Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:112549 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 13116 invoked from network); 18 Dec 2020 17:11:38 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 18 Dec 2020 17:11:38 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id DE56A18050B for ; Fri, 18 Dec 2020 08:43:22 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.9 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com [209.85.167.44]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 18 Dec 2020 08:43:22 -0800 (PST) Received: by mail-lf1-f44.google.com with SMTP id s26so6974765lfc.8 for ; Fri, 18 Dec 2020 08:43:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XV9zgy76p5MxJ/9yV4N2ywSK9E2v11B3PCn2aHJrIJ8=; b=WOMY6RjyCM69Gy46e7vJqGl05uHjOCZuxiMev/1r70L4EIKSBw1Rd/Kp5/C9UnQfBs CJ1iv420yreZfpyC0GvXRm5oaZiTD2XRIQmaexqaQG4oD/4lxN078shHOG0DZBwOR345 m9xpajLKeB9NI/LUb7RHg518hieGWfaGvnIwTp927H6xoSdiZOe2Tas2rTCzS1kcn9Ze nfIhz4WaKwkDtRSMMr36yUR3NRYG0+Fp948XRBYCoKYUAdDXngu5fU3Jmn8N1C649qZ6 YbTpMdf1l+t8WhYswtcV/4xbwtfP0MN3e+adaz5zlBviv5ESSQ+ar3oyThw5bTt3QThH 4pyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XV9zgy76p5MxJ/9yV4N2ywSK9E2v11B3PCn2aHJrIJ8=; b=HFkLo98kSk8W88wSKP1n8usuICXPw74MNXDprgtyZ2Q7nbkxyVFKu77z9zerCAnKT2 firt+XCndYids3UJ58D+gIydmIBMs9mcZI4Hb4ljdvlSgDRO0emJ432dYXpLn3x+PIIN ySMjl26L3LzGyX3x0m9acrKQSAWFWjYOsUv5WQqDSZYatDTsOu9TqClSBQ8knRh3jpuf MSWeTY8RCzbgQPlysWIo8EOmWXNJNZtYD+3U1X7PY8RFz36EkSXeyJHvOZ8/2nb1l/Ce fDP6Rvqg8TeAGFFsHN2dHb0jjstSchrXUohJeZro+4XxcoAwYtgijRexbZM5FCfMmsyM xswA== X-Gm-Message-State: AOAM533p81Cc1ggdnmxUajSR9dK3NO61BvkJokdUKFbqAeEAydWE1zXZ KMuI9cmSOj3FFcv2N7EeVBwZ+Z3DYeOVbHOgJCQ= X-Google-Smtp-Source: ABdhPJz3aKDVsWGaahJaOPSez5P45NKANq76i/Bobf4O/PMbxdRoSjLOJ6064gXdDgdeYeGFoq3gNlRCw4gDgQCuRTs= X-Received: by 2002:a2e:a364:: with SMTP id i4mr2119862ljn.426.1608309800716; Fri, 18 Dec 2020 08:43:20 -0800 (PST) MIME-Version: 1.0 References: <9b36af8a-270f-2796-194e-b50296522407@gmail.com> In-Reply-To: <9b36af8a-270f-2796-194e-b50296522407@gmail.com> Date: Fri, 18 Dec 2020 17:43:09 +0100 Message-ID: To: Rowan Tommins Cc: PHP Internals List Content-Type: multipart/alternative; boundary="0000000000005c4ed705b6bfced8" Subject: Re: [PHP-DEV] [RFC] [Discussion] Measuring maximum execution time based on wall-time From: kocsismate90@gmail.com (=?UTF-8?B?TcOhdMOpIEtvY3Npcw==?=) --0000000000005c4ed705b6bfced8 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Rowan, I'd be likely to treat it similarly to > the Linux OOM killer: if it was ever actually invoked, I would be > investigating how to fix my application. > I think this is mostly not about application-level, rather than infrastructure-level issues, at least according to our use-cases. For example, if your application is under heavy DOS attack, or there are other kind of network connection problems, then your service(s) may experience slow database/cache/API response times. It is also possible that a 3rd party API you depend on faces such issues. All these scenarios could severely harm the availability of your application, unless you have a hard, wall-clock time based timeout as a way to short-circuit too slow responses. So we are not talking about application (design) issues only, like the n+1 query problem. If the remote system responded very slowly, that loop might take many > times the expected duration. If we simply kill the process when a fixed > wall time has elapsed, we're very likely to create an order on the > remote system, but exit without saving its reference. It is however easy > to see where in that loop we could safely call a routine like > throw_exception_if_time_limit_reached(). In my opinion, if the proposed ini setting causes consistency issues for an application, then they are already vulnerable to other factors which can make their application halt execution at random places: fatal errors, power outages, etc. I think developers of distributed systems should be aware of this - and I think they usually are, let's just take the CAP theorem -, so they have to accept and consider these risks. Please also note that "max_execution_time" already measures wall-time on a few platforms, so we already have precedence for the proposed behavior. > If rather than placing orders, the loop was just gathering search > results, killing the process would be less dangerous, but cleanly > exiting would still be preferable, because we could return a warning and > partial results, rather than a 500 error. > If returning a 50x response with a custom message is a requirement, then sure, developers can just ignore the new ini setting. Although, i.e. apache and nginx already allow custom error pages, and I think that should just be good enough for most use-cases. * If the database locks up inside a transaction, killing the process > probably won't roll that transaction back cleanly > Since there can be many other causes of a killed process, I think this particular problem is unrelated to my proposal, and if such a thing happens, then it's a bug in the database server. Also, please be aware that the timeout is a clean shutdown mechanism, so shutdown handlers and the already mentioned RSHUTDOWN functions are triggered. On the other hand, fpm's timeout doesn't invoke any of them. In other words, I can only think of cases where "the cure would be worse > than the disease". To be honest, my impression is that you either underestimate the "disease", or overestimate the current "cures". Speaking about the latter, nginx + fpm, one of the most popular web server setups (if not the most popular one) doesn't provide an easy-to-use and safe way to shutdown execution after a dynamically configurable amount of time. While one can use the "if (time() - $startTime > $timeout) { /* ... */ }" based approach instead, this won't scale well when used in non-trivial codeses. Thus, I believe my suggestion offers a more convenient, safer, and more universal way to solve the underlying problem of controlling the real execution time, than what the currently available options do. Regards: M=C3=A1t=C3=A9 --0000000000005c4ed705b6bfced8--