Page MenuHomePhabricator
Create Task
Maniphest T344189

array_merge_recursive inefficient on PHP 8.2 in HtmlForm
Open, Needs TriagePublicBUG REPORT
Actions

Description

What happens?:
HtmlForm (includes/htmlform/HtmlForm.php#L432) can lead to PHP memory exhaustion (apparently no matter how high I keep increasing it). This is due to the line:
$this->mFieldTree = array_merge_recursive( $this->mFieldTree, $loadedDescriptor ); array_merge_recursive seems to be highly inefficient in this instance, and it ends up working properly without memory exhaustion or even coming close if I change it to a function such as:

private function mergeArraysRecursive($array1, $array2) {
    foreach ($array2 as $key => $value) {
        if (is_array($value) && isset($array1[$key]) && is_array($array1[$key])) {
            $array1[$key] = $this->mergeArraysRecursive($array1[$key], $value);
        } else {
            $array1[$key] = $value;
        }
    }

    return $array1;
}

and replace array_merge_recursive with $this->mergeArraysRecursive

Software version: MW 1.40/PHP 8.2.8

Event Timeline

Universal_Omega created this task.Aug 14 2023, 8:04 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 14 2023, 8:04 PM
Paladox subscribed.Aug 14 2023, 8:08 PM
Izno added a project: Performance Issue.Aug 14 2023, 8:41 PM
TK-999 subscribed.Aug 15 2023, 11:31 AM

Might be worth an upstream report if a minimal reproducer can be isolated.

Are you using the JIT, just in case?

Universal_Omega added a comment.Aug 15 2023, 3:56 PM
In T344189#9092851, @TK-999 wrote:

Might be worth an upstream report if a minimal reproducer can be isolated.

Are you using the JIT, just in case?

Yes, JIT is being used.

I've heard array_merge_recursive is not great performance in PHP for quite a while for large arrays anyway, I wonder if something similar to StringUtils::explode() be added to ArrayUtils would be worth it for this?

TK-999 added a comment.Aug 15 2023, 4:04 PM

Possibly. I think it's worth disabling the JIT (ie making sure that opcache.jit_buffer_size is unset or 0, which is the default) though just to rule it out as a cause—it's been known to cause oddball issues when it is enabled that simply do not occur when it is off, and its maintenance status in general is dubious.

Universal_Omega added a comment.Aug 15 2023, 5:13 PM
In T344189#9093734, @TK-999 wrote:

Possibly. I think it's worth disabling the JIT (ie making sure that opcache.jit_buffer_size is unset or 0, which is the default) though just to rule it out as a cause—it's been known to cause oddball issues when it is enabled that simply do not occur when it is off, and its maintenance status in general is dubious.

Yeah, I'll give that a try, but I also know array_merge_recursive is one of the least performent functions in PHP even prior to PHP 8 as a whole, so I wonder if that is something that would be worth it even if the underlying exhaustion does not happen without JIT.

Paladox added a comment.Oct 25 2023, 1:33 AM
In T344189#9093734, @TK-999 wrote:

Possibly. I think it's worth disabling the JIT (ie making sure that opcache.jit_buffer_size is unset or 0, which is the default) though just to rule it out as a cause—it's been known to cause oddball issues when it is enabled that simply do not occur when it is off, and its maintenance status in general is dubious.

That unset for us doesn’t fix it.

R4356th subscribed.Oct 25 2023, 6:09 AM
TK-999 added a comment.Oct 25 2023, 10:18 AM

What page(s) does this happen on reliably?

Paladox added a comment.Oct 25 2023, 11:29 AM
In T344189#9279123, @TK-999 wrote:

What page(s) does this happen on reliably?

I can reproduce this when saving on Special:ManageWiki/permissions but I think it happens to most of ManageWiki because it uses HtmlForm. The cause of this is https://github.com/wikimedia/mediawiki/commit/4727ed1a9ccb6c321e536f0249dafc1f4d160d88.

OriginalAuthority subscribed.Oct 25 2023, 11:37 AM

Can confirm the above also happens using 8.1, when also using the same extension.

Paladox added a comment.Oct 25 2023, 11:48 AM

Digging, I can reproduce the OOM if I just do: error_log(print_r($loadedDescriptor, true));.

Func subscribed.Oct 25 2023, 11:48 AM

HTMLForm has been widely used in the core and many extensions, if the bug is only reproducible with interfaces created by the ManageWiki extension, there must be some unusual pattern in that extension.

Paladox added a comment.Oct 25 2023, 11:59 AM
In T344189#9279380, @Func wrote:

HTMLForm has been widely used in the core and many extensions, if the bug is only reproducible with interfaces created by the ManageWiki extension, there must be some unusual pattern in that extension.

First It only happens on php 8.2/8.1. Secondly I can reproduce by just doing error_log(print_r($loadedDescriptor, true)); within addFields(). So it seems $loadedDescriptor is the cause.Thirdly it only happened when saving.

I don't see anything in https://github.com/miraheze/ManageWiki/blob/3ac3e7b69b911d97d22057e4b1541bc9d59d8374/includes/FormFactory/ManageWikiFormFactory.php#L54 that would cause exceptional memory usage?

Paladox added a comment.Oct 25 2023, 12:14 PM
This comment was removed by Paladox.
Paladox added a comment.Oct 25 2023, 12:44 PM

Even further, I got to $setSection[$fieldname] = $field;.

Paladox added a comment.Oct 26 2023, 12:52 AM

... And further I get to $descriptor['parent'] = $parent; (which the param passed is $this.

Paladox added a comment.Oct 26 2023, 1:09 AM

I can reproduce it on Special:Preferences.

Paladox added a comment.Oct 26 2023, 11:52 AM

Found it. It's the type in loadInputFromParameters.

Switch from:

	public static function loadInputFromParameters( $fieldname, $descriptor,
		HTMLForm $parent = null
	)

to

	public static function loadInputFromParameters( $fieldname, $descriptor, $parent = null)

seems to fix it.

Paladox added a comment.Oct 26 2023, 12:04 PM
In T344189#9283792, @Paladox wrote:

Found it. It's the type in loadInputFromParameters.

Switch from:

	public static function loadInputFromParameters( $fieldname, $descriptor,
		HTMLForm $parent = null
	)

to

	public static function loadInputFromParameters( $fieldname, $descriptor, $parent = null)

seems to fix it.

Hmm, doesn't work now. (I've reset the file back and tried applying it to make sure)

Paladox added a comment.Oct 26 2023, 4:31 PM

We could revert https://github.com/wikimedia/mediawiki/commit/4727ed1a9ccb6c321e536f0249dafc1f4d160d88 until a fix is found?

Paladox added a comment.Nov 4 2023, 3:27 PM

I found a fix: https://github.com/miraheze/ManageWiki/commit/4fb5fd1a365b55889b632d11ed07239f2582c1bf. Not sure what changed in php 8.2 to require that. I saw on production:

image.png (798×2 px, 338 KB)

which led me to finding this fix (prod was running php 7.4).

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL