PHP :: Bug #79801 :: Type Error with JIT

Bug #79801

Type Error with JIT

Submitted:

2020-07-07 04:46 UTC

Modified:

2020-12-15 13:06 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

sebastian@php.net

Assigned:

sebastian (profile)

Status:

Closed

Package:

JIT

PHP Version:

8.0Git-2020-09-03 (Git)

OS:

Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	sebastian@php.net
New email:
PHP Version:		OS:

New Comment:

[2020-07-07 04:46 UTC] sebastian@php.net

Description:
------------
$ git clone https://github.com/sebastianbergmann/phpunit.git

$ cd phpunit

$ ./tools/composer

$ gdb /usr/local/php-8.0/bin/php
(gdb) r -d opcache.enable=1 -d opcache.enable_cli=1 -d opcache.optimization_level=-1 -d opcache.jit_buffer_size=64M -d opcache.jit=1255 ./phpunit --filter testConstraintIsEqual2#3
Starting program: /usr/local/php-8.0/bin/php -d opcache.enable=1 -d opcache.enable_cli=1 -d opcache.optimization_level=-1 -d opcache.jit_buffer_size=64M -d opcache.jit=1255 ./phpunit --filter testConstraintIsEqual2#3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[Detaching after vfork from child process 368029]
[Detaching after fork from child process 368030]
PHPUnit 9.3-g58e8402ec by Sebastian Bergmann and contributors.

Runtime:       PHP 8.0.0-dev
Configuration: /usr/local/src/phpunit/phpunit.xml


Program received signal SIGSEGV, Segmentation fault.
0x000000000092dd11 in spl_offset_convert_to_long (offset=0x7ffff46155a0) at /usr/local/src/php/src/ext/spl/spl_engine.c:46
46			if (ZEND_HANDLE_NUMERIC(Z_STR_P(offset), idx)) {
(gdb) bt
#0  0x000000000092dd11 in spl_offset_convert_to_long (offset=0x7ffff46155a0) at /usr/local/src/php/src/ext/spl/spl_engine.c:46
#1  0x0000000000957dde in spl_fixedarray_object_read_dimension_helper (intern=0x7ffff37f4960, offset=0x7ffff46155a0) at /usr/local/src/php/src/ext/spl/spl_fixedarray.c:320
#2  0x0000000000957f78 in spl_fixedarray_object_read_dimension (object=0x7ffff37f49a0, offset=0x7ffff46155a0, type=0, rv=0x7ffff4615590) at /usr/local/src/php/src/ext/spl/spl_fixedarray.c:362
#3  0x00007ffff4508896 in zend_jit_fetch_dim_obj_r_helper (container=0x7ffff4615550, dim=0x7ffff46155a0, result=0x7ffff4615590) at ext/opcache/jit/zend_jit_helpers.c:725
#4  0x0000000048048891 in ?? ()
#5  0x00007fffffff9f60 in ?? ()
#6  0x0000000048000557 in ?? ()
#7  0x00007fff00000008 in ?? ()
#8  0x00007ffff4614020 in ?? ()
#9  0x0000000040253c10 in ?? ()
#10 0x0000000300000308 in ?? ()
#11 0x0000000000000002 in ?? ()
#12 0x0000000040b14f58 in ?? ()
#13 0x00007ffff4614e30 in ?? ()
#14 0x0000000000000000 in ?? ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-07-07 05:20 UTC] sebastian@php.net

"$ ./tools/composer" should, of course, have been "$ ./tools/composer install".

[2020-09-03 09:41 UTC] sebastian@php.net

Update using 397a692735b295566aab947d979013247385f6db of PHP and a59ece3a83000188ab9abad4fe46f397bf082749 of PHPUnit:

When I run the test with PHP 8 but without JIT then I get:

$ php-80 ./phpunit --filter testConstraintIsEqual2#3
PHPUnit 9.4-ga59ece3a8 by Sebastian Bergmann and contributors.

Runtime:       PHP 8.0.0-dev
Configuration: /usr/local/src/phpunit/phpunit.xml

.                                                                   1 / 1 (100%)

Time: 00:00.099, Memory: 22.00 MB

OK (1 test, 1 assertion)

When I run the test with PHP 8 and JIT enabled then I get:

$ php-80 -d opcache.enable=1 -d opcache.enable_cli=1 -d opcache.optimization_level=-1 -d opcache.jit_buffer_size=64M -d opcache.jit=1255 ./phpunit --filter testConstraintIsEqual2#3

Fatal error: Uncaught TypeError: PHPUnit\Framework\TestCase::usesDataProvider(): Return value must be of type bool, string returned in /usr/local/src/phpunit/src/Framework/TestCase.php:1484
Stack trace:
#0 /usr/local/src/phpunit/src/Framework/TestCase.php(1480): PHPUnit\Framework\TestCase->usesDataProvider()
#1 /usr/local/src/phpunit/src/Framework/TestCase.php(1252): PHPUnit\Framework\TestCase->sortId()
#2 /usr/local/src/phpunit/src/Framework/TestCase.php(485): PHPUnit\Framework\TestCase->setName('testGlobalFunct...')
#3 /usr/local/src/phpunit/src/Framework/TestBuilder.php(163): PHPUnit\Framework\TestCase->__construct('testGlobalFunct...', Array, 'assertTrue')
#4 /usr/local/src/phpunit/src/Framework/TestBuilder.php(108): PHPUnit\Framework\TestBuilder->buildDataProviderTestSuite('testGlobalFunct...', 'PHPUnit\\Framewo...', Array, false, NULL, false, Array)
#5 /usr/local/src/phpunit/src/Framework/TestSuite.php(889): PHPUnit\Framework\TestBuilder->build(Object(ReflectionClass), 'testGlobalFunct...')
#6 /usr/local/src/phpunit/src/Framework/TestSuite.php(231): PHPUnit\Framework\TestSuite->addTestMethod(Object(ReflectionClass), Object(ReflectionMethod))
#7 /usr/local/src/phpunit/src/Framework/TestSuite.php(361): PHPUnit\Framework\TestSuite->__construct(Object(ReflectionClass))
#8 /usr/local/src/phpunit/src/Framework/TestSuite.php(500): PHPUnit\Framework\TestSuite->addTestSuite(Object(ReflectionClass))
#9 /usr/local/src/phpunit/src/Framework/TestSuite.php(525): PHPUnit\Framework\TestSuite->addTestFile('/usr/local/src/...')
#10 /usr/local/src/phpunit/src/TextUI/XmlConfiguration/TestSuite/TestSuiteMapper.php(50): PHPUnit\Framework\TestSuite->addTestFiles(Array)
#11 /usr/local/src/phpunit/src/TextUI/Command.php(388): PHPUnit\TextUI\XmlConfiguration\TestSuiteMapper->map(Object(PHPUnit\TextUI\XmlConfiguration\TestSuiteCollection), '')
#12 /usr/local/src/phpunit/src/TextUI/Command.php(115): PHPUnit\TextUI\Command->handleArguments(Array)
#13 /usr/local/src/phpunit/src/TextUI/Command.php(100): PHPUnit\TextUI\Command->run(Array, true)
#14 /usr/local/src/phpunit/phpunit(61): PHPUnit\TextUI\Command::main()
#15 {main}

Next PHPUnit\TextUI\Exception: PHPUnit\Framework\TestCase::usesDataProvider(): Return value must be of type bool, string returned in /usr/local/src/phpunit/src/TextUI/Command.php:102
Stack trace:
#0 /usr/local/src/phpunit/phpunit(61): PHPUnit\TextUI\Command::main()
#1 {main}
  thrown in /usr/local/src/phpunit/src/TextUI/Command.php on line 102

So I no longer run into a segfault but rather into a type error.

[2020-09-03 11:31 UTC] sebastian@php.net

-Summary: Segfault with JIT +Summary: Type Error with JIT -PHP Version: 8.0Git-2020-07-07 (Git) +PHP Version: 8.0Git-2020-09-03 (Git)

[2020-09-04 08:26 UTC] sebastian@php.net

PHPUnit\Framework\TestCase::usesDataProvider() has a single line of code in its body: return !empty($this->data);

I do not believe that empty() can return a value of type string, hence I believe "Fatal error: Uncaught TypeError: PHPUnit\Framework\TestCase::usesDataProvider(): Return value must be of type bool, string returned in /usr/local/src/phpunit/src/Framework/TestCase.php:1484" to be wrong.

[2020-09-04 13:39 UTC] nikic@php.net

I'm not able to reproduce this.

[2020-09-04 14:29 UTC] sebastian@php.net

Weird. Just to be sure: you used the same settings (-d opcache.enable=1 -d opcache.enable_cli=1 -d opcache.optimization_level=-1 -d opcache.jit_buffer_size=64M -d opcache.jit=1255) I used?

[2020-10-16 05:10 UTC] sebastian@php.net

I am still able to reproduce this with current versions of PHPUnit (137f98be3b928d5f9f14e66f7aa5eadcfc668bbe) and PHP 8.0 (3841ea338ef2508d467efef9ec45d03162ba695d).

[2020-10-16 08:46 UTC] cmb@php.net

-Package: Scripting Engine problem +Package: JIT

[2020-10-19 13:57 UTC] nikic@php.net

I tried this again using exactly the referenced commit and using exactly the listed ini options, but this still doesn't reproduce for me :(

[2020-10-19 13:58 UTC] sebastian@php.net

Let me know whether a video conference where I share my screen would help getting to the bottom of this.

[2020-12-14 13:19 UTC] dmitry@php.net

-Status: Open +Status: Feedback

[2020-12-14 13:19 UTC] dmitry@php.net

Is this still a problem or fixed?

[2020-12-15 13:06 UTC] sebastian@php.net

-Status: Feedback +Status: Closed -Assigned To: +Assigned To: sebastian

[2020-12-15 13:06 UTC] sebastian@php.net

The fix for this bug has been committed.
If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test.
Thank you for the report, and for helping us make PHP better.

I can no longer reproduce the issue with PHP 8.0.1-dev.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 10:01:28 2024 UTC