Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hotfix: Non-static method XXX::YYY should not be called statically (callable serialization issue) #815

Closed
wants to merge 2 commits into from
Closed

Hotfix: Non-static method XXX::YYY should not be called statically (callable serialization issue) #815

wants to merge 2 commits into from

Conversation

dmytro-pro
Copy link

@dmytro-pro dmytro-pro commented May 6, 2019
edited
Loading

Hi Team! There is a weird behavior conceived to __METHOD__ constant when we pass it through argument in our code. I'll try to explain.
This piece of code:
https://github.com/getsentry/sentry-php/blob/master/src/Serializer/AbstractSerializer.php#L110
Guides to this method:
https://github.com/getsentry/sentry-php/blob/master/src/Serializer/AbstractSerializer.php#L213

The callable typehint will work incorrectly if __METHOD__ refers to dynamic method. It will throw an error, and then this error will spoil the original stacktrace. That's not good at all.
This snippet will show You the whole picture: http://sandbox.onlinephpfunctions.com/code/fba854e73f595f1fe78596f6bcc56371eba500b2
The error is:

<b>Deprecated</b>:  Non-static method AAA::get() should not be called statically in <b>[...][...]</b> on line <b>23</b><br />

How is it related to Sentry? If we enable Sentry for this code, and there will be an exception inside demonstrate2, we will have one more exception in stacktrace while serializing the stacktrace, so it will be spoiled with weird internal error. Why? Because PHP will try to execute the callable if typehint is used. No idea why.

TL;DR: the callable typehint must be disabled for safety.

Thanks for attention!

Jean85
Jean85 requested changes May 6, 2019
View reviewed changes
Copy link
Collaborator

@Jean85 Jean85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Woha, this seems really a sneaky edge case, thanks for spotting this!

Could you please add a test with this, so we're sure to not have a regression?

@dmytro-pro
Copy link
Author

Woha, this seems really a sneaky edge case, thanks for spotting this!

Could you please add a test with this, so we're sure to not have a regression?

Ok, I'll add it shortly

@dmytro-pro
Copy link
Author

Woha, this seems really a sneaky edge case, thanks for spotting this!

Could you please add a test with this, so we're sure to not have a regression?

Done!

Jean85
Jean85 requested changes May 23, 2019
View reviewed changes
Copy link
Collaborator

@Jean85 Jean85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't like the fact that this is not handled properly but it's just failing. I'll try to dig around to check if there's any way to handle this better.

tests/Serializer/AbstractSerializerTest.php
@@ -455,13 +456,17 @@ public function serializableCallableProvider(): array
'callable' => $callableWithoutNamespaces,
'expected' => 'Lambda void {closure} [int|null param1_70ns]',
],
[
'callable' => $pseudoStaticMethod,
'expected' => '{unserializable callable, reflection error}',
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't seem an acceptable outcome...

@Jean85 Jean85 mentioned this pull request May 23, 2019
Merged
@ste93cry
Copy link
Collaborator

I would say that this seems to be some strange behavior of the PHP core and that probably should be reported as a bug of the language instead of removing a typehint here. Not sure about it though

Jean85
Jean85 requested changes May 23, 2019
View reviewed changes
src/Serializer/AbstractSerializer.php
@@ -210,7 +210,7 @@ protected function serializeValue($value)
*
* @return string
*/
protected function serializeCallable(callable $callable): string
protected function serializeCallable($callable): string
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As pointed out by @ste93cry in #821 (comment), this is a BC, we cannot remove the type hint...

@Jean85
Copy link
Collaborator

Jean85 commented May 23, 2019

Closing in favor of #821

@Jean85 Jean85 closed this May 23, 2019
@ste93cry ste93cry mentioned this pull request Sep 27, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jean85 Jean85 Jean85 requested changes

Assignees

@dmytro-pro dmytro-pro

Labels
Type: Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dmytro-pro @ste93cry @Jean85