|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75969 Assertion failure in live range DCE due to block pass misoptimization
Submitted: 2018-02-16 15:45 UTC Modified: 2018-02-16 19:24 UTC
From: alex at buayacorp dot com Assigned:
Status: Closed Package: opcache
PHP Version: 7.2.2 OS: Linux (debian)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
12 - 9 = ?
Subscribe to this entry?

 [2018-02-16 15:45 UTC] alex at buayacorp dot com
While preparing for a migration of our applications from PHP 7.0 to PHP 7.2, we noticed segmentation faults in our php-fpm processes. The test script below is a simplified example of what we are currently running in different debian based servers. I'm able to consistently reproduce it on a debian stretch vm too.

alex@atoq-builder:~/src/php-7.2.2$ uname -a
Linux atoq-builder 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u5 (2017-09-19) x86_64 GNU/Linux

alex@atoq-builder:~/src/php-7.2.2$ sapi/cli/php -v
PHP 7.2.2 (cli) (built: Feb 16 2018 15:01:07) ( NTS DEBUG )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

alex@atoq-builder:~/src/php-7.2.2$ sapi/cli/php -i | grep conf
Configure Command =>  './configure'  '--disable-all' '--enable-opcache' '--enable-debug'

Test script:
// This is required for the segfault

class Extended_Class {};
$response = array(
	'a' => 'b'
new Extended_Class( array(
	'foo' => $response,
	'foo2' => 'bar2'
) );

new Extended_Class( array(
	'foo' => $response,
	'foo3' => $response,
) );

Expected result:
No segfault

Actual result:
with a PHP cli debug build
alex@atoq-builder:~/src/php-7.2.2$ sapi/cli/php -dextension_dir=./modules/ -dopcache.enable_cli=true segfault.php
php: /home/alex/src/php-7.2.2/ext/opcache/Optimizer/dce.c:588: dce_live_ranges: Assertion `op_array->opcodes[def].result_type & ((1<<1)|(1<<2))' failed.

It also fails on standard PHP-FPM and PHP cli (with opcache.enable_cli=true) builds.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-02-16 15:58 UTC]
-Status: Open +Status: Verified
 [2018-02-16 15:58 UTC]
Yep, that crashes it.
 [2018-02-16 18:13 UTC] alex at buayacorp dot com
It looks like this commit introduced this problem The test script doesn't seem to cause a segfault in previous revisions.
 [2018-02-16 19:24 UTC]
-Summary: Segmentation fault +Summary: Assertion failure in live range DCE due to block pass misoptimization
 [2018-02-16 19:31 UTC]
Automatic comment on behalf of
Log: Fixed bug #75969
 [2018-02-16 19:31 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu May 30 06:01:31 2024 UTC