Edit report at http://bugs.php.net/bug.php?id=46311&edit=1
ID: 46311 Comment by: mabi at gentoo dot org Reported by: anton at samba dot org Summary: Pointer aliasing issue results in miscompile on gcc4.4 Status: Assigned Type: Bug Package: Compile Failure Operating System: RHEL5.2 / PowerPC64 PHP Version: 5.2.9 Assigned To: dmitry New Comment: There are Gentoo downstream bugs related to this issue: https://bugs.gentoo.org/show_bug.cgi?id=295682 https://bugs.gentoo.org/show_bug.cgi?id=329753 I'd love to see this fixed upstream, but will ship a custom patch to get this more testing shortly. Previous Comments: ------------------------------------------------------------------------ [2008-10-16 09:35:17] johan...@php.net Dmitry, can you check this? ------------------------------------------------------------------------ [2008-10-16 05:54:12] anton at samba dot org To clarify... the Zend code reads via zval *, not long *. The cut down test case I submitted was simplified to use a long *. ------------------------------------------------------------------------ [2008-10-16 03:20:35] anton at samba dot org I can't work out how to attach things in this tool. Here is a copy and paste of it and a non whitespace damaged version can be found at: http://ozlabs.org/~anton/junkcode/php_fix_aliasing.patch Index: php-5.2.6/Zend/zend_execute.h =================================================================== --- php-5.2.6.orig/Zend/zend_execute.h 2007-12-31 02:20:02.000000000 -0500 +++ php-5.2.6/Zend/zend_execute.h 2008-10-15 23:03:01.000000000 -0400 @@ -150,7 +150,7 @@ EG(argument_stack).top -= (delete_count+2); while (--delete_count>=0) { - zval *q = *(zval **)(--p); + zval *q = *(--p); *p = NULL; zval_ptr_dtor(&q); } ------------------------------------------------------------------------ [2008-10-16 03:16:05] anton at samba dot org Description: ------------ A recent checkout of gcc4.4 miscompiles php on PowerPC64. The following function reads from p via long * and stores to p via void * which violates aliasing rules: static inline void zend_ptr_stack_clear_multiple(TSRMLS_D) { void **p = EG(argument_stack).top_element-2; int delete_count = (int)(zend_uintptr_t) *p; EG(argument_stack).top -= (delete_count+2); while (--delete_count>=0) { zval *q = *(zval **)(--p); *p = NULL; zval_ptr_dtor(&q); } EG(argument_stack).top_element = p; } More details can be found at: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37824 We can remove the (zval **) cast so that we read and write via void *p and fix the aliasing issue. I will attach a patch. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=46311&edit=1
