View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001434XdebugUncategorizedpublic2017-05-01 20:552017-05-15 22:34
Reporternacc Assigned Toderick  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSUbuntuOS Version17.10 i386
Product Version2.5.3 
Fixed in Version2.5.4 
Summary0001434: phpunit testcases segmentation fault with PHP 7.1.4, xdebug 2.5.3 on 32-bit architectures
DescriptionHello!

I am currently migrating Ubuntu from PHP7.0 to 7.1 and while most packages are moving along ok, I am hitting a fatal segmentation fault on 32-bit architectures only in the xdebug code when running the phpunit unittests.

From the build directory:

./phpunit --colors=never --coverage-text=php://stdout IgnoreCodeCoverageClassTest tests/_files/IgnoreCodeCoverageClassTest.php --whitelist tests/_files/IgnoreCodeCoverageClass.php
PHPUnit 5.4.6 by Sebastian Bergmann and contributors.

Runtime: PHP 7.1.4-2ubuntu1 with Xdebug 2.5.3
Configuration: /tmp/autopkgtest.TSCc2n/build.B8M/phpunit-5.4.6/phpunit.xml

Segmentation fault (core dumped)

Adding gdb:

#0 xdebug_set_in_ex (set=0x56adf1a8, position=153391744, noisy=1) at ./build-7.1/xdebug_set.c:71
#1 0xf583204f in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=<optimized out>, position@entry=61, set=set@entry=0x56adf1a8, branch_info=0x0)
    at ./build-7.1/xdebug_code_coverage.c:719
0000002 0xf583221d in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=54, position@entry=37, set=set@entry=0x56adf1a8, branch_info=0x0)
    at ./build-7.1/xdebug_code_coverage.c:743
0000003 0xf583221d in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=36, position@entry=25, set=set@entry=0x56adf1a8, branch_info=0x0)
    at ./build-7.1/xdebug_code_coverage.c:743
0000004 0xf583221d in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=position@entry=24, set=set@entry=0x56adf1a8, branch_info=0x0)
    at ./build-7.1/xdebug_code_coverage.c:743
0000005 0xf583221d in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=23, position@entry=0, set=set@entry=0x56adf1a8, branch_info=0x0)
    at ./build-7.1/xdebug_code_coverage.c:743
0000006 0xf583392b in xdebug_analyse_oparray (branch_info=<optimized out>, set=0x56adf1a8, opa=0xf5b2d428) at ./build-7.1/xdebug_code_coverage.c:801
0000007 prefill_from_oparray (filename=0xee8bf3a8 "/usr/share/php/SebastianBergmann/CodeCoverage/CodeCoverage.php", op_array=0xf5b2d428) at ./build-7.1/xdebug_code_coverage.c:886
0000008 0xf5833b58 in prefill_from_function_table (opa=<optimized out>) at ./build-7.1/xdebug_code_coverage.c:928
0000009 prefill_from_class_table (class_entry=0xf5b2c4e8) at ./build-7.1/xdebug_code_coverage.c:964
0000010 xdebug_prefill_code_coverage (op_array=0xf5ad0ae4) at ./build-7.1/xdebug_code_coverage.c:996
0000011 0xf5833bd4 in xdebug_code_coverage_start_of_function (op_array=0xf5ad0ae4, function_name=0x56adf158 "SebastianBergmann\\CodeCoverage\\Filter->getWhitelist")
    at ./build-7.1/xdebug_code_coverage.c:1009
0000012 0xf582e0f9 in xdebug_execute_ex (execute_data=0xf5a13900) at ./build-7.1/xdebug.c:1990
0000013 0x567fe148 in ?? ()
0000014 0x567a07e2 in execute_ex ()
0000015 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a13830) at ./build-7.1/xdebug.c:2031
0000016 0x567fe786 in ?? ()
0000017 0x567a07e2 in execute_ex ()
0000018 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a137c0) at ./build-7.1/xdebug.c:2031
0000019 0x567fe786 in ?? ()
0000020 0x567a07e2 in execute_ex ()
0000021 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a135f0) at ./build-7.1/xdebug.c:2031
0000022 0x567fe786 in ?? ()
0000023 0x567a07e2 in execute_ex ()
0000024 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a13430) at ./build-7.1/xdebug.c:2031
0000025 0x567fe786 in ?? ()
0000026 0x567a07e2 in execute_ex ()
0000027 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a13320) at ./build-7.1/xdebug.c:2031
0000028 0x567fe786 in ?? ()
0000029 0x567a07e2 in execute_ex ()
0000030 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a131c0) at ./build-7.1/xdebug.c:2031
0000031 0x567fe148 in ?? ()
0000032 0x567a07e2 in execute_ex ()
0000033 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a130d0) at ./build-7.1/xdebug.c:2031
0000034 0x567fe148 in ?? ()
#35 0x567a07e2 in execute_ex ()
0000036 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a13060) at ./build-7.1/xdebug.c:2031
0000037 0x567fe786 in ?? ()
0000038 0x567a07e2 in execute_ex ()
0000039 0xf582de86 in xdebug_execute_ex (execute_data=0xf5a13020) at ./build-7.1/xdebug.c:2031
0000040 0x568009b2 in zend_execute ()
0000041 0x56756f9d in zend_execute_scripts ()
0000042 0x566f2264 in php_execute_script ()
0000043 0x56802e0d in ?? ()
0000044 0x565c37a8 in main ()

I will try to get the debug packages installed (I had to build xdebug 2.5.3 locally) to get a better backtrace.
Steps To ReproduceI reproduce it using the autopkgtest framework used by Ubuntu and Debian. I believe it would be reproducible with PHP 7.1.4 and xdebug 2.5.3 and phpunit 5.4.6. I've tried a newer phpunit and it also seems to happen there, but I'm trying to verify that still.
Additional InformationI apologize in advance for the lower quality of this report -- I'm trying to get the information out there in case it's something obvious I'm missing so I can help get PHP7.1 rolled out quickly in the 17.10 cycle.
TagsNo tags attached.
Operating System
PHP Version7.1.0-7.1.4

Activities

derick

2017-05-01 21:01

administrator   ~0004330

When you say " From the build directory:", how do I get to that state?

nacc

2017-05-01 21:08

reporter   ~0004331

Yeah, a good question :)

If you have an ubuntu system (16.04 or later), you should be able to do:

$ pull-lp-source -d phpunit
$ autopkgtest -s -U phpunit_5.4.6-1.dsc --apt-pocket=proposed -- autopkgtest-virt-lxd ubuntu-daily:artful/i386

This does presume the 'autopkgtest' package is installed and LXD has been configured.

It should drop you to a shell in the container when the tests fail.

derick

2017-05-01 22:09

administrator   ~0004332

Sorry, that's probably too much for me to sort out. Can you tell me how to reproduce this otherwise with a phpunit install (or git clone), and a 32-bit PHP 7 available?

nacc

2017-05-01 22:37

reporter   ~0004333

Ok, I think I got it with the following (this is done in an Ubuntu 17.10 i386 LXD container, but I think it generalizes):

apt build-dep phpunit
apt source phpunit
cd phpunit
./debian/rules build

This should fail with two segmentation faults in testcases.

One of which can be run from the extracted env as:

./phpunit --colors=never --coverage-text=php://stdout IgnoreCodeCoverageClassTest tests/_files/IgnoreCodeCoverageClassTest.php --whitelist tests/_files/IgnoreCodeCoverageClass.php

The upstream version of phpunit in question is 5.4.6.

nacc

2017-05-03 16:16

reporter   ~0004336

Was able to add debug symbols for PHP:

#0 xdebug_set_in_ex (set=0x56afbe60, position=153391744, noisy=1) at ./build-7.1/xdebug_set.c:71
#1 0xf5831eff in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=<optimized out>, position@entry=61, set=set@entry=0x56afbe60, branch_info=0x0)
    at ./build-7.1/xdebug_code_coverage.c:704
0000002 0xf58320cd in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=54, position@entry=37, set=set@entry=0x56afbe60, branch_info=0x0)
    at ./build-7.1/xdebug_code_coverage.c:728
0000003 0xf58320cd in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=36, position@entry=25, set=set@entry=0x56afbe60, branch_info=0x0)
    at ./build-7.1/xdebug_code_coverage.c:728
0000004 0xf58320cd in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=position@entry=24, set=set@entry=0x56afbe60, branch_info=0x0)
    at ./build-7.1/xdebug_code_coverage.c:728
0000005 0xf58320cd in xdebug_analyse_branch (opa=opa@entry=0xf5b2d428, position=23, position@entry=0, set=set@entry=0x56afbe60, branch_info=0x0)
    at ./build-7.1/xdebug_code_coverage.c:728
0000006 0xf583373b in xdebug_analyse_oparray (branch_info=<optimized out>, set=0x56afbe60, opa=0xf5b2d428) at ./build-7.1/xdebug_code_coverage.c:786
0000007 prefill_from_oparray (filename=0xee8bf3a8 "/usr/share/php/SebastianBergmann/CodeCoverage/CodeCoverage.php", op_array=0xf5b2d428) at ./build-7.1/xdebug_code_coverage.c:871
0000008 0xf5833968 in prefill_from_function_table (opa=<optimized out>) at ./build-7.1/xdebug_code_coverage.c:913
0000009 prefill_from_class_table (class_entry=0xf5b2c4e8) at ./build-7.1/xdebug_code_coverage.c:949
0000010 xdebug_prefill_code_coverage (op_array=0xf5ad0ae4) at ./build-7.1/xdebug_code_coverage.c:981
0000011 0xf58339e4 in xdebug_code_coverage_start_of_function (op_array=0xf5ad0ae4, function_name=0x56adf1d8 "SebastianBergmann\\CodeCoverage\\Filter->getWhitelist")
    at ./build-7.1/xdebug_code_coverage.c:994
0000012 0xf582e019 in xdebug_execute_ex (execute_data=0xf5a13900) at ./build-7.1/xdebug.c:1954
0000013 0x567fe148 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at ./Zend/zend_vm_execute.h:1076
0000014 0x567a07e2 in execute_ex (ex=0xf5a13830) at ./Zend/zend_vm_execute.h:429
0000015 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a13830) at ./build-7.1/xdebug.c:1995
0000016 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949
0000017 0x567a07e2 in execute_ex (ex=0xf5a137c0) at ./Zend/zend_vm_execute.h:429
0000018 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a137c0) at ./build-7.1/xdebug.c:1995
0000019 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949
0000020 0x567a07e2 in execute_ex (ex=0xf5a135f0) at ./Zend/zend_vm_execute.h:429
0000021 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a135f0) at ./build-7.1/xdebug.c:1995
0000022 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949
0000023 0x567a07e2 in execute_ex (ex=0xf5a13430) at ./Zend/zend_vm_execute.h:429
0000024 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a13430) at ./build-7.1/xdebug.c:1995
0000025 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949
0000026 0x567a07e2 in execute_ex (ex=0xf5a13320) at ./Zend/zend_vm_execute.h:429
0000027 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a13320) at ./build-7.1/xdebug.c:1995
0000028 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949
0000029 0x567a07e2 in execute_ex (ex=0xf5a131c0) at ./Zend/zend_vm_execute.h:429
0000030 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a131c0) at ./build-7.1/xdebug.c:1995
0000031 0x567fe148 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at ./Zend/zend_vm_execute.h:1076
0000032 0x567a07e2 in execute_ex (ex=0xf5a130d0) at ./Zend/zend_vm_execute.h:429
0000033 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a130d0) at ./build-7.1/xdebug.c:1995
0000034 0x567fe148 in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at ./Zend/zend_vm_execute.h:1076
#35 0x567a07e2 in execute_ex (ex=0xf5a13060) at ./Zend/zend_vm_execute.h:429
0000036 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a13060) at ./build-7.1/xdebug.c:1995
0000037 0x567fe786 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:949
0000038 0x567a07e2 in execute_ex (ex=0xf5a13020) at ./Zend/zend_vm_execute.h:429
0000039 0xf582dda6 in xdebug_execute_ex (execute_data=0xf5a13020) at ./build-7.1/xdebug.c:1995
0000040 0x568009b2 in zend_execute (op_array=<optimized out>, return_value=<optimized out>) at ./Zend/zend_vm_execute.h:474
0000041 0x56756f9d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at ./Zend/zend.c:1476
0000042 0x566f2264 in php_execute_script (primary_file=0xffffc3c4) at ./main/main.c:2537
0000043 0x56802e0d in do_cli (argc=8, argv=0x5697d260) at ./sapi/cli/php_cli.c:993
0000044 0x565c37a8 in main (argc=<optimized out>, argv=<optimized out>) at ./sapi/cli/php_cli.c:1381

My suspicion on 32-bit issues is that we successfully pass all tests on amd64, ppc64el and s390x and fail the same tests on armhf and i386.

nacc

2017-05-03 17:27

reporter   ~0004337

Hopefully this is not just noise, but some more debugging info from gdb:

(gdb) info registers
eax 0x1249250 19173968
ecx 0x0 0
edx 0x56b88e98 1454935704
ebx 0xf5863c08 -175752184
esp 0xffff956c 0xffff956c
ebp 0x9249280 0x9249280
esi 0x0 0
edi 0x6e4 1764
eip 0xf583f2c3 0xf583f2c3 <xdebug_set_in_ex+19>
eflags 0x210206 [ PF IF RF ID ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
(gdb) disassemble
Dump of assembler code for function xdebug_set_in_ex:
   0xf583f2b0 <+0>: mov 0x4(%esp),%edx
   0xf583f2b4 <+4>: mov 0x8(%esp),%ecx
   0xf583f2b8 <+8>: mov 0x4(%edx),%edx
   0xf583f2bb <+11>: mov %ecx,%eax
   0xf583f2bd <+13>: and $0x7,%ecx
   0xf583f2c0 <+16>: shr $0x3,%eax
=> 0xf583f2c3 <+19>: movzbl (%edx,%eax,1),%eax
   0xf583f2c7 <+23>: mov $0x1,%edx
   0xf583f2cc <+28>: shl %cl,%edx
   0xf583f2ce <+30>: and %edx,%eax
   0xf583f2d0 <+32>: ret

derick

2017-05-03 22:57

administrator   ~0004338

The problem is easy to spot:

#0 xdebug_set_in_ex (set=0x56afbe60, position=153391744, noisy=1) at ./build-7.1/xdebug_set.c:71

the position of 153391744 is way too high, and likely the bug. The last comment was noise ;-)

I really need to reproduce this now locally before I can continue.

derick

2017-05-03 23:07

administrator   ~0004339

And I can - it is important that opcache is *also* loaded.

derick

2017-05-05 14:22

administrator   ~0004340

Just a note for myself for reproducibility:

/dev/php/xdebug-tests/phpunit $ valgrind ./phpunit --colors=never --coverage-text=php://stdout IgnoreCodeCoverageClassTest tests/_files/IgnoreCodeCoverageClassTest.php --whitelist tests/_files/IgnoreCodeCoverageClass.php
==11944== Memcheck, a memory error detector
==11944== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==11944== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==11944== Command: ./phpunit --colors=never --coverage-text=php://stdout IgnoreCodeCoverageClassTest tests/_files/IgnoreCodeCoverageClassTest.php --whitelist tests/_files/IgnoreCodeCoverageClass.php
==11944==
PHPUnit 5.4.6 by Sebastian Bergmann and contributors.

Runtime: PHP 7.1.6-dev with Xdebug 2.5.3
Configuration: /home/derick/dev/php/xdebug-tests/phpunit/phpunit.xml

Segmentation fault

nacc

2017-05-15 22:34

reporter   ~0004342

Thank you very much for the fix!

Issue History

Date Modified Username Field Change
2017-05-01 20:55 nacc New Issue
2017-05-01 21:01 derick Note Added: 0004330
2017-05-01 21:01 derick Assigned To => derick
2017-05-01 21:01 derick Status new => feedback
2017-05-01 21:08 nacc Note Added: 0004331
2017-05-01 21:08 nacc Status feedback => assigned
2017-05-01 22:09 derick Note Added: 0004332
2017-05-01 22:09 derick Status assigned => feedback
2017-05-01 22:37 nacc Note Added: 0004333
2017-05-01 22:37 nacc Status feedback => assigned
2017-05-03 16:16 nacc Note Added: 0004336
2017-05-03 17:27 nacc Note Added: 0004337
2017-05-03 22:57 derick Note Added: 0004338
2017-05-03 23:07 derick Note Added: 0004339
2017-05-05 14:22 derick Note Added: 0004340
2017-05-14 21:55 derick Status assigned => closed
2017-05-14 21:55 derick Resolution open => fixed
2017-05-14 21:55 derick Fixed in Version => 2.5.4
2017-05-15 22:34 nacc Note Added: 0004342
2020-03-12 16:35 derick Category Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38 derick Category Variable Display => Uncategorized