Detailed explanation of PHP script timeout mechanism

*文
Release: 2023-03-18 19:00:01
Original
1854 people have browsed it

In our daily development, we may have encountered the situation of PHP script running timeout. When encountering this situation, we often use set_time_limit (non-safe mode), or modify the configuration file and restart the server, or Modify the program to reduce the execution time of the program to within the allowed range to solve this problem. I hope to be helpful.

When doing PHP development, max_input_time and max_execution_time are often set to control the timeout of the script. But I never thought about the principle behind it.

Take advantage of the free time in these two days to study this issue.

Timeout configuration

How PHP's ini configuration works is a commonplace topic.

First, we configure it in php.ini. When php starts (php_module_startup stage), it will try to read the ini file and parse it. To put it simply, the parsing process is to analyze the ini file, extract the legal key-value pairs, and save them to the configuration_hash table.

OK, then php will further call zend_startup_extensions to start each module (including php Core module, and all extensions that need to be loaded). In the startup function of each module, the REGISTER_INI_ENTRIES action will be completed. REGISTER_INI_ENTRIES is responsible for taking out some configurations corresponding to the module from the configuration_hash table, then calling the processing function, and finally storing the processed values ​​into the globals variable of the module.

The two configurations of max_input_time and max_execution_time belong to the php Core module. For php Core, REGISTER_INI_ENTRIES still occurs in php_module_startup. Configurations that also belong to the php Core module include expose_php, display_errors, memory_limit, etc...

The diagram is as follows:


##

---->php_module_startup----------->php_request_startup---->
    |
    |
    |-->REGISTER_INI_ENTRIES
    |
    |
    |-->zend_startup_extensions
    |     |
    |     |-->zm_startup_date
    |     |     |-->REGISTER_INI_ENTRIES
    |     |
    |     |-->zm_startup_json
    |     |     |-->REGISTER_INI_ENTRIES
    |
    |
    |-->do otherthings
Copy after login

As mentioned above, for different Configuration, REGISTER_INI_ENTRIES will call different functions to process. Let’s look directly at the function corresponding to max_execution_time:


static PHP_INI_MH(OnUpdateTimeout)
{
  // php启动阶段走这里
  if (stage == PHP_INI_STAGE_STARTUP) {
    // 将超时设置保存到EG(timeout_seconds)中
    EG(timeout_seconds) = atoi(new_value);
    return SUCCESS;
  }
 
  // php执行过程中的ini set则走这里
  zend_unset_timeout(TSRMLS_C);
  EG(timeout_seconds) = atoi(new_value);
  zend_set_timeout(EG(timeout_seconds), 0);
  return SUCCESS;
}
Copy after login

We will only look at the upper half for now, because we only need to focus on the startup phase of php. The behavior of this function is very simple. Change max_execution_time EG(timeout_seconds) is stored.

As for max_input_time, there is no special processing function. By default, max_input_time will be stored in PG (max_input_time).

So when REGISTER_INI_ENTRIES completes, what happens is:

max_execution_time ----> Stored in EG(timeout_seconds)

max_input_time ----> Stored PG(max_input_time)

Request timeout control

Now we understand what happens in the startup phase of php, let’s continue to look at when php actually processes the request , how to manage timeouts.

There is the following code in the php_request_startup function:


if (PG(max_input_time) == -1) {
  zend_set_timeout(EG(timeout_seconds), 1);
} else {
  zend_set_timeout(PG(max_input_time), 1);
}
Copy after login

The timing of php_request_startup is very particular.

Taking cgi as an example, php_request_startup will be called only after php has obtained the original request and some CGI environment variables from CGI. When the above code is actually executed, since the request has been obtained, SG (request_info) is in a ready state, but super global variables such as $_GET, $_POST, $_FILE and so on in PHP have not yet been generated.

Understanding from the code:

1. If the user sets max_input_time to -1, or does not configure it, then the life cycle of the script is only constrained by EG (timeout_seconds).

2. Otherwise, the timeout control in the request startup phase is subject to PG (max_input_time).

3. The zend_set_timeout function is responsible for setting the timer. Once the specified time has passed, the timer will notify the php process. zend_set_timeout will be analyzed in detail below.

After php_request_startup is completed, it enters the actual execution phase of php, that is, php_execute_script. You can see in php_execute_script:


// 设定执行超时
if (PG(max_input_time) != -1) {
#ifdef PHP_WIN32
  zend_unset_timeout(TSRMLS_C); // 关闭之前的定时器
#endif
  zend_set_timeout(INI_INT("max_execution_time"), 0);
}
 
// 进入执行
retval = (zend_execute_scripts(ZEND_REQUIRE TSRMLS_CC, NULL, 3, prepend_file_p, primary_file, append_file_p) == SUCCESS);
Copy after login

OK. If the code is executed here and the max_input_time timeout has not occurred, the timeout of max_execution_time will be respecified.

The same is done by calling zend_set_timeout and passing in max_execution_time. Pay special attention to the fact that you need to explicitly call zend_unset_timeout to turn off the original timer under Windows, but not under Linux. This is due to the different implementation principles of timers on the two platforms, which will be described in detail below.

Finally, a picture is used to represent the process of timeout control. The case on the left shows that the user has configured both max_input_time and max_execution_time. The difference on the right side is that the user only configured max_execution_time:

zend_set_timeout

As mentioned earlier, the zend_set_timeout function uses to set the timer. Let’s look at the implementation specifically:


void zend_set_timeout(long seconds, int reset_signals) /* {{{ */
{
  TSRMLS_FETCH();
 
  // 赋值
  EG(timeout_seconds) = seconds;
 
#ifdef ZEND_WIN32
  if(!seconds) {
    return;
  }
   
  // 启动定时器线程
  if (timeout_thread_initialized == 0 && InterlockedIncrement(&timeout_thread_initialized) == 1) {
    /* We start up this process-wide thread here and not in zend_startup(), because if Zend
     * is initialized inside a DllMain(), you're not supposed to start threads from it.
     */
    zend_init_timeout_thread();
  }
   
  // 向线程发送WM_REGISTER_ZEND_TIMEOUT消息
  PostThreadMessage(timeout_thread_id, WM_REGISTER_ZEND_TIMEOUT, (WPARAM) GetCurrentThreadId(),
                                  (LPARAM) seconds);
#else
 
  // linux平台下
  struct itimerval t_r;    /* timeout requested */
  int signo;
 
  if (seconds) {
    t_r.it_value.tv_sec = seconds;
    t_r.it_value.tv_usec = t_r.it_interval.tv_sec = t_r.it_interval.tv_usec = 0;
 
    // 设置定时器,seconds秒后会发送SIGPROF信号
    setitimer(ITIMER_PROF, &t_r, NULL);
  }
  signo = SIGPROF;
 
  if (reset_signals) {
    sigset_t sigset;
 
    // 设置SIGPROF信号对应的处理函数为zend_timeout
    signal(signo, zend_timeout);
     
    // 防屏蔽
    sigemptyset(&sigset);
    sigaddset(&sigset, signo);
    sigprocmask(SIG_UNBLOCK, &sigset, NULL);
  }
#endif
}
Copy after login

The above implementation can basically be completely divided into two platforms:

Let’s look at linux first:

The timer under Linux is much easier, just call the setitimer function. In addition, zend_set_timeout also sets the handler of the SIGPROF signal to zend_timeout.

注意,调用setitimer的时候,将it_interval设置成0,表明这个定时器只触发一次,而不会每隔一段时间触发一次。setitimer可以以三种方式计时,php中采用的是ITIMER_PROF,它同时计算了用户代码和内核代码的执行时间。一旦时间到了,会产生SIGPROF信号。

当php进程接收到SIGPROF信号,不管当前正在执行什么,都会跳转进入到zend_timeout。zend_timeout才是实际处理超时的函数。

再看windows:

首先会启动一个子线程,该线程主要用于设置定时器,同时维护EG(timed_out)变量。

子线程一旦生成,主线程便会向子线程发送一条消息:WM_REGISTER_ZEND_TIMEOUT。子线程接收到WM_REGISTER_ZEND_TIMEOUT之后,产生一个定时器并开始计时。同时,子线程会设置EG(timed_out) = 0。这很重要!windows平台下正是通过判断EG(timed_out)是否为1,来决定是否超时。

如果定时器到时间了,子线程收到WM_TIMER消息,则取消定时器,并且设置EG(timed_out) = 1。

如果需要关闭定时器,则子线程会收到WM_UNREGISTER_ZEND_TIMEOUT消息。关闭定时器,并不会改变EG(timed_out)。

相关代码还是很清晰的:


static LRESULT CALLBACK zend_timeout_WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
  switch (message) {
    case WM_DESTROY:
      PostQuitMessage(0);
      break;
     
    // 生成一个定时器,开始计时
    case WM_REGISTER_ZEND_TIMEOUT:
      /* wParam is the thread id pointer, lParam is the timeout amount in seconds */
      if (lParam == 0) {
        KillTimer(timeout_window, wParam);
      } else {
        SetTimer(timeout_window, wParam, lParam*1000, NULL);
        EG(timed_out) = 0;
      }
      break;
     
    // 关闭定时器
    case WM_UNREGISTER_ZEND_TIMEOUT:
      /* wParam is the thread id pointer */
      KillTimer(timeout_window, wParam);
      break;
     
    // 超时了,也需关闭定时器
    case WM_TIMER: {
        KillTimer(timeout_window, wParam);
        EG(timed_out) = 1;
      }
      break;
    default:
      return DefWindowProc(hWnd, message, wParam, lParam);
  }
  return 0;
}
Copy after login

根据上文描述,最终都是需要跳转到zend_timeout来处理超时的。那windows下如何进入zend_timeout呢?

window下仅在execute函数中(zend_vm_execute.h刚开始的地方),可以看到调用zend_timeout:


while (1) {
  int ret;
#ifdef ZEND_WIN32
  if (EG(timed_out)) {  // windows下的超时,执行每条opcode之前都判断是否需要调用zend_timeout
    zend_timeout(0);
  }
#endif
 
  if ((ret = OPLINE->handler(execute_data TSRMLS_CC)) > 0) {
  ...
  }
}
Copy after login

上述代码可以看到:

在windows下,每执行完成一条opcode指令,就会进行一次超时判断。

因为主线程执行opcode的同时,子线程可能已经发生超时,而windows并没有什么机制可以让主线程停止手头的工作,直接跳入zend_timeout。所以只好利用子线程先将EG(timed_out)设置为1,然后主线程在等到当前opcode执行完成、进入下一条opcode之前,判断一下EG(timed_out)再调用zend_timeout。

因此准确的讲,windows的超时,其实是有一点点延时的。至少在某一个opcode执行的过程中,无法被打断。当然,正常情况下,单条opcode的执行时间会很短。但是可以很容易人为构造出一些很耗时的函数,使得function call需要等待较长时间。此时,如果子线程判断出超时了,则还需要经过漫长的等待,直到主线程完成该条opcode之后,才能调用zend_timeout。

zend_unset_timeout


void zend_unset_timeout(TSRMLS_D) /* {{{ */
{
#ifdef ZEND_WIN32
   
  // 通过发送WM_UNREGISTER_ZEND_TIMEOUT消息来关闭定时器
  if(timeout_thread_initialized) {
    PostThreadMessage(timeout_thread_id, WM_UNREGISTER_ZEND_TIMEOUT, (WPARAM) GetCurrentThreadId(), (LPARAM) 0);
  }
#else
  if (EG(timeout_seconds)) {
    struct itimerval no_timeout;
    no_timeout.it_value.tv_sec = no_timeout.it_value.tv_usec = no_timeout.it_interval.tv_sec = no_timeout.it_interval.tv_usec = 0;
     
    // 全置0,相当于关闭定时器
    setitimer(ITIMER_PROF, &no_timeout, NULL);
  }
#endif
}
Copy after login

zend_unset_timeout同样分成两种平台的实现。

先看linux:

linux下的关闭定时器也很简单。只要将struct itimerval中的4个值都设置为0,就行了。

再看windows:

由于windows是利用一个独立的线程来计时。因此,zend_unset_timeout会向该线程发送WM_UNREGISTER_ZEND_TIMEOUT消息。WM_UNREGISTER_ZEND_TIMEOUT对应的动作是去调用KillTimer来关闭定时器。注意,线程本身并不退出。

前文留下了一个问题,在php_execute_script中,windows下面要显示调用zend_unset_timeout来关闭定时器,而linux下不需要。因为对于一个linux进程来说,只能存在一个setitimer定时器。也就是说,重复调用setitimer,后面的定时器会直接覆盖前面的。

zend_timeout


ZEND_API void zend_timeout(int dummy) /* {{{ */
{
  TSRMLS_FETCH();
 
  if (zend_on_timeout) {
    zend_on_timeout(EG(timeout_seconds) TSRMLS_CC);
  }
 
  zend_error(E_ERROR, "Maximum execution time of %d second%s exceeded", EG(timeout_seconds), EG(timeout_seconds) == 1 ? "" : "s");
}
Copy after login

如前文所述,zend_timeout是实际处理超时的函数。它的实现也很简单。

如果有配置exit_on_timeout,则zend_on_timeout会尝试调用sapi_terminate_process关闭sapi进程。如果无需exit_on_timeout,则直接进入zend_error进行出错处理。大部分情况下,我们并不会设置exit_on_timeout,毕竟我们期望的是虽然一个请求超时了,但是进程仍然保留下来,服务下一个请求。

zend_error除了会打印错误日志,还会利用longjump跳转到boilout指定的栈帧,一般是zend_end_try或者zend_catch宏所在的地方。关于longjump,可以另起一个话题,本文就不具体叙述了。在php_execute_script里面,zend_error会使得程序跳转到zend_end_try的位置然后继续执行。继续执行是指,会调用php_request_shutdown等函数来完成收尾工作。

直到这里,php脚本的超时机制算是讲清楚了。

最后来看一个疑似php内核的bug。

windows下max_input_time的bug

回忆一下,之前有提到windows下只有一个地方调用了zend_timeout,就是execute函数里,准确讲是每条opcode执行之前。

那么,假如发生max_input_time类型的超时,即使子线程将EG(timed_out)被置为1,也得延迟到execute中才能进行超时处理。貌似一切正常。

The key to the problem is that we cannot guarantee that EG (timed_out) will still be 1 when the main thread executes execute. Once EG(timed_out) is modified to 0 by the child thread before entering execute, the timeout of the max_input_time type will never be handled.

Why is EG(timed_out) modified to 0 by the child thread? The reason is: in php_execute_script, zend_set_timeout(INI_INT("max_execution_time"), 0) is called to set the timer.

zend_set_timeout will send the WM_REGISTER_ZEND_TIMEOUT message to the child thread. When the child thread receives this message, in addition to creating a timer, it will also set EG(timed_out) = 0 (see the zend_timeout_WndProc code snippet intercepted above for details). Due to the uncertainty of thread execution, it is impossible to determine whether the child thread has received the message and set EG (timed_out) to 0 when the main thread executes execute.

As shown in the figure,

If the judgment in execute occurs at the time point marked by the red line, then EG (timed_out) is 1, and execute will call zend_timeout does timeout processing.

If the judgment in execute occurs at the time point marked by the blue line, EG (timed_out) has been reset to 0, and the max_input_time timeout is completely covered.

Related recommendations:

A brief analysis of the underlying operating mechanism and working principles of PHP

Detailed explanation of PHP shared memory usage

PHP generates text-based Morse code

The above is the detailed content of Detailed explanation of PHP script timeout mechanism. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template