php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79801 Type Error with JIT
Submitted: 2020-07-07 04:46 UTC Modified: 2020-09-04 14:29 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: sebastian@php.net Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: 8.0Git-2020-09-03 (Git) OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: sebastian@php.net
New email:
PHP Version: OS:

 

 [2020-07-07 04:46 UTC] sebastian@php.net
Description:
------------
$ git clone https://github.com/sebastianbergmann/phpunit.git

$ cd phpunit

$ ./tools/composer

$ gdb /usr/local/php-8.0/bin/php
(gdb) r -d opcache.enable=1 -d opcache.enable_cli=1 -d opcache.optimization_level=-1 -d opcache.jit_buffer_size=64M -d opcache.jit=1255 ./phpunit --filter testConstraintIsEqual2#3
Starting program: /usr/local/php-8.0/bin/php -d opcache.enable=1 -d opcache.enable_cli=1 -d opcache.optimization_level=-1 -d opcache.jit_buffer_size=64M -d opcache.jit=1255 ./phpunit --filter testConstraintIsEqual2#3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[Detaching after vfork from child process 368029]
[Detaching after fork from child process 368030]
PHPUnit 9.3-g58e8402ec by Sebastian Bergmann and contributors.

Runtime:       PHP 8.0.0-dev
Configuration: /usr/local/src/phpunit/phpunit.xml


Program received signal SIGSEGV, Segmentation fault.
0x000000000092dd11 in spl_offset_convert_to_long (offset=0x7ffff46155a0) at /usr/local/src/php/src/ext/spl/spl_engine.c:46
46			if (ZEND_HANDLE_NUMERIC(Z_STR_P(offset), idx)) {
(gdb) bt
#0  0x000000000092dd11 in spl_offset_convert_to_long (offset=0x7ffff46155a0) at /usr/local/src/php/src/ext/spl/spl_engine.c:46
#1  0x0000000000957dde in spl_fixedarray_object_read_dimension_helper (intern=0x7ffff37f4960, offset=0x7ffff46155a0) at /usr/local/src/php/src/ext/spl/spl_fixedarray.c:320
#2  0x0000000000957f78 in spl_fixedarray_object_read_dimension (object=0x7ffff37f49a0, offset=0x7ffff46155a0, type=0, rv=0x7ffff4615590) at /usr/local/src/php/src/ext/spl/spl_fixedarray.c:362
#3  0x00007ffff4508896 in zend_jit_fetch_dim_obj_r_helper (container=0x7ffff4615550, dim=0x7ffff46155a0, result=0x7ffff4615590) at ext/opcache/jit/zend_jit_helpers.c:725
#4  0x0000000048048891 in ?? ()
#5  0x00007fffffff9f60 in ?? ()
#6  0x0000000048000557 in ?? ()
#7  0x00007fff00000008 in ?? ()
#8  0x00007ffff4614020 in ?? ()
#9  0x0000000040253c10 in ?? ()
#10 0x0000000300000308 in ?? ()
#11 0x0000000000000002 in ?? ()
#12 0x0000000040b14f58 in ?? ()
#13 0x00007ffff4614e30 in ?? ()
#14 0x0000000000000000 in ?? ()




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-07 05:20 UTC] sebastian@php.net
"$ ./tools/composer" should, of course, have been "$ ./tools/composer install".
 [2020-09-03 09:41 UTC] sebastian@php.net
Update using 397a692735b295566aab947d979013247385f6db of PHP and a59ece3a83000188ab9abad4fe46f397bf082749 of PHPUnit:

When I run the test with PHP 8 but without JIT then I get:

$ php-80 ./phpunit --filter testConstraintIsEqual2#3
PHPUnit 9.4-ga59ece3a8 by Sebastian Bergmann and contributors.

Runtime:       PHP 8.0.0-dev
Configuration: /usr/local/src/phpunit/phpunit.xml

.                                                                   1 / 1 (100%)

Time: 00:00.099, Memory: 22.00 MB

OK (1 test, 1 assertion)

When I run the test with PHP 8 and JIT enabled then I get:

$ php-80 -d opcache.enable=1 -d opcache.enable_cli=1 -d opcache.optimization_level=-1 -d opcache.jit_buffer_size=64M -d opcache.jit=1255 ./phpunit --filter testConstraintIsEqual2#3

Fatal error: Uncaught TypeError: PHPUnit\Framework\TestCase::usesDataProvider(): Return value must be of type bool, string returned in /usr/local/src/phpunit/src/Framework/TestCase.php:1484
Stack trace:
#0 /usr/local/src/phpunit/src/Framework/TestCase.php(1480): PHPUnit\Framework\TestCase->usesDataProvider()
#1 /usr/local/src/phpunit/src/Framework/TestCase.php(1252): PHPUnit\Framework\TestCase->sortId()
#2 /usr/local/src/phpunit/src/Framework/TestCase.php(485): PHPUnit\Framework\TestCase->setName('testGlobalFunct...')
#3 /usr/local/src/phpunit/src/Framework/TestBuilder.php(163): PHPUnit\Framework\TestCase->__construct('testGlobalFunct...', Array, 'assertTrue')
#4 /usr/local/src/phpunit/src/Framework/TestBuilder.php(108): PHPUnit\Framework\TestBuilder->buildDataProviderTestSuite('testGlobalFunct...', 'PHPUnit\\Framewo...', Array, false, NULL, false, Array)
#5 /usr/local/src/phpunit/src/Framework/TestSuite.php(889): PHPUnit\Framework\TestBuilder->build(Object(ReflectionClass), 'testGlobalFunct...')
#6 /usr/local/src/phpunit/src/Framework/TestSuite.php(231): PHPUnit\Framework\TestSuite->addTestMethod(Object(ReflectionClass), Object(ReflectionMethod))
#7 /usr/local/src/phpunit/src/Framework/TestSuite.php(361): PHPUnit\Framework\TestSuite->__construct(Object(ReflectionClass))
#8 /usr/local/src/phpunit/src/Framework/TestSuite.php(500): PHPUnit\Framework\TestSuite->addTestSuite(Object(ReflectionClass))
#9 /usr/local/src/phpunit/src/Framework/TestSuite.php(525): PHPUnit\Framework\TestSuite->addTestFile('/usr/local/src/...')
#10 /usr/local/src/phpunit/src/TextUI/XmlConfiguration/TestSuite/TestSuiteMapper.php(50): PHPUnit\Framework\TestSuite->addTestFiles(Array)
#11 /usr/local/src/phpunit/src/TextUI/Command.php(388): PHPUnit\TextUI\XmlConfiguration\TestSuiteMapper->map(Object(PHPUnit\TextUI\XmlConfiguration\TestSuiteCollection), '')
#12 /usr/local/src/phpunit/src/TextUI/Command.php(115): PHPUnit\TextUI\Command->handleArguments(Array)
#13 /usr/local/src/phpunit/src/TextUI/Command.php(100): PHPUnit\TextUI\Command->run(Array, true)
#14 /usr/local/src/phpunit/phpunit(61): PHPUnit\TextUI\Command::main()
#15 {main}

Next PHPUnit\TextUI\Exception: PHPUnit\Framework\TestCase::usesDataProvider(): Return value must be of type bool, string returned in /usr/local/src/phpunit/src/TextUI/Command.php:102
Stack trace:
#0 /usr/local/src/phpunit/phpunit(61): PHPUnit\TextUI\Command::main()
#1 {main}
  thrown in /usr/local/src/phpunit/src/TextUI/Command.php on line 102

So I no longer run into a segfault but rather into a type error.
 [2020-09-03 11:31 UTC] sebastian@php.net
-Summary: Segfault with JIT +Summary: Type Error with JIT -PHP Version: 8.0Git-2020-07-07 (Git) +PHP Version: 8.0Git-2020-09-03 (Git)
 [2020-09-04 08:26 UTC] sebastian@php.net
PHPUnit\Framework\TestCase::usesDataProvider() has a single line of code in its body: return !empty($this->data);

I do not believe that empty() can return a value of type string, hence I believe "Fatal error: Uncaught TypeError: PHPUnit\Framework\TestCase::usesDataProvider(): Return value must be of type bool, string returned in /usr/local/src/phpunit/src/Framework/TestCase.php:1484" to be wrong.
 [2020-09-04 13:39 UTC] nikic@php.net
I'm not able to reproduce this.
 [2020-09-04 14:29 UTC] sebastian@php.net
Weird. Just to be sure: you used the same settings (-d opcache.enable=1 -d opcache.enable_cli=1 -d opcache.optimization_level=-1 -d opcache.jit_buffer_size=64M -d opcache.jit=1255) I used?
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Sep 27 18:01:26 2020 UTC