Unable to overwrite services using MediaWikiServices hook
Closed, ResolvedPublic
Actions

Description

docs/hooks.txt says

'MediaWikiServices': Called when a global MediaWikiServices instance is
initialized. Extensions may use this to define, replace, or wrap services.
However, the preferred way to define a new service is
the $wgServiceWiringFiles array.
$services: MediaWikiServices

However, if I try to do redefine existing service, it does not work. With some debugging I get this:

New container is constructed as 675773727
Service is defined in 675773727
New container is constructed as 974431285
Service is defined in 974431285
My hook on MediaWikiServices is called on 974431285
Service is redefined on 974431285
ServiceContainer::importWiring is ran on 974431285
Wrong (original) service is returned on 974431285

Looking at the code:

	/**
	 * Imports all wiring defined in $container. Wiring defined in $container
	 * will override any wiring already defined locally. However, already
	 * existing service instances will be preserved.
	 *
	 * @since 1.28
	 *
	 * @param ServiceContainer $container
	 * @param string[] $skip A list of service names to skip during import
	 */
	public function importWiring( ServiceContainer $container, $skip = [] ) {
		$newInstantiators = array_diff_key(
			$container->serviceInstantiators,
			array_flip( $skip )
		);

		error_log( "importWiring is ran on " . $this->id );

		$this->serviceInstantiators = array_merge(
			$this->serviceInstantiators,
			$newInstantiators
		);
	}

For array merge:

If the input arrays have the same string keys, then the later value for that key will overwrite the previous one. If, however, the arrays contain numeric keys, the later value will not overwrite the original value, but will be appended.

Based on the documentation, I think the parameters for array_merge are in wrong order.

Details

Subject	Repo	Branch	Lines +/-
Deprecate premature instantiation of services.	mediawiki/core	master	+49 -13
MediaWikiServices: Re-run MediaWikiServices hook when resetting instance	mediawiki/core	master	+4 -0
Don't initialize MediaWikiServices before extensions have been loaded	mediawiki/core	master	+23 -21

Customize query in gerrit

Related Objects

Mentioned In: T278037: Premature access to service container during installation
T273261: Premature access to service container
T253541: Establish a standard way of overriding service wiring for browser tests
rEWOP7a18a1d136cf: Create extension files
T193008: MediaWiki\MediaWikiServices::resetChildProcessServices doesn't reset database connection state
T190425: GlobalPreferences deploy caused a significant increase in reads on s3
T111731: Integrate a modern debug/error display tool into MediaWiki
T190124: MediaWikiServices should not rely on globals
T184643: Security review for GlobalPreferences
T178449: RFC: How to modify all preferences?
T177735: Error handling is set up too late to catch extension registration errors
rEWOP526b0f6ef32a: Create extension files
rEWOP593efb05c76a: Create extension files
Mentioned Here: rMWbca436db9207: Allow resources to be salvaged across service resets.
rMW69aecc2eeae0: Don't initialize MediaWikiServices before extensions have been loaded

Event Timeline

• Nikerabbit created this task.Dec 14 2016, 9:25 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 14 2016, 9:25 PM

• Nikerabbit added a project: User-Nikerabbit.Dec 14 2016, 9:28 PM

if you are right, that would be bad :) I need to check and think, though. There is a misunderstanding somewhere. Maybe in my head :)

• Nikerabbit moved this task from Backlog to Needing on the User-Nikerabbit board.Dec 21 2016, 5:43 PM

Nemo_bis updated the task description. (Show Details)Dec 22 2016, 8:11 AM

Nemo_bis subscribed.

daniel moved this task from Inbox to To Do on the User-Daniel board.Jan 5 2017, 4:08 PM

Tgr subscribed.May 21 2017, 4:24 PM

MediaWikiServices::importWiring does what it says in the docs. I think the problem is that the first version of the container is set up in ExtensionRegistry::loadFromQueue before hooks have been exported. MediaWikiServices::resetGlobalServices then replaces it with a new object, and even though the MediaWikiServices hook does get called for that new object, the updated service definition gets overwritten by the old one that is copied over from the early container.

Tgr mentioned this in rEWOP593efb05c76a: Create extension files.May 21 2017, 11:11 PM

So in general the order of things is:

extensions which do not use extension registration add their MediaWikiServices hooks
loadFromQueue runs, container gets created, those hooks run
extensions which use extension registration add their hooks
resetGlobalServices runs, all hooks run but those redefining a service have no effect since old service definitions override new ones.

Also, in theory some extension entry point could get the container singleton and thus trigger hook execution, somewhere halfway in the process of LocalSettings.php executing the non-extension-registration entry points.

Tgr mentioned this in rEWOP526b0f6ef32a: Create extension files.May 23 2017, 8:47 AM

Tgr mentioned this in T177735: Error handling is set up too late to catch extension registration errors.Oct 9 2017, 6:43 AM

daniel mentioned this in T178449: RFC: How to modify all preferences?.Oct 19 2017, 1:52 PM

I ran into this issue with GlobalPreferences, and am working around it by instantiating the service just after redefinition:

	public static function onMediaWikiServices( MediaWikiServices $services ) {
		$services->redefineService(
			'PreferencesFactory',
			function ( MediaWikiServices $services ) {
				return new GlobalPreferencesFactory();
			}
		);
		// Now instantiate the new Preferences.
		$services->getPreferencesFactory();
	}

Samwilson mentioned this in T184643: Security review for GlobalPreferences.Feb 14 2018, 3:45 AM

Tgr mentioned this in T190124: MediaWikiServices should not rely on globals.Mar 20 2018, 6:29 AM

Tgr mentioned this in T111731: Integrate a modern debug/error display tool into MediaWiki.Mar 20 2018, 6:32 AM

MaxSem mentioned this in T190425: GlobalPreferences deploy caused a significant increase in reads on s3.Apr 30 2018, 9:53 PM

MaxSem subscribed.May 1 2018, 9:43 PM

Change 430012 had a related patch set uploaded (by MaxSem; owner: MaxSem):
[mediawiki/core@master] Don't initialize MediaWikiServices before extensions have been loaded

https://gerrit.wikimedia.org/r/430012

gerritbot added a project: Patch-For-Review.May 1 2018, 9:44 PM

Mainframe98 subscribed.May 2 2018, 8:26 AM

Krinkle mentioned this in T193008: MediaWiki\MediaWikiServices::resetChildProcessServices doesn't reset database connection state.May 2 2018, 8:22 PM

Change 430012 merged by jenkins-bot:
[mediawiki/core@master] Don't initialize MediaWikiServices before extensions have been loaded

https://gerrit.wikimedia.org/r/430012

daniel added a project: MediaWiki-libs-Services.May 24 2018, 10:52 AM

• Razyfouad mentioned this in rEWOP7a18a1d136cf: Create extension files.Apr 6 2019, 2:03 AM

Maintenance_bot removed a project: Patch-For-Review.May 22 2019, 3:22 PM

Change 565298 had a related patch set uploaded (by TK-999; owner: TK-999):
[mediawiki/core@master] MediaWikiServices: Re-run MediaWikiServices hook when resetting instance

https://gerrit.wikimedia.org/r/565298

gerritbot added a project: Patch-For-Review.Jan 16 2020, 3:12 PM

In T153256#5809570, @gerritbot wrote:

Change 565298 had a related patch set uploaded (by TK-999; owner: TK-999):
[mediawiki/core@master] MediaWikiServices: Re-run MediaWikiServices hook when resetting instance

https://gerrit.wikimedia.org/r/565298

I haven't yet considered all the angles, but my initial feeling is that this is hiding a problem and it will likely come at a performance cost.

To what extent can invalid/early instantiation be avoided?

What are those invalid/early instances used for?

Does that work correctly?

If so, are they really invalid? If not invalid, why does it need resetting?

Krinkle added a project: Platform Engineering.Jan 28 2020, 7:21 PM

Thanks for the review!

In T153256#5837000, @Krinkle wrote:

To what extent can invalid/early instantiation be avoided?

My understanding is that early instantiation no longer occurs since rMW69aecc2 on a default MediaWiki installation.

What are those invalid/early instances used for?

Does that work correctly?

The main use case I see for having to initialize the service container in LocalSettings.php is when a dynamic configuration loading system is used to infer the current wiki context and apply configuration overrides as needed, and this system requires services from the container such as WANObjectCache or the MediaWiki database abstraction layer.

If so, are they really invalid? If not invalid, why does it need resetting?

The code in Setup.php indicates that the service container reset is performed to ensure that any subsequent service accesses on the global container instance will take into account new services and service overrides registered by extensions.

// Reset the global service locator, so any services that have already been created will be
// re-created while taking into account any custom settings and extensions.
MediaWikiServices::resetGlobalInstance( new GlobalVarConfig(), 'quick' );

An alternative solution to this problem—that doesn't involve running the MediaWikiServices hook for a second time—could be to adjust the resetGlobalInstance() method such that it does not import the wiring from the old container instance. This was introduced along with resetGlobalInstance() itself in rMWbca436d. Since the new container instance will contain all services and service overrides from configured wiring files and MediaWikiServices hook handlers, it may be possible to eschew the importWiring call, which would resolve this issue without having to run the hook again.

daniel moved this task from Inbox to Triage Meeting Inbox on the Platform Engineering board.Feb 5 2020, 7:18 PM

WDoranWMF edited projects, added Platform Team Workboards (Clinic Duty Team); removed Platform Engineering.Feb 12 2020, 7:55 PM

WDoranWMF moved this task from Inbox to External Code Review Needed on the Platform Team Workboards (Clinic Duty Team) board.

Anomie moved this task from External Code Review Needed to External Code Review In Progress on the Platform Team Workboards (Clinic Duty Team) board.Mar 11 2020, 4:55 PM

DannyS712 added a project: MediaWiki-Core-Hooks.Apr 11 2020, 11:05 AM

In T153256#5837123, @TK-999 wrote:

The main use case I see for having to initialize the service container in LocalSettings.php is when a dynamic configuration loading system is used to infer the current wiki context and apply configuration overrides as needed, and this system requires services from the container such as WANObjectCache or the MediaWiki database abstraction layer.

I don't think we should allow use of any services during the setup phase. I am afraid that supporting this would create a mine field where no service can be safely used because you cannot not for certain whether someone somewhere will modify it again later. How would one know whether the "right" version of these services is made available? Or whether code executes in the right order? Or whether there are circular dependencies based you haven't reached an override yet. These would all fail in mysterious and non-obvious ways I think if we allow use of services during the setup phase.

**Good news*:* Using caching or database queries is not a problem. And, exactly because core now uses service wiring for most classes, this also means it is much easier to create your own instance of these. A service generally has all dependencies injected with no shared or leaked state outside of it, which means as long as you are able to pass in all the constructor parameters, there is nothing left to worry about.

In the case of WANObjectCache, or RDBMS, this means if you construct these services yourself, then you can use them. You then have the choice to either dispose of the instance (and let them be re-created later) or to let core re-use them by registering them as an override. Either way is fine.

So in a nut shell: Any classes you want to use during the setup phase must be constructed explicitly, not via the service container. And you can choose to give the objects back to the service container for re-use if you want to.

As an example, the EtcdConfig and APCUBagOStuff classes are constructed explicitly in wmf-config (source).

Krinkle removed projects: MediaWiki-Core-Hooks, MediaWiki-General.Apr 11 2020, 5:54 PM

Tgr mentioned this in T253541: Establish a standard way of overriding service wiring for browser tests.May 25 2020, 12:56 PM

CCicalese_WMF edited projects, added Platform Team Workboards (External Code Reviews); removed Platform Team Workboards (Clinic Duty Team).Jul 31 2020, 5:02 PM

daniel edited projects, added Platform Engineering; removed Platform Team Workboards (External Code Reviews).Sep 3 2020, 8:19 PM

daniel moved this task from Triage Meeting Inbox to Tech Planning Review on the Platform Engineering board.

In T153256#6049143, @Krinkle wrote:

So in a nut shell: Any classes you want to use during the setup phase must be constructed explicitly, not via the service container. And you can choose to give the objects back to the service container for re-use if you want to.

So, should we simply make it impossible to use the service container before the system has been fully initialized?

DannyS712 subscribed.Oct 1 2020, 10:05 PM

Yep. I can't imagine a scenario in which that makes sense to do and isn't unreasonble to support (imho).

Anything that needs services early either is very fragile and likely accidental, or must be required to handle its own objects instead if really needed. E.g. in wmf-config we use EtcdConfig but that is and should be constructed explicitly there as standalone object tree. Not using some kind of global service.

daniel removed daniel as the assignee of this task.Dec 1 2020, 4:24 PM

daniel subscribed.

Change 651539 had a related patch set uploaded (by Daniel Kinzler; owner: Daniel Kinzler):
[mediawiki/core@master] TEST: disallow premature instantiation of services.

https://gerrit.wikimedia.org/r/651539

In T153256#6510836, @Krinkle wrote:

Yep. I can't imagine a scenario in which that makes sense to do and isn't unreasonble to support (imho).

Anything that needs services early either is very fragile and likely accidental, or must be required to handle its own objects instead if really needed. E.g. in wmf-config we use EtcdConfig but that is and should be constructed explicitly there as standalone object tree. Not using some kind of global service.

So, according to the patch above, we can just go and prohibit "premature" service creation. At least nothing we have in CI fails. I guess we'd want it behind a feature flag at first, so things will not just explode when this is deployed.

Moving to inbox for triage. Can probably go to clinic duty for review and deployment. If deploying this change results in deprecation warnings in production, further follow-up will become necessary. If that follow-up turns out to be complex, the patch may need to be reverted.

• Clarakosi edited projects, added Platform Team Workboards (Clinic Duty Team); removed Platform Engineering.Dec 22 2020, 9:13 PM

• Clarakosi moved this task from External Code Review In Progress to Waiting for Review on the Platform Team Workboards (Clinic Duty Team) board.

Change 651539 merged by jenkins-bot:
[mediawiki/core@master] Deprecate premature instantiation of services.

https://gerrit.wikimedia.org/r/651539

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.28; 2021-01-26).Jan 25 2021, 4:00 AM

Krinkle closed this task as Resolved.Jan 28 2021, 5:33 AM

Krinkle assigned this task to daniel.

Reedy mentioned this in T273261: Premature access to service container.Jan 29 2021, 3:04 AM

RhinosF1 subscribed.Feb 10 2021, 5:29 PM

Mainframe98 merged a task: T249528: Warn if MediaWikiServices::getInstance() called prior to bootstrap completing .Apr 21 2021, 3:23 PM

Mainframe98 added a subscriber: • nnikkhoui.

Ammarpad mentioned this in T278037: Premature access to service container during installation.Jun 25 2021, 6:38 PM