MediaWiki master
MWExceptionHandler.php
Go to the documentation of this file.
1<?php
21use MediaWiki\Debug\MWDebug;
22use MediaWiki\HookContainer\HookRunner;
23use MediaWiki\Json\FormatJson;
24use MediaWiki\Logger\LoggerFactory;
25use MediaWiki\MediaWikiServices;
26use MediaWiki\Request\WebRequest;
27use Psr\Log\LogLevel;
28use Wikimedia\NormalizedException\INormalizedException;
29use Wikimedia\Rdbms\DBError;
30use Wikimedia\Rdbms\DBQueryError;
31
36class MWExceptionHandler {
38 public const CAUGHT_BY_HANDLER = 'mwe_handler';
40 public const CAUGHT_BY_ENTRYPOINT = 'entrypoint';
42 public const CAUGHT_BY_OTHER = 'other';
43
45 protected static $reservedMemory;
46
57 protected static $fatalErrorTypes = [
58 E_ERROR,
59 E_PARSE,
60 E_CORE_ERROR,
61 E_COMPILE_ERROR,
62 E_USER_ERROR,
63
64 // E.g. "Catchable fatal error: Argument X must be Y, null given"
65 E_RECOVERABLE_ERROR,
66 ];
67
73 private static $logExceptionBacktrace = true;
74
80 private static $propagateErrors;
81
89 public static function installHandler(
90 bool $logExceptionBacktrace = true,
91 bool $propagateErrors = true
92 ) {
93 self::$logExceptionBacktrace = $logExceptionBacktrace;
94 self::$propagateErrors = $propagateErrors;
95
96 // This catches:
97 // * Exception objects that were explicitly thrown but not
98 // caught anywhere in the application. This is rare given those
99 // would normally be caught at a high-level like MediaWiki::run (index.php),
100 // api.php, or ResourceLoader::respond (load.php). These high-level
101 // catch clauses would then call MWExceptionHandler::logException
102 // or MWExceptionHandler::handleException.
103 // If they are not caught, then they are handled here.
104 // * Error objects for issues that would historically
105 // cause fatal errors but may now be caught as Throwable (not Exception).
106 // Same as previous case, but more common to bubble to here instead of
107 // caught locally because they tend to not be safe to recover from.
108 // (e.g. argument TypeError, division by zero, etc.)
109 set_exception_handler( [ self::class, 'handleUncaughtException' ] );
110
111 // This catches recoverable errors (e.g. PHP Notice, PHP Warning, PHP Error) that do not
112 // interrupt execution in any way. We log these in the background and then continue execution.
113 set_error_handler( [ self::class, 'handleError' ] );
114
115 // This catches fatal errors for which no Throwable is thrown,
116 // including Out-Of-Memory and Timeout fatals.
117 // Reserve 16k of memory so we can report OOM fatals.
118 self::$reservedMemory = str_repeat( ' ', 16384 );
119 register_shutdown_function( [ self::class, 'handleFatalError' ] );
120 }
121
126 protected static function report( Throwable $e ) {
127 try {
128 // Try and show the exception prettily, with the normal skin infrastructure
129 if ( $e instanceof MWException && $e->hasOverriddenHandler() ) {
130 // Delegate to MWException until all subclasses are handled by
131 // MWExceptionRenderer and MWException::report() has been
132 // removed.
133 $e->report();
134 } else {
135 MWExceptionRenderer::output( $e, MWExceptionRenderer::AS_PRETTY );
136 }
137 } catch ( Throwable $e2 ) {
138 // Exception occurred from within exception handler
139 // Show a simpler message for the original exception,
140 // don't try to invoke report()
141 MWExceptionRenderer::output( $e, MWExceptionRenderer::AS_RAW, $e2 );
142 }
143 }
144
150 private static function rollbackPrimaryChanges() {
151 if ( !MediaWikiServices::hasInstance() ) {
152 // MediaWiki isn't fully initialized yet, it's not safe to access services.
153 // This also means that there's nothing to roll back yet.
154 return;
155 }
156
157 $services = MediaWikiServices::getInstance();
158 if ( $services->isServiceDisabled( 'DBLoadBalancerFactory' ) ) {
159 // The DBLoadBalancerFactory is disabled, possibly because we are in the installer,
160 // or we are in the process of shutting MediaWiki. At this point, any DB transactions
161 // would already have been committed or rolled back.
162 return;
163 }
164
165 // Roll back DBs to avoid transaction notices. This might fail
166 // to roll back some databases due to connection issues or exceptions.
167 // However, any sensible DB driver will roll back implicitly anyway.
168 try {
169 $lbFactory = $services->getDBLoadBalancerFactory();
170 $lbFactory->rollbackPrimaryChanges( __METHOD__ );
171 $lbFactory->flushPrimarySessions( __METHOD__ );
172 } catch ( DBError $e ) {
173 // If the DB is unreachable, rollback() will throw an error
174 // and the error report() method might need messages from the DB,
175 // which would result in an exception loop. PHP may escalate such
176 // errors to "Exception thrown without a stack frame" fatals, but
177 // it's better to be explicit here.
178 self::logException( $e, self::CAUGHT_BY_HANDLER );
179 }
180 }
181
191 public static function rollbackPrimaryChangesAndLog(
192 Throwable $e,
193 $catcher = self::CAUGHT_BY_OTHER
194 ) {
195 self::rollbackPrimaryChanges();
196
197 self::logException( $e, $catcher );
198 }
199
206 public static function handleUncaughtException( Throwable $e ) {
207 self::handleException( $e, self::CAUGHT_BY_HANDLER );
208
209 // Make sure we don't claim success on exit for CLI scripts (T177414)
210 if ( wfIsCLI() ) {
211 register_shutdown_function(
215 static function () {
216 exit( 255 );
217 }
218 );
219 }
220 }
221
237 public static function handleException( Throwable $e, $catcher = self::CAUGHT_BY_OTHER ) {
238 self::rollbackPrimaryChangesAndLog( $e, $catcher );
239 self::report( $e );
240 }
241
256 public static function handleError(
257 $level,
258 $message,
259 $file = null,
260 $line = null
261 ) {
262 // Map PHP error constant to a PSR-3 severity level.
263 // Avoid use of "DEBUG" or "INFO" levels, unless the
264 // error should evade error monitoring and alerts.
265 //
266 // To decide the log level, ask yourself: "Has the
267 // program's behaviour diverged from what the written
268 // code expected?"
269 //
270 // For example, use of a deprecated method or violating a strict standard
271 // has no impact on functional behaviour (Warning). On the other hand,
272 // accessing an undefined variable makes behaviour diverge from what the
273 // author intended/expected. PHP recovers from an undefined variables by
274 // yielding null and continuing execution, but it remains a change in
275 // behaviour given the null was not part of the code and is likely not
276 // accounted for.
277 switch ( $level ) {
278 case E_WARNING:
279 case E_CORE_WARNING:
280 case E_COMPILE_WARNING:
281 $prefix = 'PHP Warning: ';
282 $severity = LogLevel::ERROR;
283 break;
284 case E_NOTICE:
285 $prefix = 'PHP Notice: ';
286 $severity = LogLevel::ERROR;
287 break;
288 case E_USER_NOTICE:
289 // Used by wfWarn(), MWDebug::warning()
290 $prefix = 'PHP Notice: ';
291 $severity = LogLevel::WARNING;
292 break;
293 case E_USER_WARNING:
294 // Used by wfWarn(), MWDebug::warning()
295 $prefix = 'PHP Warning: ';
296 $severity = LogLevel::WARNING;
297 break;
298 case E_STRICT:
299 $prefix = 'PHP Strict Standards: ';
300 $severity = LogLevel::WARNING;
301 break;
302 case E_DEPRECATED:
303 $prefix = 'PHP Deprecated: ';
304 $severity = LogLevel::WARNING;
305 break;
306 case E_USER_DEPRECATED:
307 $prefix = 'PHP Deprecated: ';
308 $severity = LogLevel::WARNING;
309 $real = MWDebug::parseCallerDescription( $message );
310 if ( $real ) {
311 // Used by wfDeprecated(), MWDebug::deprecated()
312 // Apply caller offset from wfDeprecated() to the native error.
313 // This makes errors easier to aggregate and find in e.g. Kibana.
314 $file = $real['file'];
315 $line = $real['line'];
316 $message = $real['message'];
317 }
318 break;
319 default:
320 $prefix = 'PHP Unknown error: ';
321 $severity = LogLevel::ERROR;
322 break;
323 }
324
325 // @phan-suppress-next-line PhanTypeMismatchArgumentNullableInternal False positive
326 $e = new ErrorException( $prefix . $message, 0, $level, $file, $line );
327 self::logError( $e, $severity, self::CAUGHT_BY_HANDLER );
328
329 // If $propagateErrors is true return false so PHP shows/logs the error normally.
330 // Ignore $propagateErrors if track_errors is set
331 // (which means someone is counting on regular PHP error handling behavior).
332 return !( self::$propagateErrors || ini_get( 'track_errors' ) );
333 }
334
349 public static function handleFatalError() {
350 // Free reserved memory so that we have space to process OOM
351 // errors
352 self::$reservedMemory = null;
353
354 $lastError = error_get_last();
355 if ( $lastError === null ) {
356 return false;
357 }
358
359 $level = $lastError['type'];
360 $message = $lastError['message'];
361 $file = $lastError['file'];
362 $line = $lastError['line'];
363
364 if ( !in_array( $level, self::$fatalErrorTypes ) ) {
365 // Only interested in fatal errors, others should have been
366 // handled by MWExceptionHandler::handleError
367 return false;
368 }
369
370 $msgParts = [
371 '[{reqId}] {exception_url} PHP Fatal Error',
372 ( $line || $file ) ? ' from' : '',
373 $line ? " line $line" : '',
374 ( $line && $file ) ? ' of' : '',
375 $file ? " $file" : '',
376 ": $message",
377 ];
378 $msg = implode( '', $msgParts );
379
380 // Look at message to see if this is a class not found failure (Class 'foo' not found)
381 if ( preg_match( "/Class '\w+' not found/", $message ) ) {
382 // phpcs:disable Generic.Files.LineLength
383 $msg = <<<TXT
384{$msg}
385
386MediaWiki or an installed extension requires this class but it is not embedded directly in MediaWiki's git repository and must be installed separately by the end user.
387
388Please see <a href="https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries">mediawiki.org</a> for help on installing the required components.
389TXT;
390 // phpcs:enable
391 }
392
393 $e = new ErrorException( "PHP Fatal Error: {$message}", 0, $level, $file, $line );
394 $logger = LoggerFactory::getInstance( 'exception' );
395 $logger->error( $msg, self::getLogContext( $e, self::CAUGHT_BY_HANDLER ) );
396
397 return false;
398 }
399
410 public static function getRedactedTraceAsString( Throwable $e ) {
411 $from = 'from ' . $e->getFile() . '(' . $e->getLine() . ')' . "\n";
412 return $from . self::prettyPrintTrace( self::getRedactedTrace( $e ) );
413 }
414
423 public static function prettyPrintTrace( array $trace, $pad = '' ) {
424 $text = '';
425
426 $level = 0;
427 foreach ( $trace as $level => $frame ) {
428 if ( isset( $frame['file'] ) && isset( $frame['line'] ) ) {
429 $text .= "{$pad}#{$level} {$frame['file']}({$frame['line']}): ";
430 } else {
431 // 'file' and 'line' are unset for calls from C code
432 // (T57634) This matches behaviour of
433 // Throwable::getTraceAsString to instead display "[internal
434 // function]".
435 $text .= "{$pad}#{$level} [internal function]: ";
436 }
437
438 if ( isset( $frame['class'] ) && isset( $frame['type'] ) && isset( $frame['function'] ) ) {
439 $text .= $frame['class'] . $frame['type'] . $frame['function'];
440 } else {
441 $text .= $frame['function'] ?? 'NO_FUNCTION_GIVEN';
442 }
443
444 if ( isset( $frame['args'] ) ) {
445 $text .= '(' . implode( ', ', $frame['args'] ) . ")\n";
446 } else {
447 $text .= "()\n";
448 }
449 }
450
451 $level++;
452 $text .= "{$pad}#{$level} {main}";
453
454 return $text;
455 }
456
468 public static function getRedactedTrace( Throwable $e ) {
469 return static::redactTrace( $e->getTrace() );
470 }
471
482 public static function redactTrace( array $trace ) {
483 return array_map( static function ( $frame ) {
484 if ( isset( $frame['args'] ) ) {
485 $frame['args'] = array_map( static function ( $arg ) {
486 return is_object( $arg ) ? get_class( $arg ) : gettype( $arg );
487 }, $frame['args'] );
488 }
489 return $frame;
490 }, $trace );
491 }
492
500 public static function getURL() {
501 if ( MW_ENTRY_POINT === 'cli' ) {
502 return false;
503 }
504 return WebRequest::getGlobalRequestURL();
505 }
506
517 public static function getLogMessage( Throwable $e ) {
518 $id = WebRequest::getRequestId();
519 $type = get_class( $e );
520 $message = $e->getMessage();
521 $url = self::getURL() ?: '[no req]';
522
523 if ( $e instanceof DBQueryError ) {
524 $message = "A database query error has occurred. Did you forget to run"
525 . " your application's database schema updater after upgrading"
526 . " or after adding a new extension?\n\nPlease see"
527 . " https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Upgrading and"
528 . " https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:How_to_debug"
529 . " for more information.\n\n"
530 . $message;
531 }
532
533 return "[$id] $url $type: $message";
534 }
535
545 public static function getLogNormalMessage( Throwable $e ) {
546 if ( $e instanceof INormalizedException ) {
547 $message = $e->getNormalizedMessage();
548 } else {
549 $message = $e->getMessage();
550 }
551 if ( !$e instanceof ErrorException ) {
552 // ErrorException is something we use internally to represent
553 // PHP errors (runtime warnings that aren't thrown or caught),
554 // don't bother putting it in the logs. Let the log message
555 // lead with "PHP Warning: " instead (see ::handleError).
556 $message = get_class( $e ) . ": $message";
557 }
558
559 return "[{reqId}] {exception_url} $message";
560 }
561
566 public static function getPublicLogMessage( Throwable $e ) {
567 $reqId = WebRequest::getRequestId();
568 $type = get_class( $e );
569 return '[' . $reqId . '] '
570 . gmdate( 'Y-m-d H:i:s' ) . ': '
571 . 'Fatal exception of type "' . $type . '"';
572 }
573
586 public static function getLogContext( Throwable $e, $catcher = self::CAUGHT_BY_OTHER ) {
587 $context = [
588 'exception' => $e,
589 'exception_url' => self::getURL() ?: '[no req]',
590 // The reqId context key use the same familiar name and value as the top-level field
591 // provided by LogstashFormatter. However, formatters are configurable at run-time,
592 // and their top-level fields are logically separate from context keys and cannot be,
593 // substituted in a message, hence set explicitly here. For WMF users, these may feel,
594 // like the same thing due to Monolog V0 handling, which transmits "fields" and "context",
595 // in the same JSON object (after message formatting).
596 'reqId' => WebRequest::getRequestId(),
597 'caught_by' => $catcher
598 ];
599 if ( $e instanceof INormalizedException ) {
600 $context += $e->getMessageContext();
601 }
602 return $context;
603 }
604
617 public static function getStructuredExceptionData(
618 Throwable $e,
619 $catcher = self::CAUGHT_BY_OTHER
620 ) {
621 $data = [
622 'id' => WebRequest::getRequestId(),
623 'type' => get_class( $e ),
624 'file' => $e->getFile(),
625 'line' => $e->getLine(),
626 'message' => $e->getMessage(),
627 'code' => $e->getCode(),
628 'url' => self::getURL() ?: null,
629 'caught_by' => $catcher
630 ];
631
632 if ( $e instanceof ErrorException &&
633 ( error_reporting() & $e->getSeverity() ) === 0
634 ) {
635 // Flag suppressed errors
636 $data['suppressed'] = true;
637 }
638
639 if ( self::$logExceptionBacktrace ) {
640 $data['backtrace'] = self::getRedactedTrace( $e );
641 }
642
643 $previous = $e->getPrevious();
644 if ( $previous !== null ) {
645 $data['previous'] = self::getStructuredExceptionData( $previous, $catcher );
646 }
647
648 return $data;
649 }
650
705 public static function jsonSerializeException(
706 Throwable $e,
707 $pretty = false,
708 $escaping = 0,
709 $catcher = self::CAUGHT_BY_OTHER
710 ) {
711 return FormatJson::encode(
712 self::getStructuredExceptionData( $e, $catcher ),
713 $pretty,
714 $escaping
715 );
716 }
717
729 public static function logException(
730 Throwable $e,
731 $catcher = self::CAUGHT_BY_OTHER,
732 $extraData = []
733 ) {
734 if ( !( $e instanceof MWException ) || $e->isLoggable() ) {
735 $logger = LoggerFactory::getInstance( 'exception' );
736 $context = self::getLogContext( $e, $catcher );
737 if ( $extraData ) {
738 $context['extraData'] = $extraData;
739 }
740 $logger->error(
741 self::getLogNormalMessage( $e ),
742 $context
743 );
744
745 $json = self::jsonSerializeException( $e, false, FormatJson::ALL_OK, $catcher );
746 if ( $json !== false ) {
747 $logger = LoggerFactory::getInstance( 'exception-json' );
748 $logger->error( $json, [ 'private' => true ] );
749 }
750
751 ( new HookRunner( MediaWikiServices::getInstance()->getHookContainer() ) )->onLogException( $e, false );
752 }
753 }
754
762 private static function logError(
763 ErrorException $e,
764 $level,
765 $catcher
766 ) {
767 // The set_error_handler callback is independent from error_reporting.
768 $suppressed = ( error_reporting() & $e->getSeverity() ) === 0;
769 if ( $suppressed ) {
770 // Instead of discarding these entirely, give some visibility (but only
771 // when debugging) to errors that were intentionally silenced via
772 // the error silencing operator (@) or Wikimedia\AtEase.
773 // To avoid clobbering Logstash results, set the level to DEBUG
774 // and also send them to a dedicated channel (T193472).
775 $channel = 'silenced-error';
776 $level = LogLevel::DEBUG;
777 } else {
778 $channel = 'error';
779 }
780 $logger = LoggerFactory::getInstance( $channel );
781 $logger->log(
782 $level,
783 self::getLogNormalMessage( $e ),
784 self::getLogContext( $e, $catcher )
785 );
786
787 ( new HookRunner( MediaWikiServices::getInstance()->getHookContainer() ) )->onLogException( $e, $suppressed );
788 }
789}
wfIsCLI
wfIsCLI()
Check if we are running from the commandline.
Definition BootstrapHelperFunctions.php:95
MW_ENTRY_POINT
const MW_ENTRY_POINT
Definition api.php:35
MWExceptionHandler
Handler class for MWExceptions.
Definition MWExceptionHandler.php:36
MWExceptionHandler\getLogContext
static getLogContext(Throwable $e, $catcher=self::CAUGHT_BY_OTHER)
Get a PSR-3 log event context from a Throwable.
Definition MWExceptionHandler.php:586
MWExceptionHandler\handleError
static handleError( $level, $message, $file=null, $line=null)
Handler for set_error_handler() callback notifications.
Definition MWExceptionHandler.php:256
MWExceptionHandler\rollbackPrimaryChangesAndLog
static rollbackPrimaryChangesAndLog(Throwable $e, $catcher=self::CAUGHT_BY_OTHER)
Roll back any open database transactions and log the stack trace of the throwable.
Definition MWExceptionHandler.php:191
MWExceptionHandler\installHandler
static installHandler(bool $logExceptionBacktrace=true, bool $propagateErrors=true)
Install handlers with PHP.
Definition MWExceptionHandler.php:89
MWExceptionHandler\getStructuredExceptionData
static getStructuredExceptionData(Throwable $e, $catcher=self::CAUGHT_BY_OTHER)
Get a structured representation of a Throwable.
Definition MWExceptionHandler.php:617
MWExceptionHandler\getRedactedTraceAsString
static getRedactedTraceAsString(Throwable $e)
Generate a string representation of a throwable's stack trace.
Definition MWExceptionHandler.php:410
MWExceptionHandler\report
static report(Throwable $e)
Report a throwable to the user.
Definition MWExceptionHandler.php:126
MWExceptionHandler\logException
static logException(Throwable $e, $catcher=self::CAUGHT_BY_OTHER, $extraData=[])
Log a throwable to the exception log (if enabled).
Definition MWExceptionHandler.php:729
MWExceptionHandler\$fatalErrorTypes
static array $fatalErrorTypes
Error types that, if unhandled, are fatal to the request.
Definition MWExceptionHandler.php:57
MWExceptionHandler\getPublicLogMessage
static getPublicLogMessage(Throwable $e)
Definition MWExceptionHandler.php:566
MWExceptionHandler\getRedactedTrace
static getRedactedTrace(Throwable $e)
Return a copy of a throwable's backtrace as an array.
Definition MWExceptionHandler.php:468
MWExceptionHandler\handleUncaughtException
static handleUncaughtException(Throwable $e)
Callback to use with PHP's set_exception_handler.
Definition MWExceptionHandler.php:206
MWExceptionHandler\prettyPrintTrace
static prettyPrintTrace(array $trace, $pad='')
Generate a string representation of a stacktrace.
Definition MWExceptionHandler.php:423
MWExceptionHandler\$reservedMemory
static string null $reservedMemory
Definition MWExceptionHandler.php:45
MWExceptionHandler\jsonSerializeException
static jsonSerializeException(Throwable $e, $pretty=false, $escaping=0, $catcher=self::CAUGHT_BY_OTHER)
Serialize a Throwable object to JSON.
Definition MWExceptionHandler.php:705
MWExceptionHandler\getLogMessage
static getLogMessage(Throwable $e)
Get a message formatting the throwable message and its origin.
Definition MWExceptionHandler.php:517
MWExceptionHandler\redactTrace
static redactTrace(array $trace)
Redact a stacktrace generated by Throwable::getTrace(), debug_backtrace() or similar means.
Definition MWExceptionHandler.php:482
MWExceptionHandler\handleFatalError
static handleFatalError()
Callback used as a registered shutdown function.
Definition MWExceptionHandler.php:349
MWExceptionHandler\getLogNormalMessage
static getLogNormalMessage(Throwable $e)
Get a normalised message for formatting with PSR-3 log event context.
Definition MWExceptionHandler.php:545
MWExceptionHandler\getURL
static getURL()
If the exception occurred in the course of responding to a request, returns the requested URL.
Definition MWExceptionHandler.php:500
MWExceptionHandler\handleException
static handleException(Throwable $e, $catcher=self::CAUGHT_BY_OTHER)
Exception handler which simulates the appropriate catch() handling:
Definition MWExceptionHandler.php:237
MWException
MediaWiki exception.
Definition MWException.php:32
MediaWiki\Debug\MWDebug
Debug toolbar.
Definition MWDebug.php:48
MediaWiki\HookContainer\HookRunner
This class provides an implementation of the core hook interfaces, forwarding hook calls to HookConta...
Definition HookRunner.php:572
MediaWiki\Json\FormatJson
JSON formatter wrapper class.
Definition FormatJson.php:30
MediaWiki\Logger\LoggerFactory
Create PSR-3 logger objects.
Definition LoggerFactory.php:45
MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition MediaWikiServices.php:239
MediaWiki\Request\WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form,...
Definition WebRequest.php:51
Wikimedia\Rdbms\DBError
Database error base class.
Definition DBError.php:36
MediaWiki
A helper class for throttling authentication attempts.
$url
$url
Definition opensearch_desc.php:37