Update: This article has been updated! Please see below.
PHP is the most popular server-side scripting language – by a wide margin, comprising of more than 80% of the websites on the Internet. It’s popularity is due to its’ ease of access, and support from many applications and frameworks, including WordPress and Magento.
PHP was written in 1995 by Rasmus Lerdorf, as an extension to writing CGI scripts in C. This allowed the author to build simple and dynamic web applications, without needing to compile or rewrite basic functionality. Over the years, the PHP language has grown organically, it was never intended to be a complete programming tool, and this has led to many inconsistencies in the language.
In July 2004, PHP 5 was released – still (problematically) the most popular version of PHP being used. This added a huge number of security features, of which some are only now being taken advantage of. This improved the security of websites running PHP, and if used correctly, allowed websites running PHP to be trustworthy without horrific security concerns. Since then, PHP has gone from strength to strength, with PHP 7 being released and being used on some websites already.
However, since PHP is compatible with previous versions, simply upgrading occasionally is not enough. It is essential that webmasters and hosts upgrade to the latest version and check their code to ensure their site is secure and using the latest recommendations. In many cases, code written for PHP4 will work completely fine – but will not be checking data correctly, and could be used to inject data into the database or bypass login systems entirely.
PHP is certainly not without its’ faults. It is still based upon poor programming techniques, makes assumptions on data, constantly coded with very poor attitudes to security. It is effectively only a scripting language with few checks and error handling. For many sites, PHP is also becoming too slow, predominantly because it follows a single thread of execution. This means that each instruction has to be done in turn, often waiting on database results before the next part of the page can be constructed. The huge number of resources required means that whilst development is much quicker, it is difficult, impossible or at least inefficient to deploy on a large scale.
One of the options to improve these issues, is to compile the PHP code to C or C++, which is an attitude that Facebook took on with HHVM.
History of HHVM
The original motivation behind HipHop was to save resources on Facebook servers, given the large PHP codebase of facebook.com. HipHop for PHP was a transpiler created by Facebook. They created a source-to-source compiler, where PHP code is translated into C++, this is then compiled into a binary and run as an executable.
This was finally recognised one night at a Hackathon, and eight months later, enough code was written to demonstrate it is indeed possible to run faster with compiled code. There is an excellent piece written by the author on Facebook.
HipHop was designed to be compatible with PHP, meaning that some (most) PHP code could be used directly within HipHop. It was realised that HipHop could substantially increase the speed of PHP applications in general – up to a factor of six times. HipHop was so popular, it was used by Facebook for their backend systems from 2010, before being replaced by the improved HHVM.
In early 2013 Facebook deprecated HPHPc in favour of the HipHop Virtual Machine (HHVM), which is a just-in-time (JIT) compilation-based execution engine for PHP. This reduced the massive compilation and deployment requirements, changed the development and production platforms, and supported vast more PHP compatibility and new features.
This means that executed PHP or Hack code is first transformed into intermediate HipHop bytecode (HHBC), which is then dynamically translated into x86-64 machine code, optimized, and natively executed. This allows the operations to be better cached, creates more native code, with a higher throughput and lower latency. All in all, your site is faster – and more secure.
HHVM Benefits and Options
HHVM brings many benefits, one of them is almost complete support for the entire PHP language as defined by the official implementation of PHP version 5.4. HHVM uses the same execution engine when deployed in both production and development environments, and has an excellent debugging system.
Together with HHVM, Facebook also released Hack, which is a programming language specifically tailored for HHVM and can be seen as a new version of the PHP language. Hack allows programmers to use both dynamic typing and static typing, and allows types to be specified for function arguments, function return values, and class properties.
At the same time, Hack does not provide complete backward compatibility by not carrying on some of the PHP features, such as the goto statement and dynamic variable names.
This means that developers have a choice of how to use HHVM – via standard PHP code, and making use of HHVMs benefits – or using the Hack language (also known as Strict PHP), and making use of its’ additional features. It is also entirely possible to mix both languages together, taking advantage of both when necessary.
Part of the Hack language (Strict PHP) includes a typechecker. This checks all of the code for various typing errors, thus preventing nasty bugs that may only have been exposed at run time. Some of these errors may only occur with specific inputs from the user, making problems very difficult to spot. This all helps to root out errors in the flow of your code – without even needing to run it.
Like most programming languages (as opposed to scripting languages, like PHP), it adds a huge number of features. Some of the key improvements include asynchronous communication, which allows database or remote servers to be accessed, whilst the rest of the page is continued to be processed. It also provides a huge number of improvements to code style, including autoloading of necessary components, as well as an in-built and extensible HTML templating system.
However, taking advantage of these features requires writing in Hack code, which is more complex than PHP, requires that data types are checked and that code is written in a particular way. It is much more similar to writing C or C++ code than it is writing PHP code, and can take 5-10 times longer to develop.
Popularity and Usage
HipHop for PHP was first used by Facebook in 2010, and in early 2013 Facebook deprecated HPHPc in favour of the HipHop Virtual Machine (HHVM).
Outside from Facebook, very few sites are using Hack via HHVM, as very few companies and developers have had much experience with HHVM and Hack.
Instead, many developers and hosting companies are using HHVM with its’ PHP compatibility mode. This does not take full advantage of the optimisations and features of the Hack language.
Since HHVM is new and changing regularly, there are few guides on recent versions. Aside from the official documentation, we can wholly recommend the official book O’Reilly Hack and HHVM – Programming Productivity Without Breaking Things.
PHP Compatibility
As explained above, there are two ways of using HHVM. Developers have a choice of how to use HHVM – via standard PHP code, and making use of HHVMs benefits – or using the Hack language (also known as Strict PHP), and making use of its’ additional features. It is also entirely possible to mix both languages together, taking advantage of both when necessary.
In terms of using HHVM for PHP code, such as with Magento or WordPress – this generally works perfectly; since HHVM is compatible with PHP 5.4. (Update: This is no longer going to be the case, see below)
This is often a massive improvement in speed, up to six times faster.
Further improvements can be made by using Hack (Strict PHP), which allows for the asynchronous communications, typechecker and other features details above – but this comes at the cost of writing standard Hack code, which is much more difficult than writing PHP code.
PHP 7
After HHVM broke new ground, PHP was due an update, and PHP 7 was developed and released. This made improvements to PHP, meaning each request could be responded to quicker, offered some new uniform variable syntax, return type hinting, and new operators, and improved memory efficiency.
PHP 7 has the advantage of being completely compatible with PHP 5 upwards, and only drops some support for PHP 4 code.
However, PHP 7 is completely unmatched by the sheer speed improvements of HHVM. Many are claiming that PHP’s speed will improve, but until it has the typechecker and JIT compiler it is unlikely to come close for many environments. PHP 7 is also a far easier upgrade and setup routine, working with the existing Apache or Nginx (or many other) webservers, rather than preferring to replace it entirely. This means it is often the first choice for hosting companies to upgrade to.
Opinion
So, what’s best to use?
If starting a new project, HHVM requires a lot of knowledge and work to write strict code. But this has the pay-off of a far more secure and efficient website. However, it is liable to code changes and there is not a clear support system in place. For smaller developments with these specific needs, it is absolutely ideal.
For most sites, developing in standard PHP, without strict code, and running with either HHVM or PHP7 as their hosting platform will be a significant improvement – assuming there is no issues with code support. Generally, where it is compatible, HHVM will be able to handle almost twice as many requests than PHP 7. (Update: This is no longer going to be the case, see below)
We’ve written code in HHVM and PHP 7, amongst others and can help with your project or planning. Please do get in contact if we can help.
Update
Not long after posting this article, HHVM have officially announced their new position. In newer versions, they will no longer be committing to PHP5 support. Given the new direction of PHP7, they will also not be supporting compatibility for new version of PHP, either. This is a new direction for HHVM, meaning that there will soon be two very distinct languages both with new goals. You can read more on their blog post about the Future of HHVM.