Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:92591
Return-Path: <anatol.php@belski.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 64820 invoked from network); 21 Apr 2016 11:14:19 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Apr 2016 11:14:19 -0000
Authentication-Results: pb1.pair.com smtp.mail=anatol.php@belski.net; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=anatol.php@belski.net; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain belski.net from 85.214.73.107 cause and error)
X-PHP-List-Original-Sender: anatol.php@belski.net
X-Host-Fingerprint: 85.214.73.107 klapt.com  
Received: from [85.214.73.107] ([85.214.73.107:44359] helo=h1123647.serverkompetenz.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 11/CE-14036-406B8175 for <internals@lists.php.net>; Thu, 21 Apr 2016 07:14:13 -0400
Received: by h1123647.serverkompetenz.net (Postfix, from userid 1006)
	id 329E6782A2B; Thu, 21 Apr 2016 13:14:10 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	h1123647.serverkompetenz.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.5 tests=ALL_TRUSTED,BAYES_00,
	URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0
Received: from w530phpdev (pD9FE8B2B.dip0.t-ipconnect.de [217.254.139.43])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by h1123647.serverkompetenz.net (Postfix) with ESMTPSA id 320D2782978;
	Thu, 21 Apr 2016 13:14:08 +0200 (CEST)
To: "'Dmitry Stogov'" <dmitry@zend.com>,
	"'Nikita Popov'" <nikita.ppv@gmail.com>,
	"'Rasmus Lerdorf'" <rasmus@lerdorf.com>,
	"'Anatol Belski'" <ab@php.net>,
	"'Antony Dovgal'" <antony.dovgal@gmail.com>,
	"'Zeev Suraski'" <zeev@zend.com>,
	"'Xinchen Hui'" <laruence@php.net>
Cc: "'internals'" <internals@lists.php.net>
References: <BY2PR0201MB1784CF39602D523115E594A6BF6D0@BY2PR0201MB1784.namprd02.prod.outlook.com>
In-Reply-To: <BY2PR0201MB1784CF39602D523115E594A6BF6D0@BY2PR0201MB1784.namprd02.prod.outlook.com>
Date: Thu, 21 Apr 2016 13:14:04 +0200
Message-ID: <01a801d19bbe$ec895610$c59c0230$@belski.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJyngbBWx89XKQB4Iow0VOsNFSgip5SOuvw
Content-Language: en-us
Subject: RE: [PHP-DEV] Safe timeout handling
From: anatol.php@belski.net ("Anatol Belski")

Hi Dmitry,

> -----Original Message-----
> From: Dmitry Stogov [mailto:dmitry@zend.com]
> Sent: Wednesday, April 20, 2016 12:58 PM
> To: Nikita Popov <nikita.ppv@gmail.com>; Rasmus Lerdorf
> <rasmus@lerdorf.com>; Anatol Belski <ab@php.net>; Antony Dovgal
> <antony.dovgal@gmail.com>; Zeev Suraski <zeev@zend.com>; Xinchen Hui
> <laruence@php.net>
> Cc: internals <internals@lists.php.net>
> Subject: [PHP-DEV] Safe timeout handling
> 
> Hi,
> 
> 
> It's a well known PHP problem, that exceeding of execution time-out
> (max_execution_time) may lead to unexpected crashes.
> 
> They occur because PHP may be interrupted in inconsistent state, and
attempt
> to release allocated by request resources leads to failure.
> 
> Almost any big site sees these crashes from time to time.
> 
> 
> I propose to delay actual request termination until a "safe" point in
interpreter.
> 
> Signal handler will just set EG(timed_out) flag.
> 
> Interpreter will check this time from time to time (on jumps and calls
that may
> make loops or recursion) and perform the actual termination.
> 
> This approach already works in PHP for Windows.
> 
> 
> In addition I introduce hard_timeout (default value 2 seconds).
> 
> In case the "soft" timeout wasn't handled "safely" in that 2 seconds
(because of
> long running internal function), PHP process will be terminated without
attempt
> to free any resources.
> 
> ZTS build will ignore "hard_timeout" (in the same way as PHP on Windows
do).
> 
> 
> The PR: https://github.com/php/php-src/pull/1876
> 
> 
> It removes "exit_on_timeout" ini directive, and introduces "hard_timeout"
> instead.
> 
> Additional checks in VM make 0.5-1% slowdown in term of instruction
retired
> reported by callgrind.
> 
> I think we don't need RFC for this. This is a long time desired fix.
> 
> 
> The same "interrupt" handling mechanism in the future may be reused for
TICK
> and signal handling.
> 
I've tested your patch with CLI, mpm_prefork, mpm_worker and mpm_winnt and
see no regressions. The existing tests in tests/*/*timeout*.phpt pass as
well. We'd probably need to add some more with respect to the new INI option
and more extensive testing under high load.

AFM it's a good step towards unifying the timeout handling and making it
safer. Even better if ticks and exceptions handling can be later improved by
the same approach. 

Regards

Anatol