Edit report at https://bugs.php.net/bug.php?id=62358&edit=1
ID: 62358 Updated by: larue...@php.net Reported by: maciej dot sz at gmail dot com Summary: Segfault when using traits a lot -Status: Assigned +Status: Feedback Type: Bug Package: Reproducible crash Operating System: Linux 3.2.0-25-generic Ubuntu PHP Version: 5.4.4 Assigned To: laruence Block user comment: N Private report: N New Comment: Please try using this snapshot: http://snaps.php.net/php-trunk-latest.tar.gz For Windows: http://windows.php.net/snapshots/ thanks very much for your help, I finally find the reason, please try with the latest snapshot Previous Comments: ------------------------------------------------------------------------ [2012-08-23 07:41:04] larue...@php.net Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=6d1bebfcb0ad746cd0410d403a3812853a2cd457 Log: Fixed bug #62358 (Segfault when using traits a lot) ------------------------------------------------------------------------ [2012-08-22 15:28:40] maciej dot sz at gmail dot com Any luck reproducing the bug? If no please try this one: http://oxio.pl/php54crash/oxio-framework-snap02.tar.gz I was able to reproduce it with this code on 3 different machines (2 Ubuntu and 1 FreeBSD). Also the set-up of the script should be easier than in the previous one. And btw sorry about that last comment regarding null-value array item, just ignore it. My mind was off trying to find some kind of connection. ------------------------------------------------------------------------ [2012-08-21 03:54:00] larue...@php.net thanks very much. I will try to reproduce it locally ------------------------------------------------------------------------ [2012-08-20 16:37:44] maciej dot sz at gmail dot com The code is here: http://oxio.pl/php54crash/oxio-framework-snap01.tar.gz It's quite large, and requires PHPUnit (I'm using 3.6.12). First run unit-tests/prepare-data.sh and then unit-tests/run.sh Please let me know if the segfault occurred on your machine. Also notice the printed fragment in file core/oxio/struct/config/Cfg.php:493-498 It was at time when I was playing with this fragment when it crashed. There is also something wrong there, as you can see the dump of the array shows that element 'max' is present (NULL value, but present), but when checking the array with isset($_elements['max']) it returns FALSE. It might be related as it seems to be a problem with adressing the memory. The code: var_dump($this->_elements); var_dump($this->_elements['max']); var_dump(isset($this->_elements['max'])); Outputs: array(4) { ["min"]=> int(3) ["max"]=> NULL ["min_or_equal"]=> bool(true) ["max_or_equal"]=> bool(true) } NULL bool(false) <-- ???? ------------------------------------------------------------------------ [2012-08-20 16:36:55] maciej dot sz at gmail dot com Program received signal SIGSEGV, Segmentation fault. 0x000000000094e37d in zend_get_function_declaration (fptr=0x1a6f7a0) at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3052 3052 memcpy(offset, fptr->common.scope->name, fptr->common.scope->name_length); (gdb) bt #0 0x000000000094e37d in zend_get_function_declaration (fptr=0x1a6f7a0) at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3052 #1 0x000000000094f37b in do_inheritance_check_on_method (child=0x1ab5d00, parent=0x1a7edb0) at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3263 (...) (gdb) frame 1 #1 0x000000000094f37b in do_inheritance_check_on_method (child=0x1ab5d00, parent=0x1a7edb0) at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3263 3263 zend_error(E_COMPILE_ERROR, "Declaration of %s::%s() must be compatible with %s", ZEND_FN_SCOPE_NAME(child), child->common.function_name, zend_get_function_declaration(child->common.prototype? child->common.prototype : parent TSRMLS_CC)); (gdb) p *child $1 = {type = 2 '\002', common = {type = 2 '\002', function_name = 0x1ab5af0 "addTlItem", scope = 0x1ab5760, fn_flags = 134283520, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1ab6100}, op_array = {type = 2 '\002', function_name = 0x1ab5af0 "addTlItem", scope = 0x1ab5760, fn_flags = 134283520, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1ab6100, refcount = 0x1a7c650, opcodes = 0x1ad5ad8, last = 35, vars = 0x1ab5ea8, last_var = 7, T = 22, brk_cont_array = 0x19ffa18, last_brk_cont = 1, try_catch_array = 0x0, last_try_catch = 0, static_variables = 0x0, this_var = 6, filename = 0x7ffff01935c0 "/usr/share/php/PHPUnit/Framework/MockObject/Generator.php(218) : eval()'d code", line_start = 11, line_end = 31, doc_comment = 0x0, doc_comment_len = 0, early_binding = 4294967295, literals = 0x1ab6298, last_literal = 16, run_time_cache = 0x0, last_cache_slot = 7, reserved = {0x0, 0x0, 0x0, 0x0}}, internal_function = {type = 2 '\002', function_name = 0x1ab5af0 "addTlItem", scope = 0x1ab5760, fn_flags = 134283520, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1ab6100, handler = 0x1a7c650, module = 0x1ad5ad8}} (gdb) p *parent $2 = {type = 2 '\002', common = {type = 2 '\002', function_name = 0x1a83f80 "addTlItem", scope = 0x1a635c8, fn_flags = 134283528, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1a84338}, op_array = {type = 2 '\002', function_name = 0x1a83f80 "addTlItem", scope = 0x1a635c8, fn_flags = 134283528, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1a84338, refcount = 0x1a85760, opcodes = 0x1a882a8, last = 25, vars = 0x1a87810, last_var = 3, T = 16, brk_cont_array = 0x0, last_brk_cont = 0, try_catch_array = 0x0, last_try_catch = 0, static_variables = 0x0, this_var = 2, filename = 0x1a6f0e0 "/home/www/workspace/oxio-framework/core/oxio/tl/TElement.php", line_start = 248, line_end = 260, doc_comment = 0x19eb7b0 "/**\n * Adds a translation item.\n *\n * @param Item $TlItem\n * @return IElement Self instance.\n * @throws \\oxio\\frame\\exc\\EElementAlreadyExists When an item of given\n * part name"..., doc_comment_len = 224, early_binding = 4294967295, literals = 0x1a893e8, last_literal = 17, run_time_cache = 0x0, last_cache_slot = 9, reserved = {0x0, 0x0, 0x0, 0x0}}, internal_function = {type = 2 '\002', function_name = 0x1a83f80 "addTlItem", scope = 0x1a635c8, fn_flags = 134283528, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1a84338, handler = 0x1a85760, module = 0x1a882a8}} ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62358 -- Edit this bug report at https://bugs.php.net/bug.php?id=62358&edit=1
