php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81255 Memory leak in PHPUnit with functional JIT
Submitted: 2021-07-14 03:17 UTC Modified: 2021-07-20 18:05 UTC
From: hao dot sun at arm dot com Assigned:
Status: Closed Package: JIT
PHP Version: master-Git-2021-07-14 (Git) OS: Ubuntu 20.04
Private report: No CVE-ID: None
 [2021-07-14 03:17 UTC] hao dot sun at arm dot com
Description:
------------
I suppose tracing JIT is tested by the "community_job.yml" in Azure pipeline in upstream. I further tested with functional JIT.

This error is found when running the PHPUnit with functional JIT, i.e. opcache.jit=1205, in NTS+DEBUG+HYBRID+ASAN. It occurred in both JIT/arm64 and JIT/x86. Here is the ASAN output. From the log, it seems that the result of PHP_FUNCTION "tempnam" is not freed in some case.


=================================================================
==11079==ERROR: LeakSanitizer: detected memory leaksDirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f1647defbc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
    #1 0x5623294a7af7 in __zend_malloc /tmp/php-src/Zend/zend_alloc.c:3043
    #2 0x5623294a6045 in tracked_malloc /tmp/php-src/Zend/zend_alloc.c:2746
    #3 0x5623294a4bfa in _malloc_custom /tmp/php-src/Zend/zend_alloc.c:2419
    #4 0x5623294a4fc6 in _emalloc /tmp/php-src/Zend/zend_alloc.c:2538
    #5 0x5623293d306d in zend_string_alloc /tmp/php-src/Zend/zend_string.h:141
    #6 0x5623293d3165 in zend_string_init /tmp/php-src/Zend/zend_string.h:163
    #7 0x5623293d3684 in php_do_open_temporary_file /tmp/php-src/main/php_open_temporary_file.c:193
    #8 0x5623293d4000 in php_open_temporary_fd_ex /tmp/php-src/main/php_open_temporary_file.c:316
    #9 0x562328fbc434 in zif_tempnam /tmp/php-src/ext/standard/file.c:843
    #10 0x4a04acac  (<unknown module>)
    #11 0x56232975f698 in zend_execute /tmp/php-src/Zend/zend_vm_execute.h:59034
    #12 0x562329552116 in zend_execute_scripts /tmp/php-src/Zend/zend.c:1791
    #13 0x5623293990d8 in php_execute_script /tmp/php-src/main/main.c:2523
    #14 0x562329939602 in do_cli /tmp/php-src/sapi/cli/php_cli.c:965
    #15 0x56232993bd67 in main /tmp/php-src/sapi/cli/php_cli.c:1366
    #16 0x7f1645d900b2 in __libc_start_main (/usr/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
SUMMARY: AddressSanitizer: 48 byte(s) leaked in 1 allocation(s).


Note-1: this bug didn't occur in php-8.1.0alpha3.
Note-2: Yesterday, I thought this bug was fixed after the commit 989205e95cde4c43b562148a5 with the following message.

--------
[Tue Jul 13 04:06:40 2021]  Script:  '/tmp/php-oss/phpunit/phpunit'
/tmp/php-src/Zend/zend_string.h(141) :  Freeing 0x00007f8a82b729b0 (48 bytes), script=/tmp/php-oss/phpunit/phpunit
=== Total 1 memory leaks detected ===

--------
commit 989205e95cde4c43b562148a5f35fe32bb7af3da
Author: Nikita Popov <nikita.ppv@gmail.com>
Date:   Mon Jul 12 16:56:00 2021 +0200    Remove incorrect uses of zend_atoi()    zend_atoi() parses integers with size suffixes (like "128M").
    These just want to use a plain number, so use ZEND_ATOL instead. Zend/zend.c           | 2 +-
 Zend/zend_alloc.c     | 6 +++---
 ext/session/session.c | 3 +--
 sapi/cli/php_cli.c    | 2 +-
 4 files changed, 6 insertions(+), 7 deletions(-)



But this bug showed up again with the latest code.

--------
commit 95da6e807a948039d3a42defbd849c4fed6cbe35
Merge: d550c848 88d6fbe0
Author: Derick Rethans <github@derickrethans.nl>
Date:   Tue Jul 13 17:21:54 2021 +0100

    Merge branch 'PHP-8.0'

Test script:
---------------
Following the "community_job.xml", download PHPUnit test case and run "php ./phpunit".


The version of PHPUnit I used is 

--------
commit 40d747f72010bcb9d68b9781756d3d96481d4292
Author: Sebastian Bergmann <sb@sebastian-bergmann.de>
Date:   Tue Jul 13 08:42:57 2021 +0200

    Sync with https://github.com/sebastianbergmann/type/commit/63aee82dc152c48b7633f57f037914bfd9531878


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-07-20 18:05 UTC] dmitry@php.net
The reduced test case:

<?php
eval('class B {}');
class A extends B {
    private ?string $x = null;

    public function foo($a) {
        if (!($this->x = str_repeat($a, 5))) {
	        throw new Exception('ops');
        }
        var_dump($this->x);
        $this->x = null;
    }
}

$a = new A;
$a->foo('a');
$a->foo('b');
?>
 [2021-07-20 19:18 UTC] git@php.net
Automatic comment on behalf of dstogov
Revision: https://github.com/php/php-src/commit/02acc5ad3b806b7b17409be8eedf0cecbc27a00a
Log: Fixed Bug #81255 (Memory leak in PHPUnit with functional JIT)
 [2021-07-20 19:18 UTC] git@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 05 01:01:30 2024 UTC