Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PHP crashes when extension was compiled using -O option #145

Open
pbiggar opened this issue Jun 3, 2015 · 11 comments
Open

PHP crashes when extension was compiled using -O option #145

pbiggar opened this issue Jun 3, 2015 · 11 comments

Comments

@pbiggar
Copy link
Owner

pbiggar commented Jun 3, 2015


What steps will reproduce the problem?
1. use helloworld example, compile with
phc --extension=helloworld -O2 --generate-c helloworld.php  >ext/helloworld.c

2. create the .m4 file as in phc documention and start
phpize5 --with-php-config=/usr/bin/php-config5

(note: phpize5 and php-config5 are the ones from the distribution, not the ones from
the php installation used to compile phc)

3. ./configure --enable-helloworld

4. make then copy the helloworld.so to the correct extension directory

5. enable in php.ini with extension="helloworld.so"

6. start with __MAIN__ (); in a php script

==> segmentation fault, php crashes, webserver offering php script for download

if the -O switch is not used in step 1 everything works fine. I tested -O0 -O1 -O2
-O3, allways crashing php.


environment used:
Debian Lenny latest patch level (2011-08-04): Apache2, php 5.2.3
phc was installed as in your documention using the latest php download, 5.2.17. phc
is from svn download


the reason why i am trying the -O option is the hope for improved speed.



many thanks to the PHC team for this great tool, please keep maintaining and improving
it!!


Original issue reported on code.google.com by ulrich.j.meier on 2011-08-06 13:07:54

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

Ooooh, tricky bug. What we need here is a backtrace.

Can you compile ext/helloworld.c with -g, and run apache and mod_php under gdb? (I
confess I don't know exactly how to do the latter, but Google probably will.) Then
type "backtrace" and it should give you a stack trace.

It's possible, though unlikely, that phc's optimizer is what is breaking this. If so,
I recommend that you compile without using phc's optimizer, but still using gcc's optimizer
in step 4.

Original issue reported on code.google.com by paul.biggar on 2011-08-06 17:03:13

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

sorry to answer this late...

I created the backtrace using the howto in /usr/share/doc/apache2.2-common/README.backtrace

<snip>

Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
[New process 31134]
#0  zif___MAIN__ (ht=0, return_value=0x8df28b4, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
    at /srv/www/htdocs/phctest/ext/helloworld.c:961
961   if (Z_ISREF_P(arg))
(gdb) bt full
#0  zif___MAIN__ (ht=0, return_value=0x8df28b4, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=0)
    at /srv/www/htdocs/phctest/ext/helloworld.c:961
    arg = (zval *) 0xb621c088
    rhs = <value optimized out>
    signature = (zend_function *) 0x8b98318
    args = {0xb771587b}
    args_ind = {0xbf8b3630}
    params_save = <value optimized out>
    retval_save = <value optimized out>
    p_lhs = (zval **) 0xb621c088
    local_TLE16 = (zval *) 0x0
    local_TLE14 = (zval *) 0x0
    local_TLE12 = (zval *) 0x0
    local_TLE11 = (zval *) 0x0
    local_TLE10 = (zval *) 0x0
#1  0xb6574a91 in execute_internal (execute_data_ptr=0xbf8b37fc, return_value_used=0)
    at /build/buildd-php5_5.2.6.dfsg.1-1+lenny13-i386-rXrYSv/php5-5.2.6.dfsg.1/Zend/zend_execute.c:1373
    execute_data_ptr = (zend_execute_data *) 0xb621c088
    return_value_used = -1239302008
#2  0xb61f35f8 in xdebug_execute_internal (current_execute_data=0xbf8b37fc, return_value_used=0)
    at /build/buildd/xdebug-2.0.3/build-php5/xdebug.c:1605
    edata = (zend_execute_data *) 0xbf8b37fc
    fse = (function_stack_entry *) 0x8ee2ab0
    cur_opcode = (zend_op *) 0x9cf17326
    do_return = 0
    function_nr = 1
#3  0xb40b8373 in ?? () from /usr/lib/php5/20060613+lfs/suhosin.so
No symbol table info available.
#4  0xbf8b37fc in ?? ()
No symbol table info available.
#5  0x00000000 in ?? ()
No symbol table info available.

</snip>


Original issue reported on code.google.com by ulrich.j.meier on 2011-08-08 08:37:24

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

Hey, can you also:

- attach helloworld.c
- try the last thing I suggested in comment 1 and tell me if it works.

Thanks!

Original issue reported on code.google.com by paul.biggar on 2011-08-08 16:07:40

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

attached the source of helloworld.php and the c-code generated without any option (helloworld.c)
and with option -O2 (helloworld_o2.c)

sorry not having included the result of your recommendation:
the make file starting gcc allways compiles with -O2, no matter what -O option is given
to phc.(discoverd yesterday...) => all my tests were with gcc -O2 option set. 


Thank you very much for your time and work!

PS: I will experiment today with PHP 5.3.3 (Debian Squeeze) and will then again reinstall
PHC on my Debian Lenny machine. I fear that the PHP configure options (of the system
used to compile phc) where not 100% identical to the ones of the target webserver

Original issue reported on code.google.com by ulrich.j.meier on 2011-08-09 06:59:51


- _Attachment: [helloworld.php](https://storage.googleapis.com/google-code-attachments/phc/issue-136/comment-4/helloworld.php)_ - _Attachment: [helloworld_o2.c](https://storage.googleapis.com/google-code-attachments/phc/issue-136/comment-4/helloworld_o2.c)_ - _Attachment: [helloworld.c](https://storage.googleapis.com/google-code-attachments/phc/issue-136/comment-4/helloworld.c)_

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

tried to install with Debian Squeeze (PHP 5.3.3) installed as apt-get source and from
the tar.gz... PHP install ok, meaning make, make install with no errors, prefix used=/usr/local
BUT: ./configure of PHC failed (message: embed seems not to be installed, --with-php=/usr/local
does not help)
?? Is PHP 5.3.5 working, must the php version used to compile phc exaclty match the
php version of the target webserver? Can extensions compile with 5.3.3 be used in webservers
using PHP 5.3.3?

---------
tried the same on Debian Lenny with PHP 5.2.6, same result, same message
=> now I not even have one PHC installation anymore :-((


ANY HELP is greatly appreciated!


-------------------
PHP 5.2.6 try
config.log attached
php-config:
root@nuts:/usr/src/phc_svn/phc-read-only# /usr/local/bin/php-config
Usage: /usr/local/bin/php-config [OPTION]
Options:
  --prefix            [/usr/local]
  --includes          [-I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM
-I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib]
  --ldflags           []
  --libs              [-lcrypt   -lz -lcrypt -lrt -lssl -lcrypto -ldb-4.6 -lbz2 -lz
-lpcre -lssl -lcrypto -lresolv -lm -ldl -lnsl  -lxml2 -lgssapi_krb5 -lkrb5 -lk5crypto
-lcom_err -lxml2 -lxml2 -lxml2 -lcrypt -lxml2 -lxml2 -lxml2 -lxml2 -lcrypt ]
  --extension-dir     [/usr/local/lib/php/20060613]
  --include-dir       [/usr/local/include/php]
  --php-binary        [/usr/local/bin/php]
  --php-sapis         [cli embed]
  --configure-options [--prefix=/usr/local --enable-embed --with-apxs2=/usr/bin/apxs2
--with-config-file-path=/etc/php5/apache2 --with-config-file-scan-dir=/etc/php5/apache2/conf.d
--build=i486-linux-gnu --host=i486-linux-gnu --mandir=/usr/share/man --enable-memory-limit
--disable-debug --with-regex=php --disable-rpath --disable-static --with-pic --with-layout=GNU
--with-pear=/usr/share/php --enable-calendar --enable-sysvsem --enable-sysvshm --enable-sysvmsg
--enable-track-vars --enable-trans-sid --enable-bcmath --with-bz2 --enable-ctype --with-db4
--without-gdbm --with-iconv --enable-exif --enable-filepro --enable-ftp --with-gettext
--enable-mbstring --with-pcre-regex=/usr --enable-shmop --enable-sockets --enable-wddx
--with-libxml-dir=/usr --with-zlib --with-kerberos=/usr --with-openssl=/usr --enable-dbx
--enable-soap --enable-zip --with-mime-magic=/usr/share/file/magic.mime --with-exec-dir=/usr/lib/php5/libexec
--with-system-tzdata --without-mm --with-curl=shared,/usr --with-zlib-dir=/usr --with-gd=shared,/usr
--enable-gd-native-ttf --with-gmp=shared,/usr --with-jpeg-dir=shared,/usr --with-xpm-dir=shared,/usr/X11R6
--with-png-dir=shared,/usr --with-freetype-dir=shared,/usr --with-imap=shared,/usr
--with-imap-ssl --with-interbase=shared,/usr --with-pdo-firebird=shared,/usr --with-ttf=shared,/usr
--with-t1lib=shared,/usr --with-ldap=shared,/usr --with-ldap-sasl=/usr --with-mcrypt=shared,/usr
--with-mhash=shared,/usr --with-mysql=shared,/usr --with-mysqli=shared,/usr/bin/mysql_config
--with-pspell=shared,/usr --with-unixODBC=shared,/usr --with-xsl=shared,/usr --with-snmp=shared,/usr
--with-sqlite=shared,/usr --with-tidy=shared,/usr --with-xmlrpc=shared --with-pgsql=shared,/usr]
  --version           [5.2.6]
  --vernum            [50206]

-------------

Original issue reported on code.google.com by ulrich.j.meier on 2011-08-09 11:24:18


- _Attachment: [config.log](https://storage.googleapis.com/google-code-attachments/phc/issue-136/comment-5/config.log)_

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

It looks like either the refcount is being lowered too low, or that there is a problem
due to using multiple different APIs. I can't really tell if it's the first, and would
need a stack trace from an unoptimized debug build (ie, turn off -O2). For the latter,
I would suggest trying it without Suhosin, and see if that works.

Original issue reported on code.google.com by paul.biggar on 2011-08-10 18:16:29

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

I managed to install on Lenny with the PHP 5.2.6 from PHP.NET. The configure parameters
were as described in the phc manual; however they do not match the running webserver.
Building phc ok, without any errors.

Compiled helloworld.php, tested with and without the -O option. The error is reproduced.

As you recomended in Comment 6, i disabled the Suhosin extension - to remove the Suhosin
patch included in the Debian PHP5 packet was not done.

The resulting stack trace is now different to the last, maybe that helps:

Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
[New process 9461]
#0  0xb6184cf3 in zif___MAIN__ () from /usr/lib/php5/20060613+lfs/helloworld.so
(gdb) bf full
Undefined command: "bf".  Try "help".
(gdb) bt full
#0  0xb6184cf3 in zif___MAIN__ () from /usr/lib/php5/20060613+lfs/helloworld.so
No locals.
#1  0xb6566a91 in execute_internal (execute_data_ptr=0xbfb1025c, return_value_used=0)
    at /build/buildd-php5_5.2.6.dfsg.1-1+lenny13-i386-rXrYSv/php5-5.2.6.dfsg.1/Zend/zend_execute.c:1373
    execute_data_ptr = (zend_execute_data *) 0x9a672b0
    return_value_used = 161903280
#2  0xb61e55f8 in xdebug_execute_internal (current_execute_data=0xbfb1025c, return_value_used=0)
    at /build/buildd/xdebug-2.0.3/build-php5/xdebug.c:1605
    edata = (zend_execute_data *) 0xbfb1025c
    fse = (function_stack_entry *) 0x9dad518
    cur_opcode = (zend_op *) 0x9cbfb70
    do_return = 0
    function_nr = 1
#3  0xb657f8d0 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfb1025c)
    at /build/buildd-php5_5.2.6.dfsg.1-1+lenny13-i386-rXrYSv/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:202
    return_reference = 0 '\0'
    opline = (zend_op *) 0x9cbfcdc
    original_return_value = (zval **) 0x9ca81b0
    current_scope = (zend_class_entry *) 0x0
    current_this = (zval *) 0x0
    return_value_used = 0
    should_change_scope = 0 '\0'
#4  0xb656b0e0 in execute (op_array=0x9cbf858)
    at /build/buildd-php5_5.2.6.dfsg.1-1+lenny13-i386-rXrYSv/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
    execute_data = {opline = 0x9cbfcdc, function_state = {function_symbol_table = 0x31,
function = 0x9b03c58, 
    reserved = {0xb755e795, 0x0, 0x9dad250, 0xb7644160}}, fbc = 0x0, op_array = 0x9cbf858,
object = 0x0, 
  Ts = 0xbfb10230, CVs = 0xbfb10220, original_in_execution = 0 '\0', symbol_table =
0xb67c6970, 
  prev_execute_data = 0x0, old_error_reporting = 0x0}
#5  0xb61e529d in xdebug_execute (op_array=0x9cbf858) at /build/buildd/xdebug-2.0.3/build-php5/xdebug.c:1541
    dummy = (zval **) 0x9cbfb28
    edata = (zend_execute_data *) 0x0
    fse = (function_stack_entry *) 0x9dad250
    xfse = (function_stack_entry *) 0xb679b78c
    magic_cookie = 0x0
    do_return = 0
    function_nr = 0
    le = (xdebug_llist_element *) 0xb6525c5b
    eval_id = 0
#6  0xb6545820 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /build/buildd-php5_5.2.6.dfsg.1-1+lenny13-i386-rXrYSv/php5-5.2.6.dfsg.1/Zend/zend.c:1215
    files = 0xbfb103a4 ""
    i = 1
    file_handle = (zend_file_handle *) 0xbfb1025c
    orig_op_array = (zend_op_array *) 0x0
    orig_retval_ptr_ptr = (zval **) 0x0
    local_retval = (zval *) 0x0
#7  0xb64fb743 in php_execute_script (primary_file=0xbfb12598)
    at /build/buildd-php5_5.2.6.dfsg.1-1+lenny13-i386-rXrYSv/php5-5.2.6.dfsg.1/main/main.c:2028
    __orig_bailout = (jmp_buf *) 0xbfb124fc
    __bailout = {{__jmpbuf = {-1233537140, -1233360736, -1078909804, -1078909752, 1980178561,
-1955840878}, 
    __mask_was_saved = 0, __saved_mask = {__val = 0x1c}}}
    prepend_file_p = (zend_file_handle *) 0x0
    append_file_p = (zend_file_handle *) 0x0
    prepend_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0,
fp = 0x0, stream = {
      handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename
= 0 '\0'}
    append_file = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0,
fp = 0x0, stream = {
      handle = 0x0, reader = 0, closer = 0, fteller = 0, interactive = 0}}, free_filename
= 0 '\0'}
    retval = 0
#8  0xb65bd910 in php_handler (r=0x9cf6ce0)
48
    __bailout = {{__jmpbuf = {-1233537140, 161048648, 164588768, -1078909464, 1984536705,
-1549188974}, 
    __mask_was_saved = 0, __saved_mask = {__val = 0x1c}}}
    ctx = (php_struct *) 0x9cf8c10
    conf = (void *) 0x988f520
    brigade = (apr_bucket_brigade *) 0x9cff470
    bucket = (apr_bucket *) 0x9a672b0
    rv = 161903280
    parent_req = (request_rec *) 0x0
#9  0x0807a239 in ap_run_handler (r=0x9cf6ce0) at /tmp/buildd/apache2-2.2.9/server/config.c:158
    n = 6
    rv = -1239910296
#10 0x0807d651 in ap_invoke_handler (r=0x9cf6ce0) at /tmp/buildd/apache2-2.2.9/server/config.c:373
    handler = 0x9996830 "application/x-httpd-php"
    result = 161048624
    old_handler = 0x0
    ignore = <value optimized out>
#11 0x0808b0d6 in ap_process_request (r=0x9cf6ce0) at /tmp/buildd/apache2-2.2.9/modules/http/http_request.c:258
    access_status = 161903280
#12 0x08088208 in ap_process_http_connection (c=0x9cf0c78)
    at /tmp/buildd/apache2-2.2.9/modules/http/http_core.c:190
    r = (request_rec *) 0x9cf6ce0
    csd = (apr_socket_t *) 0x0
#13 0x08081669 in ap_run_process_connection (c=0x9cf0c78) at /tmp/buildd/apache2-2.2.9/server/connection.c:43
    n = 1
    rv = -1239910296
#14 0x0808fd04 in child_main (child_num_arg=<value optimized out>)
    at /tmp/buildd/apache2-2.2.9/server/mpm/prefork/prefork.c:680
    current_conn = <value optimized out>
    csd = (void *) 0x9cf0ae0
    ptrans = (apr_pool_t *) 0x9cf0aa8
    allocator = (apr_allocator_t *) 0x9ceea18
    status = <value optimized out>
    i = <value optimized out>
    lr = <value optimized out>
    pollset = (apr_pollset_t *) 0x9ceeb40
    sbh = (ap_sb_handle_t *) 0x9ceeb38
    bucket_alloc = (apr_bucket_alloc_t *) 0x9cf4ca0
    last_poll_idx = 1
#15 0x080900e3 in make_child (s=0x97d9908, slot=0) at /tmp/buildd/apache2-2.2.9/server/mpm/prefork/prefork.c:777
No locals.
#16 0x0809076a in ap_mpm_run (_pconf=0x97d50c8, plog=0x9807190, s=0x97d9908)
    at /tmp/buildd/apache2-2.2.9/server/mpm/prefork/prefork.c:795
    index = <value optimized out>
    remaining_children_to_start = 5
    rv = <value optimized out>
#17 0x08066f10 in main (argc=Cannot access memory at address 0x0
) at /tmp/buildd/apache2-2.2.9/server/main.c:732
    c = 0 '\0'
    configtestonly = 0
    confname = 0x80929e6 "/etc/apache2/apache2.conf"
    def_server_root = 0x809ab10 ""
    temp_error_log = 0x0
    error = <value optimized out>
    process = (process_rec *) 0x97d3140
    server_conf = (server_rec *) 0x97d9908
    pglobal = (apr_pool_t *) 0x97d30c0
    pconf = (apr_pool_t *) 0x97d50c8
    plog = (apr_pool_t *) 0x9807190
    ptemp = (apr_pool_t *) 0x980e1a8
    pcommands = (apr_pool_t *) 0x97d70d0
    opt = (apr_getopt_t *) 0x97d7168
    rv = <value optimized out>
    mod = <value optimized out>
    optarg = 0xb6d8bd10 "\001"
Current language:  auto; currently asm
(gdb) 



Original issue reported on code.google.com by ulrich.j.meier on 2011-08-11 07:28:05

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

The latest stack trace is missing debug info from helloworld.so. That's the important
bit (in particular, line numbers).

Original issue reported on code.google.com by paul.biggar on 2011-08-12 17:56:58

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

sorry, missed a compile option...
I will add a stack dump as soon as I am back in the office end of next week (I am on
a project abroad)

Original issue reported on code.google.com by ulrich.j.meier on 2011-08-13 21:37:03

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

read again your comment 6, not sure what is required:

which part should not be optimized?
a) PHP 5.2
b) PHC
c) Helloworld.c (manually removing gcc compile option -Ox in the make file)


Original issue reported on code.google.com by ulrich.j.meier on 2011-08-19 10:08:57

@pbiggar
Copy link
Owner Author

pbiggar commented Jun 3, 2015

c).

As well as not being optimized, it should be compiled with debugging (-g).

Original issue reported on code.google.com by paul.biggar on 2011-08-22 08:37:42

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant