PHP garbage collection mechanism—basic knowledge of reference counting

Each PHP variable exists in a variable container called "zval". A zval variable container contains, in addition to the type and value of the variable, two bytes of additional information. The first one is "is_ref", which is a bool value used to identify whether this variable belongs to the reference set. Through this byte, the PHP engine can distinguish ordinary variables from reference variables. Since PHP allows users to use custom references by using &, there is also an internal reference counting mechanism in the zval variable container to optimize memory usage. The second extra byte is "refcount", which is used to indicate the number of variables (also called symbols) pointing to this zval variable container. All symbols exist in a symbol table, where each symbol has a scope (scope), the main script (for example: the script requested through the browser) and each function or method also have a scope.

When a variable is assigned a constant value, a zval variable container will be generated, as in the following example:

Example #1 Create a new zval container

<?php
    $a = "new string";
?>

In the above example, the new variable a is in the current generated within the scope. And a variable container of type string and value new string is generated. In the extra two bytes of information, "is_ref" is set to FALSE by default because no custom reference is generated. "refcount" is set to 1 because there is only one variable using this variable container. Note that when "refcount" is 1, "is_ref" is always FALSE. If you have Xdebug installed, you can pass Call the function xdebug_debug_zval() to display the values ​​of "refcount" and "is_ref".

Example #2 Display zval information

<?php
    xdebug_debug_zval(&#39;a&#39;);
?>

The above routine will output:

a: (refcount=1, is_ref=0)='new string'

Assigning one variable to another variable will increase the number of references (refcount).

Example #3 The growth of refcount in zval

<?php
    $a = "new string";
    $b = $a;
    xdebug_debug_zval( &#39;a&#39; );
?>

Above The routine will output:

a: (refcount=2, is_ref=0)='new string'

At this time, the number of references is 2, because the same variable container is associated with variable a and variable b. PHP will not copy the generated variable container when it is not necessary. The variable container is destroyed when "refcount" becomes 0. When any variable associated with a variable container leaves its scope (for example: the function execution ends), or the function unset() is called on the variable, "refcount" "will be reduced by 1, as the following example can illustrate:

Example #4 Reduction of refcount in zval

<?php
    $a = "new string";
    $c = $b = $a;
    xdebug_debug_zval( &#39;a&#39; );
    unset( $b, $c );
    xdebug_debug_zval( &#39;a&#39; );
?>

The above routine will output:

a: (refcount=3, is_ref=0)='new string'
a: (refcount=1, is_ref=0)='new string'

If we now execute unset($a);, including type and value The variable container will be deleted from memory.

Compound Types

Things are a little more complicated when considering compound types like array and object. Unlike scalar type values, array and object type variables store their members or properties in their own symbol tables. This means that the following example will generate three zval variable containers.

Example #5 Create an array zval

<?php
    $a = array( &#39;meaning&#39; => &#39;life&#39;, &#39;number&#39; => 42 );
    xdebug_debug_zval( &#39;a&#39; );
?>

The output of the above routine is similar to:

a: (refcount=1, is_ref=0)=array (
   'meaning' => (refcount=1, is_ref=0)='life',
   'number' => (refcount=1, is_ref=0)=42
)

Example #6 Add an existing element to the array

<?php
    $a = array( &#39;meaning&#39; => &#39;life&#39;, &#39;number&#39; => 42 );
    $a[&#39;life&#39;] = $a[&#39;meaning&#39;];
    xdebug_debug_zval( &#39;a&#39; );
?>

The output of the above routine is similar to:

a: (refcount=1, is_ref=0)=array (
   'meaning' => (refcount=2, is_ref=0)='life',
   'number' => (refcount=1, is_ref=0)=42,
   'life' => (refcount=2, is_ref=0)='life'
)

Or The graphical display is as follows:

From the above xdebug output information, we see that the original array element and the newly added array element are associated to the same zval variable container of "refcount" 2. Although the output of Xdebug shows two values The zval variable container for 'life' is actually the same one. The function xdebug_debug_zval() does not display this information, but you can see it by displaying the memory pointer information.

Deleting an element in the array is similar to deleting a variable from the scope. After deletion, the "refcount" value of the container where the element in the array is located is reduced. Similarly, when "refcount" is 0, this The variable container is deleted from the memory. Here is another example to illustrate:

Example #7 Removing elements from an array

<?php
    $a = array( &#39;meaning&#39; => &#39;life&#39;, &#39;number&#39; => 42 );
    $a[&#39;life&#39;] = $a[&#39;meaning&#39;];
    unset( $a[&#39;meaning&#39;], $a[&#39;number&#39;] );
    xdebug_debug_zval( &#39;a&#39; );
?>

The output of the above routine is similar to:

a: (refcount=1, is_ref=0)=array (
   'life' => (refcount=1, is_ref=0)='life'
)

Now, when we add an array itself as Things get interesting when elements of this array are included, as the next example will illustrate. In the example we added the reference operator, otherwise php will generate a copy.

Example #8 Add array elements to the array itself

<?php
    $a = array( &#39;one&#39; );
    $a[] =& $a;
    xdebug_debug_zval( &#39;a&#39; );
?>

The output of the above routine is similar to:

a: (refcount=2, is_ref=1)=array (
   0 => (refcount=1, is_ref=0)='one',
   1 => (refcount=2, is_ref=1)=...
)

Or graphically

You can see that the array variable (a) is also the second element of the array (1) The "refcount" in the pointed variable container is 2. The "..." in the above output indicates that a recursive operation has occurred, which obviously in this case means that the "..." points to the original array.

Same as before, calling unset on a variable will delete the symbol, and the number of references in the variable container it points to will also be reduced by 1. Therefore, if we call unset on variable $a after executing the above code, then the number of references to the variable container pointed to by variable $a and array element "1" is reduced by 1, from "2" to "1". The following example can illustrate:

Example #9 destroys $a

(refcount=1, is_ref=1)=array (
   0 => (refcount=1, is_ref=0)='one',
   1 => (refcount=1, is_ref=1)=...
)

or graphically displayed as follows:

Cleanup Problems

Although there is no longer any symbol in a scope pointing to this structure (that is, the variable container), since the array element "1" still points to the array itself, this container cannot Cleared. Since there is no other symbol pointing to it, the user has no way to clear the structure, resulting in a memory leak. Fortunately, PHP will clear this data structure at the end of the request, but before PHP clears it, it will consume a lot of space in memory. This happens a lot if you're implementing a parsing algorithm, or doing other things like having a child element point to its parent. Of course, the same situation can happen with objects, in fact it is more likely to happen with objects, because objects are always implicitly referenced.

It’s okay if the above situation occurs only once or twice, but if memory leaks occur thousands or even hundreds of thousands of times, this is obviously a big problem. In long-running scripts, such as daemons that rarely end requests, or large sets in unit tests, the latter (referring to There will be problems with large suites in unit tests. It will require 2GB of memory, and the average test server does not have such a large memory space.