Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segfault with JIT and large match/switch statements #8030

Closed
therealgaxbo opened this issue Feb 3, 2022 · 4 comments · Fixed by #8961
Closed

Segfault with JIT and large match/switch statements #8030

therealgaxbo opened this issue Feb 3, 2022 · 4 comments · Fixed by #8961

Comments

@therealgaxbo
Copy link

Description

Running this code with the JIT enabled results in a segfault (sometimes I have to run it 2-3 times before it happens): https://gist.github.com/therealgaxbo/5e7b111c994bf932e3e7870ac258babe

$ php -v
PHP 8.0.15 (cli) (built: Jan 18 2022 12:16:19) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.15, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.15, Copyright (c), by Zend Technologies

$ php -n -dzend_extension=/usr/lib64/php/modules/opcache.so -dopcache.enable_cli=1 -dopcache.jit_buffer_size=64M match.php
Segmentation fault (core dumped)

The same result happens with 8.1.2.

This is as minimal as I've managed to make the repro. It seems extremely sensitive to the precise order that the two different match arms are accessed.

A similar segfault happens with an equivalent switch statement, although the exact number of arms may need increasing.

PHP Version

PHP 8.0.15, PHP 8.1.2

Operating System

Fedora 35

@kocoten1992
Copy link

Confirmed, seeing similar result with php debian:

php -dopcache.jit_buffer_size=64M match.php
[1]    655079 segmentation fault (core dumped)  php -dopcache.jit_buffer_size=64M match.php
PHP 8.1.2 (cli) (built: Jan 24 2022 10:42:51) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.2, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.2, Copyright (c), by Zend Technologies

@olivernybroe
Copy link

This might be related to #7854?

@therealgaxbo
Copy link
Author

I thought the same, but had already ruled it out - cmb69 found the offending commit for that one (1f19401) and don't think that's in PHP 8.0.15.

I checked and can only trigger #7854 on 8.1.2, whereas my snipped segfaults on 8.0.15 as well.

@arnaud-lb
Copy link
Member

Thank you !

This is now fixed in #8961

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants