php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75969 Assertion failure in live range DCE due to block pass misoptimization
Submitted: 2018-02-16 15:45 UTC Modified: 2018-02-16 19:24 UTC
From: alex at buayacorp dot com Assigned:
Status: Closed Package: opcache
PHP Version: 7.2.2 OS: Linux (debian)
Private report: No CVE-ID: None
 [2018-02-16 15:45 UTC] alex at buayacorp dot com
Description:
------------
While preparing for a migration of our applications from PHP 7.0 to PHP 7.2, we noticed segmentation faults in our php-fpm processes. The test script below is a simplified example of what we are currently running in different debian based servers. I'm able to consistently reproduce it on a debian stretch vm too.

alex@atoq-builder:~/src/php-7.2.2$ uname -a
Linux atoq-builder 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u5 (2017-09-19) x86_64 GNU/Linux

alex@atoq-builder:~/src/php-7.2.2$ sapi/cli/php -v
PHP 7.2.2 (cli) (built: Feb 16 2018 15:01:07) ( NTS DEBUG )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

alex@atoq-builder:~/src/php-7.2.2$ sapi/cli/php -i | grep conf
Configure Command =>  './configure'  '--disable-all' '--enable-opcache' '--enable-debug'


Test script:
---------------
<?php
// This is required for the segfault
md5('foo');

class Extended_Class {};
$response = array(
	'a' => 'b'
);
new Extended_Class( array(
	'foo' => $response,
	'foo2' => 'bar2'
) );

new Extended_Class( array(
	'foo' => $response,
	'foo3' => $response,
) );

Expected result:
----------------
No segfault

Actual result:
--------------
with a PHP cli debug build
alex@atoq-builder:~/src/php-7.2.2$ sapi/cli/php -dextension_dir=./modules/ -dzend_extension=opcache.so -dopcache.enable_cli=true segfault.php
php: /home/alex/src/php-7.2.2/ext/opcache/Optimizer/dce.c:588: dce_live_ranges: Assertion `op_array->opcodes[def].result_type & ((1<<1)|(1<<2))' failed.
Aborted

It also fails on standard PHP-FPM and PHP cli (with opcache.enable_cli=true) builds.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-02-16 15:58 UTC] danack@php.net
-Status: Open +Status: Verified
 [2018-02-16 15:58 UTC] danack@php.net
Yep, that crashes it.
 [2018-02-16 18:13 UTC] alex at buayacorp dot com
It looks like this commit introduced this problem https://github.com/php/php-src/commit/8e5b139732893d2a5f6ba3ae0a0b2b5cf6dba09f. The test script doesn't seem to cause a segfault in previous revisions.
 [2018-02-16 19:24 UTC] nikic@php.net
-Summary: Segmentation fault +Summary: Assertion failure in live range DCE due to block pass misoptimization
 [2018-02-16 19:31 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=372bf8a9231a58ef8d1d2f0d9b560167495e215e
Log: Fixed bug #75969
 [2018-02-16 19:31 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 23 09:01:28 2024 UTC