PHP 7.3 Brings C Inlining and Speed Improvements

An anonymous reader quotes TechRepublic: PHP 7.3, the newest update to the widespread server-side web development language, was released on Thursday, bringing with it a handful of new features, modernizations, and modest speed improvements.... The largest improvements in 7.3 include support for Foreign Function Interface (FFI), allowing programmers to write inline C code inside PHP scripts. Though this feature does not presently provide the same level of performance as native PHP code, it can under certain circumstances be used to reduce the memory footprint of a given task.

PHP 7.3 also includes flexible heredoc and nowdoc syntax, now no longer requiring closing markers to be followed by a semicolon or new line. The feature proposal for this notes that the previous rigid requirements "caused them to be, in-part, eschewed by developers because their usage in code can look ugly and harm readability...." PHP 7.3 does bring some backward incompatible changes and deprecated functions. The use of case-insensitive constraints is now deprecated, as is the use of case-insensitive constants with a case that differs from the declaration.
Phoronix reports that PHP 7.3 is nearly 10% faster than version 7.2, while it's 31% faster than PHP 7.0 and nearly three times faster than PHP 5.6.

Return to slashdot

[grubert]

Used to come here a lot ten years ago, and I know it's not as "popular" as it used to be, but it seems like the smartest people stayed. Really enjoying the commentary.

Re:Return to slashdot

That's not the danger. The danger is allowing C object code to run that wasn't compiled BY that system. I'm not sure who asked for it, but it's certainly a way to destroy any sandboxing the php software setup for the scripting. This is as stupid as WASM in javascript.

The second you allow code to run unvetted, because it's been compiled a certain way, you open the hardware up to every single exploit that would be available had an idiot user just ran a random malware binary. Fortunately most PHP systems are linux or freebsd, so it's a bit of a fools errand to produce polyfill rootkits that would actually work. But they have been made before, and often rootkits get into the system because php/ruby/javscript/node.js/perl/flavor-language-of-the-year needs to be operating as root.

A great solution to this is stupidity is to "safe defaults" that does not turn on such features by default, and only on a per-site basis. This means the feature will get no use, by design, and a site has to justify to it's users that some potentially dangerous feature is needed, most won't use it.

Developer quality

[iTrawl]

Yes! C code in PHP code. It's all ever wanted.

Yep, giving the power of C to people who can't code PHP properly to begin with. Best idea ever.

PHP == the webs SSI workhorse

[Qbertino]

I don't like PHP all that much but it pays my bills and gets the job done. Say what you want but it's the only domain specific language in widespread use that has a proven record of delivering. I also like the document driven approach. PHP doesn't memory leak, it simply timeouts. Most of the time that is. A simpleton can program and add some logic to his documents within minutes and it's powerful enough to build large applications that work as advertised.
I will be sticking with PHP as a main PL for the time being and PHP 7.3 once again looks like a promising and useful update.

My 2 eurocents.