Bad Nomenclature

A rant about PHP compilers in general and HipHop in particular.

Paul Biggar — Mon, 08 Feb 2010 15:46:39 +0000

I’ve worked on phc since 2005, and been its maintainer since 2007. I wrote the optimizer, and nearly everything performance related.

I had mixed reactions upon hearing about the release of HPHP [1], the new PHP compiler from Facebook. There are a few aspects to this so I’ll start with the technical stuff. I always love the social aspect, so skip to the bottom if you like whining and tears.

How does it work?

I don’t know the answer to this. I haven’t seen anyone even mention PHP’s references, which are incredibly gnarly for a static analyser [2]. HPHP might just ignore it, which isn’t necessarily a bad idea. I’m wary of ignoring edge cases, as they tend to interact in horrible ways, but I guess Facebook already run all their code off it, so it can’t be that bad.

In general, I’ve found that ignoring the edge cases is bad when compiling PHP. There are a million of them, and they all interact. They interact worst of all in static analysis, because you have to consider all possible paths. Its the sort of thing where if you nail it 100%, then you have something amazing and widely applicable, so that’s what I was aiming for with my PhD. I suspect HPHP doesn’t consider all paths, and makes all sorts of hacky assumptions. [3] This is probably a really good idea. I did the opposite in the optimizer, and the result is instead immature and slow.

Speed

Facebook said HPHP reduces by half their number of servers. PHP’s libraries are already written in C, which gives it the appearance of being fast, even though the interpreter is dog-slow. This implies that HPHP-compiled PHP code is much more than twice as fast as the PHP interpreter. This probably means HPHP is way faster than phc‘s compiled code as well.

They could have built a JIT!!

I saw some criticism for not building a JIT on LLVM. But:

LLVM isn’t mature enough for a proper dynamic JIT yet, as the Unladen Swallow team found out.
JITs are very hard to build. They ratchet up the complexity of building a compiler by about 10 times, so its probably best to avoid them if you can. [4]
PHP doesn’t really need a JIT. Server side programs in PHP don’t do a great deal of dynamic stuff, and it would be incredibly rare to load some random code at run-time, so a JIT wouldn’t be all that useful.

PHP is not like other dynamic languages. Duck-typing is possible, but most of the community best practices come from Java (along with the class system), and so its not used that much. Monkey-patching — switching out classes and methods from objects at run-time — isn’t possible, except with the hackiest of hacky unsupported extensions. Dynamicism in PHP tends to involve templates instead, like with Smarty. If you want to analyse it, then you just need to run it a few times, get all the templates to be instantiated, and compile all the generated PHP code. I’ve started calling this "deployment-time analysis", since in server-side, you probably know all the code you’re going to compile at deployment-time. So a compiler is a perfectly reasonable approach for PHP, and a JIT is probably not needed.

Will it be useful for me?

People seem to want to know if HPHP is widely useful outside of Facebook, and some people are saying "no". I disagree strongly. In order for HPHP to be useful, you need to have a PHP application which is suffering due to PHP interpreter performance. That matches Facebook perfectly, and they’ve always been the canonical example I use to explain why PHP compilers are interesting. But you don’t have to be Facebook size or scale to have performance problems.

Do you really need more speed? [5]

I’ve heard the argument "you don’t need a compiler, since PHP is rarely the bottleneck" for many years. I think its complete bollox. But I wrote a compiler for PHP, so I would say that.

Unless your PHP server is sitting there idling (which is probably the case for many PHP servers out there), then you could make use of a PHP compiler. For small timers, all components of your application are going to be sitting on the same box, contending for the same resources. Even if you assume the DB is the bottleneck, the resources the interpreter consumes could be more profitably spent on the DB.

The PHP interpreter is also quite memory hungry, as interpreters go. Any PHP value in your program uses 68 bytes of overhead [6]. An array of a million values takes over 68 MB. If HPHP is able to convert your million value array to native C types, it will only take 4MB. I’m sure your caches could make good use of that savings.

However, optimization isn’t only about speed. The main value is that they give you freedom in how you code.

There is a meme in the scripting language communities that {PHP,Ruby,Python,Perl,etc} are "fast-enough". If you need it to go faster, then you should take your hot-loop and rewrite it in C. HPHP will free you from such concerns.

You should consider also that PHP is considered relatively fast. Its not — the interpreter is dog-slow — but programs written in PHP are typically not that slow. This is because most of PHP’s huge standard library is written in C, with a thin layer of PHP over it. Anytime you call a string function, your PHP C string is passed into the C library, the pointers are manipulated and the bits are twiddled, and then it’s handed back to your code. Its a bit like driving in America: it takes a few minutes to get on the freeway, but once you’re on it you’re there in no time.

This is not necessarily a good thing:

if you want to write a library, and it needs to be fast, then it needs to be written in C,
if there is a PHP function that does almost what you need, and you write your own version instead, it will be slow.

Believe me, if your entire application just ran PHP interpreted code, it would not be fast at all. But people who write PHP functions and libraries don’t want to write C. They like PHP, are productive in it, and any time spent arsing around in C is wasted when there’s a website falling apart and a long list of features due yesterday. HPHP will free you from such concerns.

Compilers also provide other niceties. You don’t have to unroll your own loops, or move constant expressions out of loop headers. I don’t know if HPHP supports these, but I’m sure it could.

Allowing your existing code to go faster is hardly the point though. Really, the point is that you can do more in less time. Suppose you’ve decided that your application needs to response to the user in 500ms. The DB takes 200ms, the request takes 200ms, the framework takes 50ms and your code only has 50ms to run [7]. That’s quite a constraint. This leads to people using PHP as a simple templating layer, instead of as the Turing-complete langauge it is. I expect we’ll hear a lot more about HPHP, simply because of how freeing it is to the user.

So even if you only have a small VPS, instead of massive server farms like Facebook, you’re likely to find a use for HPHP. I’m sure shared hosts will set it all up soon for their users, and everyone will be happy.

Dynamic constructs

A better question is, how widely applicable is a compiler which doesn’t support all of PHP’s dynamic constructs? Funnily enough I did a bit of research on this. We chose the opposite tactic for phc: trying to stay 100% compatible with Zend, all the extensions (even the 3rd-party, unpublished, top-secret, proprietary ones), etc. You would expect we would first research whether this was useful? Well no. We built it, and then I did some analysis to check whether it was useful. You can read it in depth [8]. Basically, I downloaded 700 packages off sourceforge, and wrote some phc plugins to check for evals and dynamic includes (a dynamic include uses a variable as its parameter, instead of a constant or literal).

Result: 40% of PHP packages use dynamic constructs. Now this isn’t quite as scientific as it should be. Lots of those programs were old, and styles have changed. eval is discouraged these days, but it’s probably still used, if only to get around the weaknesses of the PHP parser. In particular, this doesn’t imply that HPHP is somehow fatally flawed for not supporting dynamic constructs. It just means it might not be so useful to you, the common PHP programmer.

An easy way to get round dynamic includes is to just consider the PHP files in the directory structure. There was a good research paper by Wassermann on supporting that, but I find it very hard going, so you probably will too. Still, a naive approach is to just stick a switch statement in, and compile everything that makes sense. This is how you would deal with things like WordPress plugins. It does mean that if you change your plugins, you’re just going to have to recompile. If you’re using a compiler, I doubt you would find that a problem.

The most important question!

Which bring us to the question of whether they should have used phc?

Obviously it would be great if they had used phc, and I’m not privy to the reasons they didn’t [10]. The design decisions we made in phc were aimed at maximum compatabilty, and the performance suffered [11] as a result. The optimizer was designed to solve these problems, and I believe it would have, but it is not mature enough now, and was still a twinkle in my eye when HPHP started two years ago.

Facebook was solving their performance problems, not building a PHP compiler for general use. If they were doing the latter, it would be much easier to criticise their approach, but for now I can’t say I would have advised them otherwise. On the other hand, they probably didn’t need to build their own parser – its a tricky problem and phc‘s parser and front-end are excellent. Had they gone another way, then they could probably have started to use phc‘s optimizer [12], which while immature and slow to compile, is pretty state-of-the-art and has great potential (if I do say so myself).

A better approach would probably have been to hire all the programmers who worked on PHP compilers, to get that expertise in house. They did try to hire me, but only recently. I’m honestly surprised that they haven’t tried to hire the Shannon Weyrick, who is currently working on rphp, his second PHP compiler [13].

What does this mean for phc?

When they annouced HPHP, I would have said it was phc‘s death toll. The original phc authors, Edsko and John, have moved on to other projects, and I’ve run it mostly solo for about two years. But I havent worked on phc in about 6 months, and my hatred of PHP makes it unlikely I will again. My requests for new contributors to step up has fallen on deaf ears, and my summer intern hasn’t decided to take over either.

Since no-one wants to take on the compiler, the new competition from Facebook should probably kill it, right? Maybe not. Over the last week, traffic to the phc website has increased by five times [14]. Facebook has unleashed some sort of latent interest in PHP compilers that I haven’t been able to extract from people. So perhaps this might be the rebirth of phc, not its death.

And phc is better than HPHP in some ways. HPHP is almost certainly faster because they didn’t have to deal with eval, dynamic stuff, and because they don’t use the Zend libraries. But phc was specifically designed to work with the Zend libraries, with eval, with everything. So it’s probably a better fit for most projects than HPHP.

If you want to take over phc, then join the mailing lists, download the source code, read the death notice and contribution page, and email me for commit access.

phc will likely live on anyway. The front-end is pretty slick: Facebook ran it over their million lines of code and only had one or two problems. It gives a lovely AST to allow all sorts of code transformation tools, has a nice plugin interface (for C++ lovers) and an XML interface (for the rest of you), and will spit your code out largely as you put it into it. Its certainly the most mature and well tested part of the whole project.

The optimizer is pretty slick as well, but in a different way. I’m pretty sure its the most advanced static analyser for PHP, and it’s waiting to be put to good use. That said, it’s damn slow, and not mature (read: pretty buggy), and itself doesn’t support eval and dynamic includes (surprise!!). The optimizer is waiting for some love — I could imagine it making a pretty nice "automatically find out what types your function may be passed" kind of linter.

Otherwise, phc will only live on as part of the Roadsend Raven compiler. I understand that they’re going to take the optimizer and the parser from phc, and that will be really interesting.

Finally, what does it mean for me? Well, I’ve left that ship already. I’ve hated PHP for a long time, and have no desire to go back to it. I’m doing a startup now, but when I go back to regular employment I will be looking for another scripting language run-time. There are plenty to choose from, in particlar Unladen swallow and TraceMonkey. Mozilla looks like an amazing place to work, so I think I’ve worked out my backup plan.

[1]	I can’t bring myself to call it Hiphop. Worst name ever. Rumor has it that the ‘H’ in HPHP stands for "Haiping", the author of HPHP, so I like that name better.

[2]	See chapter 6 of my thesis

[3]	This is just a hunch. Obviously I have no way of verifying this, and I don’t really want to read the source when it comes out to check. So as accusations go, this one is obviously pretty baseless.

[4]	Says a guy who wrote a PHP compiler. I may be biased.

[5]

I’m trying to imply you don’t, but everyone loves more speed. Plus, compilers are cool toys, even if you don’t need them. So 99% of the people who start using HPHP will use it cause its cool and they love to go fast, not because they’ve carefully considered the design of their project and determined that a compiler would solve something.

[6]	68 bytes is on 32-bit systems. I think its 96 bytes on 64 bit.

[7]	I pulled these numbers out of my arse.

[8]	You can read the paper (see Section 7.5) for my method, results, etc.

[9]

Open-sourcing and patenting aren’t strictly mutually exclusive, but presumably they won’t patent it now. A firm word on the topic from Facebook would be nice. And yes, I’m aware of the patent climate in America, and how you have to patent everything you can get your hands on, and it doesn’t make you evil. It still fucks with people who write compilers though.

[10]	If you know why, let me know. This is open source, I can take it.

[11]	I went into a bit of detail in my Google Tech Talk, if you’re interested.

[12]	Interested parties can find more information in chapter 6 of my PhD thesis

[13]	This is pronounced RoadsEnd, apparently. I’ve been mispronouncing it for years.

[14]	The phc website used to get 200 visits per day. On Tuesday it got 1100 visits, going up to over 2000 on Wednesday. And 1000 downloads by the look of it. Does anyone know how to find out how many people check the code out of a Google Code svn repostory?.

Introducing Malicious Code Reviews

Paul Biggar — Wed, 24 Dec 2008 01:11:00 +0000

I’m inventing a new sport today, which I call “malicious code reviews”. I spent a few hours reading some really very bad code, and in retaliation against its author(s), I’m going to code review it [1]. The code comes from PHP version 5.2.8, the latest stable release. This particular file is Zend/zend_operators.h [2]. You might want to open it in a new window, or in a popup, so that you can follow along.

I’ll start [3] at the top:

#if 0&&HAVE_BCMATH #include "ext/bcmath/libbcmath/src/bcmath.h" #endif

I’ve skipped a few minor problems to go straight to the laughably poor, the #if 0. Funny story though: I saw a “code review” in PHP recently which chastised the addition of a #if 0. I initially thought that, finally, someone is actually stepping up to stop the rot within the PHP engine. Sadly, they instead complained that according to the rules of the PHP project, an #if 0 must also have the author’s name added to it. The mind boggles.

There is a limited amount of reasonable code, which I’ll skip, followed by the is_numeric_string() function [4], only one of the finest examples of poor code I’ve ever seen. I linked to it above, so I recommend that you actually read along as I go. This will be no fun unless you can actually see it.

It starts off, surprisingly, with the most thorough comment I have yet to see in PHP. It is merely average in terms of what you might read in a gcc source file, but here it is a shiny gold nugget floating in a murky brown sea. However, it degrades fairly rapidly. You might notice this giant function is in a header, and that it is declared to be static inline. This is a prelude for what’s to come.

The function starts with some whitespace skipping [5]:

while (*str == ' ' || *str == '\t' || *str == '\n'
    || *str == '\r' || *str == '\v' || *str == '\f') {
   str++;
   length--;
}

Just two lines above the function they have two macros, called ZEND_IS_DIGIT and ZEND_IS_XDIGIT. Could they not have added ZEND_IS_WHITESPACE? A pity, but a tiny flaw compared to the gaping maw of despair that follows a little bit later. The code continues fine: check for a digit, check if its hex (with comments, very good) until we come to this line:

for (type = IS_LONG;
     !(digits >= MAX_LENGTH_OF_LONG
        && (dval || allow_errors == 1));
     digits++, ptr++)

I’d like somebody to come forward and explain why

type = IS_LONG

is in the loop initialization statement. And why the loop condition is so unreadable. And why the elements of the loop header are not related in any way at all!!! But this is just the start. The next line is a doozy:

check_digits:

Do you feel the fear? I feel the fear. Its a label. That means that somewhere in this function, there is a goto. Not that there’s anything wrong with gotos. Sure, if misused they can lead to unreadable, spaghetti co– OH MY GOOD GOD. I’ve found some gotos, but they go to a different label. Two labels. And the first one is in a for-loop! Don’t panic, maybe its readable. Maybe the second one is also in the for-loop. Please? Pretty please?

Fuck. Fuck fuck fuck. I’d like to suggest you try to work it out yourself, but you’d probably prefer not to. If you haven’t looked at the code yet, now is the time. Don’t worry if you don’t know C — with code like this, knowing the language is not the advantage you’d expect.

The first label, check_digits, is in a for-loop. That for-loop has two gotos (and one continue and one break, just to make things more readable), which both go to the other label process_double. process_double is outside the loop, deeply nested in a completely separate series of if-else statements. They have also given up on comments by now). After checking a few more conditions, only then do you jump back into the previous for-loop!!!! Oh wait. No, that’s not right. They’re in different paths. There actually added control-flow edges from an else-body to within a for-loop in the if-body. Just wow.

I’d like to say that this horrendous function is over. After all, this is just the first function I’ve come across. But while there is only simple (but uncommented) code remaining in the function, I have a final nit to pick.

if (ptr != str + length) {
    if (!allow_errors) {
        return 0;
    }
    if (allow_errors == -1) {
        zend_error(E_NOTICE,
            "A non well formed numeric value encountered");
    }
}

There is a check to see if allow_errors is -1, even though the comment only mentioned two possible values for allow_errors. So what does it mean for it to be -1? We’re saved from figuring it out because the check can’t even trigger. If allow_errors was non-zero, the function would have returned already.

Now, you might consider this a minor nit, and its easy to see that it wasn’t fixed when you consider how deeply it was nested [6]. But this sort of thing is the rule, not the exception in PHP sources. Broken windows built on top of other broken windows.

The rest of the header is OK, considering. There is a macro that’s not appropriately guarded [7], and a few with no guards and no comments. A few macros use their parameters more than once (bane of post-incrementers everywhere), and some duplicate some code between them, or write the same code in multiple ways [8]. There are then a ton of macros which can be used as lvalues:

#define Z_DVAL(zval)            (zval).value.dval
#define Z_STRVAL(zval)          (zval).value.str.val
#define Z_STRLEN(zval)          (zval).value.str.len

except one

#define Z_BVAL(zval)            ((zend_bool)(zval).value.lval)

where an enterprising soul mustn’t have thought hard before committing. PHP has long been lambasted for its inconsistency; it turns out that this inconsistency is not limited to just its libraries, syntax or semantics.

To finish off this file is a frankly baffling piece of code. Let this be a lesson about commenting. Sometime the ‘why’ of the comment is not sufficient – occasionally, you will need to explain what the code is doing.

#if HAVE_SETLOCALE && defined(ZEND_WIN32) && !defined(ZTS) \\
    && defined(_MSC_VER) && (_MSC_VER >= 1400)
/* This is performance improvement of tolower() on Windows
 * and VC2005
 * GIves 10-18% on bench.php
 */

And we’re done

Unfortunately, this file is not an isolated incident. The entire Zend/ directory — the core of the whole PHP implementation — is a filthy mess. While the is_numeric_string() function might be the worst code I have ever seen, most of the Zend/ files contain a lot of hideous code: poor organized, badly written, badly documented, unreadable messes.

Notes:

[1]

I’m aware that as a ‘code review’, this is actually pretty poor, primarily due to its lack of constructive criticism. So this is more of a detailed, flame-bait-y rant about the quality of code in this file, which I will use to assure people that the rest of the code I’ve seen in the PHP project is of similar caliber. And none of that is really very constructive.

As it happens, I am preparing a much more constructive piece about why the code in PHP is so bad, how it got this way, and how to fix it. But first I’d like to demonstrate how poor the code currently is, and it’s difficult to do this without some bile and vitriol.

[2]	I was originally planning to do zend_operators.c, and thought I’d quickly do the header first. But this was so poor that I ended up writing about it.

[3]

I didn’t want to bog down the intro with my method, but it should probably be here anyway.

I’m analysing the latest release, PHP 5.2.8. Its a little difficult to choose which version of PHP to pick on, but the latest stable release is probably not too unfair.
All files that I’ll choose come from the Zend/ directory, which makes up the core of the PHP interpreter.
I could do some code archaeology, and find how the code got to the state that it did, and perhaps personally hunt down the person who did it, but I wont. Even if I could find a sole contributor to blame, there are so many broken windows in PHP that I feel the blame should be spread across all the PHP internals developers.

[4]	Unfortunately, `is_numeric_string()` was cleaned up at some point (though the version I review here is what’s in all the 5.2.x releases, and is scheduled to be in 5.3.), so this post loses a smidgen of its sting.

[5]	I should point out that I’ve tidied up the code to fit in the blog. So if you’re thinking “at least the lines aren’t too long”, well, they are.

[6]	When they fixed this particular piece of code, the `allow_errors` checks became much less obfuscated, but still was not removed, sadly.

[7]	A macro guard (if that is indeed the right name, and not one I just made up), is when you wrap a macro in a `do-while(0)` loop.

[8]	If you know Zend internals, spot the difference: SEPARATE_ZVAL_IF_NOT_REF(ppzv); and if (!(*ppzv)->is_ref) SEPARATE_ZVAL(ppzv);