[xdebug-general] Xdebug Eval is dangerous

From: Dave Kelsey <d_kelsey[@]uk.ibm.com>
Date: Mon, 17 Dec 2007 11:44:19 +0000

Hi Derick,

I know you closed off bug 313 with respect to the issue of eval, but I
can't help thinking that unless something is done, the eval command is not
something that IDEs should use.

I would think that all IDEs will want to make use of eval. In the case of
PDT, I use eval to implement the watch expressions capability. The user
provides the expressions and these are passed to xdebug. The IDE doesn't
want to have to parse an expression for syntax (although if pushed PDT
could do that I suppose) and certainly not try to determine if an
expression contains valid functions or not. The best place for this is the
PHP interpreter because it can evaluate based at the execution point, but
because of the PHP.net implementation, any attempt to eval something that
isn't valid causes php to terminate the script.

Debuggers should be non intrusive and this is a fairly intrusive result
(terminating the script). Therefore in my opinion, PHP.net should
implement an eval for debuggers that doesn't abend the script if something
invalid is passed. I think an enhancement should be raised on php.net to
provide this and allow xdebug to use this. If something invalid is passed,
then xdebug will get a return code back from the call and it can pass this
back to the ide and the script should still be able to continue.

What do you think ?

If we cannot get php.net to accept the enhancement, then I think the
xdebug eval command remains a dangerous command to expose to IDE users,
but I dont see that there would be any other use for it.

Dave Kelsey

Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
Received on Mon Dec 17 2007 - 13:09:18 GMT

This archive was generated by hypermail 2.2.0 : Mon Jun 25 2018 - 06:00:04 BST