Insphpect

This tool is currently proof-of-concept. Your feedback and evaluation is valuable in helping to improve it and ensure its reports are meaninful.

Please click here to complete a short survey to tell us what you think. It should take less than 5 minutes and help further this research project!

GuzzleHttp\Handler\StreamHandler

Detected issues

Issue Method Line number
Global/Static variables NA 262
Global/Static variables NA 490
Global/Static variables NA 502

Code

Click highlighted lines for details

<?phpnamespace GuzzleHttp\Handler;use GuzzleHttp\Exception\ConnectException;use GuzzleHttp\Exception\RequestException;use GuzzleHttp\Promise\FulfilledPromise;use GuzzleHttp\Promise\PromiseInterface;use GuzzleHttp\Psr7;use GuzzleHttp\TransferStats;use GuzzleHttp\Utils;use Psr\Http\Message\RequestInterface;use Psr\Http\Message\ResponseInterface;use Psr\Http\Message\StreamInterface;use Psr\Http\Message\UriInterface;/** * HTTP handler that uses PHP's HTTP stream wrapper. */class StreamHandler{    private $lastHeaders = [];    /**     * Sends an HTTP request.     *     * @param RequestInterface $request Request to send.     * @param array            $options Request transfer options.     */    public function __invoke(RequestInterface $request, array $options): PromiseInterface    {        // Sleep if there is a delay specified.        if (isset($options['delay'])) {            \usleep($options['delay'] * 1000);        }        $startTime = isset($options['on_stats']) ? Utils::currentTime() : null;        try {            // Does not support the expect header.            $request = $request->withoutHeader('Expect');            // Append a content-length header if body size is zero to match            // cURL's behavior.            if (0 === $request->getBody()->getSize()) {                $request = $request->withHeader('Content-Length', '0');            }            return $this->createResponse(                $request,                $options,                $this->createStream($request, $options),                $startTime            );        } catch (\InvalidArgumentException $e) {            throw $e;        } catch (\Exception $e) {            // Determine if the error was a networking error.            $message = $e->getMessage();            // This list can probably get more comprehensive.            if (\strpos($message, 'getaddrinfo') // DNS lookup failed                || \strpos($message, 'Connection refused')                || \strpos($message, "couldn't connect to host") // error on HHVM                || \strpos($message, "connection attempt failed")            ) {                $e = new ConnectException($e->getMessage(), $request, $e);            } else {                $e = RequestException::wrapException($request, $e);            }            $this->invokeStats($options, $request, $startTime, null, $e);            return \GuzzleHttp\Promise\rejection_for($e);        }    }    private function invokeStats(        array $options,        RequestInterface $request,        $startTime,        ResponseInterface $response = null,        $error = null    ): void {        if (isset($options['on_stats'])) {            $stats = new TransferStats(                $request,                $response,                Utils::currentTime() - $startTime,                $error,                []            );            \call_user_func($options['on_stats'], $stats);        }    }    private function createResponse(        RequestInterface $request,        array $options,        $stream,        $startTime    ): PromiseInterface {        $hdrs = $this->lastHeaders;        $this->lastHeaders = [];        $parts = \explode(' ', \array_shift($hdrs), 3);        $ver = \explode('/', $parts[0])[1];        $status = $parts[1];        $reason = isset($parts[2]) ? $parts[2] : null;        $headers = Utils::headersFromLines($hdrs);        list($stream, $headers) = $this->checkDecode($options, $headers, $stream);        $stream = Psr7\stream_for($stream);        $sink = $stream;        if (\strcasecmp('HEAD', $request->getMethod())) {            $sink = $this->createSink($stream, $options);        }        $response = new Psr7\Response($status, $headers, $sink, $ver, $reason);        if (isset($options['on_headers'])) {            try {                $options['on_headers']($response);            } catch (\Exception $e) {                $msg = 'An error was encountered during the on_headers event';                $ex = new RequestException($msg, $request, $response, $e);                return \GuzzleHttp\Promise\rejection_for($ex);            }        }        // Do not drain when the request is a HEAD request because they have        // no body.        if ($sink !== $stream) {            $this->drain(                $stream,                $sink,                $response->getHeaderLine('Content-Length')            );        }        $this->invokeStats($options, $request, $startTime, $response, null);        return new FulfilledPromise($response);    }    private function createSink(StreamInterface $stream, array $options): StreamInterface    {        if (!empty($options['stream'])) {            return $stream;        }        $sink = isset($options['sink'])            ? $options['sink']            : \fopen('php://temp', 'r+');        return \is_string($sink)            ? new Psr7\LazyOpenStream($sink, 'w+')            : Psr7\stream_for($sink);    }    private function checkDecode(array $options, array $headers, $stream): array    {        // Automatically decode responses when instructed.        if (!empty($options['decode_content'])) {            $normalizedKeys = Utils::normalizeHeaderKeys($headers);            if (isset($normalizedKeys['content-encoding'])) {                $encoding = $headers[$normalizedKeys['content-encoding']];                if ($encoding[0] === 'gzip' || $encoding[0] === 'deflate') {                    $stream = new Psr7\InflateStream(                        Psr7\stream_for($stream)                    );                    $headers['x-encoded-content-encoding']                        = $headers[$normalizedKeys['content-encoding']];                    // Remove content-encoding header                    unset($headers[$normalizedKeys['content-encoding']]);                    // Fix content-length header                    if (isset($normalizedKeys['content-length'])) {                        $headers['x-encoded-content-length']                            = $headers[$normalizedKeys['content-length']];                        $length = (int) $stream->getSize();                        if ($length === 0) {                            unset($headers[$normalizedKeys['content-length']]);                        } else {                            $headers[$normalizedKeys['content-length']] = [$length];                        }                    }                }            }        }        return [$stream, $headers];    }    /**     * Drains the source stream into the "sink" client option.     *     * @param string $contentLength Header specifying the amount of     *                              data to read.     *     * @throws \RuntimeException when the sink option is invalid.     */    private function drain(        StreamInterface $source,        StreamInterface $sink,        string $contentLength    ): StreamInterface {        // If a content-length header is provided, then stop reading once        // that number of bytes has been read. This can prevent infinitely        // reading from a stream when dealing with servers that do not honor        // Connection: Close headers.        Psr7\copy_to_stream(            $source,            $sink,            (\strlen($contentLength) > 0 && (int) $contentLength > 0) ? (int) $contentLength : -1        );        $sink->seek(0);        $source->close();        return $sink;    }    /**     * Create a resource and check to ensure it was created successfully     *     * @param callable $callback Callable that returns stream resource     *     * @return resource     *     * @throws \RuntimeException on error     */    private function createResource(callable $callback)    {        $errors = null;        \set_error_handler(function ($_, $msg, $file, $line) use (&$errors) {            $errors[] = [                'message' => $msg,                'file'    => $file,                'line'    => $line            ];            return true;        });        $resource = $callback();        \restore_error_handler();        if (!$resource) {            $message = 'Error creating resource: ';            foreach ($errors as $err) {                foreach ($err as $key => $value) {                    $message .= "[$key] $value" . PHP_EOL;                }            }            throw new \RuntimeException(\trim($message));        }        return $resource;    }    /**     * @return resource     */    private function createStream(RequestInterface $request, array $options)    {

Global variables

Note: A future update will differentiate between private static variables and public static or global variables as private static variables do not cause as much of a problem.

Summary

  • Hidden dependencies
  • Broken encapsulation
  • One component can accidentally overwrite data required by another component (action at a distance)
  • You can only every have one copy of the variable
  • Adding code requires knowing exactly what variables are already in use
  • When working in teams, name clashes can be easily introduced
  • Global state makes it difficult to reuse the code. E.g. having two files open at the same time would require writing the code twice, three times for three files, etc.

Background

The identification of global variables as a bad practice dates as far back at least as far back as 1973[1] and are one of the most widespread and well known bad practices related to flexibility. This is likely due to being available in almost every programming language, ease of use and speed to learn. They also cause severe problems in code and it's very easy to get caught out by using them, even in a small application.

Global vairables are widely labelled "bad practice" and have been for some time, for example back in 1999 Kernighan wrote:

Avoid global variables; wherever possible it is better to pass references to all data through function arguments

Kernighan[2]

And Hevery[3] states:

I hope that by now most developers agree that global state should be treated like GOTO.

This attitude is widespread and Sayfan[4] sums up the problem:

Whenever shared mutable state is involved, it is easy for components to step on each other's toes.

Although "global variables are bad" is a common thing to here, for novice developers it's not immediately obvious why this is. However, the reasons have been covered frequently by developers of varying prominence. While writing about desiging the Eiffel programming language, [5] stated several problems with global variables:

Since global variables are shared by different modules, they make each of these modules more difficult to understand separately, diminishing readability and hence hampering maintenance.

As global variables constitute a form of undercover dependency between modules, they are a major obstacle to software evolution, since they make it harder to modify a module without impacting others.

They are a major source of nasty errors. Through a global variable, an error in a module may propagate to many others. As a result, the manifestation of the error may be quite remote from its cause in the software architecture, making it very hard to trace down errors and correct them. This problem is particularly serious in environments where incorrect array references may pollute other data.

Action at a distance

This problem is commonly referred to as action at a distance and described by Hevery[6] as:

Spooky Action at a Distance is when we run one thing that we believe is isolated (since we did not pass any references in) but unexpected interactions and state changes happen in distant locations of the system which we did not tell the object about. This can only happen via global state.

Broken encapsulation

The biggest issue with global variables (even private static variables) is that they break encapsulation. A class no longer has its own state and one instance of a class can affect the state of another. Although private static variables are the by far the least worst type of global variables they should still be refactored out where possible.

> Encapsulation refers to the bundling of data with the methods that operate on that data

By making the data globally accessible, encapsulation has been lost. Any part of the program has access to the data and can modify it. Even when using private static variables, each instance no longer has control of its own sate.

Tight coupling

Global variables introduce tight coupling. In Object Oriented Programming an object should be self-contained[7][8]. If a class depends on a global (or static) variable, then moving the class to a different project requires defining the required global variables in the new project. Private static variables do not not introduce additional coupling.

Name Clashes

Global variables can introduce name clashes:

everywhere in the program, you would have to keep track of the names of all the variables declared anywhere else in the program, so that you didn't accidentally re-use one.

Summit[9]

The problem of name clashes is magnified by the size of a team. If two people are working on a piece of software and both use global variables, it's possible they'll write some code using the same variable names. During execution this might cause the two peices of code to interfere with each other.

Examples

As a very crude example, imagine the following:

 function getUser($id) {
    
$connection Database::$connection;

    
$connection->query('SELET * FROM user ...')
}

This code assumes that Database::$connection has been set correctly and not overwritten. If any part of the application accidently runs the code Database::$connection = null; (or sets it to anything other than a database connection) then the code will fail. This is due to broken encapsulation and action and a distance.

Anything in the code is able to change the property and cause unexpected behaviour when further methods are called on the instance.

This can also happen with private static properties:

 
class FileReadWrite {
    private static 
$fileName;

    public function 
__construct(string $file) {
        
self::$fileName $file;
    }

    public function 
read() {
        return 
file_get_contents(self::$fileName);
    }

    public function 
write(string $data) {
        
file_put_contents(self::$fileName$data);
    }
}

 
//Works as expected:

$file = new FileReadWrite('./one.txt');
$file->write('data');


//cause a problem

$file1 = new FileReadWrite('./one.txt');
$file2 = new FileReadWrite('./two.txt');

$file1->write('data1');
$file2->write('data2');

This causes a problem because there is a global variable storing the file name. Assuming a class requires only one value of a variable across the whole application always limits flexibility. There are occasionally practical reasons for this such as keeping track of and limiting the number of open files/connections but flexibility is always reduced. Even in these practical exceptions, it introduces a new issue of separation of concerns: Should the class be concerned with the number of open connections throughout the application or should that be managed at an application level rather than a class level?

Although this is a contrived example, the same kind of bugs can occur any time a static variable is used. If it's set by one instance and read by another then unexpected changes can cause bugs.

Further reading

References

  1. Wulf, W., Shaw, M. (1973) Global varaibles considered harmful. ACM SIGPLAN Notices , pp.28-34.
  2. Kernighan, B. (1999) The Practice of Programming ISBN: 978-0201615869. Addison Wesley.
  3. Hevery, M. (2008) Top 10 things which make your code hard to test [online]. Available from: http://misko.hevery.com/2008/07/30/top-10-things-which-make-your-code-hard-to-test/
  4. Sayfan, M. (n.d.) Avoid Global Variables, Environment Variables, and Singletons [online]. Available from: https://sites.google.com/site/michaelsafyan/software-engineering/avoid-global-variables-environment-variables-and-singletons
  5. Meyer, B. (1988) Bidding farewell to globals. JOOP(Journal of Object-Oriented Programming) , pp.73-77.
  6. Hevery, M. (2008) Brittle Global State & Singletons [online]. Available from: http://misko.hevery.com/code-reviewers-guide/flaw-brittle-global-state-singletons/
  7. Yaiser, M. (2011) Object-oriented programming concepts: Objects and classes [online]. Available from: http://www.adobe.com/devnet/actionscript/learning/oop-concepts/objects-and-classes.html
  8. Caromel, D. (1993) Toward a method of object-oriented concurrent programming. Communications of the ACM , pp.90-102.
  9. Summit, S. (1997) Visibility and Lifetime (Global Variables, etc.) [online]. Available from: https://www.eskimo.com/~scs/cclass/notes/sx4b.html
if (!$methods) { $methods = \array_flip(\get_class_methods(__CLASS__)); } // HTTP/1.1 streams using the PHP stream wrapper require a // Connection: close header if ($request->getProtocolVersion() == '1.1' && !$request->hasHeader('Connection') ) { $request = $request->withHeader('Connection', 'close'); } // Ensure SSL is verified by default if (!isset($options['verify'])) { $options['verify'] = true; } $params = []; $context = $this->getDefaultContext($request); if (isset($options['on_headers']) && !\is_callable($options['on_headers'])) { throw new \InvalidArgumentException('on_headers must be callable'); } if (!empty($options)) { foreach ($options as $key => $value) { $method = "add_{$key}"; if (isset($methods[$method])) { $this->{$method}($request, $context, $value, $params); } } } if (isset($options['stream_context'])) { if (!\is_array($options['stream_context'])) { throw new \InvalidArgumentException('stream_context must be an array'); } $context = \array_replace_recursive( $context, $options['stream_context'] ); } // Microsoft NTLM authentication only supported with curl handler if (isset($options['auth']) && \is_array($options['auth']) && isset($options['auth'][2]) && 'ntlm' == $options['auth'][2] ) { throw new \InvalidArgumentException('Microsoft NTLM authentication only supported with curl handler'); } $uri = $this->resolveHost($request, $options); $context = $this->createResource( function () use ($context, $params) { return \stream_context_create($context, $params); } ); return $this->createResource( function () use ($uri, &$http_response_header, $context, $options) { $resource = \fopen((string) $uri, 'r', null, $context); $this->lastHeaders = $http_response_header; if (isset($options['read_timeout'])) { $readTimeout = $options['read_timeout']; $sec = (int) $readTimeout; $usec = ($readTimeout - $sec) * 100000; \stream_set_timeout($resource, $sec, $usec); } return $resource; } ); } private function resolveHost(RequestInterface $request, array $options): UriInterface { $uri = $request->getUri(); if (isset($options['force_ip_resolve']) && !\filter_var($uri->getHost(), FILTER_VALIDATE_IP)) { if ('v4' === $options['force_ip_resolve']) { $records = \dns_get_record($uri->getHost(), DNS_A); if (!isset($records[0]['ip'])) { throw new ConnectException( \sprintf( "Could not resolve IPv4 address for host '%s'", $uri->getHost() ), $request ); } $uri = $uri->withHost($records[0]['ip']); } elseif ('v6' === $options['force_ip_resolve']) { $records = \dns_get_record($uri->getHost(), DNS_AAAA); if (!isset($records[0]['ipv6'])) { throw new ConnectException( \sprintf( "Could not resolve IPv6 address for host '%s'", $uri->getHost() ), $request ); } $uri = $uri->withHost('[' . $records[0]['ipv6'] . ']'); } } return $uri; } private function getDefaultContext(RequestInterface $request): array { $headers = ''; foreach ($request->getHeaders() as $name => $value) { foreach ($value as $val) { $headers .= "$name: $val\r\n"; } } $context = [ 'http' => [ 'method' => $request->getMethod(), 'header' => $headers, 'protocol_version' => $request->getProtocolVersion(), 'ignore_errors' => true, 'follow_location' => 0, ], ]; $body = (string) $request->getBody(); if (!empty($body)) { $context['http']['content'] = $body; // Prevent the HTTP handler from adding a Content-Type header. if (!$request->hasHeader('Content-Type')) { $context['http']['header'] .= "Content-Type:\r\n"; } } $context['http']['header'] = \rtrim($context['http']['header']); return $context; } private function add_proxy(RequestInterface $request, array &$options, $value, array &$params): void { if (!\is_array($value)) { $options['http']['proxy'] = $value; } else { $scheme = $request->getUri()->getScheme(); if (isset($value[$scheme])) { if (!isset($value['no']) || !Utils::isHostInNoProxy( $request->getUri()->getHost(), $value['no'] ) ) { $options['http']['proxy'] = $value[$scheme]; } } } } private function add_timeout(RequestInterface $request, array &$options, $value, array &$params): void { if ($value > 0) { $options['http']['timeout'] = $value; } } private function add_verify(RequestInterface $request, array &$options, $value, array &$params): void { if ($value === false) { $options['ssl']['verify_peer'] = false; $options['ssl']['verify_peer_name'] = false; return; } if (\is_string($value)) { $options['ssl']['cafile'] = $value; if (!\file_exists($value)) { throw new \RuntimeException("SSL CA bundle not found: $value"); } } elseif ($value !== true) { throw new \InvalidArgumentException('Invalid verify request option'); } $options['ssl']['verify_peer'] = true; $options['ssl']['verify_peer_name'] = true; $options['ssl']['allow_self_signed'] = false; } private function add_cert(RequestInterface $request, array &$options, $value, array &$params): void { if (\is_array($value)) { $options['ssl']['passphrase'] = $value[1]; $value = $value[0]; } if (!\file_exists($value)) { throw new \RuntimeException("SSL certificate not found: {$value}"); } $options['ssl']['local_cert'] = $value; } private function add_progress(RequestInterface $request, array &$options, $value, array &$params): void { $this->addNotification( $params, function ($code, $a, $b, $c, $transferred, $total) use ($value) { if ($code == STREAM_NOTIFY_PROGRESS) { $value($total, $transferred, null, null); } } ); } private function add_debug(RequestInterface $request, array &$options, $value, array &$params): void { if ($value === false) { return; }

Global variables

Note: A future update will differentiate between private static variables and public static or global variables as private static variables do not cause as much of a problem.

Summary

  • Hidden dependencies
  • Broken encapsulation
  • One component can accidentally overwrite data required by another component (action at a distance)
  • You can only every have one copy of the variable
  • Adding code requires knowing exactly what variables are already in use
  • When working in teams, name clashes can be easily introduced
  • Global state makes it difficult to reuse the code. E.g. having two files open at the same time would require writing the code twice, three times for three files, etc.

Background

The identification of global variables as a bad practice dates as far back at least as far back as 1973[1] and are one of the most widespread and well known bad practices related to flexibility. This is likely due to being available in almost every programming language, ease of use and speed to learn. They also cause severe problems in code and it's very easy to get caught out by using them, even in a small application.

Global vairables are widely labelled "bad practice" and have been for some time, for example back in 1999 Kernighan wrote:

Avoid global variables; wherever possible it is better to pass references to all data through function arguments

Kernighan[2]

And Hevery[3] states:

I hope that by now most developers agree that global state should be treated like GOTO.

This attitude is widespread and Sayfan[4] sums up the problem:

Whenever shared mutable state is involved, it is easy for components to step on each other's toes.

Although "global variables are bad" is a common thing to here, for novice developers it's not immediately obvious why this is. However, the reasons have been covered frequently by developers of varying prominence. While writing about desiging the Eiffel programming language, [5] stated several problems with global variables:

Since global variables are shared by different modules, they make each of these modules more difficult to understand separately, diminishing readability and hence hampering maintenance.

As global variables constitute a form of undercover dependency between modules, they are a major obstacle to software evolution, since they make it harder to modify a module without impacting others.

They are a major source of nasty errors. Through a global variable, an error in a module may propagate to many others. As a result, the manifestation of the error may be quite remote from its cause in the software architecture, making it very hard to trace down errors and correct them. This problem is particularly serious in environments where incorrect array references may pollute other data.

Action at a distance

This problem is commonly referred to as action at a distance and described by Hevery[6] as:

Spooky Action at a Distance is when we run one thing that we believe is isolated (since we did not pass any references in) but unexpected interactions and state changes happen in distant locations of the system which we did not tell the object about. This can only happen via global state.

Broken encapsulation

The biggest issue with global variables (even private static variables) is that they break encapsulation. A class no longer has its own state and one instance of a class can affect the state of another. Although private static variables are the by far the least worst type of global variables they should still be refactored out where possible.

> Encapsulation refers to the bundling of data with the methods that operate on that data

By making the data globally accessible, encapsulation has been lost. Any part of the program has access to the data and can modify it. Even when using private static variables, each instance no longer has control of its own sate.

Tight coupling

Global variables introduce tight coupling. In Object Oriented Programming an object should be self-contained[7][8]. If a class depends on a global (or static) variable, then moving the class to a different project requires defining the required global variables in the new project. Private static variables do not not introduce additional coupling.

Name Clashes

Global variables can introduce name clashes:

everywhere in the program, you would have to keep track of the names of all the variables declared anywhere else in the program, so that you didn't accidentally re-use one.

Summit[9]

The problem of name clashes is magnified by the size of a team. If two people are working on a piece of software and both use global variables, it's possible they'll write some code using the same variable names. During execution this might cause the two peices of code to interfere with each other.

Examples

As a very crude example, imagine the following:

 function getUser($id) {
    
$connection Database::$connection;

    
$connection->query('SELET * FROM user ...')
}

This code assumes that Database::$connection has been set correctly and not overwritten. If any part of the application accidently runs the code Database::$connection = null; (or sets it to anything other than a database connection) then the code will fail. This is due to broken encapsulation and action and a distance.

Anything in the code is able to change the property and cause unexpected behaviour when further methods are called on the instance.

This can also happen with private static properties:

 
class FileReadWrite {
    private static 
$fileName;

    public function 
__construct(string $file) {
        
self::$fileName $file;
    }

    public function 
read() {
        return 
file_get_contents(self::$fileName);
    }

    public function 
write(string $data) {
        
file_put_contents(self::$fileName$data);
    }
}

 
//Works as expected:

$file = new FileReadWrite('./one.txt');
$file->write('data');


//cause a problem

$file1 = new FileReadWrite('./one.txt');
$file2 = new FileReadWrite('./two.txt');

$file1->write('data1');
$file2->write('data2');

This causes a problem because there is a global variable storing the file name. Assuming a class requires only one value of a variable across the whole application always limits flexibility. There are occasionally practical reasons for this such as keeping track of and limiting the number of open files/connections but flexibility is always reduced. Even in these practical exceptions, it introduces a new issue of separation of concerns: Should the class be concerned with the number of open connections throughout the application or should that be managed at an application level rather than a class level?

Although this is a contrived example, the same kind of bugs can occur any time a static variable is used. If it's set by one instance and read by another then unexpected changes can cause bugs.

Further reading

References

  1. Wulf, W., Shaw, M. (1973) Global varaibles considered harmful. ACM SIGPLAN Notices , pp.28-34.
  2. Kernighan, B. (1999) The Practice of Programming ISBN: 978-0201615869. Addison Wesley.
  3. Hevery, M. (2008) Top 10 things which make your code hard to test [online]. Available from: http://misko.hevery.com/2008/07/30/top-10-things-which-make-your-code-hard-to-test/
  4. Sayfan, M. (n.d.) Avoid Global Variables, Environment Variables, and Singletons [online]. Available from: https://sites.google.com/site/michaelsafyan/software-engineering/avoid-global-variables-environment-variables-and-singletons
  5. Meyer, B. (1988) Bidding farewell to globals. JOOP(Journal of Object-Oriented Programming) , pp.73-77.
  6. Hevery, M. (2008) Brittle Global State & Singletons [online]. Available from: http://misko.hevery.com/code-reviewers-guide/flaw-brittle-global-state-singletons/
  7. Yaiser, M. (2011) Object-oriented programming concepts: Objects and classes [online]. Available from: http://www.adobe.com/devnet/actionscript/learning/oop-concepts/objects-and-classes.html
  8. Caromel, D. (1993) Toward a method of object-oriented concurrent programming. Communications of the ACM , pp.90-102.
  9. Summit, S. (1997) Visibility and Lifetime (Global Variables, etc.) [online]. Available from: https://www.eskimo.com/~scs/cclass/notes/sx4b.html
STREAM_NOTIFY_CONNECT => 'CONNECT', STREAM_NOTIFY_AUTH_REQUIRED => 'AUTH_REQUIRED', STREAM_NOTIFY_AUTH_RESULT => 'AUTH_RESULT', STREAM_NOTIFY_MIME_TYPE_IS => 'MIME_TYPE_IS', STREAM_NOTIFY_FILE_SIZE_IS => 'FILE_SIZE_IS', STREAM_NOTIFY_REDIRECTED => 'REDIRECTED', STREAM_NOTIFY_PROGRESS => 'PROGRESS', STREAM_NOTIFY_FAILURE => 'FAILURE', STREAM_NOTIFY_COMPLETED => 'COMPLETED', STREAM_NOTIFY_RESOLVE => 'RESOLVE', ];

Global variables

Note: A future update will differentiate between private static variables and public static or global variables as private static variables do not cause as much of a problem.

Summary

  • Hidden dependencies
  • Broken encapsulation
  • One component can accidentally overwrite data required by another component (action at a distance)
  • You can only every have one copy of the variable
  • Adding code requires knowing exactly what variables are already in use
  • When working in teams, name clashes can be easily introduced
  • Global state makes it difficult to reuse the code. E.g. having two files open at the same time would require writing the code twice, three times for three files, etc.

Background

The identification of global variables as a bad practice dates as far back at least as far back as 1973[1] and are one of the most widespread and well known bad practices related to flexibility. This is likely due to being available in almost every programming language, ease of use and speed to learn. They also cause severe problems in code and it's very easy to get caught out by using them, even in a small application.

Global vairables are widely labelled "bad practice" and have been for some time, for example back in 1999 Kernighan wrote:

Avoid global variables; wherever possible it is better to pass references to all data through function arguments

Kernighan[2]

And Hevery[3] states:

I hope that by now most developers agree that global state should be treated like GOTO.

This attitude is widespread and Sayfan[4] sums up the problem:

Whenever shared mutable state is involved, it is easy for components to step on each other's toes.

Although "global variables are bad" is a common thing to here, for novice developers it's not immediately obvious why this is. However, the reasons have been covered frequently by developers of varying prominence. While writing about desiging the Eiffel programming language, [5] stated several problems with global variables:

Since global variables are shared by different modules, they make each of these modules more difficult to understand separately, diminishing readability and hence hampering maintenance.

As global variables constitute a form of undercover dependency between modules, they are a major obstacle to software evolution, since they make it harder to modify a module without impacting others.

They are a major source of nasty errors. Through a global variable, an error in a module may propagate to many others. As a result, the manifestation of the error may be quite remote from its cause in the software architecture, making it very hard to trace down errors and correct them. This problem is particularly serious in environments where incorrect array references may pollute other data.

Action at a distance

This problem is commonly referred to as action at a distance and described by Hevery[6] as:

Spooky Action at a Distance is when we run one thing that we believe is isolated (since we did not pass any references in) but unexpected interactions and state changes happen in distant locations of the system which we did not tell the object about. This can only happen via global state.

Broken encapsulation

The biggest issue with global variables (even private static variables) is that they break encapsulation. A class no longer has its own state and one instance of a class can affect the state of another. Although private static variables are the by far the least worst type of global variables they should still be refactored out where possible.

> Encapsulation refers to the bundling of data with the methods that operate on that data

By making the data globally accessible, encapsulation has been lost. Any part of the program has access to the data and can modify it. Even when using private static variables, each instance no longer has control of its own sate.

Tight coupling

Global variables introduce tight coupling. In Object Oriented Programming an object should be self-contained[7][8]. If a class depends on a global (or static) variable, then moving the class to a different project requires defining the required global variables in the new project. Private static variables do not not introduce additional coupling.

Name Clashes

Global variables can introduce name clashes:

everywhere in the program, you would have to keep track of the names of all the variables declared anywhere else in the program, so that you didn't accidentally re-use one.

Summit[9]

The problem of name clashes is magnified by the size of a team. If two people are working on a piece of software and both use global variables, it's possible they'll write some code using the same variable names. During execution this might cause the two peices of code to interfere with each other.

Examples

As a very crude example, imagine the following:

 function getUser($id) {
    
$connection Database::$connection;

    
$connection->query('SELET * FROM user ...')
}

This code assumes that Database::$connection has been set correctly and not overwritten. If any part of the application accidently runs the code Database::$connection = null; (or sets it to anything other than a database connection) then the code will fail. This is due to broken encapsulation and action and a distance.

Anything in the code is able to change the property and cause unexpected behaviour when further methods are called on the instance.

This can also happen with private static properties:

 
class FileReadWrite {
    private static 
$fileName;

    public function 
__construct(string $file) {
        
self::$fileName $file;
    }

    public function 
read() {
        return 
file_get_contents(self::$fileName);
    }

    public function 
write(string $data) {
        
file_put_contents(self::$fileName$data);
    }
}

 
//Works as expected:

$file = new FileReadWrite('./one.txt');
$file->write('data');


//cause a problem

$file1 = new FileReadWrite('./one.txt');
$file2 = new FileReadWrite('./two.txt');

$file1->write('data1');
$file2->write('data2');

This causes a problem because there is a global variable storing the file name. Assuming a class requires only one value of a variable across the whole application always limits flexibility. There are occasionally practical reasons for this such as keeping track of and limiting the number of open files/connections but flexibility is always reduced. Even in these practical exceptions, it introduces a new issue of separation of concerns: Should the class be concerned with the number of open connections throughout the application or should that be managed at an application level rather than a class level?

Although this is a contrived example, the same kind of bugs can occur any time a static variable is used. If it's set by one instance and read by another then unexpected changes can cause bugs.

Further reading

References

  1. Wulf, W., Shaw, M. (1973) Global varaibles considered harmful. ACM SIGPLAN Notices , pp.28-34.
  2. Kernighan, B. (1999) The Practice of Programming ISBN: 978-0201615869. Addison Wesley.
  3. Hevery, M. (2008) Top 10 things which make your code hard to test [online]. Available from: http://misko.hevery.com/2008/07/30/top-10-things-which-make-your-code-hard-to-test/
  4. Sayfan, M. (n.d.) Avoid Global Variables, Environment Variables, and Singletons [online]. Available from: https://sites.google.com/site/michaelsafyan/software-engineering/avoid-global-variables-environment-variables-and-singletons
  5. Meyer, B. (1988) Bidding farewell to globals. JOOP(Journal of Object-Oriented Programming) , pp.73-77.
  6. Hevery, M. (2008) Brittle Global State & Singletons [online]. Available from: http://misko.hevery.com/code-reviewers-guide/flaw-brittle-global-state-singletons/
  7. Yaiser, M. (2011) Object-oriented programming concepts: Objects and classes [online]. Available from: http://www.adobe.com/devnet/actionscript/learning/oop-concepts/objects-and-classes.html
  8. Caromel, D. (1993) Toward a method of object-oriented concurrent programming. Communications of the ACM , pp.90-102.
  9. Summit, S. (1997) Visibility and Lifetime (Global Variables, etc.) [online]. Available from: https://www.eskimo.com/~scs/cclass/notes/sx4b.html
'bytes_transferred', 'bytes_max']; $value = Utils::debugResource($value); $ident = $request->getMethod() . ' ' . $request->getUri()->withFragment(''); $this->addNotification( $params, function () use ($ident, $value, $map, $args) { $passed = \func_get_args(); $code = \array_shift($passed); \fprintf($value, '<%s> [%s] ', $ident, $map[$code]); foreach (\array_filter($passed) as $i => $v) { \fwrite($value, $args[$i] . ': "' . $v . '" '); } \fwrite($value, "\n"); } ); } private function addNotification(array &$params, callable $notify): void { // Wrap the existing function if needed. if (!isset($params['notification'])) { $params['notification'] = $notify; } else { $params['notification'] = $this->callArray([ $params['notification'], $notify ]); } } private function callArray(array $functions): callable { return function () use ($functions) { $args = \func_get_args(); foreach ($functions as $fn) { \call_user_func_array($fn, $args); } }; }}