Administration

PHP Opcache invalidation: Why it leads to performance spikes

PHP Opcache invalidation causes measurable performance spikes because it has to discard compiled code and rebuild it under load. I'll show you why. Invalidations Boost CPU times, learn how configurations amplify peaks, and discover which deployment strategies prevent load peaks.

Key points

Invalidations trigger expensive recompilations and generate peaks
Timestamp checks Increase cache misses in production
cache level and file limits determine hit rate
Deployment strategies affect locking and latency
Hosting Tuning Stabilizes response times in the long term

How OPCache works internally – and why invalidating is expensive

OPcache stores the PHP code converted into bytecode in shared memory, thus saving parsing and compilation per request. As soon as I execute a script via opcache_invalidate() mark as invalid, I force the next call to recompile, including optimization and storage. This costs CPU and causes short but noticeable delays when accessing many files. As parallelism increases, lock contention on shared memory structures and file systems also increases. This causes an otherwise fast request to suddenly become slow, even though the rest of the code in the Cache is lying.

OPcache does not immediately remove a file when it is invalidated, but marks it for renewal. When the next request arrives, PHP must re-parse and optimize the affected scripts. This particularly affects framework and CMS stacks with many includes and autoloads. The more files per page are involved, the greater the impact of a miss on the overall response time. I therefore deliberately plan invalidations in order to limit the number of parallel recompilations and Tips to smooth out.

Why invalidation leads to performance spikes

A warm hit on cached bytecode is extremely inexpensive, whereas recompilation is significantly more expensive. The transition from hit to miss generates the noticeable Top: Parsing, optimization, entry into internal structures, and potential locks add up. If multiple files are invalidated simultaneously, the effect is multiplied. Under traffic, these tasks are initiated in parallel and compete for Resources and extend the service time. This explains typical patterns: 16 requests in ~200 ms, then one with ~1.2 s – a classic OPcache miss due to invalidation.

Active timestamp verification (opcache.validate_timestamps=1) can exacerbate the problem. The cache then frequently checks file timestamps and promptly flags changes, which promotes unnecessary compilations in production. If I implement deploys without a reset, old and new files get mixed up, leading to miss hits. If the cache is full, the damage increases because the bytecode is additionally displaced. The sum of these factors creates short but significant latency spikes.

Common triggers in production

I see spikes mainly where timestamp validation remains active. opcache.validate_timestamps=1 fits in with the development, but in live environments it causes unnecessary Checks. Second classic: too small opcache.max_accelerated_files in large projects. Then files replace each other and force recurring recompilations. Third: Shared cache between PHP-FPM pools or sites, whereby invalidations of one site affect the other. Fourth: Deploys that are performed without opcache_reset() Write new atomic paths, but old file entries in the Cache leave it as it is.

Identifying symptoms and measuring them correctly

First, I check the hit rate and the number of occupied keys via opcache_get_status(). A hit rate significantly below 99% % in production indicates misses, which are often related to invalidations. If the CPU load increases briefly without a traffic peak, it is worth checking the cache fill level and revalidate-Settings. PHP info provides the active status, while server-side metrics reveal the spikes. A practical introduction to useful OPcache settings helps to give the measured values the correct meaning.

Hosting tuning: useful OPcache parameters

With just a few parameters, I prevent many spikes and keep latency stable. In production, I disable timestamp checks and actively control invalidations via deploys. Sufficient shared memory and enough slots for files are mandatory so that bytecode is not displaced. For frameworks with many strings, I calculate the buffer generously. The following table lists common Parameters in:

Parameters	Recommendation	Effect	Note
`opcache.enable`	1	Activated OPcache	Always turn on in live environments
`opcache.validate_timestamps`	0 (Prod)	Disables permanent Checks	Signal changes via reset/deploy
`opcache.revalidate_freq`	0 (Prod)	No interval scan	Avoids unforeseen invalidations
`opcache.memory_consumption`	256–512 MB	More space for bytecode	Large stacks require more Memory
`opcache.max_accelerated_files`	15,000–30,000	More file slots	Large shops/frameworks benefit
`opcache.interned_strings_buffer`	16–32	Reduces duplicates	Useful for many classes/Namespaces

After making changes, I quickly restart PHP-FPM or Apache and monitor the key figures. This allows me to see immediately whether keys and memory are sufficiently dimensioned. If the hit rate rises to ~100 %, the latency curve visibly flattens out. The more consistent the deployment paths and configuration values, the lower the invalidation loads. This reduces peaks as well as restarts after a Cold start vs. warm start.

Deployment strategies without unnecessary peaks

I rely on a clear process: roll out code, health checks, then targeted opcache_reset() or tailor-made opcache_invalidate()-Calls with force=true. The reset not only clears markings, but also completely cleans up—which is useful for large releases. For blue-green or symlink deployments, I make sure that paths are consistent so that the cache does not retain orphaned entries. I only trigger the reset once the new version is ready and a handful of warm requests have been processed. This allows me to distribute the expensive compilations and keep the Latency low.

Multiple parallel opcache_invalidate()Calls can cause lock conflicts. In such cases, I first deliver the new app in read-only mode, warm up the most important routes, then reset once and open the traffic. For API backends, I focus on high-traffic endpoints. This allows me to hit the hot paths before the main traffic, avoid thundering herd effects, and reduce short-term CPU-Peaks.

Multi-tenant setups: Isolating OPcache

If multiple projects share the same OPcache, invalidating one will affect all the others. That's why I separate PHP-FPM pools and their cache segments per site. This prevents a shop deployment from increasing blog latency or a cron job from emptying the cache for an app. In addition, I set appropriate limits per pool, so that no single instance uses up all the memory. This keeps the hit rate per application consistent and the Tips stay local.

Path consistency also plays a role: if the actual path structure changes with every deployment, a stable, versioned target path that does not generate new cache keys each time is helpful. I use Composer autoloads for this and avoid unnecessary changes to thousands of files. Fewer diffs mean fewer bytecode blocks to invalidate. This significantly reduces migration pain during updates and stabilizes live traffic.

WordPress, Shopware, and others: specific information

With WordPress, I combine OPcache with an object cache (e.g., Redis) to reduce the load on PHP execution and database queries at the same time. For Shopware and similar shops, I use opcache.max_accelerated_files sufficiently high because many files are involved. I disable timestamp checks and ensure predictable resets immediately after deployment. I warm up themes, plugins, and Composer updates specifically on the most frequently visited routes. This minimizes cold starts and keeps the Throughput stable.

In development mode, timestamp checking may remain active, for example with opcache.revalidate_freq=2. This speeds up local iterations without putting strain on production systems. I replicate the live configuration in staging environments to avoid surprises. This allows me to identify bottlenecks early on and shift expensive compilations out of the time window of real user traffic.

Practical example and measurement strategy

A typical pattern: 16 requests are around 200 ms, the 17th jumps to around 1.2 s. In traces, I see several file compilations that are caused by a previous Invalidation were triggered. After a targeted reset and warm-up, latencies return to normal values. Improvements of 30–70 % are realistic if OPcache is working correctly and misses are rare. Reports from practice also show small gains per request if timestamp checks remain disabled.

I measure three things in parallel: hit rate, occupied keys, and memory usage. If the hit rate drops, I increase slots or reduce unnecessary changes. If memory usage reaches its limit, I allocate additional megabytes and check old entries. If there are noticeable spikes in the curve, I filter time windows with deploys, cron jobs, or cache clears. This allows me to identify the cause and prevent random Tips in the future.

Common errors – and what helps immediately

Many parallel opcache_invalidate()Calls lead to lock conflicts and give false back. I replace them in productive deployment scripts with a single opcache_reset() after warm-up and save with it Locks. If the cache is „full,“ I increase opcache.memory_consumption and opcache.max_accelerated_files and check whether unnecessary files are getting into the cache. If latency is unstable, I analyze string buffers and address possible Memory fragmentation. If multiple sites access the same pool, I consistently separate them so that invalidations do not trigger chain reactions.

If the problem occurs after a release, I check paths, symlinks, and the autoloader. Different paths for identical classes create additional cache keys and drive up memory usage. I therefore keep the project path stable and only rotate the version subfolders. Then I clean up with Reset and let warmer routes load the most important bytecode blocks. This way, I shift the load to a controlled point in time with little Traffic.

OPcache and PHP 8.x: JIT, preloading, and their side effects

The JIT compiler has been available since PHP 8. I activate it cautiously in classic web workloads. Although JIT can help with CPU-intensive loops, it increases complexity and memory requirements. In case of invalidations, affected functions must be JIT-compiled again, which can amplify spikes. For APIs with many short requests, the gains are often marginal, while cold start costs increase. I therefore test JIT separately and ensure that buffer sizes do not cause additional Restarts lead.

Preloading is a powerful tool against misses: I preload a curated set of central classes when PHP starts. This significantly reduces the number of first-time compilations. At the same time, preloading requires disciplined deployments because preloaded files are bound to paths and ABIs. If the paths change, the SAPI process must be restarted cleanly. I limit preloading to truly stable base packages (e.g., framework core) and leave out volatile parts such as themes or plugins. This allows me to benefit from warm hotpaths without having to cold reload the entire system with every minor update.

Minimize composer, autoloader, and file accesses

I consistently optimize the autoloader. An authoritative classmap reduces stat()-Calls and unnecessary includes. The fewer files are affected per request, the less damage is caused in the event of a miss. I also keep generated files (e.g., proxies) stable instead of rewriting them with changing timestamps during each build. Fewer diffs mean fewer invalidations.

Another lever is PHP's internal realpath cache. Generous values for size and TTL reduce file system lookups. This reduces the number of timestamp checks, even if they are disabled in production, and reduces the load on the system during warmup. Especially on container volumes or network shares, the realpath cache helps to avoid unnecessary latency.

File system influences: NFS, symlinks, and update protection

Clock skew and inconsistencies occur more frequently on network file systems. I plan deployments there strictly atomically and avoid mixed states of old and new files. The update protection option prevents newly written files from being compiled immediately until the write operation is safely completed. In environments with atomic symlink switches, I set the protection time low so as not to artificially delay targeted switches.

Symlinks affect cache keys. I therefore keep the visible path stable for PHP and only change the version subfolder. This ensures that keys remain valid and the cache does not unnecessarily discard bytecode. In the case of heavily nested paths, I also check whether different resolution paths lead to the same destination – consistent mounts and uniform include_pathSettings help to avoid duplicates.

Deeper diagnostics: Correctly interpreting status fields

At opcache_get_status() In addition to the hit rate, I am particularly interested in three areas: memory_usage (used, free, and fragmented portion), opcache_statistics (Misses, Blacklist hits, max_cached_keys) and the flags restart_pending/restart_in_progress. If misses without deploy accumulate, the cache is too small or the file list is exhausted. If the waste percentage exceeds a critical threshold, OPcache triggers internal Restarts This can be seen in pending/in-progress flags and explains recurring spikes in the latency curve.

To analyze the cause, I correlate these fields with host metrics: CPU spikes, disk IO, context switches. A phase with high system CPU and moderate network activity indicates lock contention in shared memory or the file system. I then increase slots, memory, and string buffers before optimizing at the code level. Important: A reset on suspicion is a scalpel, not a hammer. I plan it and observe the effects immediately afterward.

PHP-FPM and rollout control

OPcache resides in the address space of the SAPI process. With PHP-FPM, this means that a full restart empties the cache, while a soft reload usually keeps it stable. I avoid big bang restarts and roll out workers gradually so that not all processes start cold at the same time. During peak loads, I also limit parallel recompilations in the short term, for example through coordinated warmup requests with low Concurrency.

The number of workers influences the effect of spikes. Too many simultaneous processes can trigger a compilation storm in the event of invalidations. I therefore adjust the number of processes to match the number of CPUs and the average service time under warm conditions. The goal is to maintain sufficient parallelism without triggering compilation herds.

Container and cloud environments

Cold starts naturally occur more frequently in short-lived containers. I rely on readiness gates that only switch to „ready“ after a targeted warm-up. Rollouts with low simultaneous renewal prevent many new pods from building the bytecode at the same time. In multi-zone setups, I also test the warm-up path for each zone to ensure that latency peaks do not occur in geographically concentrated areas.

For build images, it is worth mounting the app code as read-only and disabling timestamp checks. This keeps the cache stable and the difference between build and runtime clear. If containers are rotated frequently, I distribute warmups in waves: first hot endpoints, then secondary paths. This smooths the curve and protects against chain reactions on the CPU.

CLI workers, cron jobs, and background processes

Long-running worker processes sometimes benefit from enabling OPcache in the CLI context. I am testing this for queue consumers and schedulers that execute many identical tasks in a single process. It is important to note the distinction: short-lived cron jobs gain little because their lifecycle is too short to make meaningful use of the cache. In addition, CLI tasks must not unintentionally trigger a global reset. For security reasons, I block OPcache functions via API restriction and regulate invalidations solely via web deployment.

Fine-tuning: advanced parameters and pitfalls

A few adjustment screws often work behind the scenes: The permissible proportion of wasted blocks determines when OPcache restarts internally. If the value is too low or memory is too scarce, frequent background restarts with timing spikes are likely. I prefer to allocate a little more shared memory rather than risk unnoticed fragmentation spikes. Equally relevant is the question of whether comments are retained in the bytecode. Some frameworks use docblocks; removing them saves memory but can break features—I test this deliberately.

For large code bases, I recommend maintaining a blacklist for files that should not be cached (e.g., frequently generated artifacts). Every byte less of volatile mass increases stability. And if it is possible to use code pages with large memory pages, this can reduce TLB pressure on the CPU side – but in practice only if the host is configured correctly for this. I decide this on a per-server basis and measure the effect instead of activating it across the board.

Warmer strategies: targeted instead of indiscriminate

A good warmup focuses on hot paths. I simulate typical user flows: home page, product listings, product details, checkout, login, high-frequency API endpoints. A few requests per route are sufficient, as long as they run serially or with low parallelism. This prevents unnecessary lock storms and ensures that the cache fills up steadily. In dynamic systems, I repeat the warmup after a restart, but not after every little thing—it is important to separate build time and run time.

Playbook: Spike-free release in 8 steps

Optimize autoloaders and minimize build diffs (no unnecessary timestamp changes).
Deploy code atomically, keep paths stable, prepare symlink switch.
Activate readiness checks, keep traffic away for now.
Perform targeted warmup of hot paths with low parallelism.
Targeted opcache_reset() trigger when the new version is complete.
Short warm-up for secondary routes, then open Readiness.
Monitor hit rate, keys, memory, and CPU.
If you notice any issues: Refresh slots/memory, check paths, avoid lock herds.

With this process, I spread out expensive compilation processes over time and prevent the first real users from paying the price for a cold cache. Decisions such as disabling timestamp checks in production ensure that control lies with the deployment script—not with the file system.

Briefly summarized

Invalidations are necessary, but they trigger expensive recompilations, which can prove to be Performance-Peaks show. I disable timestamp checks in production, generously size memory and file slots, and schedule resets around deploys. With warmup, stable paths, and isolated pools, the hit rate remains high and latency low. Monitoring the hit rate, keys, and memory shows whether the settings are effective. If you take these adjustments to heart, you will noticeably reduce misses and keep the Response time reliably low.

Current articles

Wordpress

Use Query Monitor WordPress correctly: Making performance problems visible

Learn how to use Query Monitor WordPress to detect slow queries, faulty plugins and HTTP requests to optimize your performance. Focus: Query Monitor WordPress.

January 11, 2026 No Comments

Wordpress

Why the first page load is always slower with WordPress

Find out why the first page load is slower with WordPress, how a cold cache wordpress occurs and which measures will improve your wp performance in the long term.

January 11, 2026 No Comments

Wordpress

WordPress without page cache: when it makes sense and when it doesn't

Find out when WordPress without page cache makes sense, what risks it poses for performance and SEO and how to develop the optimal caching strategy with the focus keyword wordpress without cache.

January 11, 2026 No Comments