PHP in 2018

conc.at

Salzburg

Mar.3, 2018

http://talks.php.net/concat18

Rasmus Lerdorf
@rasmus

1980s

1990s

1993

#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <string.h>

#define ishex(x) (((x) >= '0' && (x) <= '9') || ((x) >= 'a' && \
                   (x) <= 'f') || ((x) >= 'A' && (x) <= 'F'))

int htoi(char *s) {
	int     value;
	char    c;

	c = s[0];
	if(isupper(c)) c = tolower(c);
	value=(c >= '0' && c <= '9' ? c - '0' : c - 'a' + 10) * 16;

	c = s[1];
	if(isupper(c)) c = tolower(c);
	value += c >= '0' && c <= '9' ? c - '0' : c - 'a' + 10;

	return(value);
}

void main(int argc, char *argv[]) {
	char *params, *data, *dest, *s, *tmp;
	char *name, *age;

	puts("Content-type: text/html\r\n");
	puts("<HTML><HEAD><TITLE>Form Example</TITLE></HEAD>");
	puts("<BODY><H1>My Example Form</H1>");
	puts("<FORM action=\"form.cgi\" method=\"GET\">");
	puts("Name: <INPUT type=\"text\" name=\"name\">");
	puts("Age: <INPUT type=\"text\" name=\"age\">");
	puts("<BR><INPUT type=\"submit\">");
	puts("</FORM>");

	data = getenv("QUERY_STRING");
	if(data && *data) {
		params = data; dest = data;
    	while(*data) {
			if(*data=='+') *dest=' ';
			else if(*data == '%' && ishex(*(data+1))&&ishex(*(data+2))) {
				*dest = (char) htoi(data + 1);
				data+=2;
			} else *dest = *data;
			data++;
			dest++;
		}
		*dest = '\0';
		s = strtok(params,"&");
		do {
			tmp = strchr(s,'=');
			if(tmp) {
				*tmp = '\0';
				if(!strcmp(s,"name")) name = tmp+1;
				else if(!strcmp(s,"age")) age = tmp+1;
			}
		} while(s=strtok(NULL,"&"));

		printf("Hi %s, you are %s years old\n",name,age);
	}
	puts("</BODY></HTML>");
}

1993

use CGI qw(:standard);
print header;
print start_html('Form Example'),
    h1('My Example Form'),
    start_form,
    "Name: ", textfield('name'),
    p,
    "Age: ", textfield('age'),
    p,
    submit,
    end_form;
if(param()) {
    print "Hi ",em(param('name')),
        "You are ",em(param('age')),
        " years old";
}
print end_html;

1994-1995

<html><head><title>Form Example</title></head>
<body><h1>My Example Form</h1>
<form action="form.phtml" method="POST">
Name: <input type="text" name="name">
Age: <input type="text" name="age">
<br><input type="submit">
</form>
<?if($name):?>
Hi <?echo $name?>, you are <?echo $age?> years old
<?endif?>
</body></html>

✔ engine improvements

  • 100%+ performance gain on most real-world applications
  • Lower memory usage, sometimes drastically lower

JIT?

Improve CPU cache usage

  • Step 1: Decrease overall data
  • Step 2: Better data locality and less indirections
  • Step 3: Save the world!
  • zval size reduced from 24 to 16 bytes
  • Hashtable size reduced from 72 to 56 bytes
  • Hashtable bucket size reduced from 72 to 32 bytes
  • Immutable array optimization
$a = [];
for($i=0; $i < 100000;$i++) {
    $a[] = ['abc','def','ghi','jkl','mno','pqr'];
}
echo memory_get_usage(true);

// PHP 5.x  109M
// PHP 7.0   42M no opcache
// PHP 7.0    6M with opcache enabled
  • New memory allocator similar to jemalloc
  • Faster hashtable iteration API
  • Array duplication optimization
  • PCRE JIT enabled by default
  • Precomputed string hashes
  • Fast ZPP (ZendParseParameters) implementation
  • Faster stack-allocated zvals (instead of heap)
  • Optimized VM calling
  • Global register variables with gcc 4.8+
  • plus hundreds of micro-optimizations

JIT?

GCC Feedback-Directed Optimization (FDO)

$ gcc --version
gcc (Debian 6.3.0-14) 6.3.0 20170415

$ make clean
$ make -j8 prof-gen
...
$ sapi/cgi/php-cgi -T 1000 /var/www/wordpress/index.php > /dev/null
$ make prof-clean
$ make -j8 prof-use

PHP 7 in production


Saving the Planet?

  • Around 2 billion sites on the web
  • On 10 million physical machines
  • PHP drives at least 50%
  • Currently ~5% PHP 7 Adoption
  • which is about 250k physical servers
  • 3000 KWH/year per server costs approx. US$400
  • Data center cooling doubles that
  • 0.5kg CO2 per KWH

At 5% Adoption

  • US $200M savings
  • 750M KWH Savings
  • 375M kg less CO2

At 100% Adoption

  • $4B savings
  • 15B KWH Savings
  • 7.5B kg less CO2

Do your part

Upgrade to PHP 7!

PHP 7.2

Initial DCE and SCCP optimizations

Parameter Type Widening

class Orig {
  public function fn(array $arg) {  }
}
class Wider extends Orig {
  public function fn($arg) { }
}

In PHP 7.1 you would get:

Warning: Declaration of Wider::fn($arg) should be 
         compatible with Orig::fn(array $arg)

Allow trailing commas everywhere

// Arrays (already possible)
$array = [1, 2, 3,];

// Grouped namepaces
use Foo\Bar\{ Foo, Bar, Baz, };
 
// Function/method arguments (call)
fooCall($arg1, $arg2, $arg3,);

use Foo\Bar\{ Foo, Bar, Baz, };

class Foo implements
    // Interface implementations on a class
    FooInterface,
    BarInterface,
    BazInterface,
{
    // Trait implementations on a class
    use
        FooTrait,
        BarTrait,
        BazTrait,
    ;
 
    // Class member lists
    const
        A = 1010,
        B = 1021,
        C = 1032,
        D = 1043,
    ;

Object typehint

function fn(object $obj): object {
	return json_decode('{}');
}
fn("not an object");
Warning: Uncaught TypeError: Argument 1 passed to fn() must be an object,
         string given, called in php shell code on line 1 and defined in ...

Deprecate unquoted strings

echo HELLO;
Warning: Use of undefined constant HELLO - assumed 'HELLO' (this will throw
         an Error in a future version of PHP) in php shell code on line 1

extra headers array arg for mail() and mb_send_mail()

$to      = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = ['From'     => 'webmaster@example.com',
            'Reply-To' => 'webmaster@example.com',
            'X-Mailer' => 'PHP/' . phpversion() ];

mail($to, $subject, $message, $headers);

Argon2i added to password_hash()

$options = [
    'memory_cost' => 2048,
    'time_cost' => 10,
    'threads' => 2
];
echo password_hash("rasmuslerdorf", PASSWORD_ARGON2I, $options);
$argon2i$v=19$m=2048,t=10,p=2$akUuWkoxRDlMSi5TVGhYLg$j0D1Cl4aR8UMHOGGx5JtZ1BmCApr8RmOJA9qFWm5mz8

Add Sodium Crypto Library

// On Alice's computer:
$msg = 'This comes from Alice.';
$signed_msg = sodium_crypto_sign($msg, $secret_sign_key);
// On Bob's computer:
$original_msg = sodium_crypto_sign_open($signed_msg, $alice_sign_publickey);
if ($original_msg === false) {
    throw new Exception("Invalid signature");
} else {
    echo $original_msg; // Displays "This comes from Alice."
}
see: https://paragonie.com/book/pecl-libsodium

Things that may break your code

  • mcrypt extension has been removed
  • __autoload() deprecated, use spl_autoload_register()
  • create_function() deprecated, use anonymous functions
  • each() deprecated, use foreach()
  • read_exif_data() deprecated, use exif_read_data()

Full details are at:

https://github.com/php/php-src/blob/PHP-7.2/UPGRADING

And for extension authors:

https://github.com/php/php-src/blob/PHP-7.2/UPGRADING.INTERNALS

Dead Code Elimination (DCE)

Escape Analysis

Sparse Conditional Constant Propagation

php -d opcache.optimization_level=-1 -d opcache.opt_debug_level=0x20000 script
function fn() {
    $a = 1;
    return 0;
}

PHP 7.1

fn: (lines=2, args=0, vars=1, tmps=0)
L0:   ASSIGN CV0($a) int(1)
L1:   RETURN int(0)

PHP 7.2

fn: (lines=1, args=0, vars=0, tmps=0)
L0:   RETURN int(0)
function foo(string $s1, string $s2, string $s3, string $s4) {
    $x = ($s1 . $s2) . ($s3 . $s4);
    $x = 0;
    return $x;
}
PHP 7.1                                   PHP 7.2
foo: (lines=10, args=4, vars=5, tmps=3)   foo: (lines=5, args=4, vars=4, tmps=3)
L0:   CV0($s1) = RECV 1                   L0:   CV0($s1) = RECV 1
L1:   CV1($s2) = RECV 2                   L1:   CV1($s2) = RECV 2
L2:   CV2($s3) = RECV 3                   L2:   CV2($s3) = RECV 3
L3:   CV3($s4) = RECV 4                   L3:   CV3($s4) = RECV 4
L4:   T6 = CONCAT CV0($s1) CV1($s2)       L4:   RETURN int(0)
L5:   T7 = CONCAT CV2($s3) CV3($s4)
L6:   T5 = CONCAT T6 T7
L7:   ASSIGN CV4($x) T5
L8:   ASSIGN CV4($x) int(0)
L9:   RETURN CV4($x)

Try to trick it

function foo($a) {
    $b = $a += 3;
    return $a;
}

PHP 7.2

foo: (lines=3, args=1, vars=1, tmps=1)
L0:   CV0($a) = RECV 1
L1:   ASSIGN_ADD CV0($a) int(3)
L2:   RETURN CV0($a)

But...

function foo(int $x, int $y) {
    $a = [$x];
    $a[1] = $y;
    $a = $y;
    return $a;
}
PHP 7.2                                    PHP 7.3
foo: (lines=7, args=2, vars=3, tmps=1)     foo: (lines=4, args=2, vars=3, tmps=0)
L0:   CV0($x) = RECV 1                     L0:     CV0($x) = RECV 1
L1:   CV1($y) = RECV 2                     L1:     CV1($y) = RECV 2
L2:   CV2($a) = INIT_ARRAY 1 CV0($x) NEXT  L2:     CV2($a) = QM_ASSIGN CV1($y)
L3:   ASSIGN_DIM CV2($a) int(1)            L3:     RETURN CV2($a)
L4:   OP_DATA CV1($y)
L5:   ASSIGN CV2($a) CV1($y)
L6:   RETURN CV2($a)
class A { }
function foo(int $x) {
    $a = new A;
    $a->foo = $x;
    return $x;
}

PHP 7.3

foo: (lines=2, args=1, vars=1, tmps=0)
L0:   CV0($x) = RECV 1
L1:   RETURN CV0($x)
class A {
    function __destruct() {}
}
function foo(int $x) {
    $a = new A;
    $a->foo = $x;
    return $x;
}

PHP 7.3

foo: (lines=7, args=1, vars=2, tmps=1)
L0:   CV0($x) = RECV 1
L1:   V2 = NEW 0 string("A")
L2:   DO_FCALL
L3:   CV1($a) = QM_ASSIGN V2
L4:   ASSIGN_OBJ CV1($a) string("foo")
L5:   OP_DATA CV0($x)
L6:   RETURN CV0($x)
function foo() {
    $a = 1;
    $b = $a + 2;
    $a += $b;
    return $a;
}

PHP 7.2

foo: (lines=1, args=0, vars=0, tmps=1)
L0:   RETURN int(4)

PHP 7.3

foo: (lines=1, args=0, vars=0, tmps=0)
L0:   RETURN int(4)
function foo(int $x) {
    if ($x) {
        $a = [0,1];
    } else {
        $a = [0,2];
    }
    return $a[0];
}

PHP 7.3

foo: (lines=2, args=1, vars=1, tmps=0)
L0:   CV0($x) = RECV 1
L1:   RETURN int(0)
function foo() {
    $o = new stdClass();
    $o->foo = 0;
    $i = 1;
    $c = $i < 2;
    if ($c) {
        $k = 2 * $i;
        $o->foo = $i;
        echo $o->foo;
    }
    $o->foo += 2;
    $o->foo++;
    return $o->foo;
}

PHP 7.3

foo: (lines=2, args=0, vars=0, tmps=0)
L0:   ECHO int(1)
L1:   RETURN int(4)

Static Analysis



github.com/phan/phan

Install with composer

$ composer require --dev phan/phan

Create .phan/config.php

$ phan --init
$ ./vendor/bin/phan

Checks

  • phpdoc type annotations
  • Everything is defined and accessible
  • Type safety
  • PHP version compatibility
  • No-ops
  • Unreachable code
  • Unused use statements
  • Redefinitions
  • Signature compatibility and final on inheritance
  • and many more

User plugins

Writing Plugins for Phan

Included sample plugins

  • DemoPlugin
  • PregRegexCheckerPlugin
  • PrintfRegexCheckerPlugin
  • UnreachableCodePlugin
  • DollarDollarPlugin
  • NonBoolBranchPlugin
  • NumericalComparisonPlugin

Daemon mode

Thank You

http://talks.php.net/concat18
https://github.com/phan/phan
https://paragonie.com/book/pecl-libsodium
https://github.com/php/php-src/blob/PHP-7.2/UPGRADING
https://bugs.php.net



Report Bugs

Useful bug reports, please!