Here we can see, “Don’t Believe The Lies: PHP Isn’t Thread-Safe Yet”
You’d be led to assume that the official PHP distributions (from php.net) have been thread-safe since version 5.2.0 if you believed everything you heard.
That is not the case. So don’t get taken in by it. Don’t use PHP in a multi-threaded environment (mpm worker on Apache, ISAPI on IIS, etc.) because PHP thread-safety is a fallacy or, to put it another way, a collection of lies.
The pre-built binaries (in this example, Windows) are divided into two categories on the PHP download page: thread-safe and non-thread-safe:
The problem is that PHP isn’t threaded safe, regardless of whatever option you use. As a result, the dreaded “PHP has detected an access violation at memory address” error will still appear.
It’s not so much a matter of server settings as it is of PHP writing poor code and pretending it isn’t. Most people are aware that PHP isn’t multi-threading suitable. Yet, regardless of the complaints and bug reports that come in, they still feel compelled to pass it off as such.
There is currently no known solution to this issue. The official PHP distribution’s source code is simply not re-entrant, and therefore cannot be utilized in multi-threaded settings. In addition, it’s riddled with race situations and lacks proper monitors/locks on shared memory areas (which shouldn’t be shared at all). Unfortunately, there isn’t much else to say, making this piece more of a rant than a guide for those of you who are dealing with this problem.
The only other production-ready, decently-performing *sapi alternative, which is the deployment of PHP via the FastCGI interface, is still recommended by NeoSmart Technologies. This is because FastCGI scripting engines are significantly quicker than traditional CGI implementations on Linux and Windows (though the outcome is more clearly felt on Windows, where the CGI model is hideously slow). But we’ve already talked about this numerous times.
The moral of the story is that PHP isn’t multi-threaded, despite what you may expect based on what they say… Until you try it for yourself and learn that when it comes to thread-safety and the deployment of PHP in multi-threaded systems, nothing has changed in the 5.2.x releases.
If you insist on using ISAPI implementations, you should probably upgrade to the most recent PHP4 release. When it comes to reliability, the older PHP line is less likely to trigger an access-violation error on your machine, and it will far outperform the PHP5 “thread-safe” releases.
PHP needs to clean up its act and either produce real (and verifiable) thread-safe, re-entrant code or stop spreading false information that makes you believe it’s thread-safe in its current incarnation – especially when most other dynamic scripting languages (such as Perl) have proper thread-safe engines.
I hope you found this information helpful. Please fill out the form below if you have any questions or comments.
1. Why is PHP thread-insecure?
Thread safety refers to the ability of a binary to function in a multithreaded webserver environment, such as Apache 2 on Windows. You won’t need thread safety because the binary is called at each request if you run PHP as a CGI binary.
2. What is the difference between thread-safe and non-thread-safe PHP?
This version is recommended when the webserver is running many threads of execution for distinct requests simultaneously. For example, we should use the thread-safe version if we utilize mod php as a worker MPM on an Apache server. HOWEVER, when PHP is installed as a CGI binary, the non-thread-safe version is used.
3. What is the difference between thread-safe and non-thread-safe?
Distinct threads can access different objects simultaneously, and race situations are avoided while accessing shared data. Not thread-safe: Data structures should not be accessed by several threads at the same time.
4. Why are some people biased against using PHP?
5. [PHP for Windows] Which version do I install: thread safe or non thread safe?