PHP is one unique language where the array data type has been highly generalized to suit a very broad set of use cases. [...] I'm going to share with you some of the underlying details of how the PHP array data type works, why it works the way that it does, how it's different from other languages, and what behaviors the PHP array has that you may not be fully aware of.

He starts with a section looking at what arrays actually are in PHP (and how they compare to the lower level C arrays). He gives a C-based array example and shows how it's stored in memory. He points out how PHP arrays are different from other languages and shows the C code that works behind the scenes to create the array (actually a hashtable). He gets into a detailed explanation of the iteration of arrays including some basic benchmarks of some of the various methods and gets more in-depth with foreach (including subarrays and arrays containing references).

Welcome back to the fourth part of the "PHP's Source Code for PHP Developers" series, in which we'll cover how PHP arrays are internally represented and used throughout the code base.

He starts with an obvious foundation: "everything's a hash table" (even properties, classes and yes, arrays). He describes what a hash table is and talks about two of the most commonly used versions of it in the PHP source - HashTable and Bucket. He gets into their usage a bit and compares this to the corresponding PHP code that uses a standard array.

The PHP development team would like to announce the immediate availability of PHP 5.3.10. This release delivers a critical security fix. [...] Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.

It is highly recommended that users upgrade to this latest version to avoid falling victim to this recently introduced bug relating to the new "max_input_vars" setting added to protect from the overflow issue recently brought up in the PHP community.

PHP internally uses hashtables to store arrays. The above creates a hashtable with 100% collisions (i.e. all keys will have the same hash). [...] Because every hash function has collisions this C array doesn't actually store the value we want, but a linked list of possible values. [...] Normally there will be only a small number of collisions, so in most cases the linked list will only have one value. But the [included script] creates a hash where all elements collide.

He explains why it works, noting that it's relatively simple to do in PHP because of how it applies a table mask. The slowness comes in when PHP is forced to go through the entire list when it tries to insert. Because of this issue, there's the potential for a Denial of Service attack that could potentially take a server down. There's a fix already in place for the problem, though, so keep an eye out for the next release (that will include a max_input_vars setting to prevent it).

While preparing my "PHP Under The Hood" talk for the Dutch PHP Conference there was a question on IRC about extension_loaded() being faster than function_exists(), which might be strange as both of them are simple hash lookups and a hash lookup is said to be O(1). I started to write some slides for it but figured out that I won't have the time to go through it during that presentation, so I'm doing this now.

He talks about array storage (a "real" array), numeric and string-based keys, the internals of how each is stored and how the differences make the one function faster than the other (hint: it's all about collisions).