View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001625 | Xdebug | Step Debugging | public | 2019-02-04 11:10 | 2019-02-16 00:38 |
Reporter | dv-ds | Assigned To | derick | ||
Priority | high | Severity | crash | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | x86_64 | OS | macOS | OS Version | 10.14.2 |
Product Version | 2.7.0rc1 | ||||
Target Version | 2.7.0 | Fixed in Version | 2.7.0RC2 | ||
Summary | 0001625: Work around ABI conflicts in PHP 7.3.0/PHP 7.3.1 | ||||
Description | Some evaluations are possible, others are not. In the cases where it doesn't work, the end result is something like this: [Mon Feb 04 11:49:24.093890 2019] [core:notice] [pid 10169] AH00052: child pid 39934 exit signal Segmentation fault (11) For what it's worth, I'm fairly certain this occurred also in 2.7.0beta1, but I did not investigate that further as the major issue for me at that point was the opcache issue. | ||||
Steps To Reproduce | Setup index.php as follows and navigate to /?foo=bar <?php $a = 1; | ||||
Additional Information | Setup:
| ||||
Tags | No tags attached. | ||||
Attached Files | |||||
Operating System | macOS | ||||
PHP Version | 7.3.2-7.3.4 | ||||
|
I just noticed I set "PHP Version" incorrectly, and don't see any way to modify it. It's 7.3.1 as indicated in the other section. |
|
I think this is a duplicate of 0001626 — can you please see if you can make a GDB trace as is explained at https://xdebug.org/support.php#crash ? |
|
I can't get GDB to work even with a simple hello world program unfortunately. It's been like that for a long time and I gave up trying to fix it. It's a homebrew installation, and I'd rather not touch it as Homebrew very often breaks things for me when I upgrade things, due to messed up dependencies and whatnot. However, I am able to attach with LLDB (sudo lldb -p nnnn). Here's what I got, and see also attached xdebug log from an earlier session, explained below, do you need more? Program used: <?php error_log("PID: " . getmypid()); sleep(20); $a = 1; // LLDB log below indicates crash when hovering over $a, at breakpoint (lldb) continue
For the xdebug log: (/?foo=bar) Evaluating $a in console works fine: Hovering over $a - crash: Evaluating $_GET in console - crash: (and reconnect fails because the thread already died, I get similar results when running this on a running thread) |
|
This is really useful. If only I could reproduce this at home (or have access to your debugging session)... It's possible to compile Xdebug with debugging symbols, by using: ./configure --with-xdebug-dev instead of the normal ./configure I'm curious to see what the values of the local vars and arguments are. For both this frame (top) one, and lower ones. Can you show the output of the following commands on lldb: frame 0 frame 1 frame 2 |
|
Hm, if I try ./configure --enable-xdebug-dev (I assume that's the one you meant, I get an error if I try --with-xdebug-dev), some warnings are treated as fatal, which they are not otherwise. Example: xdebug/xdebug.c:1822:107: error: format specifies type 'long' but the argument has type 'zend_long' (aka 'long long') [-Werror,-Wformat] |
|
Found a quicker path and applied this diff to mute the warnings, will get back to you shortly: $ git diff
|
|
I was able to compile, but things are not working out yet:
How can I completely disable optimization? The frame info I can get at this point is thus quite uninformative, so I'll refrain from posting the rest unless you think it might still be of use: (lldb) frame select 0 (zend_ulong) index_key = <variable not available> (zend_string ) hash_key = 0x0000000111e61060 (xdebug_str *) parent_name = <variable not available> (xdebug_var_export_options *) options = <variable not available> (xdebug_xml_node ) node = 0x00007fa61271cd90 (xdebug_str) full_name = <variable not available> (zend_string ) i_string = 0x0000000111e61900 |
|
It was phpize that introduced -O2. Hacked it away manually before ./configure --enable-xdebug-dev && make and was able to get some debug info, see attached lldb-output.txt. Some notes:
lldb-output.txt (25,232 bytes)
$ sudo lldb -p 23027 (lldb) process attach --pid 23027 Process 23027 stopped * thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP frame #0: 0x00007fff6e6baeae libsystem_kernel.dylib`__semwait_signal + 10 libsystem_kernel.dylib`__semwait_signal: -> 0x7fff6e6baeae <+10>: jae 0x7fff6e6baeb8 ; <+20> 0x7fff6e6baeb0 <+12>: movq %rax, %rdi 0x7fff6e6baeb3 <+15>: jmp 0x7fff6e6b7381 ; cerror 0x7fff6e6baeb8 <+20>: retq Target 0: (httpd) stopped. Executable module set to "/usr/local/opt/httpd/bin/httpd". Architecture set to: x86_64h-apple-macosx. (lldb) continue Process 23027 resuming Process 23027 stopped * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x000000010dc3def3 xdebug.so`xdebug_array_element_export_xml_node(zv_nptr=0x000000010da7a600, index_key=12731958461851390867, hash_key=0x000000010da61060, level=0, parent=0x00007facd8d70d20, parent_name=0x00007facd8d70a20, options=0x00007facd8c001d0) at xdebug_var.c:1715 1712 zend_string *tmp_fullname_zstr; 1713 1714 #if PHP_VERSION_ID >= 70300 -> 1715 tmp_fullname_zstr = php_addslashes(i_string); 1716 #else 1717 tmp_fullname_zstr = php_addslashes(i_string, 0); 1718 #endif Target 0: (httpd) stopped. (lldb) frame select 0 frame #0: 0x000000010dc3def3 xdebug.so`xdebug_array_element_export_xml_node(zv_nptr=0x000000010da7a600, index_key=12731958461851390867, hash_key=0x000000010da61060, level=0, parent=0x00007facd8d70d20, parent_name=0x00007facd8d70a20, options=0x00007facd8c001d0) at xdebug_var.c:1715 1712 zend_string *tmp_fullname_zstr; 1713 1714 #if PHP_VERSION_ID >= 70300 -> 1715 tmp_fullname_zstr = php_addslashes(i_string); 1716 #else 1717 tmp_fullname_zstr = php_addslashes(i_string, 0); 1718 #endif (lldb) frame variable (zval *) zv_nptr = 0x000000010da7a600 (zend_ulong) index_key = 12731958461851390867 (zend_string *) hash_key = 0x000000010da61060 (int) level = 0 (xdebug_xml_node *) parent = 0x00007facd8d70d20 (xdebug_str *) parent_name = 0x00007facd8d70a20 (xdebug_var_export_options *) options = 0x00007facd8c001d0 (zval **) zv = 0x00007ffee594dc90 (xdebug_xml_node *) node = 0x00007facd8d744a0 (xdebug_str *) name = 0x00007ffee594dc80 (xdebug_str) full_name = (l = 0, a = 0, d = 0x0000000000000000) (zend_string *) i_string = 0x000000010da618a0 (zend_string *) tmp_fullname_zstr = 0x0000000000000000 (lldb) frame info frame #0: 0x000000010dc3def3 xdebug.so`xdebug_array_element_export_xml_node(zv_nptr=0x000000010da7a600, index_key=12731958461851390867, hash_key=0x000000010da61060, level=0, parent=0x00007facd8d70d20, parent_name=0x00007facd8d70a20, options=0x00007facd8c001d0) at xdebug_var.c:1715 (lldb) frame select 1 frame #1: 0x000000010dc3cd03 xdebug.so`xdebug_var_export_xml_node(struc=0x00007ffee594e450, name=0x00007facd8d70a20, node=0x00007facd8d70d20, options=0x00007facd8c001d0, level=0) at xdebug_var.c:2028 2025 xdebug_zend_hash_apply_protection_begin(myht); 2026 2027 ZEND_HASH_FOREACH_KEY_VAL_IND(myht, num, key, z_val) { -> 2028 xdebug_array_element_export_xml_node(z_val, num, key, level, node, name, options); 2029 } ZEND_HASH_FOREACH_END(); 2030 2031 xdebug_zend_hash_apply_protection_end(myht); (lldb) frame variable (zval **) struc = 0x00007ffee594e450 (xdebug_str *) name = 0x00007facd8d70a20 (xdebug_xml_node *) node = 0x00007facd8d70d20 (xdebug_var_export_options *) options = 0x00007facd8c001d0 (int) level = 0 (HashTable *) myht = 0x000000010da660a8 (zend_ulong) num = 12731958461851390867 (zend_string *) key = 0x000000010da61060 (zval *) z_val = 0x000000010da7a600 (xdebug_object_item *) xoi_val = 0x0000000100000000 (zval *) tmpz = 0x00007fff6e72dbac (HashTable *) __ht = 0x000000010da660a8 (Bucket *) _p = 0x000000010da7a600 (Bucket *) _end = 0x000000010da7a8c0 (zval *) _z = 0x000000010da7a600 (lldb) frame info frame #1: 0x000000010dc3cd03 xdebug.so`xdebug_var_export_xml_node(struc=0x00007ffee594e450, name=0x00007facd8d70a20, node=0x00007facd8d70d20, options=0x00007facd8c001d0, level=0) at xdebug_var.c:2028 (lldb) frame select 2 frame #2: 0x000000010dc3bb10 xdebug.so`xdebug_get_zval_value_xml_node_ex(name=0x00007ffee594e6f0, val=0x00007ffee594e480, var_type=0, options=0x00007facd8c001d0) at xdebug_var.c:2167 2164 add_xml_attribute_or_element(options, node, "name", 4, short_name); 2165 add_xml_attribute_or_element(options, node, "fullname", 8, full_name); 2166 } -> 2167 xdebug_var_export_xml_node(&val, full_name ? full_name : NULL, node, options, 0 TSRMLS_CC); 2168 2169 if (short_name) { 2170 xdebug_str_free(short_name); (lldb) frame variable (xdebug_str *) name = 0x00007ffee594e6f0 (zval *) val = 0x00007ffee594e480 (int) var_type = 0 (xdebug_var_export_options *) options = 0x00007facd8c001d0 (xdebug_xml_node *) node = 0x00007facd8d70d20 (xdebug_str *) short_name = 0x00007facd8d70d50 (xdebug_str *) full_name = 0x00007facd8d70a20 (lldb) frame info frame #2: 0x000000010dc3bb10 xdebug.so`xdebug_get_zval_value_xml_node_ex(name=0x00007ffee594e6f0, val=0x00007ffee594e480, var_type=0, options=0x00007facd8c001d0) at xdebug_var.c:2167 (lldb) frame select 3 frame #3: 0x000000010dc25d8f xdebug.so`get_symbol(name=0x00007ffee594e6f0, options=0x00007facd8c001d0) at xdebug_handler_dbgp.c:285 282 if (strcmp(name->d, "this") == 0 && Z_TYPE(retval) == IS_NULL) { 283 return NULL; 284 } -> 285 tmp_node = xdebug_get_zval_value_xml_node(name, &retval, options TSRMLS_CC); 286 zval_ptr_dtor_nogc(&retval); 287 return tmp_node; 288 } (lldb) frame variable ^[[A(xdebug_str *) name = 0x00007ffee594e6f0 (xdebug_var_export_options *) options = 0x00007facd8c001d0 (zval) retval = { value = { lval = 4523974824 dval = 2.2351405431890997E-314 counted = 0x000000010da660a8 str = 0x000000010da660a8 arr = 0x000000010da660a8 obj = 0x000000010da660a8 res = 0x000000010da660a8 ref = 0x000000010da660a8 ast = 0x000000010da660a8 zv = 0x000000010da660a8 ptr = 0x000000010da660a8 ce = 0x000000010da660a8 func = 0x000000010da660a8 ww = (w1 = 229007528, w2 = 1) } u1 = { v = { type = '\a' type_flags = '\x01' u = (call_info = 0, extra = 0) } type_info = 263 } u2 = { next = 0 cache_slot = 0 opline_num = 0 lineno = 0 num_args = 0 fe_pos = 0 fe_iter_idx = 0 access_flags = 0 property_guard = 0 constant_flags = 0 extra = 0 } } (xdebug_xml_node *) tmp_node = 0xfd00000070001004 (lldb) frame info frame #3: 0x000000010dc25d8f xdebug.so`get_symbol(name=0x00007ffee594e6f0, options=0x00007facd8c001d0) at xdebug_handler_dbgp.c:285 (lldb) frame select 4 frame #4: 0x000000010dc256db xdebug.so`add_variable_node(node=0x00007facd8d008e0, name=0x00007ffee594e6f0, var_only=1, non_null=1, no_eval=0, options=0x00007facd8c001d0) at xdebug_handler_dbgp.c:1331 1328 { 1329 xdebug_xml_node *contents; 1330 -> 1331 contents = get_symbol(name, options); 1332 if (contents) { 1333 xdebug_xml_add_child(node, contents); 1334 return SUCCESS; (lldb) frame variable (xdebug_xml_node *) node = 0x00007facd8d008e0 (xdebug_str *) name = 0x00007ffee594e6f0 (int) var_only = 1 (int) non_null = 1 (int) no_eval = 0 (xdebug_var_export_options *) options = 0x00007facd8c001d0 (xdebug_xml_node *) contents = 0x0000000000000027 (lldb) frame info frame #4: 0x000000010dc256db xdebug.so`add_variable_node(node=0x00007facd8d008e0, name=0x00007ffee594e6f0, var_only=1, non_null=1, no_eval=0, options=0x00007facd8c001d0) at xdebug_handler_dbgp.c:1331 (lldb) frame select 5 frame #5: 0x000000010dc24fb3 xdebug.so`attach_context_vars(node=0x00007facd8d008e0, options=0x00007facd8c001d0, context_id=1, depth=0, func=(xdebug.so`attach_declared_var_with_contents at xdebug_handler_dbgp.c:1628)) at xdebug_handler_dbgp.c:1700 1697 /* add super globals */ 1698 XG(active_symbol_table) = &EG(symbol_table); 1699 XG(active_execute_data) = NULL; -> 1700 add_variable_node(node, XDEBUG_STR_WRAP_CHAR("_COOKIE"), 1, 1, 0, options); 1701 add_variable_node(node, XDEBUG_STR_WRAP_CHAR("_ENV"), 1, 1, 0, options); 1702 add_variable_node(node, XDEBUG_STR_WRAP_CHAR("_FILES"), 1, 1, 0, options); 1703 add_variable_node(node, XDEBUG_STR_WRAP_CHAR("_GET"), 1, 1, 0, options); (lldb) frame variable (xdebug_xml_node *) node = 0x00007facd8d008e0 (xdebug_var_export_options *) options = 0x00007facd8c001d0 (long) context_id = 1 (long) depth = 0 (void (*)(void *, xdebug_hash_element *, void *)) func = 0x000000010dc25630 (xdebug.so`attach_declared_var_with_contents at xdebug_handler_dbgp.c:1628) (function_stack_entry *) fse = 0x0000000000000000 (char *) var_name = 0x00007fff6e72e7d8 "?z???f\x85?\x85q???f?@\x10" (lldb) frame info frame #5: 0x000000010dc24fb3 xdebug.so`attach_context_vars(node=0x00007facd8d008e0, options=0x00007facd8c001d0, context_id=1, depth=0, func=(xdebug.so`attach_declared_var_with_contents at xdebug_handler_dbgp.c:1628)) at xdebug_handler_dbgp.c:1700 (lldb) frame select 6 frame #6: 0x000000010dc19f7a xdebug.so`xdebug_dbgp_handle_context_get(retval=0x00007ffee594ea50, context=0x000000010dc4d400, args=0x00007facd8d74330) at xdebug_handler_dbgp.c:1865 1862 /* Always reset to page = 0, as it might have been modified by property_get or property_value */ 1863 options->runtime[0].page = 0; 1864 -> 1865 res = attach_context_vars(*retval, options, context_id, depth, attach_declared_var_with_contents TSRMLS_CC); 1866 switch (res) { 1867 case 1: 1868 RETURN_RESULT(XG(status), XG(reason), XDEBUG_ERROR_STACK_DEPTH_INVALID); (lldb) frame variable (xdebug_xml_node **) retval = 0x00007ffee594ea50 (xdebug_con *) context = 0x000000010dc4d400 (xdebug_dbgp_arg *) args = 0x00007facd8d74330 (int) res = 32684 (int) context_id = 1 (int) depth = 0 (xdebug_var_export_options *) options = 0x00007facd8c001d0 (lldb) frame info frame #6: 0x000000010dc19f7a xdebug.so`xdebug_dbgp_handle_context_get(retval=0x00007ffee594ea50, context=0x000000010dc4d400, args=0x00007facd8d74330) at xdebug_handler_dbgp.c:1865 (lldb) frame select 7 frame #7: 0x000000010dc16471 xdebug.so`xdebug_dbgp_parse_option(context=0x000000010dc4d400, line="context_get -i 10 -d 0 -c 1", flags=0, retval=0x00007facd8d008e0) at xdebug_handler_dbgp.c:2123 2120 } 2121 XG(lasttransid) = xdstrdup(CMD_OPTION_CHAR('i')); 2122 if (XG(status) != DBGP_STATUS_STOPPING || (XG(status) == DBGP_STATUS_STOPPING && command->flags & XDEBUG_DBGP_POST_MORTEM)) { -> 2123 command->handler((xdebug_xml_node**) &retval, context, args TSRMLS_CC); 2124 ret = command->cont; 2125 } else { 2126 error = xdebug_xml_node_init("error"); (lldb) frame variable (xdebug_con *) context = 0x000000010dc4d400 (char *) line = 0x00007facd8d70c20 "context_get -i 10 -d 0 -c 1" (int) flags = 0 (xdebug_xml_node *) retval = 0x00007facd8d008e0 (char *) cmd = 0x00007facd8d00940 "context_get" (int) res = 0 (int) ret = 0 (xdebug_dbgp_arg *) args = 0x00007facd8d74330 (xdebug_dbgp_cmd *) command = 0x000000010dc4cb68 (xdebug_xml_node *) error = 0x000000006e72c783 (lldb) frame info frame #7: 0x000000010dc16471 xdebug.so`xdebug_dbgp_parse_option(context=0x000000010dc4d400, line="context_get -i 10 -d 0 -c 1", flags=0, retval=0x00007facd8d008e0) at xdebug_handler_dbgp.c:2123 (lldb) frame select 8 frame #8: 0x000000010dc13e1b xdebug.so`xdebug_dbgp_cmdloop(context=0x000000010dc4d400, bail=1) at xdebug_handler_dbgp.c:2167 2164 response = xdebug_xml_node_init("response"); 2165 xdebug_xml_add_attribute(response, "xmlns", "urn:debugger_protocol_v1"); 2166 xdebug_xml_add_attribute(response, "xmlns:xdebug", "https://xdebug.org/dbgp/xdebug"); -> 2167 ret = xdebug_dbgp_parse_option(context, option, 0, response TSRMLS_CC); 2168 if (ret != 1) { 2169 send_message(context, response TSRMLS_CC); 2170 } (lldb) frame variable (xdebug_con *) context = 0x000000010dc4d400 (int) bail = 1 (char *) option = 0x00007facd8d70c20 "context_get -i 10 -d 0 -c 1" (int) ret = 0 (xdebug_xml_node *) response = 0x00007facd8d008e0 (lldb) frame info frame #8: 0x000000010dc13e1b xdebug.so`xdebug_dbgp_cmdloop(context=0x000000010dc4d400, bail=1) at xdebug_handler_dbgp.c:2167 (lldb) frame select 9 frame #9: 0x000000010dc15339 xdebug.so`xdebug_dbgp_breakpoint(context=0x000000010dc4d400, stack=0x00007facdb30dcc0, file="[...]/index.php", lineno=8, type=1, exception=0x0000000000000000, code=0x0000000000000000, message=0x0000000000000000) at xdebug_handler_dbgp.c:2442 2439 XG(lasttransid) = NULL; 2440 } 2441 -> 2442 xdebug_dbgp_cmdloop(context, 1 TSRMLS_CC); 2443 2444 return 1; 2445 } (lldb) frame variable (xdebug_con *) context = 0x000000010dc4d400 (xdebug_llist *) stack = 0x00007facdb30dcc0 (char *) file = 0x000000010f586580 "[...]/index.php" (long) lineno = 8 (int) type = 1 (char *) exception = 0x0000000000000000 (char *) code = 0x0000000000000000 (char *) message = 0x0000000000000000 (xdebug_xml_node *) response = 0x00007facdb40e570 (xdebug_xml_node *) error_container = 0x00007facdb40e750 (lldb) frame info frame #9: 0x000000010dc15339 xdebug.so`xdebug_dbgp_breakpoint(context=0x000000010dc4d400, stack=0x00007facdb30dcc0, file="[...]/index.php", lineno=8, type=1, exception=0x0000000000000000, code=0x0000000000000000, message=0x0000000000000000) at xdebug_handler_dbgp.c:2442 (lldb) frame select 10 frame #10: 0x000000010dc07d3d xdebug.so`xdebug_statement_call(frame=0x000000010da1d030) at xdebug.c:2599 2596 XG(context).inhibit_notifications = 0; 2597 } 2598 if (break_ok && xdebug_handle_hit_value(extra_brk_info)) { -> 2599 if (!XG(context).handler->remote_breakpoint(&(XG(context)), XG(stack), file, lineno, XDEBUG_BREAK, NULL, 0, NULL)) { 2600 xdebug_mark_debug_connection_not_active(); 2601 break; 2602 } (lldb) frame variable (zend_execute_data *) frame = 0x000000010da1d030 (zend_op_array *) op_array = 0x000000010da831c0 (xdebug_llist_element *) le = 0x00007facdb40e610 (xdebug_brk_info *) extra_brk_info = 0x00007facd8e0bd00 (function_stack_entry *) fse = 0x00007facdb31ff20 (int) lineno = 8 (char *) file = 0x000000010f586580 "[...]/index.php" (int) level = 1 (int) func_nr = 0 (int) break_ok = 1 (int) old_error_reporting = 23027 (zval) retval = { value = { lval = 140380349074464 dval = 6.9357107828894693E-310 counted = 0x00007facd8d70c20 str = 0x00007facd8d70c20 arr = 0x00007facd8d70c20 obj = 0x00007facd8d70c20 res = 0x00007facd8d70c20 ref = 0x00007facd8d70c20 ast = 0x00007facd8d70c20 zv = 0x00007facd8d70c20 ptr = 0x00007facd8d70c20 ce = 0x00007facd8d70c20 func = 0x00007facd8d70c20 ww = (w1 = 3637972000, w2 = 32684) } u1 = { v = { type = '?' type_flags = '?' u = (call_info = 56112, extra = 56112) } type_info = 3677412544 } u2 = { next = 32684 cache_slot = 32684 opline_num = 32684 lineno = 32684 num_args = 32684 fe_pos = 32684 fe_iter_idx = 32684 access_flags = 32684 property_guard = 32684 constant_flags = 32684 extra = 32684 } } (int) file_len = 44 (lldb) frame info frame #10: 0x000000010dc07d3d xdebug.so`xdebug_statement_call(frame=0x000000010da1d030) at xdebug.c:2599 (lldb) frame select 11 frame #11: 0x000000010a84b1e0 libphp7.so`zend_llist_apply_with_argument + 31 libphp7.so`zend_llist_apply_with_argument: 0x10a84b1e0 <+31>: movq (%rbx), %rbx 0x10a84b1e3 <+34>: testq %rbx, %rbx 0x10a84b1e6 <+37>: jne 0x10a84b1d6 ; <+21> 0x10a84b1e8 <+39>: addq $0x8, %rsp (lldb) frame variable (lldb) frame info frame #11: 0x000000010a84b1e0 libphp7.so`zend_llist_apply_with_argument + 31 (lldb) frame select 12 frame #12: 0x000000010a8cf1f5 libphp7.so`ZEND_EXT_STMT_SPEC_HANDLER + 47 libphp7.so`ZEND_EXT_STMT_SPEC_HANDLER: 0x10a8cf1f5 <+47>: addq $0x20, (%rbx) 0x10a8cf1f9 <+51>: xorl %eax, %eax 0x10a8cf1fb <+53>: addq $0x8, %rsp 0x10a8cf1ff <+57>: popq %rbx (lldb) frame variable (lldb) frame info frame #12: 0x000000010a8cf1f5 libphp7.so`ZEND_EXT_STMT_SPEC_HANDLER + 47 (lldb) frame select 13 frame #13: 0x000000010a8910ee libphp7.so`execute_ex + 98 libphp7.so`execute_ex: 0x10a8910ee <+98>: testl %eax, %eax 0x10a8910f0 <+100>: je 0x10a8910e6 ; <+90> 0x10a8910f2 <+102>: jg 0x10a8910b7 ; <+43> 0x10a8910f4 <+104>: popq %rbx (lldb) frame variable (lldb) frame info frame #13: 0x000000010a8910ee libphp7.so`execute_ex + 98 (lldb) frame select 14 frame #14: 0x000000010dc05400 xdebug.so`xdebug_execute_ex(execute_data=0x000000010da1d030) at xdebug.c:1903 1900 xdebug_profiler_function_begin(fse TSRMLS_CC); 1901 } 1902 -> 1903 xdebug_old_execute_ex(execute_data TSRMLS_CC); 1904 1905 if (XG(profiler_enabled)) { 1906 xdebug_profiler_function_end(fse TSRMLS_CC); (lldb) frame variable (zend_execute_data *) execute_data = 0x000000010da1d030 (zend_op_array *) op_array = 0x000000010da831c0 (zend_execute_data *) edata = 0x0000000000000000 (function_stack_entry *) fse = 0x00007facdb31ff20 (function_stack_entry *) xfse = 0x00007facdb31ff20 (int) do_return = 0 (int) function_nr = 0 (xdebug_llist_element *) le = 0x00007facdb31fe60 (xdebug_func) code_coverage_func_info = (class = 0x0000000000000000, function = "\x01", type = 185895904, internal = 1) (char *) code_coverage_function_name = 0x0000000000000000 (char *) code_coverage_file_name = 0x0000000000000000 (int) code_coverage_init = 0 (lldb) frame info frame #14: 0x000000010dc05400 xdebug.so`xdebug_execute_ex(execute_data=0x000000010da1d030) at xdebug.c:1903 (lldb) frame select 15 frame #15: 0x000000010a89126a libphp7.so`zend_execute + 318 libphp7.so`zend_execute: 0x10a89126a <+318>: cmpb $0x0, 0x2a(%rbx) 0x10a89126e <+322>: js 0x10a8912ad ; <+385> 0x10a891270 <+324>: movq %rbx, 0x1c8(%r12) 0x10a891278 <+332>: addq $0x8, %rsp (lldb) frame variable (lldb) frame info frame #15: 0x000000010a89126a libphp7.so`zend_execute + 318 (lldb) frame select 16 frame #16: 0x000000010a85605a libphp7.so`zend_execute_scripts + 277 libphp7.so`zend_execute_scripts: 0x10a85605a <+277>: callq 0x10a87015c ; zend_exception_restore 0x10a85605f <+282>: callq 0x10a855e33 ; zend_try_exception_handler 0x10a856064 <+287>: leaq 0x8f2a45(%rip), %rax ; executor_globals 0x10a85606b <+294>: movq 0x360(%rax), %rdi (lldb) frame variable (lldb) frame info frame #16: 0x000000010a85605a libphp7.so`zend_execute_scripts + 277 (lldb) frame select 17 frame #17: 0x000000010a801a8f libphp7.so`php_execute_script + 639 libphp7.so`php_execute_script: 0x10a801a8f <+639>: testl %eax, %eax 0x10a801a91 <+641>: sete %r12b 0x10a801a95 <+645>: movzbl %r12b, %r15d 0x10a801a99 <+649>: movq -0x4e8(%rbp), %rbx (lldb) frame variable (lldb) frame info frame #17: 0x000000010a801a8f libphp7.so`php_execute_script + 639 (lldb) frame select 18 frame #18: 0x000000010a900b7c libphp7.so`php_handler + 1092 libphp7.so`php_handler: 0x10a900b7c <+1092>: movq 0x108(%r13), %r15 0x10a900b83 <+1099>: movq -0xe0(%rbp), %rax 0x10a900b8a <+1106>: movq 0x8(%rax), %rax 0x10a900b8e <+1110>: movq (%rax), %rbx (lldb) frame variable (lldb) frame info frame #18: 0x000000010a900b7c libphp7.so`php_handler + 1092 (lldb) frame select 19 frame #19: 0x000000010a2b37db httpd`ap_run_handler + 51 httpd`ap_run_handler: 0x10a2b37db <+51>: cmpl $-0x1, %eax 0x10a2b37de <+54>: jne 0x10a2b37f9 ; <+81> 0x10a2b37e0 <+56>: incq %rbx 0x10a2b37e3 <+59>: movq 0x51366(%rip), %rax ; _hooks + 48 (lldb) frame variable (lldb) frame info frame #19: 0x000000010a2b37db httpd`ap_run_handler + 51 (lldb) frame select 20 frame #20: 0x000000010a2b3d9b httpd`ap_invoke_handler + 246 httpd`ap_invoke_handler: 0x10a2b3d9b <+246>: movl %eax, %r15d 0x10a2b3d9e <+249>: movq %r12, 0x118(%r14) 0x10a2b3da5 <+256>: testq %r12, %r12 0x10a2b3da8 <+259>: je 0x10a2b3dfc ; <+343> (lldb) frame variable (lldb) frame info frame #20: 0x000000010a2b3d9b httpd`ap_invoke_handler + 246 (lldb) frame select 21 frame #21: 0x000000010a2e918c httpd`ap_process_async_request + 861 httpd`ap_process_async_request: 0x10a2e918c <+861>: movl %eax, %r15d 0x10a2e918f <+864>: cmpl $-0x3, %r15d 0x10a2e9193 <+868>: movq -0x38(%rbp), %r12 0x10a2e9197 <+872>: jne 0x10a2e91dd ; <+942> (lldb) frame variable (lldb) frame info frame #21: 0x000000010a2e918c httpd`ap_process_async_request + 861 (lldb) frame select 22 frame #22: 0x000000010a2e9223 httpd`ap_process_request + 20 httpd`ap_process_request: 0x10a2e9223 <+20>: cmpl $0x0, 0x90(%rbx) 0x10a2e922a <+27>: jne 0x10a2e9365 ; <+342> 0x10a2e9230 <+33>: movq (%rbx), %rdx 0x10a2e9233 <+36>: leaq 0x13094(%rip), %rsi ; "ap_process_request_brigade" (lldb) frame variable (lldb) frame info frame #22: 0x000000010a2e9223 httpd`ap_process_request + 20 (lldb) frame select 23 frame #23: 0x000000010a2e5e35 httpd`ap_process_http_connection + 302 httpd`ap_process_http_connection: 0x10a2e5e35 <+302>: cmpl $0x2, 0xa0(%r13) 0x10a2e5e3d <+310>: jne 0x10a2e5eb2 ; <+427> 0x10a2e5e3f <+312>: cmpl $0x0, 0x9c(%r13) 0x10a2e5e47 <+320>: jne 0x10a2e5eb2 ; <+427> (lldb) frame variable (lldb) frame info frame #23: 0x000000010a2e5e35 httpd`ap_process_http_connection + 302 (lldb) frame select 24 frame #24: 0x000000010a2c3ec1 httpd`ap_run_process_connection + 51 httpd`ap_run_process_connection: 0x10a2c3ec1 <+51>: cmpl $-0x1, %eax 0x10a2c3ec4 <+54>: jne 0x10a2c3edf ; <+81> 0x10a2c3ec6 <+56>: incq %rbx 0x10a2c3ec9 <+59>: movq 0x41d28(%rip), %rax ; _hooks + 8 (lldb) frame variable (lldb) frame info frame #24: 0x000000010a2c3ec1 httpd`ap_run_process_connection + 51 (lldb) frame select 25 frame #25: 0x000000010a45a816 mod_mpm_prefork.so`child_main + 1084 mod_mpm_prefork.so`child_main: 0x10a45a816 <+1084>: movq %rbx, %rdi 0x10a45a819 <+1087>: callq 0x10a45acde ; symbol stub for: ap_lingering_close 0x10a45a81e <+1092>: movq 0x1dcb(%rip), %rax ; my_bucket 0x10a45a825 <+1099>: movq (%rax), %rdi (lldb) frame variable (lldb) frame info frame #25: 0x000000010a45a816 mod_mpm_prefork.so`child_main + 1084 (lldb) frame select 26 frame #26: 0x000000010a45a2c5 mod_mpm_prefork.so`make_child + 404 mod_mpm_prefork.so`startup_children: 0x10a45a2c5 <+0>: pushq %rbp 0x10a45a2c6 <+1>: movq %rsp, %rbp 0x10a45a2c9 <+4>: pushq %r15 0x10a45a2cb <+6>: pushq %r14 (lldb) frame variable (lldb) frame info frame #26: 0x000000010a45a2c5 mod_mpm_prefork.so`make_child + 404 (lldb) frame select 27 frame #27: 0x000000010a45a31e mod_mpm_prefork.so`startup_children + 89 mod_mpm_prefork.so`startup_children: 0x10a45a31e <+89>: testl %eax, %eax 0x10a45a320 <+91>: js 0x10a45a33b ; <+118> 0x10a45a322 <+93>: decl %r14d 0x10a45a325 <+96>: movl 0x2299(%rip), %eax ; ap_daemons_limit (lldb) frame variable (lldb) frame info frame #27: 0x000000010a45a31e mod_mpm_prefork.so`startup_children + 89 (lldb) frame select 28 frame #28: 0x000000010a4594ff mod_mpm_prefork.so`prefork_run + 286 mod_mpm_prefork.so`prefork_run: 0x10a4594ff <+286>: movl $0x0, -0xb8(%rbp) 0x10a459509 <+296>: movq 0x2b40(%rip), %r13 ; (void *)0x000000010a305ed8: ap_server_conf 0x10a459510 <+303>: movq (%r13), %r12 0x10a459514 <+307>: movl 0x302d(%rip), %r14d ; mpm_prefork_module + 8 (lldb) frame variable (lldb) frame info frame #28: 0x000000010a4594ff mod_mpm_prefork.so`prefork_run + 286 (lldb) frame select 29 frame #29: 0x000000010a2c624b httpd`ap_run_mpm + 64 httpd`ap_run_mpm: 0x10a2c624b <+64>: cmpl $-0x1, %eax 0x10a2c624e <+67>: jne 0x10a2c626c ; <+97> 0x10a2c6250 <+69>: incq %r14 0x10a2c6253 <+72>: movq 0x3f9f6(%rip), %rax ; _hooks + 16 (lldb) frame variable (lldb) frame info frame #29: 0x000000010a2c624b httpd`ap_run_mpm + 64 (lldb) frame select 30 frame #30: 0x000000010a2babf0 httpd`main + 2108 httpd`main: 0x10a2babf0 <+2108>: movl %eax, %r15d 0x10a2babf3 <+2111>: testl %r15d, %r15d 0x10a2babf6 <+2114>: je 0x10a2baa48 ; <+1684> 0x10a2babfc <+2120>: cmpl $-0x2, %r15d (lldb) frame variable (lldb) frame info frame #30: 0x000000010a2babf0 httpd`main + 2108 (lldb) frame select 31 frame #31: 0x00007fff6e57ded9 libdyld.dylib`start + 1 libdyld.dylib`start: 0x7fff6e57ded9 <+1>: movl %eax, %edi 0x7fff6e57dedb <+3>: callq 0x7fff6e58fabc ; symbol stub for: exit 0x7fff6e57dee0 <+8>: hlt libdyld.dylib`dyld3::kdebug_trace_dyld_marker: 0x7fff6e57dee1 <+0>: pushq %rbp (lldb) frame variable (lldb) frame info frame #31: 0x00007fff6e57ded9 libdyld.dylib`start + 1 (lldb) frame select 32 error: Frame index (32) out of range. |
|
Thanks for that. I just did a live debugging session with somebody through IRC and screensharing, and we came to the same conclusions, with albeit slightly better output (See attached screenshots). Unfortunately, I still don't understand what goes wrong, except for the crash... |
|
Looks like I got the same results as both dv-ds and derick from my ticket 0001626. I tried to check the value of i_string from within lldb without much success.
lldb-output-xdebug-2.7.0rc1-deek.txt (5,579 bytes)
(lldb) target create "php" ruCurrent executable set to 'php' (x86_64). (lldb) settings set -- target.run-args "xdebugTest.php" (lldb) run Process 53913 launched: '/usr/local/bin/php' (x86_64) xdebug.so was compiled with optimization - stepping may behave oddly; variables may not be available. Process 53913 stopped * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001041a5e77 xdebug.so`xdebug_var_export_xml_node at xdebug_var.c:1715 [opt] 1712 zend_string *tmp_fullname_zstr; 1713 1714 #if PHP_VERSION_ID >= 70300 -> 1715 tmp_fullname_zstr = php_addslashes(i_string); 1716 #else 1717 tmp_fullname_zstr = php_addslashes(i_string, 0); 1718 #endif Target 0: (php) stopped. (lldb) register read General Purpose Registers: rax = 0x00000001002ca489 php`php_addslashes rbx = 0x000000000000000c rcx = 0x5f44494f52444e41 rdx = 0x0000000000000004 rdi = 0x0000000104201dc0 rsi = 0x0000000104201068 rbp = 0x00007ffeefbfda30 rsp = 0x00007ffeefbfd960 r8 = 0x454d4f485f44494f r9 = 0x0000000103600000 r10 = 0x0000000003ffffff r11 = 0x0000000000000d70 r12 = 0x000000010427f400 r13 = 0x0000000104201dc0 r14 = 0x0000000000000c80 r15 = 0x0000000104201050 rip = 0x00000001041a5e77 xdebug.so`xdebug_var_export_xml_node + 2647 [inlined] xdebug_array_element_export_xml_node + 173 at xdebug_var.c:2028 xdebug.so`xdebug_var_export_xml_node + 2474 at xdebug_var.c:2028 rflags = 0x0000000000010202 cs = 0x000000000000002b fs = 0x0000000000000000 gs = 0x0000000000000000 (lldb) frame variable (zval *) zv_nptr = <variable not available> (zend_ulong) index_key = <variable not available> (zend_string *) hash_key = 0x0000000104201050 (xdebug_xml_node *) parent = <variable not available> (xdebug_str *) parent_name = <variable not available> (xdebug_var_export_options *) options = <variable not available> (xdebug_xml_node *) node = 0x0000000103651390 (xdebug_str *) name = <variable not available> (xdebug_str) full_name = <variable not available> (zend_string *) i_string = 0x0000000104201dc0 (zend_string *) tmp_fullname_zstr = <variable not available> (lldb) frame var -L i_string 0x00007ffeefbfd9d0: (zend_string *) i_string = 0x0000000104201dc0 (lldb) frame var -L &i_string scalar: (zend_string **) &i_string = 0x00007ffeefbfd9d0 (lldb) bt all * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001041a5e77 xdebug.so`xdebug_var_export_xml_node at xdebug_var.c:1715 [opt] frame #1: 0x00000001041a5dca xdebug.so`xdebug_var_export_xml_node(struc=<unavailable>, name=0x00000001036511e0, node=0x0000000103650ff0, options=<unavailable>, level=1) at xdebug_var.c:2028 [opt] frame #2: 0x00000001041a51c4 xdebug.so`xdebug_get_zval_value_xml_node_ex(name=<unavailable>, val=0x00007ffeefbfdb60, var_type=<unavailable>, options=0x000000010364d820) at xdebug_var.c:2167 [opt] frame #3: 0x00000001041938f1 xdebug.so`xdebug_dbgp_handle_context_get [inlined] get_symbol(name=0x0000000000000007, options=0x000000010364d820) at xdebug_handler_dbgp.c:285 [opt] frame #4: 0x00000001041938ad xdebug.so`xdebug_dbgp_handle_context_get [inlined] add_variable_node(node=0x0000000103650420, name=0x0000000000000007, var_only=0, non_null=0, no_eval=0, options=0x000000010364d820) at xdebug_handler_dbgp.c:1331 [opt] frame #5: 0x00000001041938ad xdebug.so`xdebug_dbgp_handle_context_get [inlined] attach_context_vars(node=0x0000000103650420, options=0x000000010364d820, context_id=<unavailable>, depth=<unavailable>, func=<unavailable>) at xdebug_handler_dbgp.c:1706 [opt] frame #6: 0x00000001041934ae xdebug.so`xdebug_dbgp_handle_context_get(retval=0x00007ffeefbfdc60, context=<unavailable>, args=<unavailable>) at xdebug_handler_dbgp.c:1865 [opt] frame #7: 0x00000001041909be xdebug.so`xdebug_dbgp_cmdloop [inlined] xdebug_dbgp_parse_option(context=0x00000001041b33e8, line=<unavailable>, flags=<unavailable>, retval=0x0000000103650420) at xdebug_handler_dbgp.c:2123 [opt] frame #8: 0x0000000104190884 xdebug.so`xdebug_dbgp_cmdloop(context=0x00000001041b33e8, bail=1) at xdebug_handler_dbgp.c:2167 [opt] frame #9: 0x0000000104191813 xdebug.so`xdebug_dbgp_breakpoint(context=0x00000001041b33e8, stack=<unavailable>, file=<unavailable>, lineno=<unavailable>, type=<unavailable>, exception=0x0000000000000000, code=0x0000000000000000, message=0x0000000000000000) at xdebug_handler_dbgp.c:2442 [opt] frame #10: 0x0000000104189ad1 xdebug.so`xdebug_statement_call(frame=<unavailable>) at xdebug.c:0 [opt] frame #11: 0x000000010037ab80 php`zend_llist_apply_with_argument + 31 frame #12: 0x00000001003feb95 php`ZEND_EXT_STMT_SPEC_HANDLER + 47 frame #13: 0x00000001003c0a8e php`execute_ex + 98 frame #14: 0x0000000104188914 xdebug.so`xdebug_execute_ex(execute_data=0x0000000104220030) at xdebug.c:1903 [opt] frame #15: 0x00000001003c0c0a php`zend_execute + 318 frame #16: 0x00000001003859fa php`zend_execute_scripts + 277 frame #17: 0x000000010033142f php`php_execute_script + 639 frame #18: 0x00000001004315b7 php`do_cli + 3857 frame #19: 0x0000000100430539 php`main + 1234 frame #20: 0x00007fff60ce0ed9 libdyld.dylib`start + 1 |
|
Is the following of any use? (lldb) frame select 0 (lldb) p/x |
|
Note that the address mentioned above evaluates as follows: (lldb) dis -a |
|
This almost looks like the php_addslashes function call is wrong. But Xdebug does nothing special with this function. I am wondering whether there is another memory corruption going on here. Maybe it's worth trying to do this with the zend memory manager turned off, which you can do by setting "export USE_ZEND_ALLOC=0" as an environment variable (but make sure they propagate to PHP/PHP-FPM — phpinfo() and or var_dump($_ENV) should tell you). |
|
I set USE_ZEND_ALLOC=0 now and phpinfo() confirms it ($_ENV does not however). However, I still get the same error and the same instructions:
-> 0x107fe5ef3 <+643>: callq *%rcx |
|
I have been talking to Nikita today, and it seems that a hunch "it looks like addslashes is not a function" seems to be correct. Nikita theorizes that this problem occurs because PHP and Xdebug are targetted at a different architecture. PHP's php_addslashes calls have an optimisation for SSE4.2 systems, which gets only enabled on machines that support it. So if PHP was compiled on a system that doesn't enable it, and yours does, then the calling convention is off and you get a crash. It's possible that a hint on what happens can be found in the ./configure line that can be found in phpinfo() output (<code>php -i | grep Configure</code>). Unfortunately, there is currently no clean way around this without a hack (i.e., copying the php_addslashes function into the Xdebug source code). Nikita suggests to try to compile Xdebug with <code> ./configure CFLAGS="-march=native" </code> to see if that addresses the problem until this can be sorted out in PHP itself. |
|
Looks like you beat me to it. I just found these lines in the PHP src which are exactly what you describe. https://github.com/php/php-src/blob/php-7.3.1/ext/standard/php_string.h#L127-L133 |
|
Please excuse any misunderstanding about this complex code, this might be way of the mark. Would it be possible to leverage the code in the PHP source that checks for the SSE4.2 instructions in XDebug 2.7 as well? https://github.com/php/php-src/blob/php-7.3.1/ext/standard/string.c#L3902-L3919 |
|
That seems to be the case indeed! I don't see any mention of SSE4.2 in the output of php -i, whereas sysctl -a | grep machdep.cpu.features lists it. You did not hear it from me, but what I did now was:
There are a bunch of flags in there, so I have no idea if there is more that needs to be hacked. Probably some upstream flag is a less bad thing to mess with. And clearly this is not a proper solution... Nevertheless, after this change I can't reproduce the scenarios I described in "Steps To Reproduce". I have not done extensive testing, but it looks very promising. Assuming no other issues pop up, this is good enough on my side for now as I also can't think of a non-awkward workaround on the Xdebug side. It doesn't necessarily merit closing the issue, but I'll leave that up to you and others affected by this issue. |
|
This has now been fixed in PHP (for PHP 7.3.3 (https://github.com/php/php-src/pull/3826/files) and PHP 7.4-dev (https://github.com/php/php-src/pull/3828/files)). I will be adding a workaround for Xdebug for the two broken PHP versions (i.e., copy the addslashes code into the Xdebug source code, so that no ABI conflicts exist), and then release a new release candidate. |
|
Fixed in GIT for Xdebug 2.7.0RC2 (soon to be released) |
|
Verified that Xdebug 2.7.0RC2 fixes the issues I was having from ticket 0001627. |
Date Modified | Username | Field | Change |
---|---|---|---|
2019-02-04 11:10 | dv-ds | New Issue | |
2019-02-04 11:13 | dv-ds | Note Added: 0004871 | |
2019-02-11 17:15 | derick | Note Added: 0004885 | |
2019-02-11 17:15 | derick | Assigned To | => derick |
2019-02-11 17:15 | derick | Status | new => feedback |
2019-02-12 09:33 | dv-ds | File Added: xdebug_0001625.log | |
2019-02-12 09:33 | dv-ds | Note Added: 0004888 | |
2019-02-12 09:33 | dv-ds | Status | feedback => assigned |
2019-02-12 16:00 | derick | Note Added: 0004890 | |
2019-02-12 16:00 | derick | Status | assigned => feedback |
2019-02-12 16:01 | derick | Relationship added | has duplicate 0001626 |
2019-02-12 16:53 | dv-ds | Note Added: 0004895 | |
2019-02-12 16:53 | dv-ds | Status | feedback => assigned |
2019-02-12 16:59 | dv-ds | Note Added: 0004896 | |
2019-02-12 17:29 | dv-ds | Note Added: 0004897 | |
2019-02-12 18:16 | dv-ds | File Added: lldb-output.txt | |
2019-02-12 18:16 | dv-ds | Note Added: 0004898 | |
2019-02-12 19:15 | derick | File Added: xdebug-foo2.png | |
2019-02-12 19:15 | derick | Note Added: 0004899 | |
2019-02-12 22:43 | deek | File Added: lldb-output-xdebug-2.7.0rc1-deek.txt | |
2019-02-12 22:43 | deek | Note Added: 0004901 | |
2019-02-13 12:16 | dv-ds | Note Added: 0004902 | |
2019-02-13 12:22 | dv-ds | Note Added: 0004903 | |
2019-02-13 12:58 | derick | Note Added: 0004904 | |
2019-02-13 15:06 | dv-ds | Note Added: 0004905 | |
2019-02-13 20:39 | derick | Note Added: 0004906 | |
2019-02-13 21:30 | deek | Note Added: 0004907 | |
2019-02-13 21:45 | deek | Note Added: 0004908 | |
2019-02-14 04:09 | dv-ds | Note Added: 0004909 | |
2019-02-14 15:23 | derick | Note Added: 0004910 | |
2019-02-14 15:25 | derick | Relationship added | has duplicate 0001627 |
2019-02-15 13:10 | derick | Status | assigned => closed |
2019-02-15 13:10 | derick | Resolution | open => fixed |
2019-02-15 13:10 | derick | Fixed in Version | => 2.7.0 |
2019-02-15 13:10 | derick | Note Added: 0004912 | |
2019-02-15 13:11 | derick | Summary | Segfault when evaluating variables => Work around ABI conflicts in PHP 7.3.0/PHP 7.3.1 |
2019-02-15 15:10 | derick | Fixed in Version | 2.7.0 => 2.7.0RC2 |
2019-02-15 15:12 | derick | Target Version | => 2.7.0 |
2019-02-16 00:38 | deek | Note Added: 0004914 | |
2020-03-12 16:33 | derick | Category | Remote Debugging => Step Debugging |