php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #81432 JIT bug (tracing mode only) with named arguments
Submitted: 2021-09-12 14:12 UTC Modified: 2021-10-06 17:07 UTC
Votes:4
Avg. Score:4.2 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:3 (75.0%)
From: julien dot boudry at gmail dot com Assigned:
Status: Open Package: JIT
PHP Version: 8.0.11 OS: Windows 10 + Linux (With Docker)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: julien dot boudry at gmail dot com
New email:
PHP Version: OS:

 

 [2021-09-12 14:12 UTC] julien dot boudry at gmail dot com 
Description:
------------
Hello,

I made many attempts to reproduce this bug in a theoretical way with a very easily understandable PHP code. And my efforts did not succeed and it must be used in the context of a rather heavy project.
However, with further effort to reproduce it, it is I believe quite aberrant and easy to see just by following the trace. Since it mixes variables passed to a function call in a totally impossible way.

* Occurs only in opcache.jit=tracing mode, but everything works fine with opcache.jit=function, also works fine without JIT (with opcache enabled or disabled).
* Does not seem to be able to be reproduced without the use of named arguments. If I remove the named argument, everything works fine.
* Sometimes it works fine for no reason. Especially after a first run (but not after a second run) after modifying a file, which seems to point to a cache problem?
* Is not reproducible in PHP 8.1-RC1!
* Happens with 8.0.10 x64 NTS (tested on Windows and Linux (official PHP Docker images on WSL2)

The details and means of reproduction are detailed here: https://github.com/julien-boudry/Condorcet/issues/61

Test script:
---------------
https://github.com/julien-boudry/Condorcet/issues/61

Expected result:
----------------
Same result as without opcache.jit=tracing, not any error.

Actual result:
--------------
PHP Fatal error:  Uncaught TypeError: CondorcetPHP\Condorcet\Result::__construct(): Argument #6 ($seats) must be of type ?int, CondorcetPHP\Condorcet\Election given, called in C:\dev_scripts\Condorcet\lib\Algo\Method.php on line 84 and defined in C:\dev_scripts\Condorcet\lib\Result.php:89
Stack trace:
#0 C:\dev_scripts\Condorcet\lib\Algo\Method.php(84): CondorcetPHP\Condorcet\Result->__construct()
#1 C:\dev_scripts\Condorcet\lib\Algo\Methods\STV\SingleTransferableVote.php(91): CondorcetPHP\Condorcet\Algo\Method->createResult()
#2 C:\dev_scripts\Condorcet\lib\Algo\Method.php(63): CondorcetPHP\Condorcet\Algo\Methods\STV\SingleTransferableVote->compute()
#3 C:\dev_scripts\Condorcet\lib\ElectionProcess\ResultsProcess.php(80): CondorcetPHP\Condorcet\Algo\Method->getResult()
#4 C:\dev_scripts\Condorcet\Dev\bugs\JitBug.php(37): CondorcetPHP\Condorcet\Election->getResult()
#5 {main}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-09-14 12:54 UTC] julien dot boudry at gmail dot com 
Reproduce it easily with Docker Official images:

(from docker image php:8.0.10-cli-bullseye)

apt-get update && apt-get install -qq git

git clone https://github.com/julien-boudry/Condorcet.git

cd Condorcet

#(not necessary today)
git checkout 31093192e8fa21e1

# Working fine
php Dev/bugs/JitBug.php
# OR
php -dzend_extension=opcache -dopcache.enable_cli=1 Dev/bugs/JitBug.php
# OR
php -dzend_extension=opcache -dopcache.enable_cli=1 -dopcache.jit_buffer_size=100M -dopcache.jit=function Dev/bugs/JitBug.php

# Failing
php -dzend_extension=opcache -dopcache.enable_cli=1 -dopcache.jit_buffer_size=100M -dopcache.jit=tracing Dev/bugs/JitBug.php
 [2021-10-06 16:57 UTC] julien dot boudry at gmail dot com
-PHP Version: 8.0.10 +PHP Version: 8.0.11
 [2021-10-06 16:57 UTC] julien dot boudry at gmail dot com 
Still the same with php version 8.0.11
 [2021-10-06 17:07 UTC] nikic@php.net 
This might have been fixed by https://github.com/php/php-src/commit/512dfaba3a15062b447ec02f492f0af8b3e14d2a, which is part of 8.0.12.
 [2021-10-06 21:51 UTC] julien dot boudry at gmail dot com 
I just tested PHP 8.0.12RC1 on windows, the result is still exactly the same.

(and it's always working fine on all 8.1 RC)
 [2021-11-29 09:55 UTC] julien dot boudry at gmail dot com 
Now, the bug happening on 8.1RC6, wich is a regression from the initial bug report (it's was working on 8.1).

I'm beginning to ask if it's not dependent of the computer... (always amd64 under official docker images).
 [2022-12-06 04:27 UTC] austinpatrick711 at gmail dot com 
Thanks to this article I can learn more. Expand my knowledge and abilities. Actually the article is very real.


(https://www.mymilestonecard.ltd/}php.net
 [2022-12-12 06:40 UTC] Howar7445Smith at gmail dot com 
Technically, it think it would be easy enough to allow more things to be passed to ScriptModules (that are already compiled(!)).
It would seem reasonable to me for precisely your usecase. I don't know the origin of the design decision not to allow them, but I imagine that it might be related to the fact that you don't want to allow modules that are currently scripted to take those. 
(As background: Python numbers are constants and the signature of the traced module would not match with that of the module before tracing, which would be bad.)
(https://www.mythdhr.net/)github.com
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 14:01:30 2024 UTC