php 5.6 from the inside out
DESCRIPTION
Php 5.6 From the Inside OutTRANSCRIPT
PHP 5.6From The Inside Out
Introduction
● Ferenc Kovacs○ DevOps guy from Budapest, Hungary○ Infrastructure Engineer at http://www.ustream.tv/○ Volunteer for the PHP project since 2011○ Release Manager for PHP 5.6 with Julien Pauli
History of PHP 5.6
● 2012-11-09: First commit● 2013-11-06: PHP-5.6 branched out● 2014-01-23: PHP-5.6.0alpha1(rfc freeze)● 2014-04-11: PHP-5.6.0beta1(feature freeze)● 2014-06-19: PHP-5.6.0RC1● 2014-08-28: PHP-5.6.0
Some stats about the changes
Version Released Commits Authors LOC added LOC deleted
5.3.0 2009-06-30 5339 83 1575768 756904
5.4.0 2012-03-01 18779 135 3701590 2150397
5.5.0 2013-06-20 2842 113 287785 164481
5.6.0 2014-08-28 2013 107 496200 1235336
7.0 N/A 3671 90 531825 1315925
Release Process
https://wiki.php.net/rfc/releaseprocesstl;dr:● yearly release schedule(timeboxing), 2+1
year support cycle.● guidelines about what is allowed in a
major/minor/micro version.● resulting smaller, more predictable releases
which are easier to upgrade to.
Changes in 5.6
1. BC breaks2. New features3. Deprecated features
BC breaks
● json_decode() only accepts lowercase for true/false/null to follow the JSON spec.
● Stream wrappers now verify peer certificates and host names by default when using SSL/TLS.
● GMP resources are now objects.● Mcrypt functions now require valid keys and
IVs.
BC breaks
● unserialize() now validates the serialize format for classes implementing Serializable.○ class Foo
■ O:3:"Foo":0:{}○ class Foo implements Serializable
■ C:3:"Foo":4:{r:1;}○ Can be a problem if you handcrafting the strings
(PHPUnit, Doctrine) or storing those somewhere and the class definition changes(Horde).
BC breaks
● using the @file syntax for curl file uploads are only supported if option CURLOPT_SAFE_UPLOAD is set to false. CURLFile should be used instead.
BC breaks<?php
class C {
const ONE = 1;
public $array = [
self::ONE => 'foo',
'bar',
'quux',
];
}
count((new C)->array); // 2 on <=5.5 but 3 on >=5.6
?>
New features
The big ones● Constant scalar expressions● Variadic functions● Argument unpacking● Power operator● use function and use const● phpdbg● SSL/TLS improvements
Constant scalar expressions<?php
const ONE = 1;
const TWO = ONE * 2;
class C {
const THREE = TWO + 1;
const ONE_THIRD = ONE / self::THREE;
const SENTENCE = 'The value of THREE is '.self::THREE;
public function f($a = ONE + self::THREE) {
return $a;
}
}
echo (new C)->f()."\n"; // 4
echo C::SENTENCE; // The value of THREE is 3
?>
Variadic functions<?php
function f($req, $opt = null, ...$params) {
// $params is an array containing the remaining arguments.
printf('$req: %d; $opt: %d; number of params: %d'."\n",
$req, $opt, count($params));
}
f(1); // $req: 1; $opt: 0; number of params: 0
f(1, 2); // $req: 1; $opt: 2; number of params: 0
f(1, 2, 3); // $req: 1; $opt: 2; number of params: 1
f(1, 2, 3, 4); // $req: 1; $opt: 2; number of params: 2
f(1, 2, 3, 4, 5); // $req: 1; $opt: 2; number of params: 3
?>
Argument Unpacking<?php
function add($a, $b, $c) {
return $a + $b + $c;
}
$operators = [2, 3];
echo add(1, ...$operators); // 6
?>
Power operator<?php
printf("2 ** 3 == %d\n", 2 ** 3); // 2** 3 == 8
printf("2 ** 3 ** 2 == %d\n", 2 ** 3 ** 2); // 2 ** 3 ** 2 == 512
$a = 2;
$a **= 3;
printf("a == %d\n", $a); // a == 8
?>
use function and use const<?php
namespace Name\Space {
const FOO = 42;
function f() { echo __FUNCTION__."\n"; }
}
namespace {
use const Name\Space\FOO;
use function Name\Space\f;
echo FOO."\n"; // 42
f(); // Name\Space\f
}
?>
phpdbg
New SAPI for debugging php scripts● really handy for debugging cli scripts or
debugging without an IDE.● no out-of-the-box solution for debugging web
requests(WIP).● no IDE integration yet(WIP).● those familiar with gdb will probably like it.
phpdbg features
● list source for line/function/method/class● show info about current
files/classes/functions/etc.● print opcodes for classes/functions/current
execution context, etc.● traverse and sho information about
stackframes
phpdbg features
● show the current backtrace.● set execution context.● run the current execution context.● step through the execution.● continue the execution until the next
breakpoint/watchpoint.● continue the execution until the next
breakpoint/watchpoint after the given line.
phpdbg features
● continue the execution skipping any breakpoint/watchpoint until the current frame is finished.
● continue the execution skipping any breakpoint/watchpoint to right before we leave the current frame.
phpdbg features
● set a conditional expression on the target where execution will break if the expression evaluates true.
● set a watchpoint on variable.● clear breakpoints.● clean up the execution environment(remove
constant/function/class definitions).
phpdbg features
● set the phpdbg configuration.● source a phpdbginit script.● register a phpdbginit function as an alias.● shell a command.● evaluate some code.● quit.
SSL/TLS improvements
● Stream wrappers now verify peer certificates and host names by default when using SSL/TLS.
● Added support SAN x509 extension matching for verifying host names in encrypted streams.
● New SSL context options for improved stream server security.
SSL/TLS improvements
● Added support for Server Name Indication.● Added protocol-specific encryption stream
wrappers (tlsv1.0://, tlsv1.1:// and tlsv1.2://).● Added support for managing SPKAC/SPKI.
Other features
● __debugInfo() magic method for intercepting var_dump();
● php://input is reusable● Large file uploads (>2GB) are now accepted.● The new GMP objects now support operator
overloading.● hash_equals() for constant time string
comparison.
Other features
● gost-crypto hash algo was added.● PostgreSQL async support
○ pg_connect($dsn, PGSQL_CONNECT_ASYNC);○ pg_connect_poll();○ pg_socket();○ pg_consume_input();○ pg_flush();
● ReflectionClass::newInstanceWithoutConstructor() can instantiate almost everything.
Other features
● The default value for default_charset changed to UTF-8, html* iconv* and mbstring* function will use this value when no explicit encoding is set/passed.
● New fetching mode for mysqlnd, controlled via mysqlnd.fetch_data_copy.○ Will use less memory but do more copying.
Deprecated features
● Calls from incompatible context will now emit E_DEPRECATED instead of E_STRICT
● always_populate_raw_post_data now have a new value(-1), which completely disables the population of $HTTP_RAW_POST_DATA, setting it anything else will emit an E_DEPRECATED.
Deprecated features
● The following settings are all deprecated in favor of default_charset:○ iconv.input_encoding○ iconv.output_encoding○ iconv.internal_encoding○ mbstring.http_input○ mbstring.http_output○ mbstring.internal_encoding
Thanks for your attention!
Slides will be here:http://www.slideshare.net/Tyrael
If you have any questions:[email protected]
@Tyr43l