#46568 [Opn]: Segfault on 64bit when chaining function calls that generate exceptions
ID: 46568 User updated by: phpbugs at colin dot guthr dot ie Reported By: phpbugs at colin dot guthr dot ie Status: Open Bug Type: Scripting Engine problem Operating System: * (64bit) PHP Version: 5.2.7RC3 New Comment: Just tried --enable-debug and when built this way, it does indeed work as expected. Does this suggest anything else I can try to narrow down the problem. I also tried make test and did get several failures. I uploaded the test results to http://kenobi.mandriva.com/~colin/php_test_results_20081118_2006.txt although none of these look particularly relevant. I will do another build sans --enable-debug and see if any different standard tests fail. Previous Comments: [2008-11-18 18:11:21] crrodriguez at opensuse dot org Did you built 5.2.7RC3 with --enable-debug ? if not, try that, does it crash anyway ? [2008-11-18 17:36:56] phpbugs at colin dot guthr dot ie Thanks for all the feedback/help. I will have to investigate further. I do not think my system hardware is at fault due to having confirmed on two other machines, although both Mandriva based. This is why I suspected the compiler. I will try and work out more info. [2008-11-18 17:23:16] crrodriguez at opensuse dot org Cannot reproduce,in opensuse 11 64 bit , GCC 4.3.1 either with or without suhosin. I suspect either your system or your compiler is doing something wrong. [2008-11-17 21:51:09] phpbugs at colin dot guthr dot ie My configure line is just the default. All I did was pass a custom prefix. I'll try and find some other 64 bit systems to play on. I should be able to fire a few different systems into a vm to see if I can reproduce it with other distros. [2008-11-17 10:18:57] [EMAIL PROTECTED] I can not reproduce this within x86_64 Centos 5 using latest PHP_5_2 checkout. Would be nice to know your configure line for PHP too..? The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/46568 -- Edit this bug report at http://bugs.php.net/?id=46568edit=1
#46568 [Opn]: Segfault on 64bit when chaining function calls that generate exceptions
ID: 46568 User updated by: phpbugs at colin dot guthr dot ie Reported By: phpbugs at colin dot guthr dot ie Status: Open Bug Type: Scripting Engine problem Operating System: * (64bit) PHP Version: 5.2.7RC3 New Comment: OK, I repeated the make test sans-debug and it seems that a couple more tests fail under this scenario. http://kenobi.mandriva.com/~colin/php_test_results_20081118_2054.txt The most interesting extra failure is: Bug #30707 (Segmentation fault on exception in method) [Zend/tests/bug30707.phpt] This could perhaps provide some clues? For convenience, here is a diff of non-debug vs. debug: http://kenobi.mandriva.com/~colin/php-make-test.diff.txt Previous Comments: [2008-11-18 20:46:09] phpbugs at colin dot guthr dot ie Just tried --enable-debug and when built this way, it does indeed work as expected. Does this suggest anything else I can try to narrow down the problem. I also tried make test and did get several failures. I uploaded the test results to http://kenobi.mandriva.com/~colin/php_test_results_20081118_2006.txt although none of these look particularly relevant. I will do another build sans --enable-debug and see if any different standard tests fail. [2008-11-18 18:11:21] crrodriguez at opensuse dot org Did you built 5.2.7RC3 with --enable-debug ? if not, try that, does it crash anyway ? [2008-11-18 17:36:56] phpbugs at colin dot guthr dot ie Thanks for all the feedback/help. I will have to investigate further. I do not think my system hardware is at fault due to having confirmed on two other machines, although both Mandriva based. This is why I suspected the compiler. I will try and work out more info. [2008-11-18 17:23:16] crrodriguez at opensuse dot org Cannot reproduce,in opensuse 11 64 bit , GCC 4.3.1 either with or without suhosin. I suspect either your system or your compiler is doing something wrong. [2008-11-17 21:51:09] phpbugs at colin dot guthr dot ie My configure line is just the default. All I did was pass a custom prefix. I'll try and find some other 64 bit systems to play on. I should be able to fire a few different systems into a vm to see if I can reproduce it with other distros. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/46568 -- Edit this bug report at http://bugs.php.net/?id=46568edit=1
#46568 [Opn]: Segfault on 64bit when chaining function calls that generate exceptions
ID: 46568 Updated by: [EMAIL PROTECTED] Reported By: phpbugs at colin dot guthr dot ie Status: Open Bug Type: Reproducible crash Operating System: Linux PHP Version: 5.2.7RC3 New Comment: I can't reproduce it on FreeBSD amd64. Previous Comments: [2008-11-13 16:18:13] phpbugs at colin dot guthr dot ie Description: I seem to have uncovered a bug that has been affecting me for a while (e.g. it affects 5.2.6 as well) but that, until now, I have been able to work around. I have confirmed this bug on both 5.2.6 and 5.2.7RC3 on x86_64. I have confirmed this bug does *not* occur on i586 with these same versions. The reproduce code has two examples. It should be obvious which is which ;) I compiled up a fresh 5.2.7RC3 to produce the below backtrace. Please remember that this bug affects x86_64 only. I discovered this when using code in the Zend Framework in which this scenario crops up in the natural flow of code. Reproduce code: --- ?php class foo { private function bar($x) { echo $x; } private function wibble() { throw new Exception(Wibble); } public function bug() { $this-bar($this-wibble()); } public function nobug() { $wibble = $this-wibble(); $this-bar($wibble); } } $foo = new foo; $foo-bug(); //$foo-nobug(); Expected result: PHP Fatal error: Uncaught exception 'Exception' with message 'Wibble' in /home/colin/bug.php:10 Stack trace: #0 /home/colin/bug.php(14): foo-wibble() #1 /home/colin/bug.php(23): foo-bug() #2 {main} thrown in /home/colin/bug.php on line 10 Actual result: -- [EMAIL PROTECTED] pfx]$ gdb bin/php GNU gdb 6.8-2mdv2009.0 (Mandriva Linux release 2009.0) Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-mandriva-linux-gnu... (gdb) set args bug.php (gdb) run Starting program: /home/colin/php/pfx/bin/php bug.php [Thread debugging using libthread_db enabled] [New Thread 0x7f75d9a056f0 (LWP 18074)] Program received signal SIGSEGV, Segmentation fault. zend_do_fcall_common_helper_SPEC (execute_data=0x7fffe1a4fbd0) at /home/colin/php/php-5.2.7RC3/Zend/zend_vm_execute.h:289 289 if (RETURN_VALUE_USED(ctor_opline)) { Missing debug package(s), you should install: glibc-debug libxml2-debug zlib-debug (gdb) thread apply all bt full Thread 1 (Thread 0x7f75d9a056f0 (LWP 18074)): #0 zend_do_fcall_common_helper_SPEC (execute_data=0x7fffe1a4fbd0) at /home/colin/php/php-5.2.7RC3/Zend/zend_vm_execute.h:289 opline = (zend_op *) 0x7f75d9a2a770 original_return_value = (zval **) 0x7fffe1a4fcd0 current_scope = (zend_class_entry *) 0x0 current_this = (zval *) 0x0 return_value_used = 0 should_change_scope = 1 '\001' #1 0x0064b8a4 in execute (op_array=0x7f75d9a2a108) at /home/colin/php/php-5.2.7RC3/Zend/zend_vm_execute.h:92 execute_data = {opline = 0x7f75d9a2a770, function_state = {function_symbol_table = 0x7f75d9a2d470, function = 0x7f75d9a2a108, reserved = {0x0, 0x7f75d9a2a200, 0x0, 0x7f75d9a2a210}}, fbc = 0x7f75d9a2cb90, op_array = 0x7f75d9a2a108, object = 0x7f75d9a29928, Ts = 0x7fffe1a4fa80, CVs = 0x7fffe1a4fa60, original_in_execution = 0 '\0', symbol_table = 0x9db608, prev_execute_data = 0x0, old_error_reporting = 0x0} #2 0x006290d1 in zend_execute_scripts (type=8, retval=0x51, file_count=3) at /home/colin/php/php-5.2.7RC3/Zend/zend.c:1134 files = {{gp_offset = 40, fp_offset = 0, overflow_arg_area = 0x7fffe1a4fdd0, reg_save_area = 0x7fffe1a4fce0}} i = 1
#46568 [Opn]: Segfault on 64bit when chaining function calls that generate exceptions
ID: 46568 User updated by: phpbugs at colin dot guthr dot ie Reported By: phpbugs at colin dot guthr dot ie Status: Open Bug Type: Reproducible crash Operating System: Linux PHP Version: 5.2.7RC3 New Comment: Well I've confirmed this problem on three Mandriva systems with Mandriva packages but for this bug report I built a fresh vanilla version from the 5.2.7rc3 tarball on my own machine to ensure it was nothing to do with any additional patches in the Mandriva package causing the problem. I do not have access to any non-Mandriva 64 bit build hosts here to do more tests... FWIW, the GCC version is 4.3.2. I can tarball up the installed version if you want to give my build a run and see if it crashes on your machine. If it does crash then I'd expect the problem to be related to GCC. Previous Comments: [2008-11-13 22:23:05] [EMAIL PROTECTED] I can't reproduce it on FreeBSD amd64. [2008-11-13 16:18:13] phpbugs at colin dot guthr dot ie Description: I seem to have uncovered a bug that has been affecting me for a while (e.g. it affects 5.2.6 as well) but that, until now, I have been able to work around. I have confirmed this bug on both 5.2.6 and 5.2.7RC3 on x86_64. I have confirmed this bug does *not* occur on i586 with these same versions. The reproduce code has two examples. It should be obvious which is which ;) I compiled up a fresh 5.2.7RC3 to produce the below backtrace. Please remember that this bug affects x86_64 only. I discovered this when using code in the Zend Framework in which this scenario crops up in the natural flow of code. Reproduce code: --- ?php class foo { private function bar($x) { echo $x; } private function wibble() { throw new Exception(Wibble); } public function bug() { $this-bar($this-wibble()); } public function nobug() { $wibble = $this-wibble(); $this-bar($wibble); } } $foo = new foo; $foo-bug(); //$foo-nobug(); Expected result: PHP Fatal error: Uncaught exception 'Exception' with message 'Wibble' in /home/colin/bug.php:10 Stack trace: #0 /home/colin/bug.php(14): foo-wibble() #1 /home/colin/bug.php(23): foo-bug() #2 {main} thrown in /home/colin/bug.php on line 10 Actual result: -- [EMAIL PROTECTED] pfx]$ gdb bin/php GNU gdb 6.8-2mdv2009.0 (Mandriva Linux release 2009.0) Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-mandriva-linux-gnu... (gdb) set args bug.php (gdb) run Starting program: /home/colin/php/pfx/bin/php bug.php [Thread debugging using libthread_db enabled] [New Thread 0x7f75d9a056f0 (LWP 18074)] Program received signal SIGSEGV, Segmentation fault. zend_do_fcall_common_helper_SPEC (execute_data=0x7fffe1a4fbd0) at /home/colin/php/php-5.2.7RC3/Zend/zend_vm_execute.h:289 289 if (RETURN_VALUE_USED(ctor_opline)) { Missing debug package(s), you should install: glibc-debug libxml2-debug zlib-debug (gdb) thread apply all bt full Thread 1 (Thread 0x7f75d9a056f0 (LWP 18074)): #0 zend_do_fcall_common_helper_SPEC (execute_data=0x7fffe1a4fbd0) at /home/colin/php/php-5.2.7RC3/Zend/zend_vm_execute.h:289 opline = (zend_op *) 0x7f75d9a2a770 original_return_value = (zval **) 0x7fffe1a4fcd0 current_scope = (zend_class_entry *) 0x0 current_this = (zval *) 0x0 return_value_used = 0 should_change_scope = 1 '\001' #1 0x0064b8a4 in execute (op_array=0x7f75d9a2a108) at /home/colin/php/php-5.2.7RC3/Zend/zend_vm_execute.h:92 execute_data = {opline = 0x7f75d9a2a770, function_state = {function_symbol_table = 0x7f75d9a2d470, function = 0x7f75d9a2a108, reserved = {0x0, 0x7f75d9a2a200, 0x0,