php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #75969 Assertion failure in live range DCE due to block pass misoptimization
Submitted: 2018-02-16 15:45 UTC Modified: 2018-02-16 19:24 UTC
From: alex at buayacorp dot com Assigned:
Status: Closed Package: opcache
PHP Version: 7.2.2 OS: Linux (debian)
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: alex at buayacorp dot com
New email:
PHP Version: OS:

 

 [2018-02-16 15:45 UTC] alex at buayacorp dot com 
Description:
------------
While preparing for a migration of our applications from PHP 7.0 to PHP 7.2, we noticed segmentation faults in our php-fpm processes. The test script below is a simplified example of what we are currently running in different debian based servers. I'm able to consistently reproduce it on a debian stretch vm too.

alex@atoq-builder:~/src/php-7.2.2$ uname -a
Linux atoq-builder 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u5 (2017-09-19) x86_64 GNU/Linux

alex@atoq-builder:~/src/php-7.2.2$ sapi/cli/php -v
PHP 7.2.2 (cli) (built: Feb 16 2018 15:01:07) ( NTS DEBUG )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

alex@atoq-builder:~/src/php-7.2.2$ sapi/cli/php -i | grep conf
Configure Command =>  './configure'  '--disable-all' '--enable-opcache' '--enable-debug'


Test script:
---------------
<?php
// This is required for the segfault
md5('foo');

class Extended_Class {};
$response = array(
	'a' => 'b'
);
new Extended_Class( array(
	'foo' => $response,
	'foo2' => 'bar2'
) );

new Extended_Class( array(
	'foo' => $response,
	'foo3' => $response,
) );

Expected result:
----------------
No segfault

Actual result:
--------------
with a PHP cli debug build
alex@atoq-builder:~/src/php-7.2.2$ sapi/cli/php -dextension_dir=./modules/ -dzend_extension=opcache.so -dopcache.enable_cli=true segfault.php
php: /home/alex/src/php-7.2.2/ext/opcache/Optimizer/dce.c:588: dce_live_ranges: Assertion `op_array->opcodes[def].result_type & ((1<<1)|(1<<2))' failed.
Aborted

It also fails on standard PHP-FPM and PHP cli (with opcache.enable_cli=true) builds.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-02-16 15:58 UTC] danack@php.net
-Status: Open +Status: Verified
 [2018-02-16 15:58 UTC] danack@php.net 
Yep, that crashes it.
 [2018-02-16 18:13 UTC] alex at buayacorp dot com 
It looks like this commit introduced this problem https://github.com/php/php-src/commit/8e5b139732893d2a5f6ba3ae0a0b2b5cf6dba09f. The test script doesn't seem to cause a segfault in previous revisions.
 [2018-02-16 19:24 UTC] nikic@php.net
-Summary: Segmentation fault +Summary: Assertion failure in live range DCE due to block pass misoptimization
 [2018-02-16 19:31 UTC] nikic@php.net 
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=372bf8a9231a58ef8d1d2f0d9b560167495e215e
Log: Fixed bug #75969
 [2018-02-16 19:31 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC