php debugging from the trenches
DESCRIPTION
A tour of what makes up a bug, how to replicate issues, PHP specific bugs, and practical techniques on how to tackle them.TRANSCRIPT
PHP Debugging from the Trenches
PHP Cambridge, 24 Feb 2014 Simon R Jones, Studio 24
Me
• Founder & Technical Director of digital agency Studio 24
• Programming PHP since 1999
• Contributor to ZF1
• Contributor to Web Standards Project
• Zend Certified Engineer
• Organiser of PHP Cambridge and Refresh Cambridge
studio24.net
What causes bugs
First steps
PHP errors
Error reporting
Debugging in PHP
Remote debugging
AJAX and Web Services
Legacy software
Good practises
studio24.net
– Wikipedia
“Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a computer program or a piece of electronic hardware, thus making it behave as expected.”
studio24.net
– Wikipedia
“Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a computer program or a piece of electronic hardware, thus making it behave as expected.”
studio24.net
!
We want to avoid this!
WSOD:White Screen Of Death!
Which makes you feel like this..
While we’d rather be happily solving problems
What causes bugs?
studio24.net
Grace Hopper http://www.history.navy.mil/photos/pers-us/uspers-h/g-hoppr.htm
What causes bugs?
• Human error (typos)
• Business logic errors
• Environmental errors (files, web service, DB)
• Client-side errors (web browsers)
• External software bug (PHP, Apache, etc)
• And sometimes it’s just a feature request or misunderstanding!
studio24.net
First steps
studio24.net
– Sherlock Holmes, A Scandal in Bohemia
“It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts.”
studio24.net
Understand the issue
1. What did you do?
2. What happened?
3. What was supposed to happen?
studio24.net
(how to reproduce the issue)
(what’s wrong)
(expected behaviour)
Know your environment
• URL
• Web browser
• Operating System / Device
• JavaScript support?
studio24.net
Gather data
• Logs
• Webserver access / error logs (Nginx, Apache)
• Application logs
• Software logs (Varnish, MySQL)
• File system
• Permissions
• File space, check with df -h
studio24.net
Replicate the issue
• Replay steps
• Can you replicate it?
• If not, what’s different?
• Is the data the same?
• Are there time-based business rules?
• Are you using the same web browser/OS?
studio24.net
PHP errors
studio24.net
PHP errors
• Parse errors
• Identified by T_* parser tokens
• T_PAAMAYIM_NEKUDOTAYIM issues with static operator ::
• Sending headers more than once
• Segmentation faults
• Exception thrown without a stack frame in Unknown on line 0. Yay!
studio24.net
syntax error, unexpected T_SL …
$heredoc = <<<EOD My long piece of text on a few lines
EOD;
<<<<<<< HEAD $title = "My updated code"; ======= $title = "My old code"; >>>>>>> master
there’s a space here
syntax error, unexpected $end in /path/to/file.php on line 27
$heredoc = <<<EOD My long piece of text on a few lines
EOD;
// More code here for ($x=0; $x<10; $x++) { // Do stuff }
echo $something;
there’s a space here
but the error reports here
Syntax errors
Easily fixed with a decent IDE or running lint before you deploy code:
php -l /path/to/file.php
No syntax errors detected in file.php
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by…
<?php
$title = "My title";
// More code here for ($x=0; $x<10; $x++) { // Do stuff }
?>
a space here
or here will flush the headers
Headers sent twice errors
Easily fixed by separating PHP from your templates and don’t include final ?> in files that only contain PHP
<?php // Some code $title = "Lots of code here!";
// Look Ma, no closing ?> here!
Obscure error messages
• Segmentation fault - issue writing to memory, usually an internal bug
• Exception thrown without a stack frame - exception thrown in destructors / exception handlers
studio24.net
Error reporting
studio24.net
Error reporting
// Development display_errors = On display_startup_errors = On error_reporting = -1 // E_ALL works PHP5.4+ log_errors = On
// Production display_errors = Off display_startup_errors = Off error_reporting = E_ALL log_errors = On
Error reporting
• Any syntax errors in the file that defines error reporting will ignore these settings
• Default is to log errors to Apache ErrorLog location, overrides php.ini error_log setting
studio24.net
Custom error handling
• set_error_handler() - PHP errors
• set_exception_handler() - uncaught exceptions
• Log errors
• Log stack traces
• Display friendly page to users
• Use monitoring for alerts
studio24.net
Suppressing errors
• @ operator
• Don’t do it!
• Unless you immediately test the result and deal with it
• Suppressed errors still sent to custom error handler
• Scream to disable!
ini_set('scream.enabled', 1);
Debugging in PHP
studio24.net
Quick and dirty
• var_dump() and print_r()
• Very basic, and not that useful
• Needs formatting if complex data
echo "<pre>";var_dump($stuff);exit;
• Xdebug formats var_dump()
studio24.net
Displaying errors Pretty Blue Screen
Developer toolbars
• Send JavaScript messages to console.log()
• Use Firebug and FirePHP to send messages from PHP to the console
• Can profile DB queries via Zend_Db_Profiler_Firebug
Framework debug toolbars
• Useful for quickly seeing information
• May slow application down
studio24.net
Symfony toolbar
Xdebug
• Stack traces for errors
• Profiling
• Remote debugging
• Enabled via zend_extension in php.ini
• Don’t use in production!
• XHProf is designed for profiling on production servers
studio24.net
Xdebug stack trace
Remote debugging
studio24.net
Xdebug remote debugging
• Enable in PHP.ini via
xdebug.remote_enable=1 xdebug.remote_port="9000"
1. Set breakpoints
2. Run in browser via session, or browser extension
3. Step through code in IDE
studio24.net
Remote debugging in PHP Storm
Debugging AJAX and Web Services
studio24.net
CURL
• Great for quickly inspecting headers
curl -s -H 'X-Auth-Token: AUTH_TOKEN’ \ -H 'Accept: application/json' \ 'http://domain.com/url' | python -m json.tool
curl --HEAD http://domain.com/url
• Redirects are aggressively cached in most browsers, CURL isn't
• Use it to debug web services
• Use Python’s json.tool to format returned JSON
studio24.net
Charles Proxy
• Records all requests
• Inspect request and response headers
• Makes it really easy to debug AJAX
• You can include just your test domain to reduce amount of data captured
studio24.net
Dealing with SSL
• Charles acts as a proxy to allow you to inspect SSL requests.
• This is the same as a man-in-the-middle attack
• You need to authorise your web browser to allow this
• Access third-party URLs directly to do this
studio24.net
–Sherlock Holmes, The Memoirs of Sherlock Holmes
“Nothing clears up a case so much as stating it to another person.”
studio24.net
If you’re stuck get a fresh view
• “Rubber duck” debugging
• The act of talking through an issue forces you to think logically
studio24.net
Debugging Legacy software
studio24.net
Problems debugging Legacy software
• “Spaghetti code”
• No organised class/function system
• Duplicated code
• Dead code
• Global variables
• Unescaped SQL (and other security woes)
• Suppressed errorsstudio24.net
Strategies
• Ensure you have a local development environment
• Get the codebase into version control
• Remove dead code
• Review error logs
• Debug with Xdebug to understand code flow
• Refactor by making small, incremental changes
studio24.net
Refactoring
It Was Like That When I Got Here: Steps Toward Modernizing a Legacy Codebasehttp://paul-m-jones.com/archives/2667!Modernizing Legacy Applications In PHPhttps://leanpub.com/mlaphp
studio24.net
Good practises to help make debugging easier
studio24.net
Good practises
• Use a good IDE (PHPStorm, Zend Studio, NetBeans)
• Coding standards
• Document your code
• Filter In / Escape Out
• Defensive coding (test all return values)
• Automated testing
studio24.net
PHPUnit Unit testing
Selenium Browser testing
–Sherlock Holmes, The Adventures of Sherlock Holmes
“Chance has put in our way a most singular and whimsical problem, and its solution is its
own reward”
studio24.net
@simonrjones!
http://www.slideshare.net/simonrjones/TODO
Thanks!
Useful links
Environmenthttp://supportdetails.com/
Browser testinghttp://www.browserstack.com/ http://docs.seleniumhq.org/
PHP parser errorshttp://php.net/manual/en/tokens.php
Debug toolbars http://www.sitepoint.com/pretty-blue-screen/ https://github.com/zendframework/ZendDeveloperTools http://www.firephp.org/
Debugging and Profilinghttp://xdebug.org/https://github.com/facebook/xhprofhttps://github.com/perftools/xhgui
Charles Proxyhttp://www.charlesproxy.com/ http://techportal.inviqa.com/2013/03/05/manipulating-http-with-charles-proxy/
PHP Standardshttp://www.php-fig.org/ http://www.phptherightway.com/
Refactoringhttp://paul-m-jones.com/archives/2667