Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118874 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 57546 invoked from network); 24 Oct 2022 06:38:09 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 24 Oct 2022 06:38:09 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 94FAD180054 for ; Sun, 23 Oct 2022 23:38:08 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 23 Oct 2022 23:38:07 -0700 (PDT) Received: by mail-pj1-f51.google.com with SMTP id l22-20020a17090a3f1600b00212fbbcfb78so2582120pjc.3 for ; Sun, 23 Oct 2022 23:38:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wikimedia.org; s=google; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=4B/o5shJ9Yz0kBbkhI42kHhOICQ1cZfSAc6VWsXLWXc=; b=WNqPkP4qI5ObrSaq44lxJDnSpnzXMExOsDwaLGwQguG0xrtOXQN9nG31YlitUKn0d8 SFuXd9TzP3sKHZoDnJiLPeflzOkZ6GuRjNaF4M1HLpRZRotJjpeLCrWE6QHkbUfICF/R xXhO0I8TEdrt5+mAvtJY7Erq1aCktIw6WWDgk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=4B/o5shJ9Yz0kBbkhI42kHhOICQ1cZfSAc6VWsXLWXc=; b=jpwBinyh47bKfZT8vYvA6Gs/ywel9b4yGOozge8BV9fB09vLE63CVeoQCctWctp6Dn Ruv6klwCEF8Cj/Q75pTibnSOMgIxzAyLs6dZqXTxkxsBC/5P9UGY0UHltDiVsK8kmgKb CTBAvk2uALe2mlLa5qHFevmb7WUFhN+VovRjPFTmjX1ufdgIzxl7pCqDewQQJIcOOiEY JyesB6K2RkdJmBppsntRlDU2cJ5/eNx/XrMTnhbye7cDRs7lUkZsnnrGZQ7lQ3j8C3Uz AgjkRqMkzLH22YN/dJSm8wqA83wRVP/L5raDmQeIAj9rDriLNH1Uvw4jL8il3SXuOIrf k3vA== X-Gm-Message-State: ACrzQf2aOZkRnw51XQMSrf/0l62U/XXmAepNVA39kHnFUdE0tg+xHKpK cmd0y7O8ji6VXmt1t6JQWjFofg== X-Google-Smtp-Source: AMsMyM6cL36oPdSiB6XclCSanzamHi4VZvKFrSqRbkiqRTMubVA3g61Xa8IZI3a+uqL2xgGyyC3HLw== X-Received: by 2002:a17:902:da90:b0:185:5537:f388 with SMTP id j16-20020a170902da9000b001855537f388mr33377263plx.113.1666593486535; Sun, 23 Oct 2022 23:38:06 -0700 (PDT) Received: from [10.1.1.45] (124-149-170-192.dyn.iinet.net.au. [124.149.170.192]) by smtp.gmail.com with ESMTPSA id l14-20020a17090a384e00b00212c27abcaesm3609433pjf.17.2022.10.23.23.38.04 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 23 Oct 2022 23:38:06 -0700 (PDT) Message-ID: Date: Mon, 24 Oct 2022 17:38:01 +1100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Content-Language: en-US To: =?UTF-8?Q?K=c3=a9vin_Dunglas?= , internals@lists.php.net References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] Proposal to incrementally improve timeout and signal handling From: tstarling@wikimedia.org (Tim Starling) On 21/10/22 01:11, Kévin Dunglas wrote: > Here is the plan: > > 1. Switch to timer_create() for timeouts, but only on Linux (it's not > supported on other platforms yet), when ZTS is enabled and Zend Signals is > disabled. As the feature is currently entirely broken when ZTS is on, this > can be considered a bug fix and cannot be worse than it currently is. > 1bis. Can be done independently of 1., and even in parallel, optional as > long as we keep the --disable-zend-signals flag: Remove Zend Signals > entirely, because even if it can be partially fixed (I proposed a patch > fixing segfaults: https://github.com/php/php-src/pull/9766), it seems now > useless and causes unfixable issues with some signals such as SIGINT ( > https://github.com/php/php-src/issues/9649#issuecomment-1265811930) > 2. Switch to Grand Central Dispatch on macOS and FreeBSD when ZTS is > enabled and Zend Signals is disabled (if not removed at this point), which > provides a feature similar to timer_create() for these platforms. > 3. Probably in a future major version, optional: switch to > timer_create()/GCD even for non-ZTS builds to uniformize and simplify the > code. Sounds good to me, for what it's worth. I spent some time studying PR #5591 since it feels like I should have some expertise in this area by now. Timeout handling in PHP 5 was a joke. The list of library functions which can be safely re-entered from a signal handler is listed on man signal-safety(7). Most notably it does not include malloc(). You cannot just longjmp() out of a signal handler and re-enter userspace code, as PHP 5 was doing. I partly solved this problem just for Wikimedia in 2011 in a hilariously hacky custom extension (wmerrors). It defensively produced an error page, guarded by a second timer, then killed the process with abort(). This helped to reduce the rate of deadlocks and segfaults in Wikimedia production. So I was pretty happy when the new system for signal and timeout handling was introduced in PHP 7.1. I extended that system by writing the Excimer extension, which provides userspace timer facilities with timer_create() and vm_interrupt. We're using Excimer in production to implement timeouts. My understanding of PR #5591 is that it is removing the remnants of the old signal handling system. There is a lot of discussion of the correct implementation of HANDLE_BLOCK_INTERRUPTIONS(), but that macro was from the outset an inadequate approach to signal safety. Maybe it helped to reduce the rate of segfaults, but at Wikimedia's scale it was still a segfault firehose. If your signal handler calls malloc(), then obviously every malloc() call and every call of a library function that may call malloc() becomes a critical section. So in my view, the critical sections should all be removed and all signal handlers should be implemented safely, by setting a flag that is checked from a safe context. The same recommendation applies whether you use timer_create() or setitimer(). In Excimer we are using timer_create() with SIGEV_THREAD. PHP request threads are registered in a global hashtable with long-lived integer handles, because there is no way to prevent events from being delivered after the relevant request has terminated. You can't store a pointer in sival_ptr if it will be freed at request shutdown. SIGEV_THREAD is less intrusive than SIGEV_SIGNAL or SIGEV_THREAD_ID since it doesn't interrupt syscalls. > What do you think about this plan? Apart from the technical aspects, what's > the best way forward? Submit patches? Propose an RFC? Do both? (pardon my > ignorance of internals processes). Submit PRs I guess. I've only submitted a handful of PRs to PHP, and I haven't got push access, so I'm not an expert. But I think the usual strategies apply. Answer the nitpickers, get to know people, nag, escalate, etc. (I did have Subversion write access, which I got by taking over maintainership of a PEAR package, but I was never brave enough to push things to the PHP core.) -- Tim Starling