HHVM

Project Update and OSS Support Changes

Paul Bissonette — Fri, 27 Oct 2023 00:00:00 +0000

Hi everyone 👋

It’s been a while since our last update here, and a lot has changed in the last year. The Hack and HHVM teams have been busy working on a wide array of improvements to both the language and the runtime, this year we’ve already landed over 2.5k commits. A lot has changed for us in the last year - our teams have been asked to take on a lot of new scope and projects, and we continue to have a very small number of open source users picking up our HHVM+Hack builds. As a result, we feel we need to reevaluate some of our open source strategy. First let’s talk about some of the major changes to the project:

We’ve made the decision to drop support for GCC. Meta has begun using Clang for all internal builds, and with Meta’s reduced investment, we can’t afford to maintain a separate CI for GCC.
Additionally, we will no longer be creating official releases of HHVM and Hack. As we’ve increased the cadence and automation around our internal releases, maintaining old versions of HHVM has become a full-time job that we lack the bandwidth for.
Finally, while we plan to keep CI for our CMake build system on GitHub, we will no longer be supporting these builds ourselves. We’re asking that the community take a more active role in fixing and maintaining this system. For years, our CMake builds have required very little attention but the increasing coupling of Hack and HHVM and the introduction of more Rust code has made this far more time-consuming.

We remain committed to sharing the work we’re doing and engaging with the open-source community, but the reality is, we can’t afford to validate and release the variety of HHVM and Hack combinations like we used to.

Our team has been working hard on a number of internal projects focused on improving the performance of our developer tools, enhancing the Hack language, improving the reliability of the runtime, and completing some major infrastructure changes, and we look forward to sharing those wins with this community.

This year has brought many new features to the Hack language, so far we’ve completed work on true types, equality refinement, with refinement, and type constant support for enum classes. Each of these features deserves its own more detailed breakdown, but we will summarize them here. With true types, Hack can now differentiate between three classes of type information: trusted, best effort, and dynamic. A type is said to be trusted when we’re sure that the static inference from the type checker is correct; best effort when that inference may be incorrect in the presence of dynamic code, and dynamic when a meaningful type cannot be inferred. Equality refinements allow Hack to narrow inferred types using the result of === and !== comparisons, resulting in more fluent code with fewer duplicative checks to satisfy the type checker. The new with refinement feature behaves similarly to a where clause, but can correctly handle abstract type constants and require less boilerplate.

Improving the performance and usability of our developer tooling has been a major focus of our teams. This year we’ve made major improvements to the performance of HHVM’s autoloader resulting in 50-60% faster autoloading on sandboxes. The REPL incorporated with HHVM’s debugger has been improved to support automatic lambda captures of variables defined in the REPL, and await syntax used in top-level expressions in the REPL. We also plan to complete the deprecation of the old HPHPD debugger in favor of our LSP bindings from the vsdebug extension.

On the HHVM team, we’ve completed work on a pair of major infrastructure changes, FactsDB and Declaration Directed Bytecode (DDB). FactsDB is a replacement for user-specified autoload maps created using autoload_set_paths. It computes an autoload map for a repository within HHVM, allowing us to reuse the map for various optimizations and new features, including DDB. It also provides an API for introspection over the codebase that can answer subtype queries not generally possible with reflection. With autoloading now occurring natively we also plan to begin removing support for explicit require and include statements. Building on Facts, DDB is a new feature that allows HHVM’s bytecode compiler to access information about top-level declarations stored in FactsDB while compiling source files. We plan to leverage this new functionality to enable new classes of language features that either have not previously been possible or have been prohibitively complicated to implement.

We have resumed our work to support the ARM architecture in our compiler backend and runtime. HHVM is once again being tested in an ARM environment and we have been actively making fixes and improvements to enhance the performance of workloads running on ARM.

Lastly, we have continued to invest in the tooling we use to further our work on the Hack and HHVM projects. We have been implementing debugging tools for use with lldb similar to those we have made available for gdb as part of our move to Clang. We have begun work to pair down the enormous number of configuration options currently available in HHVM, which we find are often under tested.

Integer Overflow leading to OOB write in HHVM

Wilfred Hughes — Tue, 25 Jul 2023 00:00:00 +0000

We’ve identified an issue where large multibyte uploads can overflow a 32-bit integer and cause out-of-bounds array access.

This is similar to a PHP had security issue in the past: https://github.com/php/php-src/commit/3c8582ca4b8e84e5647220b647914876d2c3b124

Patches have been applied on the HHVM-4.153, HHVM-4.168 and HHVM-172 branches (releases 4.172.2, 4.168.3 and 4.153.5 respectively), as well as the master branch. Packages are not currently available, so users will need to build their own packages.

CVE-2023-0567: Invalid password hashes accepted by crypt()

Wilfred Hughes — Tue, 07 Mar 2023 00:00:00 +0000

We’ve just released patch releases for HHVM: 4.172.2, 4.168.3 and 4.153.5. These resolve the security issue CVE-2023-0567.

The function crypt() would accept invalid password hashes. This is also an issue in PHP, which fixed this in 8.0.28.

https://bugs.php.net/bug.php?id=81744 https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4

CVE-2022-36937: TLS 1.0 connections

Wilfred Hughes — Fri, 20 Jan 2023 00:00:00 +0000

We’ve just released patch releases for HHVM: 4.172.1, 4.168.2 and 4.153.4. These resolve the security issue CVE-2022-36937.

The functions stream_sock_server and stream_socket_client (part of the stream extension) accept URLs. When a URL starts with tls:// these would previously allow TLS 1.0 connections.

TLS 1.0 is deprecated and considered insecure. As of these new releases, stream_sock_server and stream_socket_client only permit newer TLS connections.

Standby for Release

Michael O'Farrell — Mon, 14 Nov 2022 00:00:00 +0000

We are skipping the 4.173 release this week, and are revisiting our release process. We expect to share an update in the coming weeks.

HHVM 4.172

Alexey Toptygin — Wed, 02 Nov 2022 00:00:00 +0000

HHVM 4.172 is released! 4.169 - 4.171 remain supported, as do the 4.168 and 4.153 LTS releases.

Highlights

Fixed a bug preventing classes using a trait with require class <that class> from being mocked. (commit)
Regular expression functions now have a new error type, for when regular expressions jitted by PCRE run out of scratch space: PREG_JIT_STACKLIMIT_ERROR These would previously be reported as generic internal errors, which made debugging tricky. (commit)

Breaking Changes

Two compiler options have been renamed - when compiling a repo the compiler will no longer accept --module or --cmodule options as of this release. Please use their new names --dir and --cdir instead (new names added in release 4.169). This change is intended to avoid confusion wht the ‘modules’ experimental feature. (commit)
The typechecker now disallows overriding an async method with a non-async one. This was previously allowed as long as the types in the signature were compatible, but this made it easy to accidentally write subtle bugs by leaving off the async keyword on the overriding method. (commit)
When using the ‘modules’ experimental feature, note that the default value of the Eval.EnforceModules runtime option is changing from 1 (warn) to 2 (throw exceptions). (commit)
When using the like_type_hints experimental feature, note that this release changes how these types (the union of dynamic and another type; e.g. ~int for the union of dynamic and int) are enforced in argument and return type positions. Previously they were enfoced the same as the dynamic type (i.e. any value would be accepted) but after this release they are enforced as the other type in the union would be (e.g. for ~int only integer values will now be accepted). (commit) See also (commit) for related changes adding new ways to write aspirational, un-enforced types via helpers in the HH\FIXME namespace.

HHVM 4.153.3, 4.167.1, 4.168.1, 4.169.1, 4.170.1 and 4.171.0

Bo Yang — Fri, 21 Oct 2022 00:00:00 +0000

HHVM 4.153.3, 4.167.1, 4.168.1, 4.169.1, 4.170.1 and 4.171.0 are released! 4.167.1 is the last release in 4.167 branch, while 4.168 - 4.170 remain supported, as does the 4.153 LTS release.

Note that HHVM 4.153.2 is also released accidentally, but it does not include any meaningful change since 4.153.1.

These releases fixes an issue introduced in 4.153.0 (commit). When combining with another commit introduced in 4.168.0, it leads to a segmentation fault when building a bytecode repository for repo-authoritative mode in gcc built HHVM. Earlier releases are not affected.

Highlights

HHVM 4.171.0 includes the fix for repo mode, which is also back-ported to all supported HHVM versions (issue, commit). The fix makes it possible to migrate the command line flag for building a bytecode repository to --inputs from --ffile, which was dropped in HHVM 4.167.
The following features are now considered preview features with an ongoing release, i.e. allowed by the runtime, but not the typechecker:
- Diamond traits (docs, commit)
- Modules (commit)
Added ReflectionClass::getModule() (commit).
Added ReflectionModule::getDocComment() (commit).
Added HH\classname_from_string_unsafe to convert a string into a lazy class (commit).
HH\embed_type_decl now supports repo mode (commit).

Breaking Changes

The thrift extension now requires clearTerseFields functions in generated code (commit). Regenerating Hack files from the thrift definition with the latest thrift compiler would provide the required clearTerseFields functions.
The following hh_server flags are renamed:
- --enable-global-write-check-functions is renamed to --enable-global-access-check-functions (commit);
- --enable-global-write-check is renamed to --enable-global-access-check-files (commit).

HHVM 4.170

Alexey Toptygin — Fri, 07 Oct 2022 00:00:00 +0000

HHVM 4.170 is released! 4.167 - 4.169 remain supported, as does the 4.168 and 4.153 LTS releases.

Highlights

The typechecker now rejects calls to type_structure with an invalid type as the first argument (e.g. type_structure(MyCoolType::class, 'TUhOh') when type MyCoolType = shape(...) Previously this was not flagged by the typechecker but would fatal at runtime. (commit)
The lint for using UNSAFE_CAST with too broad an input type now suggests an autofix. (commit)

Breaking Changes

The Eval.EmitClassPointers runtime option has been removed. The previous default behavior (option value 2; Foo::class expressions emit ‘lazy’ class pointers) is now the only supported behavior. (commit)
Removed support for referring to config values using a wildcard (e.g. foo*bar = value or *foobar* = value in HDF configs. Adding values to a vector-typed config node such as MyVectorConfig.* = value remains supported. (commit)
Remove support for hdf.loadpaths to specify paths to search when including other HDF configs. (commit)

A Note Regarding This Release

We are still working on a fix for https://github.com/facebook/hhvm/issues/9236 (inability to compile a repo in gcc builds of hhvm since release 4.168). If you rely on this functionality consider skipping this release or using nix packages built with clang. We will release updated versions of all supported releases once the fix is available.

HHVM 4.169

Bo Yang — Tue, 20 Sep 2022 00:00:00 +0000

HHVM 4.169 is released! 4.166 - 4.168 remain supported, as does the 4.153 LTS releases.

Highlights

hackfmt now only allows up to 1 consecutive blank lines (previously 2).
The compiler options --module and --cmodule are being renamed to --dir and --cdir to avoid confusion with the experimental ‘modules’ feature. (This item was retroactively added to this announcement on 2022.11.02).

Breaking Changes

The $callback passed to fb_setprofile now receives all parameters, including non-default and default parameters. Previously only non-default parameters are passed to $callback.

HHVM 4.168

Alexey Toptygin — Fri, 09 Sep 2022 00:00:00 +0000

HHVM 4.168 (LTS) is released! This release has long term support, so:

this release will be supported for approximately 48 weeks
the next LTS will be released in approximately 24 weeks
HHVM 4.153 (LTS) and HHVM 4.165–167 remain supported
support has ended for 4.128 (LTS) and 4.164

Status of Ubuntu 22.04 support

We had intended for this release to have Ubuntu 22.04 support, but we are releasing without that support for now. Due to library version compatibility issues, we need more time to get this support working, and we did not want to delay the release for other platforms. We intend to make a 4.168.1 release with 22.04 support as soon as we get builds working on 22.04.

Note that our experimental universal packages (also available for version 4.168) are not affected by this issue and should be usable on any version of Ubuntu.

Highlights

Fix a typechecker bug where enums that recursively include themselves were not being correctly rejected. (commit)
Fix a bug where a lint could spuriously report a variable was shadowed when that variable was not actually shadowed due to the potentially shadowing write happening in the body of a lambda. (commit)
Ignore case and don’t consider the class name when looking for ‘did you mean’ suggestions for invalid enum class labels. (commit1) (commit2)
Improve printing of unresolved types in typechecker errors; e.g. Expected Awaitable<[unresolved]> But got int becomes Expected Awaitable<_> But got int (commit)
Improve error message when accessing a shape with a value that’s not a literal or class constant. (commit)
Improve error message from linter that points out when all return statements in a function return the same value. (commit) Also make this linter stop firing on functions that could plausibly be returning unix exit codes. (commit)