Edit report at https://bugs.php.net/bug.php?id=62358&edit=1
ID: 62358 Updated by: larue...@php.net Reported by: maciej dot sz at gmail dot com Summary: Segfault when using traits a lot Status: Assigned Type: Bug Package: Reproducible crash Operating System: Linux 3.2.0-25-generic Ubuntu PHP Version: 5.4.4 Assigned To: laruence Block user comment: N Private report: N New Comment: thanks very much. I will try to reproduce it locally Previous Comments: ------------------------------------------------------------------------ [2012-08-20 16:37:44] maciej dot sz at gmail dot com The code is here: http://oxio.pl/php54crash/oxio-framework-snap01.tar.gz It's quite large, and requires PHPUnit (I'm using 3.6.12). First run unit-tests/prepare-data.sh and then unit-tests/run.sh Please let me know if the segfault occurred on your machine. Also notice the printed fragment in file core/oxio/struct/config/Cfg.php:493-498 It was at time when I was playing with this fragment when it crashed. There is also something wrong there, as you can see the dump of the array shows that element 'max' is present (NULL value, but present), but when checking the array with isset($_elements['max']) it returns FALSE. It might be related as it seems to be a problem with adressing the memory. The code: var_dump($this->_elements); var_dump($this->_elements['max']); var_dump(isset($this->_elements['max'])); Outputs: array(4) { ["min"]=> int(3) ["max"]=> NULL ["min_or_equal"]=> bool(true) ["max_or_equal"]=> bool(true) } NULL bool(false) <-- ???? ------------------------------------------------------------------------ [2012-08-20 16:36:55] maciej dot sz at gmail dot com Program received signal SIGSEGV, Segmentation fault. 0x000000000094e37d in zend_get_function_declaration (fptr=0x1a6f7a0) at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3052 3052 memcpy(offset, fptr->common.scope->name, fptr->common.scope->name_length); (gdb) bt #0 0x000000000094e37d in zend_get_function_declaration (fptr=0x1a6f7a0) at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3052 #1 0x000000000094f37b in do_inheritance_check_on_method (child=0x1ab5d00, parent=0x1a7edb0) at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3263 (...) (gdb) frame 1 #1 0x000000000094f37b in do_inheritance_check_on_method (child=0x1ab5d00, parent=0x1a7edb0) at /home/maciek/Downloads/php-5.4.6RC1/Zend/zend_compile.c:3263 3263 zend_error(E_COMPILE_ERROR, "Declaration of %s::%s() must be compatible with %s", ZEND_FN_SCOPE_NAME(child), child->common.function_name, zend_get_function_declaration(child->common.prototype? child->common.prototype : parent TSRMLS_CC)); (gdb) p *child $1 = {type = 2 '\002', common = {type = 2 '\002', function_name = 0x1ab5af0 "addTlItem", scope = 0x1ab5760, fn_flags = 134283520, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1ab6100}, op_array = {type = 2 '\002', function_name = 0x1ab5af0 "addTlItem", scope = 0x1ab5760, fn_flags = 134283520, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1ab6100, refcount = 0x1a7c650, opcodes = 0x1ad5ad8, last = 35, vars = 0x1ab5ea8, last_var = 7, T = 22, brk_cont_array = 0x19ffa18, last_brk_cont = 1, try_catch_array = 0x0, last_try_catch = 0, static_variables = 0x0, this_var = 6, filename = 0x7ffff01935c0 "/usr/share/php/PHPUnit/Framework/MockObject/Generator.php(218) : eval()'d code", line_start = 11, line_end = 31, doc_comment = 0x0, doc_comment_len = 0, early_binding = 4294967295, literals = 0x1ab6298, last_literal = 16, run_time_cache = 0x0, last_cache_slot = 7, reserved = {0x0, 0x0, 0x0, 0x0}}, internal_function = {type = 2 '\002', function_name = 0x1ab5af0 "addTlItem", scope = 0x1ab5760, fn_flags = 134283520, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1ab6100, handler = 0x1a7c650, module = 0x1ad5ad8}} (gdb) p *parent $2 = {type = 2 '\002', common = {type = 2 '\002', function_name = 0x1a83f80 "addTlItem", scope = 0x1a635c8, fn_flags = 134283528, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1a84338}, op_array = {type = 2 '\002', function_name = 0x1a83f80 "addTlItem", scope = 0x1a635c8, fn_flags = 134283528, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1a84338, refcount = 0x1a85760, opcodes = 0x1a882a8, last = 25, vars = 0x1a87810, last_var = 3, T = 16, brk_cont_array = 0x0, last_brk_cont = 0, try_catch_array = 0x0, last_try_catch = 0, static_variables = 0x0, this_var = 2, filename = 0x1a6f0e0 "/home/www/workspace/oxio-framework/core/oxio/tl/TElement.php", line_start = 248, line_end = 260, doc_comment = 0x19eb7b0 "/**\n * Adds a translation item.\n *\n * @param Item $TlItem\n * @return IElement Self instance.\n * @throws \\oxio\\frame\\exc\\EElementAlreadyExists When an item of given\n * part name"..., doc_comment_len = 224, early_binding = 4294967295, literals = 0x1a893e8, last_literal = 17, run_time_cache = 0x0, last_cache_slot = 9, reserved = {0x0, 0x0, 0x0, 0x0}}, internal_function = {type = 2 '\002', function_name = 0x1a83f80 "addTlItem", scope = 0x1a635c8, fn_flags = 134283528, prototype = 0x1a6f7a0, num_args = 1, required_num_args = 1, arg_info = 0x1a84338, handler = 0x1a85760, module = 0x1a882a8}} ------------------------------------------------------------------------ [2012-08-20 15:16:25] larue...@php.net thanks, btw, from the backtrace seems you are playing with reflection ext, but the test script you provide doesn't so, could you please provide us the exact test script you use? thanks ------------------------------------------------------------------------ [2012-08-20 15:12:32] maciej dot sz at gmail dot com I could, until I restarted computer to check if it's still there... Now it crashes running from bash, but not from gdb console. I'll get back to you as soon as it occur again. ------------------------------------------------------------------------ [2012-08-20 14:58:29] larue...@php.net if yes, could you please also print the child and parent out in frame 1 ? it will be very helpful.. thanks ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62358 -- Edit this bug report at https://bugs.php.net/bug.php?id=62358&edit=1
