PHP 7.3 Brings C Inlining and Speed Improvements

An anonymous reader quotes TechRepublic: PHP 7.3, the newest update to the widespread server-side web development language, was released on Thursday, bringing with it a handful of new features, modernizations, and modest speed improvements.... The largest improvements in 7.3 include support for Foreign Function Interface (FFI), allowing programmers to write inline C code inside PHP scripts. Though this feature does not presently provide the same level of performance as native PHP code, it can under certain circumstances be used to reduce the memory footprint of a given task.

PHP 7.3 also includes flexible heredoc and nowdoc syntax, now no longer requiring closing markers to be followed by a semicolon or new line. The feature proposal for this notes that the previous rigid requirements "caused them to be, in-part, eschewed by developers because their usage in code can look ugly and harm readability...." PHP 7.3 does bring some backward incompatible changes and deprecated functions. The use of case-insensitive constraints is now deprecated, as is the use of case-insensitive constants with a case that differs from the declaration.
Phoronix reports that PHP 7.3 is nearly 10% faster than version 7.2, while it's 31% faster than PHP 7.0 and nearly three times faster than PHP 5.6.

Re:i cant wait to not upgrade to this

You could use it for new projects only.

Return to slashdot

[grubert]

Used to come here a lot ten years ago, and I know it's not as "popular" as it used to be, but it seems like the smartest people stayed. Really enjoying the commentary.

Re:Return to slashdot

I don't expect much intelligence in this thread. Queue the PHP haters armed with tales of C injection.

Re:Return to slashdot

[DCFusor]

Seems like they're handing out more mod points to old timers these days...which is why I'm AC right now.
Could have something to do with it?

Re:Return to slashdot

That's not the danger. The danger is allowing C object code to run that wasn't compiled BY that system. I'm not sure who asked for it, but it's certainly a way to destroy any sandboxing the php software setup for the scripting. This is as stupid as WASM in javascript.

The second you allow code to run unvetted, because it's been compiled a certain way, you open the hardware up to every single exploit that would be available had an idiot user just ran a random malware binary. Fortunately most PHP systems are linux or freebsd, so it's a bit of a fools errand to produce polyfill rootkits that would actually work. But they have been made before, and often rootkits get into the system because php/ruby/javscript/node.js/perl/flavor-language-of-the-year needs to be operating as root.

A great solution to this is stupidity is to "safe defaults" that does not turn on such features by default, and only on a per-site basis. This means the feature will get no use, by design, and a site has to justify to it's users that some potentially dangerous feature is needed, most won't use it.

Re: Return to slashdot

[DCFusor]

Probably correct, but you don't have to care if you judge by post content alone.

Developer quality

[iTrawl]

Yes! C code in PHP code. It's all ever wanted.

Yep, giving the power of C to people who can't code PHP properly to begin with. Best idea ever.

Re:Developer quality

[i.r.id10t]

The "issue" with PHP is that it is dirt easy to get going, supported by hosting providers, and so both cost of entry and knowledge needed are minimal. And there is a lot of crap tutorial and demo code out there to be found and copy/pasted

Think the biggest challenge for anyone who wants to learn good PHP today is that there have been lots of changes and improvements (PDO/mysqli vs. mysql for example) but there are a TON of old tutorials, copy/paste code examples, etc. out there that are full of code that was acceptable 10-15 years ago but is just outdated and potentially/probably dangerous now.

Unfortunately until you get to enterprise level groups that can host/support things like Java servlets there aren't a lot of choices out there other than PHP for server-side processing. And even with Java while the language provides more/stronger protection, it is still possible to write bad/dangerous code and do stupid things. You don't see it in the wild due to the "cost" of getting it out there, but some of the stuff I see grading or tutoring is enough to send shivers down your spine.

PHP == the webs SSI workhorse

[Qbertino]

I don't like PHP all that much but it pays my bills and gets the job done. Say what you want but it's the only domain specific language in widespread use that has a proven record of delivering. I also like the document driven approach. PHP doesn't memory leak, it simply timeouts. Most of the time that is. A simpleton can program and add some logic to his documents within minutes and it's powerful enough to build large applications that work as advertised.
I will be sticking with PHP as a main PL for the time being and PHP 7.3 once again looks like a promising and useful update.

My 2 eurocents.

Re:PHP == the webs SSI workhorse

[RuiFRibeiro]

I had an ISP gigs a decade ago...supposedly to fix their servers, or so they said. It seems also their customer provision app was pretty much brain damaged.
In no time to learn PHP properly, and doing yet another expected role in the project, I just designed the web pages in some graphical too in my Mac, and wrote all the web frontend for Apache and backend in C+MySQL.
It worked pretty well, and it was fast, and it has been working until now.
Ironically, I can pretty much migrate that system without worrying about incompatibilities about the API/calls I used...

So FFI, or inline foreign code?

[K.+S.+Kyosuke]

Foreign Function Interface (FFI), allowing programmers to write inline C code inside PHP scripts.

It's not FFI that allows to write inline code. With an FFI, you can access foreign object code. So which one is it? Does it have an FFI, or inline foreign code?