MantisBT - Xdebug
View Issue Details
0001094XdebugUsage problems (Wrong Results)public2014-12-02 14:532015-02-22 14:30
michaelmoussa 
derick 
normalcrashalways
closedfixed 
LinuxUbuntu14.04.1 LTS
 
2.3.0 
5.5.15-5.5.19
0001094: Segmentation fault when attempting to use branch/path coverage from dev-master
I've been playing with the new branch/path coverage available in the latest dev-master and looking into how to potentially use it to generate path coverage reports.

I didn't have any problems when running the xdebug_* functions directly, but once I started using PHP_CodeCoverage, running the script would cause a segfault. I wanted to make sure the problem wasn't anything specific to PHP_CodeCoverage, and it turns out that running xdebug_start_code_coverage(...) from within *any* function using the XDEBUG_CC_UNUSED setting causes my PHP to segfault. Works fine in the "root" / "main" part of the script right after the opening <?php tag.
Compile the latest xdebug dev-master (7c683817d377c5d5f7e518a8f64f8b0898b2e3d6 at the time of this reporting) and run the following PHP script:

********************************************

<?php

echo "Trying with direct calls to xdebug_*...";

xdebug_start_code_coverage(XDEBUG_CC_UNUSED | XDEBUG_CC_DEAD_CODE | XDEBUG_CC_BRANCH_CHECK);
foobarbaz(1);
xdebug_stop_code_coverage();

echo " done!\n\n";


echo "Trying from within a function...";

thisWillSegfault();
foobarbaz(1);
xdebug_stop_code_coverage();

echo "...done!\n";

function foobarbaz($number)
{
    if ($number <= 0) {
        return 'baz';
    }

    if (rand(0, $number) < ($number / 2)) {
        return 'foo';
    } else {
        return 'bar';
    }
}

function thisWillSegfault()
{
    xdebug_start_code_coverage(XDEBUG_CC_UNUSED | XDEBUG_CC_DEAD_CODE | XDEBUG_CC_BRANCH_CHECK);
}

********************************************

This is my output, every time:

vagrant@packer-vmware-iso:/vagrant$ php segfault.php
Trying with direct calls to xdebug_*... done!

Trying from within a function...Segmentation fault
vagrant@packer-vmware-iso:/vagrant$
I ran a git bisect and kept recompiling & re-testing. The first bad commit according to git is commit 960223d3648d40bcbe5a2189f99d4663e98aaff6. Compiling anything before that no longer causes a segfault (but of course the branch/path coverage stuff doesn't work anymore because it didn't exist yet).
No tags attached.
Issue History
2014-12-02 14:53michaelmoussaNew Issue
2014-12-02 14:59derickNote Added: 0002923
2014-12-02 14:59derickAssigned To => derick
2014-12-02 14:59derickStatusnew => acknowledged
2014-12-02 15:04michaelmoussaNote Added: 0002924
2014-12-02 21:30derickNote Added: 0002926
2014-12-02 21:30derickStatusacknowledged => closed
2014-12-02 21:30derickResolutionopen => fixed
2014-12-02 21:30derickFixed in Version => 2.3dev
2014-12-03 01:29michaelmoussaNote Added: 0002927
2014-12-03 01:29michaelmoussaStatusclosed => feedback
2014-12-03 01:29michaelmoussaResolutionfixed => reopened
2014-12-04 03:57michaelmoussaNote Added: 0002928
2014-12-04 03:57michaelmoussaStatusfeedback => assigned
2014-12-08 09:47derickNote Added: 0002929
2014-12-13 20:32derickNote Added: 0002931
2014-12-13 20:32derickStatusassigned => feedback
2014-12-16 03:31michaelmoussaNote Added: 0002939
2014-12-16 03:31michaelmoussaStatusfeedback => assigned
2014-12-16 10:13derickNote Added: 0002940
2014-12-16 10:13derickStatusassigned => closed
2014-12-16 10:13derickResolutionreopened => fixed
2015-02-22 14:30derickFixed in Version2.3dev => 2.3.0
2016-07-31 13:36derickCategoryUsage problems => Usage problems (Crashes)
2016-07-31 13:38derickCategoryUsage problems (Crashes) => Usage problems (Wrong Results)

Notes
(0002923)
derick   
2014-12-02 14:59   
Thanks for testing this, I'll go and have a look tonight.
(0002924)
michaelmoussa   
2014-12-02 15:04   
Thanks. If it makes it easier for you to test, I'm using the puphpet/ubuntu1404-x64 box as a basis:

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "puphpet/ubuntu1404-x64"
  config.vm.box_url = "puphpet/ubuntu1404-x64"
end
(0002926)
derick   
2014-12-02 21:30   
Fixed in 2.3.0dev, through https://github.com/xdebug/xdebug/pull/135 [^]
(0002927)
michaelmoussa   
2014-12-03 01:29   
Thanks for producing a patch so quickly, but unfortunately I seem to still be having the same problem.

*******************************************************************************

vagrant@packer-vmware-iso:~/src/xdebug$ git checkout f982e62f0cd2a22b01e3fd53cf1e7c116c79772d
-- snip --
HEAD is now at f982e62... Merged pull request 0000135

vagrant@packer-vmware-iso:~/src/xdebug$ make clean && phpize && ./configure --enable-xdebug && make && sudo cp modules/xdebug.so /usr/lib/php5/20121212/ && php -i | grep 'with Xdebug' && php /vagrant/segfault.php

-- snip configure/compile spam --

    with Xdebug v2.3.0dev, Copyright (c) 2002-2014, by Derick Rethans
Trying with direct calls to xdebug_*... done!

Trying from within a function...Segmentation fault

*******************************************************************************

Oddly enough, the test you added passes:

vagrant@packer-vmware-iso:~/src/xdebug$ make test | grep bug01094
PASS Test for bug 0001094: Segmentation fault when attempting to use branch/path coverage [tests/bug01094.phpt]

Out of curiousity, I recompiled it on OSX as well and got the same result, so it isn't specific to this Vagrant VM.

Is there some kind of debugging output I can produce to help you track this down?
(0002928)
michaelmoussa   
2014-12-04 03:57   
I figured out the problem! :) I copied & pasted the test you added to the repo into a PHP file and was able to run it successfully, then compared it to the original sample I included in this ticket.

The test was missing this portion:

*******************************************************************************

echo "Trying with direct calls to xdebug_*...";

xdebug_start_code_coverage(XDEBUG_CC_UNUSED | XDEBUG_CC_DEAD_CODE | XDEBUG_CC_BRANCH_CHECK);
foobarbaz(1);
xdebug_stop_code_coverage();

echo " done!\n\n";

*******************************************************************************

And that's what made all the difference. The patch fixed the "fails if you call it within a function" issue, but apparently it will still segfault if you call the xdebug_start/stop functions, then call them AGAIN within a function.

Probably an edge-case, so I'll leave it to you to decide if it's worth investigating further at this point. The original reason I opened this ticket has indeed been resolved, though, so feel free to close it out.
(0002929)
derick   
2014-12-08 09:47   
Just a quick note - spend some time on this and I see the problem(s). I'll get to it, but it's going to take some time.
(0002931)
derick   
2014-12-13 20:32   
OKAY. I've pushed another fix. Care to try it again?
(0002939)
michaelmoussa   
2014-12-16 03:31   
It works now. Thanks a lot for taking care of this.
(0002940)
derick   
2014-12-16 10:13   
Awesome, thanks for checking!