php 7 (20)

PHP 8: Process & Fixing Insanity
PHP 8: Process & Fixing InsanityPHP 8: Process & Fixing Insanity
PHP 8: Process & Fixing Insanity
 
PHP unserialization vulnerabilities: What are we missing?
PHP unserialization vulnerabilities: What are we missing?PHP unserialization vulnerabilities: What are we missing?
PHP unserialization vulnerabilities: What are we missing?
 
関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐい関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐい
 
What's new in PHP 8.0?
What's new in PHP 8.0?What's new in PHP 8.0?
What's new in PHP 8.0?
 
Giới thiệu PHP 7
Giới thiệu PHP 7Giới thiệu PHP 7
Giới thiệu PHP 7
 
Php Tutorials for Beginners
Php Tutorials for BeginnersPhp Tutorials for Beginners
Php Tutorials for Beginners
 
php AND MYSQL _ppt.pdf
php AND MYSQL _ppt.pdfphp AND MYSQL _ppt.pdf
php AND MYSQL _ppt.pdf
 
Quality assurance for php projects with PHPStorm
Quality assurance for php projects with PHPStormQuality assurance for php projects with PHPStorm
Quality assurance for php projects with PHPStorm
 
Zend Certification PHP 5 Sample Questions
Zend Certification PHP 5 Sample QuestionsZend Certification PHP 5 Sample Questions
Zend Certification PHP 5 Sample Questions
 
Building Testable PHP Applications
Building Testable PHP ApplicationsBuilding Testable PHP Applications
Building Testable PHP Applications
 
TAKING PHP SERIOUSLY - Keith Adams
TAKING PHP SERIOUSLY - Keith AdamsTAKING PHP SERIOUSLY - Keith Adams
TAKING PHP SERIOUSLY - Keith Adams
 
Object Oriented PHP - PART-2
Object Oriented PHP - PART-2Object Oriented PHP - PART-2
Object Oriented PHP - PART-2
 
Lecture-10_PHP-OOP.pptx
Lecture-10_PHP-OOP.pptxLecture-10_PHP-OOP.pptx
Lecture-10_PHP-OOP.pptx
 
PHP 5.4 New Features
PHP 5.4 New FeaturesPHP 5.4 New Features
PHP 5.4 New Features
 
PHP traits, treat or threat?
PHP traits, treat or threat?PHP traits, treat or threat?
PHP traits, treat or threat?
 
Strong typing @ php leeds
Strong typing  @ php leedsStrong typing  @ php leeds
Strong typing @ php leeds
 
Zendcon 09
Zendcon 09Zendcon 09
Zendcon 09
 
Advanced Python, Part 1
Advanced Python, Part 1Advanced Python, Part 1
Advanced Python, Part 1
 
Php
PhpPhp
Php
 
Review unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphpReview unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphp
 

More from Damien Seguy

Strong typing : adoption, adaptation and organisation
Strong typing : adoption, adaptation and organisationStrong typing : adoption, adaptation and organisation
Strong typing : adoption, adaptation and organisationDamien Seguy
 
Qui a laissé son mot de passe dans le code
Qui a laissé son mot de passe dans le codeQui a laissé son mot de passe dans le code
Qui a laissé son mot de passe dans le codeDamien Seguy
 
Analyse statique et applications
Analyse statique et applicationsAnalyse statique et applications
Analyse statique et applicationsDamien Seguy
 
Top 10 pieges php afup limoges
Top 10 pieges php   afup limogesTop 10 pieges php   afup limoges
Top 10 pieges php afup limogesDamien Seguy
 
Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Damien Seguy
 
Meilleur du typage fort (AFUP Day, 2020)
Meilleur du typage fort (AFUP Day, 2020)Meilleur du typage fort (AFUP Day, 2020)
Meilleur du typage fort (AFUP Day, 2020)Damien Seguy
 
Top 10 php classic traps confoo
Top 10 php classic traps confooTop 10 php classic traps confoo
Top 10 php classic traps confooDamien Seguy
 
Tout pour se préparer à PHP 7.4
Tout pour se préparer à PHP 7.4Tout pour se préparer à PHP 7.4
Tout pour se préparer à PHP 7.4Damien Seguy
 
Top 10 php classic traps php serbia
Top 10 php classic traps php serbiaTop 10 php classic traps php serbia
Top 10 php classic traps php serbiaDamien Seguy
 
Top 10 php classic traps
Top 10 php classic trapsTop 10 php classic traps
Top 10 php classic trapsDamien Seguy
 
Top 10 chausse trappes
Top 10 chausse trappesTop 10 chausse trappes
Top 10 chausse trappesDamien Seguy
 
Code review workshop
Code review workshopCode review workshop
Code review workshopDamien Seguy
 
Understanding static analysis php amsterdam 2018
Understanding static analysis   php amsterdam 2018Understanding static analysis   php amsterdam 2018
Understanding static analysis php amsterdam 2018Damien Seguy
 
Review unknown code with static analysis php ce 2018
Review unknown code with static analysis   php ce 2018Review unknown code with static analysis   php ce 2018
Review unknown code with static analysis php ce 2018Damien Seguy
 
Everything new with PHP 7.3
Everything new with PHP 7.3Everything new with PHP 7.3
Everything new with PHP 7.3Damien Seguy
 
Php 7.3 et ses RFC (AFUP Toulouse)
Php 7.3 et ses RFC  (AFUP Toulouse)Php 7.3 et ses RFC  (AFUP Toulouse)
Php 7.3 et ses RFC (AFUP Toulouse)Damien Seguy
 
Tout sur PHP 7.3 et ses RFC
Tout sur PHP 7.3 et ses RFCTout sur PHP 7.3 et ses RFC
Tout sur PHP 7.3 et ses RFCDamien Seguy
 
Review unknown code with static analysis php ipc 2018
Review unknown code with static analysis   php ipc 2018Review unknown code with static analysis   php ipc 2018
Review unknown code with static analysis php ipc 2018Damien Seguy
 
Code review for busy people
Code review for busy peopleCode review for busy people
Code review for busy peopleDamien Seguy
 
Static analysis saved my code tonight
Static analysis saved my code tonightStatic analysis saved my code tonight
Static analysis saved my code tonightDamien Seguy
 

More from Damien Seguy (20)

Strong typing : adoption, adaptation and organisation
Strong typing : adoption, adaptation and organisationStrong typing : adoption, adaptation and organisation
Strong typing : adoption, adaptation and organisation
 
Qui a laissé son mot de passe dans le code
Qui a laissé son mot de passe dans le codeQui a laissé son mot de passe dans le code
Qui a laissé son mot de passe dans le code
 
Analyse statique et applications
Analyse statique et applicationsAnalyse statique et applications
Analyse statique et applications
 
Top 10 pieges php afup limoges
Top 10 pieges php   afup limogesTop 10 pieges php   afup limoges
Top 10 pieges php afup limoges
 
Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020
 
Meilleur du typage fort (AFUP Day, 2020)
Meilleur du typage fort (AFUP Day, 2020)Meilleur du typage fort (AFUP Day, 2020)
Meilleur du typage fort (AFUP Day, 2020)
 
Top 10 php classic traps confoo
Top 10 php classic traps confooTop 10 php classic traps confoo
Top 10 php classic traps confoo
 
Tout pour se préparer à PHP 7.4
Tout pour se préparer à PHP 7.4Tout pour se préparer à PHP 7.4
Tout pour se préparer à PHP 7.4
 
Top 10 php classic traps php serbia
Top 10 php classic traps php serbiaTop 10 php classic traps php serbia
Top 10 php classic traps php serbia
 
Top 10 php classic traps
Top 10 php classic trapsTop 10 php classic traps
Top 10 php classic traps
 
Top 10 chausse trappes
Top 10 chausse trappesTop 10 chausse trappes
Top 10 chausse trappes
 
Code review workshop
Code review workshopCode review workshop
Code review workshop
 
Understanding static analysis php amsterdam 2018
Understanding static analysis   php amsterdam 2018Understanding static analysis   php amsterdam 2018
Understanding static analysis php amsterdam 2018
 
Review unknown code with static analysis php ce 2018
Review unknown code with static analysis   php ce 2018Review unknown code with static analysis   php ce 2018
Review unknown code with static analysis php ce 2018
 
Everything new with PHP 7.3
Everything new with PHP 7.3Everything new with PHP 7.3
Everything new with PHP 7.3
 
Php 7.3 et ses RFC (AFUP Toulouse)
Php 7.3 et ses RFC  (AFUP Toulouse)Php 7.3 et ses RFC  (AFUP Toulouse)
Php 7.3 et ses RFC (AFUP Toulouse)
 
Tout sur PHP 7.3 et ses RFC
Tout sur PHP 7.3 et ses RFCTout sur PHP 7.3 et ses RFC
Tout sur PHP 7.3 et ses RFC
 
Review unknown code with static analysis php ipc 2018
Review unknown code with static analysis   php ipc 2018Review unknown code with static analysis   php ipc 2018
Review unknown code with static analysis php ipc 2018
 
Code review for busy people
Code review for busy peopleCode review for busy people
Code review for busy people
 
Static analysis saved my code tonight
Static analysis saved my code tonightStatic analysis saved my code tonight
Static analysis saved my code tonight
 

Recently uploaded

LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfInfopole1
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and businessFrancesco Corti
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxKaustubhBhavsar6
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosErol GIRAUDY
 

Recently uploaded (20)

LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and business
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptx
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenarios
 

errors in php 7

  • 1. PHP 7.0's error messages Having fun with errors Washington DC, USA, 2015
  • 2. Agenda • 2200 error messages to review • New features, new traps, new messages
  • 3. Speaker • Damien Seguy • CTO at exakat • PHP static auditing engine
  • 5. Searching for messages • PHP-src repository • zend_error • zend_throw • zend_throw_exception • zend_error_throw
  • 6. TOP 5 (from the source) 1. Using $this when not in object context (192) 2. Cannot use string offset as an array (74) 3. Cannot use string offset as an object (56) 4. Only variable references should be yielded by reference (52) 5. Undefined variable: %s (43)
  • 7. TOP 5 (Google) 1. Call to undefined function 2. Class not found 3. Allowed memory size of 4. Undefined index 5. Undefined variable
  • 8. Exceptions are on the rise % % % %
  • 9. Agenda • New error messages • Better linting • Removed messages • Cryptic messages
  • 11. Return value of %s%s%s() must %s%s, %s%s returned <?php      function x(): myClass {      return false;   }      ?> Uncaught TypeError: Return value of x() must be of the type myClass, boolean returned in…
  • 12. Return value of %s%s%s() must %s%s, %s%s returned <?php      function x(): array {      return ;     }      ?> Uncaught TypeError: Return value of x() must be of the type array, none returned in…
  • 13. Argument %d passed to %s%s%s() must %s %s, %s%s given, called in %s on line %d <?php    function x(array $a)  {     return false;   }  x(false);      ?> Uncaught TypeError: Argument 1 passed to x() must be of the type array, boolean given, called in
  • 14. Default value for parameters with a float type hint can only be float <?php        function foo(float $a = "3"){           return true;       }   ?> 
  • 15. Default value for parameters with a float type hint can only be float <?php        function foo(float $a =  3 ){           return true;       }   ?> 
  • 16. Cannot use temporary expression in write context <?php   $a = 'foo'[0];   'foo'[0] = 'b';   ?> Parse error: syntax error, unexpected '=' in
  • 17. Cannot use temporary expression in write context <?php    $a = 'foo';   $a[0] = 'b';    print $a;   ?>
  • 18. Cannot use "%s" when no class scope is active <?php       function x(): parent {        return new bar();    }   x();   ?> • self • parent • static
  • 19. Cannot use "%s" when no class scope is active <?php     class bar extends baz {}    class foo extends bar {     function x(): parent {        return new foo();    }   }   $x = new foo();  $x->x();   ?>
  • 20. Cannot use "%s" when no class scope is active <?php     class bar extends baz {}    class foo extends bar {     function x(): parent {        return new bar();    }   }   $x = new foo();  $x->x();   ?>
  • 21. Cannot use "%s" when no class scope is active <?php     class baz {}    class bar extends baz {}    class foo extends bar {     function x(): parent {        return new baz();    }   }   $x = new foo(); $x->x();   ?>Uncaught TypeError: Return value of foo::x() must be an instance of bar, instance of baz returned in
  • 22. Different parents class great-great-grandparent class great-grandparent class parent class self class child class grand-child class great-grandchild class great-great-grandchild <?php  class self {   function x() {     parent::y();  } } <?php  class self {   function x() : parent {     return $something;  } }
  • 23. Cannot use "%s" when no class scope is active<?php     class baz {}    class bar extends baz {}    class foo extends bar {     function x(): grandparent {        return new baz();    }   }   $x = new foo(); $x->x();   ?> Uncaught TypeError: Return value of foo::x() must be an instance of grandparent, instance of bar returned
  • 24. Useful in traits Fatal error: Cannot access parent:: when current class scope has no parent <?php  trait t {   function x() : parent {     return $something;  } } class c {   use t; }
  • 25. cannot declare a return type • __construct • __destruct • __clone • "PHP 4 constructor" <?php    class x {       function __construct() : array {           return true;       }       function x() : array {           return true;       }   }   ?>
  • 26. Methods with the same name as their class will not be constructors in a future version of PHP; %s has a deprecated constructor <?php    class x {       function x() : array {           return true;       }   }   ?> M ost frequent error (95% )
  • 27. Invalid UTF-8 codepoint escape sequence 我爱你 <?php    $a = "u{6211}u{7231}u{4f60}";   echo $a;   ?> 
  • 28. Invalid UTF-8 codepoint escape sequence • Incompatible with PHP 5.6 • Good for literals • Alternatives? <?php    $a = "u{de";   echo $a;   ?>  <?php   echo json_decode('"u'.$unicode.'"');   echo mb_convert_encoding('&#x'.$unicode.';', 'UTF-8', 'HTML-ENTITIES');   echo html_entity_decode('&#'.hexdec($unicode).';', 0, 'UTF-8');        eval('"u{'.$unicode.'}n"');   ?>
  • 30. A class constant must not be called 'class'; it is reserved for class name fetching • Used to be a parse error. Now a nice message. • Still a bad idea <?php    class x {       const class = 1;       const const = 2;   }   ?>
  • 31. A class constant must not be called 'class'; it is reserved for class name fetching • Outside class will 
 generate
 the old error <?php    //class x {       const class = 1;   //}   ?> Parse error: syntax error, unexpected 'class' (T_CLASS), expecting identifier (T_STRING)
  • 32. Dynamic class names are not allowed in compile-time ::class fetch <?php     $c = new class {  function f() {  echo $x::class;  } };  $c->f();  ?>
  • 33. Redefinition of parameter $%s <?php   function foo($a, $a, $a) {     echo "$an";   }   foo(1,2,3);   ?>
  • 34. Switch statements may only contain one default clause <?php    switch($x) {        case '1' :             break;        default :             break;        default :             break;        case '2' :             break;    }    ?>
  • 35. Switch statements may only contain one default clause <?php    switch($x) {        case 1 :             break;        case 0+1 :             break;        case '1' :             break;        case true :             break;        case 1.0 :             break;        case $y :             break;   
  • 36. Exceptions must implement Throwable <?php     throw new stdClass(); ?>  Fatal error: Uncaught Error: Cannot throw objects that do not implement Throwable
  • 39. Gone for good It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier.
  • 40. Catchable fatal error <?php   function x(string $s) {     echo "$sn"; } x('php'); ?> Catchable fatal error: Argument 1 passed to x() must be an instance of string, string given
  • 41. New scalar typehint • string, real, bool, float, int • resource, mixed, numeric, object • Can't be used for a class name anymore
  • 42. Catchable fatal error <?php   function x(resource $s) {     echo "$sn"; } x(fopen('a.php','w+')); ?> Catchable fatal error: Argument 1 passed to x() must be an instance of resource, resource given
  • 44. Call-time pass-by-reference has been removed; <?php   $a = 3;   function f($b) {       $b++;   }   f(&$a);   print $a;   ?> Fatal error: Call-time pass-by-reference has been removed; If you would like to pass argument by reference, modify the declaration of f(). in has been removed
  • 45. Call-time pass-by-reference has been removed; <?php   $a = 3;   function f($b) {       $b++;   }   f(&$a);   print $a;   ?> PHP Parse error: syntax error, unexpected '&' in
  • 47. Minimum value must be less than or equal to the maximum value <?php  var_dump(random_int(100, 999));  var_dump(random_int(-1000, 0));  var_dump(random_bytes(10));  ?> PHP Parse error: Could not gather sufficient random data
  • 48. Division of PHP_INT_MIN by -1 is not an integer • PHP_INT_MAX : 9223372036854775807 • PHP_INT_MIN is the smallest integer on PHP • PHP_INT_MIN : -9223372036854775808 • Division or multiplication leads to non-integer • Uses the Integer Division intdiv()
  • 49. WebP decode: realloc failed • New image format for the Web • Lossless compression, small files • gdImageCreateFromWebpCtx emit this • Probably very bad
  • 50. Function name must be a string <?php   if ($_GET('X') == 'Go') {       ProcessFile();       return;   }   ?>
  • 51. Encoding declaration pragma must be the very first statement in the script
  • 52. Namespace declaration statement has to be the very first statement in the script
  • 53. Namespace declaration statement has to be the very first statement in the script Encoding declaration pragma must be the very first statement in the script
  • 56. You seem to be trying to use a different language... <?php   use strict;
  • 57. What about my code?
  • 58. Fun with errors • Check the errors messages in your application • die, exit • echo, print, display, debug, wp_die
 (depends on conventions) • new *Exception() • What does your application tells you?
  • 59. • die('I SEE ' . $action . ' - ' . $_POST['categories_id']); • die("Error: application_top not found.nMake sure you have placed the currency_cron.ph file in your (renamed) Admin folder.nn"); • die('ERROR: admin/includes/configure.php file not found. Suggest running zc_install/ index.php?'); • die('I WOULD NOT ADD ' . $new_categories_sort_array[$i] . '<br>'); • die('NOTCONFIGURED'); • die('halted'); • die('<pre>' . print_r($inputs, true)); • die('HERE_BE_MONSTERS - could not open file');} • die('HERE_BE_MONSTERS');} • die($prod_id); • die('here'); • die('Sorry. File not found. Please contact the webmaster to report this error.<br />c/ f: ' . $origin_filename);