PHP 5.6From The Inside Out

Introduction

● Ferenc Kovacs○ DevOps guy from Budapest, Hungary○ Infrastructure Engineer at http://www.ustream.tv/○ Volunteer for the PHP project since 2011○ Release Manager for PHP 5.6 with Julien Pauli

History of PHP 5.6

● 2012-11-09: First commit● 2013-11-06: PHP-5.6 branched out● 2014-01-23: PHP-5.6.0alpha1(rfc freeze)● 2014-04-11: PHP-5.6.0beta1(feature freeze)● 2014-06-19: PHP-5.6.0RC1● 2014-08-28: PHP-5.6.0

Some stats about the changes

Version Released Commits Authors LOC added LOC deleted

5.3.0 2009-06-30 5339 83 1575768 756904

5.4.0 2012-03-01 18779 135 3701590 2150397

5.5.0 2013-06-20 2842 113 287785 164481

5.6.0 2014-08-28 2013 107 496200 1235336

7.0 N/A 3671 90 531825 1315925

Release Process

https://wiki.php.net/rfc/releaseprocesstl;dr:● yearly release schedule(timeboxing), 2+1

year support cycle.● guidelines about what is allowed in a

major/minor/micro version.● resulting smaller, more predictable releases

which are easier to upgrade to.

Changes in 5.6

1. BC breaks2. New features3. Deprecated features

BC breaks

● json_decode() only accepts lowercase for true/false/null to follow the JSON spec.

● Stream wrappers now verify peer certificates and host names by default when using SSL/TLS.

● GMP resources are now objects.● Mcrypt functions now require valid keys and

IVs.

BC breaks

● unserialize() now validates the serialize format for classes implementing Serializable.○ class Foo

■ O:3:"Foo":0:{}○ class Foo implements Serializable

■ C:3:"Foo":4:{r:1;}○ Can be a problem if you handcrafting the strings

(PHPUnit, Doctrine) or storing those somewhere and the class definition changes(Horde).

BC breaks

● using the @file syntax for curl file uploads are only supported if option CURLOPT_SAFE_UPLOAD is set to false. CURLFile should be used instead.

BC breaks<?php

class C {

const ONE = 1;

public $array = [

self::ONE => 'foo',

'bar',

'quux',

];

}

count((new C)->array); // 2 on <=5.5 but 3 on >=5.6

?>

New features

The big ones● Constant scalar expressions● Variadic functions● Argument unpacking● Power operator● use function and use const● phpdbg● SSL/TLS improvements

Constant scalar expressions<?php

const ONE = 1;

const TWO = ONE * 2;

class C {

const THREE = TWO + 1;

const ONE_THIRD = ONE / self::THREE;

const SENTENCE = 'The value of THREE is '.self::THREE;

public function f($a = ONE + self::THREE) {

return $a;

}

}

echo (new C)->f()."\n"; // 4

echo C::SENTENCE; // The value of THREE is 3

?>

Variadic functions<?php

function f($req, $opt = null, ...$params) {

// $params is an array containing the remaining arguments.

printf('$req: %d; $opt: %d; number of params: %d'."\n",

$req, $opt, count($params));

}

f(1); // $req: 1; $opt: 0; number of params: 0

f(1, 2); // $req: 1; $opt: 2; number of params: 0

f(1, 2, 3); // $req: 1; $opt: 2; number of params: 1

f(1, 2, 3, 4); // $req: 1; $opt: 2; number of params: 2

f(1, 2, 3, 4, 5); // $req: 1; $opt: 2; number of params: 3

?>

Argument Unpacking<?php

function add($a, $b, $c) {

return $a + $b + $c;

}

$operators = [2, 3];

echo add(1, ...$operators); // 6

?>

Power operator<?php

printf("2 ** 3 == %d\n", 2 ** 3); // 2** 3 == 8

printf("2 ** 3 ** 2 == %d\n", 2 ** 3 ** 2); // 2 ** 3 ** 2 == 512

$a = 2;

$a **= 3;

printf("a == %d\n", $a); // a == 8

?>

use function and use const<?php

namespace Name\Space {

const FOO = 42;

function f() { echo __FUNCTION__."\n"; }

}

namespace {

use const Name\Space\FOO;

use function Name\Space\f;

echo FOO."\n"; // 42

f(); // Name\Space\f

}

?>

phpdbg

New SAPI for debugging php scripts● really handy for debugging cli scripts or

debugging without an IDE.● no out-of-the-box solution for debugging web

requests(WIP).● no IDE integration yet(WIP).● those familiar with gdb will probably like it.

phpdbg features

● list source for line/function/method/class● show info about current

files/classes/functions/etc.● print opcodes for classes/functions/current

execution context, etc.● traverse and sho information about

stackframes

phpdbg features

● show the current backtrace.● set execution context.● run the current execution context.● step through the execution.● continue the execution until the next

breakpoint/watchpoint.● continue the execution until the next

breakpoint/watchpoint after the given line.

phpdbg features

● continue the execution skipping any breakpoint/watchpoint until the current frame is finished.

● continue the execution skipping any breakpoint/watchpoint to right before we leave the current frame.

phpdbg features

● set a conditional expression on the target where execution will break if the expression evaluates true.

● set a watchpoint on variable.● clear breakpoints.● clean up the execution environment(remove

constant/function/class definitions).

phpdbg features

● set the phpdbg configuration.● source a phpdbginit script.● register a phpdbginit function as an alias.● shell a command.● evaluate some code.● quit.

SSL/TLS improvements

● Stream wrappers now verify peer certificates and host names by default when using SSL/TLS.

● Added support SAN x509 extension matching for verifying host names in encrypted streams.

● New SSL context options for improved stream server security.

SSL/TLS improvements

● Added support for Server Name Indication.● Added protocol-specific encryption stream

wrappers (tlsv1.0://, tlsv1.1:// and tlsv1.2://).● Added support for managing SPKAC/SPKI.

Other features

● __debugInfo() magic method for intercepting var_dump();

● php://input is reusable● Large file uploads (>2GB) are now accepted.● The new GMP objects now support operator

overloading.● hash_equals() for constant time string

comparison.

Other features

● gost-crypto hash algo was added.● PostgreSQL async support

○ pg_connect($dsn, PGSQL_CONNECT_ASYNC);○ pg_connect_poll();○ pg_socket();○ pg_consume_input();○ pg_flush();

● ReflectionClass::newInstanceWithoutConstructor() can instantiate almost everything.

Other features

● The default value for default_charset changed to UTF-8, html* iconv* and mbstring* function will use this value when no explicit encoding is set/passed.

● New fetching mode for mysqlnd, controlled via mysqlnd.fetch_data_copy.○ Will use less memory but do more copying.

Deprecated features

● Calls from incompatible context will now emit E_DEPRECATED instead of E_STRICT

● always_populate_raw_post_data now have a new value(-1), which completely disables the population of $HTTP_RAW_POST_DATA, setting it anything else will emit an E_DEPRECATED.

Deprecated features

● The following settings are all deprecated in favor of default_charset:○ iconv.input_encoding○ iconv.output_encoding○ iconv.internal_encoding○ mbstring.http_input○ mbstring.http_output○ mbstring.internal_encoding

Thanks for your attention!

Slides will be here:http://www.slideshare.net/Tyrael

If you have any questions:tyrael@php.net

@Tyr43l