php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77743 Random evaluation
Submitted: 2019-03-14 17:00 UTC Modified: 2019-03-18 09:39 UTC
From: houman dot bakhtiari at groupe-gts dot fr Assigned: nikic (profile)
Status: Closed Package: opcache
PHP Version: 7.2.16 OS: Debian (test on docker FPM 7.3)
Private report: No CVE-ID: None
 [2019-03-14 17:00 UTC] houman dot bakhtiari at groupe-gts dot fr
Description:
------------
Here is a bug coming from OPCACHE (I think because doesn't appears when disabled). Random evaluation of a variable when OPCACHE is activated. At first run I obtain "bool(false) bool(false) bool(false) bool(false)", After some refresh I always obtain "bool(true) bool(true) bool(true) bool(true)". This bug doesn't appear when all the scripts are in the same file. The bug exists on all 7.2.x and 7.3.x.

Test script:
---------------
test.php :
===
<?php

require 'test2.php';

function myRet(){
  return 45;
}

$toto = new Toto();
$toto->process1();
-----------------------
test2.php :
===
<?php
class Toto
{
    public function process1()
    {
        $array_error = [];
        $keep_products = [1, 2, 3, 4];
        foreach ($keep_products as $k => $v)
        {
            $id_country = myRet();
            if ($id_country === false && false)
            {
            }

            var_dump($id_country === false);
        }
    }
}
---------------------
Dockerfile :
===
FROM php:7.2.0-fpm-alpine
RUN docker-php-ext-install opcache
WORKDIR /var/www
EXPOSE 9000
CMD ["php-fpm"]


Expected result:
----------------
bool(false) bool(false) bool(false) bool(false)

Actual result:
--------------
after fome refresh : bool(true) bool(true) bool(true) bool(true)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-03-15 18:09 UTC] houman dot bakhtiari at groupe-gts dot fr
the bug also produces with this code :

<?php
class Toto
{
    public function process1()
    {
        $array_error = [];
        $keep_products = [1, 2, 3, 4];
        foreach ($keep_products as $k => $v)
        {
            $id_country = myRet();
            if ($id_country === false)
            {
		if (false){}
            }
	    //var_dump($id_country);//interesting evaluation to test
            var_dump($id_country === false);
        }
    }
}
 [2019-03-18 09:32 UTC] nikic@php.net
-Status: Open +Status: Verified
 [2019-03-18 09:39 UTC] nikic@php.net
-Status: Verified +Status: Assigned -Assigned To: +Assigned To: nikic
 [2019-03-18 09:39 UTC] nikic@php.net
It looks like we're inserting incorrect pi nodes when a jmpznz has identical successors. The pi nodes are supposed to apply only to one edge each, but as they're distinguished by predecessor rather than edge that doesn't work.
 [2019-03-18 09:52 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=54bf8c820f4ac2c9204cd09b66fbe99c3db5939b
Log: Fixed bug #77743
 [2019-03-18 09:52 UTC] nikic@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon May 20 18:01:27 2019 UTC