Description:
------------
Reference is lost, causing segfault and/or oddities when primary reference is 
edited after secondary is edited.

Occurs only when the variable name is instantiated in the class definition, and 
the second reference is not instantiated before it is made. Possible workarounds 
include:

Instantiate neither variable name in the class definition
Instantiate both variable names in the class definition
Instantiate secondary variable name before making it a reference to the first:
  $this->bar = nil;
  $this->bar =& $this->foo;

The bug is new to 5.4.

Test script:
---------------
<?php
class Foo {
  var $foo; # bug present
  function __construct(){
    $this->foo = '';
    $this->bar =& $this->foo;
  }
  function dump(){
    echo 'foo: ';var_dump($this->foo);
    echo 'bar: ';var_dump($this->bar);
  }
}

$f = new Foo();
$f->dump();
$f->foo .= 'foo';
$f->dump();
$f->bar .= 'bar';
$f->dump();
$f->foo .= 'foo';
$f->dump();
?>

Expected result:
----------------
foo: string(0) ""
bar: string(0) ""
foo: string(3) "bar"
bar: string(3) "bar"
foo: string(6) "barfoo"
bar: string(6) "barfoo"


Actual result:
--------------
varies from platform to platform

On Windows:

foo: string(0) ""
bar: NULL
foo: string(3) "foo"
bar: NULL
foo: UNKNOWN:0
bar: string(3) "bar"
CRASH

On Linux (Ubuntu 11.04):

foo: string(0) ""
bar: NULL
foo: NULL
bar: string(3) "bar" 
foo: string(3) "foo"
bar: string(3) "???"

where ?? is 3 seemingly-random bytes.

OR, if an additional one-or-three-parameter method is defined in the class (even 
if it is not called):

string(0) ""
NULL
NULL
Segmentation fault

If the uncalled method has a different number of arguments, it generates a 
zend_mm_heap_corrupted instead