New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug81577_3.phpt
pcntl with async signals leaks
#10754
Comments
Hi @mvorisek — with bugsnet going to be turned off in the near future, it would be much better of you could reproduce the whole context of the bug here, including the test cases and what you have tried to find and fix the issue. |
@mvorisek Technically the currently voted decision is to still use bugsnet for the old bugs so you should still leave comments there until it is decided otherwise. Although the spam is a bit pain so I would agree with Derick but only if you have some additional useful notes for that or a new way how to reproduce it then it would be more convenient to create a new bug report containing all info. |
The memory leak can be reproduced consistently with https://github.com/php/php-src/blob/master/ext/pcntl/tests/bug81577_3.phpt test and ASAN. The original https://bugs.php.net/bug.php?id=81577 bug report seems to be fixed to no longer segfault but "only leaks memory". |
Memory Leak Root Causearray_merge([1], [2]) + posix_kill(posix_getpid(), SIGTERM); Simply put, the temporary variable returned by Note: in normal program flow, these temporary variables will be used and consumed by later ADD opcode. But with async signal handling, normal execution flow is interrupted and redirected (jmp) to other opcode. Troubleshooting details see below. TroubleshootingThe GDB commands used can be found at #10912. php script<?php
pcntl_async_signals(true);
pcntl_signal(SIGTERM, function ($signo) { throw new Exception("Signal"); });
try {
array_merge([1], [2]) + posix_kill(posix_getpid(), SIGTERM);
} catch (Throwable $ex) {
echo get_class($ex) , " : " , $ex->getMessage() , "\n";
}
?> php opcode dumpV2 is created as array_merge() result. Without async signal handling, V2 is supposed to be consumed/destroyed by later ADD(L0018). $_main:
; (lines=30, args=0, vars=1, tmps=3)
; (after optimizer)
; /home/tony/php-src/ext/pcntl/tests/bug81577_3.php:1-10
0000 INIT_FCALL 1 96 string("pcntl_async_signals")
...
0008 INIT_FCALL 2 112 string("array_merge")
0009 SEND_VAL array(...) 1
0010 SEND_VAL array(...) 2
/** V2 is created as array_merge() result.
* If everything is smooth, V2 is supposed to be consumed/destroyed by later ADD(L0018)
* /
0011 V2 = DO_ICALL
0012 INIT_FCALL 2 112 string("posix_kill")
0013 INIT_FCALL 0 80 string("posix_getpid")
0014 V1 = DO_ICALL # call posix_kill
0015 SEND_VAR V1 1
0016 SEND_VAL int(15) 2
/** V3 is created as posix_kill() result which is also supposed to be destroyed by later ADD(L0018) */
0017 V3 = DO_ICALL
0018 T1 = ADD V2 V3
0019 FREE T1
0020 RETURN int(1) /** $main function exit */
0021 CV0($ex) = CATCH string("Throwable")
0022 T1 = GET_CLASS CV0($ex)
0023 ECHO T1
0024 ECHO string(" : ")
0025 INIT_METHOD_CALL 0 CV0($ex) string("getMessage")
0026 V1 = DO_FCALL
0027 ECHO V1
0028 ECHO string("\n")
0029 RETURN int(1) /** exception handling */
LIVE RANGES:
2: 0012 - 0018 (tmp/var)
EXCEPTION TABLE:
0008, 0021, -, -
{closure}:
; (lines=5, args=1, vars=1, tmps=1)
; (after optimizer)
; /home/tony/php-src/ext/pcntl/tests/bug81577_3.php:3-3
0000 CV0($signo) = RECV 1
0001 V1 = NEW 1 string("Exception")
0002 SEND_VAL_EX string("Signal") 1
0003 DO_FCALL
0004 THROW V1
LIVE RANGES:
1: 0002 - 0004 (new) op_array dump
Async Signal Handling Execution Flow TracingLet's look at op_array dump, after Here is the GDB debug tracing: break at
At program exit, PHP reports memory leak 0x00007ffff08025a0
As for [0x00007ffff0882480], it is memory space used for |
Description
https://github.com/php/php-src/blob/master/ext/pcntl/tests/bug81577_3.phpt
https://bugs.php.net/bug.php?id=81577
Leaks are hard to figure in production, would be great if it could be fixed.
PHP Version
any
Operating System
linux
The text was updated successfully, but these errors were encountered: