0001625: Work around ABI conflicts in PHP 7.3.0/PHP 7.3.1

ID	Project	Category	View Status	Date Submitted	Last Update

0001625	Xdebug	Step Debugging	public	2019-02-04 11:10	2019-02-16 00:38

Reporter	dv-ds	Assigned To	derick
Priority	high	Severity	crash	Reproducibility	always
Status	closed	Resolution	fixed
Platform	x86_64	OS	macOS	OS Version	10.14.2
Product Version	2.7.0rc1
Target Version	2.7.0	Fixed in Version	2.7.0RC2

Summary	0001625: Work around ABI conflicts in PHP 7.3.0/PHP 7.3.1
Description	Some evaluations are possible, others are not. In the cases where it doesn't work, the end result is something like this: [Mon Feb 04 11:49:24.093890 2019] [core:notice] [pid 10169] AH00052: child pid 39934 exit signal Segmentation fault (11) For what it's worth, I'm fairly certain this occurred also in 2.7.0beta1, but I did not investigate that further as the major issue for me at that point was the opcache issue.
Steps To Reproduce	Setup index.php as follows and navigate to /?foo=bar <?php $a = 1; echo ""; // Set breakpoint here and either hover over $a in VS Code or try to evaluate $_GET in the console. Either will crash. The latter will not cause a crash if the query string is omitted however.
Additional Information	Setup: Visual Studio Code, 1.30.2 Apache 2.4.37 (Homebrew) PHP 7.3.1 (Homebrew)
Tags	No tags attached.
Attached Files	xdebug_0001625.log (7,253 bytes)

Operating System	macOS
PHP Version	7.3.2-7.3.4

dv-ds 2019-02-04 11:13 reporter ~0004871	I just noticed I set "PHP Version" incorrectly, and don't see any way to modify it. It's 7.3.1 as indicated in the other section.

derick 2019-02-11 17:15 administrator ~0004885	I think this is a duplicate of 0001626 — can you please see if you can make a GDB trace as is explained at https://xdebug.org/support.php#crash ?

dv-ds 2019-02-12 09:33 reporter ~0004888	I can't get GDB to work even with a simple hello world program unfortunately. It's been like that for a long time and I gave up trying to fix it. It's a homebrew installation, and I'd rather not touch it as Homebrew very often breaks things for me when I upgrade things, due to messed up dependencies and whatnot. However, I am able to attach with LLDB (sudo lldb -p nnnn). Here's what I got, and see also attached xdebug log from an earlier session, explained below, do you need more? Program used: <?php error_log("PID: " . getmypid()); sleep(20); $a = 1; // LLDB log below indicates crash when hovering over $a, at breakpoint echo ""; // Breakpoint set here (lldb) continue Process 4188 resuming xdebug.so was compiled with optimization - stepping may behave oddly; variables may not be available. Process 4188 stopped thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x000000010d2a5e17 xdebug.so`xdebug_var_export_xml_node at xdebug_var.c:1715 [opt] 1712 zend_string *tmp_fullname_zstr; 1713 1714 #if PHP_VERSION_ID >= 70300 -> 1715 tmp_fullname_zstr = php_addslashes(i_string); 1716 #else 1717 tmp_fullname_zstr = php_addslashes(i_string, 0); 1718 #endif Target 0: (httpd) stopped. For the xdebug log: (/?foo=bar) Evaluating $a in console works fine: [3829] <- eval -i 10 -- JGE= Hovering over $a - crash: [3829] <- context_get -i 11 -d 0 -c 1 Evaluating $_GET in console - crash: (and reconnect fails because the thread already died, I get similar results when running this on a running thread) [4305] <- eval -i 10 -- JF9HRVQ=

derick 2019-02-12 16:00 administrator ~0004890	This is really useful. If only I could reproduce this at home (or have access to your debugging session)... It's possible to compile Xdebug with debugging symbols, by using: ./configure --with-xdebug-dev instead of the normal ./configure I'm curious to see what the values of the local vars and arguments are. For both this frame (top) one, and lower ones. Can you show the output of the following commands on lldb: frame 0 frame variable frame info frame 1 frame variable frame info frame 2 frame variable frame info (etc, until... 10 or so?)

dv-ds 2019-02-12 16:53 reporter ~0004895	Hm, if I try ./configure --enable-xdebug-dev (I assume that's the one you meant, I get an error if I try --with-xdebug-dev), some warnings are treated as fatal, which they are not otherwise. Example: xdebug/xdebug.c:1822:107: error: format specifies type 'long' but the argument has type 'zend_long' (aka 'long long') [-Werror,-Wformat] zend_throw_exception_ex(zend_ce_error, 0, "Maximum function nesting level of '%ld' reached, aborting!", XG(max_nesting_level)); `%lld Then it stops compiling after two such messages. I'm not sure which flag is causing this, but will see if I can work around them by blindly massaging the code a bit to make the warnings go away. In case that does not pan out, please suggest a better route in the meantime to get this to compile.`

dv-ds 2019-02-12 16:59 reporter ~0004896	Found a quicker path and applied this diff to mute the warnings, will get back to you shortly: $ git diff diff --git a/config.m4 b/config.m4 index 27f19b4f..03ec597b 100644 --- a/config.m4 +++ b/config.m4 @@ -40,7 +40,6 @@ if test "$PHP_XDEBUG" != "no"; then PHP_CHECK_GCC_ARG(-Wduplicate-enum, _MAINTAINER_CFLAGS="$_MAINTAINER_CFLAGS -Wduplicate-enum") PHP_CHECK_GCC_ARG(-Wempty-body, _MAINTAINER_CFLAGS="$_MAINTAINER_CFLAGS -Wempty-body") PHP_CHECK_GCC_ARG(-Wenum-compare, _MAINTAINER_CFLAGS="$_MAINTAINER_CFLAGS -Wenum-compare") PHP_CHECK_GCC_ARG(-Werror, _MAINTAINER_CFLAGS="$_MAINTAINER_CFLAGS -Werror") PHP_CHECK_GCC_ARG(-Wextra, _MAINTAINER_CFLAGS="$_MAINTAINER_CFLAGS -Wextra") PHP_CHECK_GCC_ARG(-Wformat-nonliteral, _MAINTAINER_CFLAGS="$_MAINTAINER_CFLAGS -Wformat-nonliteral") PHP_CHECK_GCC_ARG(-Wformat-security, _MAINTAINER_CFLAGS="$_MAINTAINER_CFLAGS -Wformat-security")

dv-ds 2019-02-12 17:29 reporter ~0004897	I was able to compile, but things are not working out yet: I get "xdebug.so was compiled with optimization - stepping may behave oddly; variables may not be available.". I notice that -O2 or perhaps other settings are present in for instance libtool. I don't know where it sources that from. It seems quite difficult for me to find all of those occurrences as well. For what it's worth, note that it appears I get debug symbols (xdebug.so.dSYM) no matter if I set --enable-xdebug-dev or not. Not sure of the practical difference as both yield the same warning about optimizations. How can I completely disable optimization? The frame info I can get at this point is thus quite uninformative, so I'll refrain from posting the rest unless you think it might still be of use: (lldb) frame select 0 frame #0: 0x0000000111db8e67 xdebug.so`xdebug_var_export_xml_node at xdebug_var.c:1715 [opt] 1712 zend_string tmp_fullname_zstr; 1713 1714 #if PHP_VERSION_ID >= 70300 -> 1715 tmp_fullname_zstr = php_addslashes(i_string); 1716 #else 1717 tmp_fullname_zstr = php_addslashes(i_string, 0); 1718 #endif (lldb) frame variable (zval ) zv_nptr = <variable not available> (zend_ulong) index_key = <variable not available> (zend_string ) hash_key = 0x0000000111e61060 (xdebug_xml_node ) parent = <variable not available> (xdebug_str ) parent_name = <variable not available> (xdebug_var_export_options ) options = <variable not available> (xdebug_xml_node ) node = 0x00007fa61271cd90 (xdebug_str ) name = <variable not available> (xdebug_str) full_name = <variable not available> (zend_string ) i_string = 0x0000000111e61900 (zend_string ) tmp_fullname_zstr = <variable not available>

dv-ds 2019-02-12 18:16 reporter ~0004898	It was phpize that introduced -O2. Hacked it away manually before ./configure --enable-xdebug-dev && make and was able to get some debug info, see attached lldb-output.txt. Some notes: I've replaced some paths with [...]. Line 188 (and maybe others) is how it is shown in the terminal (I just copy-pasted the whole output from the terminal to an editor), I suppose LLDB might be masking non-printable characters, please let me know if you need the exact bytes for some reason: (char ) var_name = 0x00007fff6e72e7d8 "?z???f\x85?\x85q???f?@\x10" lldb-output.txt (25,232 bytes) $ sudo lldb -p 23027 (lldb) process attach --pid 23027 Process 23027 stopped thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP frame #0: 0x00007fff6e6baeae libsystem_kernel.dylib`__semwait_signal + 10 libsystem_kernel.dylib`__semwait_signal: -> 0x7fff6e6baeae <+10>: jae 0x7fff6e6baeb8 ; <+20> 0x7fff6e6baeb0 <+12>: movq %rax, %rdi 0x7fff6e6baeb3 <+15>: jmp 0x7fff6e6b7381 ; cerror 0x7fff6e6baeb8 <+20>: retq Target 0: (httpd) stopped. Executable module set to "/usr/local/opt/httpd/bin/httpd". Architecture set to: x86_64h-apple-macosx. (lldb) continue Process 23027 resuming Process 23027 stopped * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x000000010dc3def3 xdebug.so`xdebug_array_element_export_xml_node(zv_nptr=0x000000010da7a600, index_key=12731958461851390867, hash_key=0x000000010da61060, level=0, parent=0x00007facd8d70d20, parent_name=0x00007facd8d70a20, options=0x00007facd8c001d0) at xdebug_var.c:1715 1712 zend_string tmp_fullname_zstr; 1713 1714 #if PHP_VERSION_ID >= 70300 -> 1715 tmp_fullname_zstr = php_addslashes(i_string); 1716 #else 1717 tmp_fullname_zstr = php_addslashes(i_string, 0); 1718 #endif Target 0: (httpd) stopped. (lldb) frame select 0 frame #0: 0x000000010dc3def3 xdebug.so`xdebug_array_element_export_xml_node(zv_nptr=0x000000010da7a600, index_key=12731958461851390867, hash_key=0x000000010da61060, level=0, parent=0x00007facd8d70d20, parent_name=0x00007facd8d70a20, options=0x00007facd8c001d0) at xdebug_var.c:1715 1712 zend_string tmp_fullname_zstr; 1713 1714 #if PHP_VERSION_ID >= 70300 -> 1715 tmp_fullname_zstr = php_addslashes(i_string); 1716 #else 1717 tmp_fullname_zstr = php_addslashes(i_string, 0); 1718 #endif (lldb) frame variable (zval ) zv_nptr = 0x000000010da7a600 (zend_ulong) index_key = 12731958461851390867 (zend_string ) hash_key = 0x000000010da61060 (int) level = 0 (xdebug_xml_node ) parent = 0x00007facd8d70d20 (xdebug_str ) parent_name = 0x00007facd8d70a20 (xdebug_var_export_options ) options = 0x00007facd8c001d0 (zval ) zv = 0x00007ffee594dc90 (xdebug_xml_node ) node = 0x00007facd8d744a0 (xdebug_str ) name = 0x00007ffee594dc80 (xdebug_str) full_name = (l = 0, a = 0, d = 0x0000000000000000) (zend_string ) i_string = 0x000000010da618a0 (zend_string ) tmp_fullname_zstr = 0x0000000000000000 (lldb) frame info frame #0: 0x000000010dc3def3 xdebug.so`xdebug_array_element_export_xml_node(zv_nptr=0x000000010da7a600, index_key=12731958461851390867, hash_key=0x000000010da61060, level=0, parent=0x00007facd8d70d20, parent_name=0x00007facd8d70a20, options=0x00007facd8c001d0) at xdebug_var.c:1715 (lldb) frame select 1 frame #1: 0x000000010dc3cd03 xdebug.so`xdebug_var_export_xml_node(struc=0x00007ffee594e450, name=0x00007facd8d70a20, node=0x00007facd8d70d20, options=0x00007facd8c001d0, level=0) at xdebug_var.c:2028 2025 xdebug_zend_hash_apply_protection_begin(myht); 2026 2027 ZEND_HASH_FOREACH_KEY_VAL_IND(myht, num, key, z_val) { -> 2028 xdebug_array_element_export_xml_node(z_val, num, key, level, node, name, options); 2029 } ZEND_HASH_FOREACH_END(); 2030 2031 xdebug_zend_hash_apply_protection_end(myht); (lldb) frame variable (zval ) struc = 0x00007ffee594e450 (xdebug_str ) name = 0x00007facd8d70a20 (xdebug_xml_node ) node = 0x00007facd8d70d20 (xdebug_var_export_options ) options = 0x00007facd8c001d0 (int) level = 0 (HashTable ) myht = 0x000000010da660a8 (zend_ulong) num = 12731958461851390867 (zend_string ) key = 0x000000010da61060 (zval ) z_val = 0x000000010da7a600 (xdebug_object_item ) xoi_val = 0x0000000100000000 (zval ) tmpz = 0x00007fff6e72dbac (HashTable ) __ht = 0x000000010da660a8 (Bucket ) _p = 0x000000010da7a600 (Bucket ) _end = 0x000000010da7a8c0 (zval ) _z = 0x000000010da7a600 (lldb) frame info frame #1: 0x000000010dc3cd03 xdebug.so`xdebug_var_export_xml_node(struc=0x00007ffee594e450, name=0x00007facd8d70a20, node=0x00007facd8d70d20, options=0x00007facd8c001d0, level=0) at xdebug_var.c:2028 (lldb) frame select 2 frame #2: 0x000000010dc3bb10 xdebug.so`xdebug_get_zval_value_xml_node_ex(name=0x00007ffee594e6f0, val=0x00007ffee594e480, var_type=0, options=0x00007facd8c001d0) at xdebug_var.c:2167 2164 add_xml_attribute_or_element(options, node, "name", 4, short_name); 2165 add_xml_attribute_or_element(options, node, "fullname", 8, full_name); 2166 } -> 2167 xdebug_var_export_xml_node(&val, full_name ? full_name : NULL, node, options, 0 TSRMLS_CC); 2168 2169 if (short_name) { 2170 xdebug_str_free(short_name); (lldb) frame variable (xdebug_str ) name = 0x00007ffee594e6f0 (zval ) val = 0x00007ffee594e480 (int) var_type = 0 (xdebug_var_export_options ) options = 0x00007facd8c001d0 (xdebug_xml_node ) node = 0x00007facd8d70d20 (xdebug_str ) short_name = 0x00007facd8d70d50 (xdebug_str ) full_name = 0x00007facd8d70a20 (lldb) frame info frame #2: 0x000000010dc3bb10 xdebug.so`xdebug_get_zval_value_xml_node_ex(name=0x00007ffee594e6f0, val=0x00007ffee594e480, var_type=0, options=0x00007facd8c001d0) at xdebug_var.c:2167 (lldb) frame select 3 frame #3: 0x000000010dc25d8f xdebug.so`get_symbol(name=0x00007ffee594e6f0, options=0x00007facd8c001d0) at xdebug_handler_dbgp.c:285 282 if (strcmp(name->d, "this") == 0 && Z_TYPE(retval) == IS_NULL) { 283 return NULL; 284 } -> 285 tmp_node = xdebug_get_zval_value_xml_node(name, &retval, options TSRMLS_CC); 286 zval_ptr_dtor_nogc(&retval); 287 return tmp_node; 288 } (lldb) frame variable ^[[A(xdebug_str ) name = 0x00007ffee594e6f0 (xdebug_var_export_options ) options = 0x00007facd8c001d0 (zval) retval = { value = { lval = 4523974824 dval = 2.2351405431890997E-314 counted = 0x000000010da660a8 str = 0x000000010da660a8 arr = 0x000000010da660a8 obj = 0x000000010da660a8 res = 0x000000010da660a8 ref = 0x000000010da660a8 ast = 0x000000010da660a8 zv = 0x000000010da660a8 ptr = 0x000000010da660a8 ce = 0x000000010da660a8 func = 0x000000010da660a8 ww = (w1 = 229007528, w2 = 1) } u1 = { v = { type = '\a' type_flags = '\x01' u = (call_info = 0, extra = 0) } type_info = 263 } u2 = { next = 0 cache_slot = 0 opline_num = 0 lineno = 0 num_args = 0 fe_pos = 0 fe_iter_idx = 0 access_flags = 0 property_guard = 0 constant_flags = 0 extra = 0 } } (xdebug_xml_node ) tmp_node = 0xfd00000070001004 (lldb) frame info frame #3: 0x000000010dc25d8f xdebug.so`get_symbol(name=0x00007ffee594e6f0, options=0x00007facd8c001d0) at xdebug_handler_dbgp.c:285 (lldb) frame select 4 frame #4: 0x000000010dc256db xdebug.so`add_variable_node(node=0x00007facd8d008e0, name=0x00007ffee594e6f0, var_only=1, non_null=1, no_eval=0, options=0x00007facd8c001d0) at xdebug_handler_dbgp.c:1331 1328 { 1329 xdebug_xml_node contents; 1330 -> 1331 contents = get_symbol(name, options); 1332 if (contents) { 1333 xdebug_xml_add_child(node, contents); 1334 return SUCCESS; (lldb) frame variable (xdebug_xml_node ) node = 0x00007facd8d008e0 (xdebug_str ) name = 0x00007ffee594e6f0 (int) var_only = 1 (int) non_null = 1 (int) no_eval = 0 (xdebug_var_export_options ) options = 0x00007facd8c001d0 (xdebug_xml_node ) contents = 0x0000000000000027 (lldb) frame info frame #4: 0x000000010dc256db xdebug.so`add_variable_node(node=0x00007facd8d008e0, name=0x00007ffee594e6f0, var_only=1, non_null=1, no_eval=0, options=0x00007facd8c001d0) at xdebug_handler_dbgp.c:1331 (lldb) frame select 5 frame #5: 0x000000010dc24fb3 xdebug.so`attach_context_vars(node=0x00007facd8d008e0, options=0x00007facd8c001d0, context_id=1, depth=0, func=(xdebug.so`attach_declared_var_with_contents at xdebug_handler_dbgp.c:1628)) at xdebug_handler_dbgp.c:1700 1697 / add super globals / 1698 XG(active_symbol_table) = &EG(symbol_table); 1699 XG(active_execute_data) = NULL; -> 1700 add_variable_node(node, XDEBUG_STR_WRAP_CHAR("_COOKIE"), 1, 1, 0, options); 1701 add_variable_node(node, XDEBUG_STR_WRAP_CHAR("_ENV"), 1, 1, 0, options); 1702 add_variable_node(node, XDEBUG_STR_WRAP_CHAR("_FILES"), 1, 1, 0, options); 1703 add_variable_node(node, XDEBUG_STR_WRAP_CHAR("_GET"), 1, 1, 0, options); (lldb) frame variable (xdebug_xml_node ) node = 0x00007facd8d008e0 (xdebug_var_export_options ) options = 0x00007facd8c001d0 (long) context_id = 1 (long) depth = 0 (void ()(void , xdebug_hash_element , void )) func = 0x000000010dc25630 (xdebug.so`attach_declared_var_with_contents at xdebug_handler_dbgp.c:1628) (function_stack_entry ) fse = 0x0000000000000000 (char ) var_name = 0x00007fff6e72e7d8 "?z???f\x85?\x85q???f?@\x10" (lldb) frame info frame #5: 0x000000010dc24fb3 xdebug.so`attach_context_vars(node=0x00007facd8d008e0, options=0x00007facd8c001d0, context_id=1, depth=0, func=(xdebug.so`attach_declared_var_with_contents at xdebug_handler_dbgp.c:1628)) at xdebug_handler_dbgp.c:1700 (lldb) frame select 6 frame #6: 0x000000010dc19f7a xdebug.so`xdebug_dbgp_handle_context_get(retval=0x00007ffee594ea50, context=0x000000010dc4d400, args=0x00007facd8d74330) at xdebug_handler_dbgp.c:1865 1862 / Always reset to page = 0, as it might have been modified by property_get or property_value / 1863 options->runtime[0].page = 0; 1864 -> 1865 res = attach_context_vars(retval, options, context_id, depth, attach_declared_var_with_contents TSRMLS_CC); 1866 switch (res) { 1867 case 1: 1868 RETURN_RESULT(XG(status), XG(reason), XDEBUG_ERROR_STACK_DEPTH_INVALID); (lldb) frame variable (xdebug_xml_node *) retval = 0x00007ffee594ea50 (xdebug_con ) context = 0x000000010dc4d400 (xdebug_dbgp_arg ) args = 0x00007facd8d74330 (int) res = 32684 (int) context_id = 1 (int) depth = 0 (xdebug_var_export_options ) options = 0x00007facd8c001d0 (lldb) frame info frame #6: 0x000000010dc19f7a xdebug.so`xdebug_dbgp_handle_context_get(retval=0x00007ffee594ea50, context=0x000000010dc4d400, args=0x00007facd8d74330) at xdebug_handler_dbgp.c:1865 (lldb) frame select 7 frame #7: 0x000000010dc16471 xdebug.so`xdebug_dbgp_parse_option(context=0x000000010dc4d400, line="context_get -i 10 -d 0 -c 1", flags=0, retval=0x00007facd8d008e0) at xdebug_handler_dbgp.c:2123 2120 } 2121 XG(lasttransid) = xdstrdup(CMD_OPTION_CHAR('i')); 2122 if (XG(status) != DBGP_STATUS_STOPPING \|\| (XG(status) == DBGP_STATUS_STOPPING && command->flags & XDEBUG_DBGP_POST_MORTEM)) { -> 2123 command->handler((xdebug_xml_node*) &retval, context, args TSRMLS_CC); 2124 ret = command->cont; 2125 } else { 2126 error = xdebug_xml_node_init("error"); (lldb) frame variable (xdebug_con ) context = 0x000000010dc4d400 (char ) line = 0x00007facd8d70c20 "context_get -i 10 -d 0 -c 1" (int) flags = 0 (xdebug_xml_node ) retval = 0x00007facd8d008e0 (char ) cmd = 0x00007facd8d00940 "context_get" (int) res = 0 (int) ret = 0 (xdebug_dbgp_arg ) args = 0x00007facd8d74330 (xdebug_dbgp_cmd ) command = 0x000000010dc4cb68 (xdebug_xml_node ) error = 0x000000006e72c783 (lldb) frame info frame #7: 0x000000010dc16471 xdebug.so`xdebug_dbgp_parse_option(context=0x000000010dc4d400, line="context_get -i 10 -d 0 -c 1", flags=0, retval=0x00007facd8d008e0) at xdebug_handler_dbgp.c:2123 (lldb) frame select 8 frame #8: 0x000000010dc13e1b xdebug.so`xdebug_dbgp_cmdloop(context=0x000000010dc4d400, bail=1) at xdebug_handler_dbgp.c:2167 2164 response = xdebug_xml_node_init("response"); 2165 xdebug_xml_add_attribute(response, "xmlns", "urn:debugger_protocol_v1"); 2166 xdebug_xml_add_attribute(response, "xmlns:xdebug", "https://xdebug.org/dbgp/xdebug"); -> 2167 ret = xdebug_dbgp_parse_option(context, option, 0, response TSRMLS_CC); 2168 if (ret != 1) { 2169 send_message(context, response TSRMLS_CC); 2170 } (lldb) frame variable (xdebug_con ) context = 0x000000010dc4d400 (int) bail = 1 (char ) option = 0x00007facd8d70c20 "context_get -i 10 -d 0 -c 1" (int) ret = 0 (xdebug_xml_node ) response = 0x00007facd8d008e0 (lldb) frame info frame #8: 0x000000010dc13e1b xdebug.so`xdebug_dbgp_cmdloop(context=0x000000010dc4d400, bail=1) at xdebug_handler_dbgp.c:2167 (lldb) frame select 9 frame #9: 0x000000010dc15339 xdebug.so`xdebug_dbgp_breakpoint(context=0x000000010dc4d400, stack=0x00007facdb30dcc0, file="[...]/index.php", lineno=8, type=1, exception=0x0000000000000000, code=0x0000000000000000, message=0x0000000000000000) at xdebug_handler_dbgp.c:2442 2439 XG(lasttransid) = NULL; 2440 } 2441 -> 2442 xdebug_dbgp_cmdloop(context, 1 TSRMLS_CC); 2443 2444 return 1; 2445 } (lldb) frame variable (xdebug_con ) context = 0x000000010dc4d400 (xdebug_llist ) stack = 0x00007facdb30dcc0 (char ) file = 0x000000010f586580 "[...]/index.php" (long) lineno = 8 (int) type = 1 (char ) exception = 0x0000000000000000 (char ) code = 0x0000000000000000 (char ) message = 0x0000000000000000 (xdebug_xml_node ) response = 0x00007facdb40e570 (xdebug_xml_node ) error_container = 0x00007facdb40e750 (lldb) frame info frame #9: 0x000000010dc15339 xdebug.so`xdebug_dbgp_breakpoint(context=0x000000010dc4d400, stack=0x00007facdb30dcc0, file="[...]/index.php", lineno=8, type=1, exception=0x0000000000000000, code=0x0000000000000000, message=0x0000000000000000) at xdebug_handler_dbgp.c:2442 (lldb) frame select 10 frame #10: 0x000000010dc07d3d xdebug.so`xdebug_statement_call(frame=0x000000010da1d030) at xdebug.c:2599 2596 XG(context).inhibit_notifications = 0; 2597 } 2598 if (break_ok && xdebug_handle_hit_value(extra_brk_info)) { -> 2599 if (!XG(context).handler->remote_breakpoint(&(XG(context)), XG(stack), file, lineno, XDEBUG_BREAK, NULL, 0, NULL)) { 2600 xdebug_mark_debug_connection_not_active(); 2601 break; 2602 } (lldb) frame variable (zend_execute_data ) frame = 0x000000010da1d030 (zend_op_array ) op_array = 0x000000010da831c0 (xdebug_llist_element ) le = 0x00007facdb40e610 (xdebug_brk_info ) extra_brk_info = 0x00007facd8e0bd00 (function_stack_entry ) fse = 0x00007facdb31ff20 (int) lineno = 8 (char ) file = 0x000000010f586580 "[...]/index.php" (int) level = 1 (int) func_nr = 0 (int) break_ok = 1 (int) old_error_reporting = 23027 (zval) retval = { value = { lval = 140380349074464 dval = 6.9357107828894693E-310 counted = 0x00007facd8d70c20 str = 0x00007facd8d70c20 arr = 0x00007facd8d70c20 obj = 0x00007facd8d70c20 res = 0x00007facd8d70c20 ref = 0x00007facd8d70c20 ast = 0x00007facd8d70c20 zv = 0x00007facd8d70c20 ptr = 0x00007facd8d70c20 ce = 0x00007facd8d70c20 func = 0x00007facd8d70c20 ww = (w1 = 3637972000, w2 = 32684) } u1 = { v = { type = '?' type_flags = '?' u = (call_info = 56112, extra = 56112) } type_info = 3677412544 } u2 = { next = 32684 cache_slot = 32684 opline_num = 32684 lineno = 32684 num_args = 32684 fe_pos = 32684 fe_iter_idx = 32684 access_flags = 32684 property_guard = 32684 constant_flags = 32684 extra = 32684 } } (int) file_len = 44 (lldb) frame info frame #10: 0x000000010dc07d3d xdebug.so`xdebug_statement_call(frame=0x000000010da1d030) at xdebug.c:2599 (lldb) frame select 11 frame #11: 0x000000010a84b1e0 libphp7.so`zend_llist_apply_with_argument + 31 libphp7.so`zend_llist_apply_with_argument: 0x10a84b1e0 <+31>: movq (%rbx), %rbx 0x10a84b1e3 <+34>: testq %rbx, %rbx 0x10a84b1e6 <+37>: jne 0x10a84b1d6 ; <+21> 0x10a84b1e8 <+39>: addq $0x8, %rsp (lldb) frame variable (lldb) frame info frame #11: 0x000000010a84b1e0 libphp7.so`zend_llist_apply_with_argument + 31 (lldb) frame select 12 frame #12: 0x000000010a8cf1f5 libphp7.so`ZEND_EXT_STMT_SPEC_HANDLER + 47 libphp7.so`ZEND_EXT_STMT_SPEC_HANDLER: 0x10a8cf1f5 <+47>: addq $0x20, (%rbx) 0x10a8cf1f9 <+51>: xorl %eax, %eax 0x10a8cf1fb <+53>: addq $0x8, %rsp 0x10a8cf1ff <+57>: popq %rbx (lldb) frame variable (lldb) frame info frame #12: 0x000000010a8cf1f5 libphp7.so`ZEND_EXT_STMT_SPEC_HANDLER + 47 (lldb) frame select 13 frame #13: 0x000000010a8910ee libphp7.so`execute_ex + 98 libphp7.so`execute_ex: 0x10a8910ee <+98>: testl %eax, %eax 0x10a8910f0 <+100>: je 0x10a8910e6 ; <+90> 0x10a8910f2 <+102>: jg 0x10a8910b7 ; <+43> 0x10a8910f4 <+104>: popq %rbx (lldb) frame variable (lldb) frame info frame #13: 0x000000010a8910ee libphp7.so`execute_ex + 98 (lldb) frame select 14 frame #14: 0x000000010dc05400 xdebug.so`xdebug_execute_ex(execute_data=0x000000010da1d030) at xdebug.c:1903 1900 xdebug_profiler_function_begin(fse TSRMLS_CC); 1901 } 1902 -> 1903 xdebug_old_execute_ex(execute_data TSRMLS_CC); 1904 1905 if (XG(profiler_enabled)) { 1906 xdebug_profiler_function_end(fse TSRMLS_CC); (lldb) frame variable (zend_execute_data ) execute_data = 0x000000010da1d030 (zend_op_array ) op_array = 0x000000010da831c0 (zend_execute_data ) edata = 0x0000000000000000 (function_stack_entry ) fse = 0x00007facdb31ff20 (function_stack_entry ) xfse = 0x00007facdb31ff20 (int) do_return = 0 (int) function_nr = 0 (xdebug_llist_element ) le = 0x00007facdb31fe60 (xdebug_func) code_coverage_func_info = (class = 0x0000000000000000, function = "\x01", type = 185895904, internal = 1) (char ) code_coverage_function_name = 0x0000000000000000 (char ) code_coverage_file_name = 0x0000000000000000 (int) code_coverage_init = 0 (lldb) frame info frame #14: 0x000000010dc05400 xdebug.so`xdebug_execute_ex(execute_data=0x000000010da1d030) at xdebug.c:1903 (lldb) frame select 15 frame #15: 0x000000010a89126a libphp7.so`zend_execute + 318 libphp7.so`zend_execute: 0x10a89126a <+318>: cmpb $0x0, 0x2a(%rbx) 0x10a89126e <+322>: js 0x10a8912ad ; <+385> 0x10a891270 <+324>: movq %rbx, 0x1c8(%r12) 0x10a891278 <+332>: addq $0x8, %rsp (lldb) frame variable (lldb) frame info frame #15: 0x000000010a89126a libphp7.so`zend_execute + 318 (lldb) frame select 16 frame #16: 0x000000010a85605a libphp7.so`zend_execute_scripts + 277 libphp7.so`zend_execute_scripts: 0x10a85605a <+277>: callq 0x10a87015c ; zend_exception_restore 0x10a85605f <+282>: callq 0x10a855e33 ; zend_try_exception_handler 0x10a856064 <+287>: leaq 0x8f2a45(%rip), %rax ; executor_globals 0x10a85606b <+294>: movq 0x360(%rax), %rdi (lldb) frame variable (lldb) frame info frame #16: 0x000000010a85605a libphp7.so`zend_execute_scripts + 277 (lldb) frame select 17 frame #17: 0x000000010a801a8f libphp7.so`php_execute_script + 639 libphp7.so`php_execute_script: 0x10a801a8f <+639>: testl %eax, %eax 0x10a801a91 <+641>: sete %r12b 0x10a801a95 <+645>: movzbl %r12b, %r15d 0x10a801a99 <+649>: movq -0x4e8(%rbp), %rbx (lldb) frame variable (lldb) frame info frame #17: 0x000000010a801a8f libphp7.so`php_execute_script + 639 (lldb) frame select 18 frame #18: 0x000000010a900b7c libphp7.so`php_handler + 1092 libphp7.so`php_handler: 0x10a900b7c <+1092>: movq 0x108(%r13), %r15 0x10a900b83 <+1099>: movq -0xe0(%rbp), %rax 0x10a900b8a <+1106>: movq 0x8(%rax), %rax 0x10a900b8e <+1110>: movq (%rax), %rbx (lldb) frame variable (lldb) frame info frame #18: 0x000000010a900b7c libphp7.so`php_handler + 1092 (lldb) frame select 19 frame #19: 0x000000010a2b37db httpd`ap_run_handler + 51 httpd`ap_run_handler: 0x10a2b37db <+51>: cmpl $-0x1, %eax 0x10a2b37de <+54>: jne 0x10a2b37f9 ; <+81> 0x10a2b37e0 <+56>: incq %rbx 0x10a2b37e3 <+59>: movq 0x51366(%rip), %rax ; _hooks + 48 (lldb) frame variable (lldb) frame info frame #19: 0x000000010a2b37db httpd`ap_run_handler + 51 (lldb) frame select 20 frame #20: 0x000000010a2b3d9b httpd`ap_invoke_handler + 246 httpd`ap_invoke_handler: 0x10a2b3d9b <+246>: movl %eax, %r15d 0x10a2b3d9e <+249>: movq %r12, 0x118(%r14) 0x10a2b3da5 <+256>: testq %r12, %r12 0x10a2b3da8 <+259>: je 0x10a2b3dfc ; <+343> (lldb) frame variable (lldb) frame info frame #20: 0x000000010a2b3d9b httpd`ap_invoke_handler + 246 (lldb) frame select 21 frame #21: 0x000000010a2e918c httpd`ap_process_async_request + 861 httpd`ap_process_async_request: 0x10a2e918c <+861>: movl %eax, %r15d 0x10a2e918f <+864>: cmpl $-0x3, %r15d 0x10a2e9193 <+868>: movq -0x38(%rbp), %r12 0x10a2e9197 <+872>: jne 0x10a2e91dd ; <+942> (lldb) frame variable (lldb) frame info frame #21: 0x000000010a2e918c httpd`ap_process_async_request + 861 (lldb) frame select 22 frame #22: 0x000000010a2e9223 httpd`ap_process_request + 20 httpd`ap_process_request: 0x10a2e9223 <+20>: cmpl $0x0, 0x90(%rbx) 0x10a2e922a <+27>: jne 0x10a2e9365 ; <+342> 0x10a2e9230 <+33>: movq (%rbx), %rdx 0x10a2e9233 <+36>: leaq 0x13094(%rip), %rsi ; "ap_process_request_brigade" (lldb) frame variable (lldb) frame info frame #22: 0x000000010a2e9223 httpd`ap_process_request + 20 (lldb) frame select 23 frame #23: 0x000000010a2e5e35 httpd`ap_process_http_connection + 302 httpd`ap_process_http_connection: 0x10a2e5e35 <+302>: cmpl $0x2, 0xa0(%r13) 0x10a2e5e3d <+310>: jne 0x10a2e5eb2 ; <+427> 0x10a2e5e3f <+312>: cmpl $0x0, 0x9c(%r13) 0x10a2e5e47 <+320>: jne 0x10a2e5eb2 ; <+427> (lldb) frame variable (lldb) frame info frame #23: 0x000000010a2e5e35 httpd`ap_process_http_connection + 302 (lldb) frame select 24 frame #24: 0x000000010a2c3ec1 httpd`ap_run_process_connection + 51 httpd`ap_run_process_connection: 0x10a2c3ec1 <+51>: cmpl $-0x1, %eax 0x10a2c3ec4 <+54>: jne 0x10a2c3edf ; <+81> 0x10a2c3ec6 <+56>: incq %rbx 0x10a2c3ec9 <+59>: movq 0x41d28(%rip), %rax ; _hooks + 8 (lldb) frame variable (lldb) frame info frame #24: 0x000000010a2c3ec1 httpd`ap_run_process_connection + 51 (lldb) frame select 25 frame #25: 0x000000010a45a816 mod_mpm_prefork.so`child_main + 1084 mod_mpm_prefork.so`child_main: 0x10a45a816 <+1084>: movq %rbx, %rdi 0x10a45a819 <+1087>: callq 0x10a45acde ; symbol stub for: ap_lingering_close 0x10a45a81e <+1092>: movq 0x1dcb(%rip), %rax ; my_bucket 0x10a45a825 <+1099>: movq (%rax), %rdi (lldb) frame variable (lldb) frame info frame #25: 0x000000010a45a816 mod_mpm_prefork.so`child_main + 1084 (lldb) frame select 26 frame #26: 0x000000010a45a2c5 mod_mpm_prefork.so`make_child + 404 mod_mpm_prefork.so`startup_children: 0x10a45a2c5 <+0>: pushq %rbp 0x10a45a2c6 <+1>: movq %rsp, %rbp 0x10a45a2c9 <+4>: pushq %r15 0x10a45a2cb <+6>: pushq %r14 (lldb) frame variable (lldb) frame info frame #26: 0x000000010a45a2c5 mod_mpm_prefork.so`make_child + 404 (lldb) frame select 27 frame #27: 0x000000010a45a31e mod_mpm_prefork.so`startup_children + 89 mod_mpm_prefork.so`startup_children: 0x10a45a31e <+89>: testl %eax, %eax 0x10a45a320 <+91>: js 0x10a45a33b ; <+118> 0x10a45a322 <+93>: decl %r14d 0x10a45a325 <+96>: movl 0x2299(%rip), %eax ; ap_daemons_limit (lldb) frame variable (lldb) frame info frame #27: 0x000000010a45a31e mod_mpm_prefork.so`startup_children + 89 (lldb) frame select 28 frame #28: 0x000000010a4594ff mod_mpm_prefork.so`prefork_run + 286 mod_mpm_prefork.so`prefork_run: 0x10a4594ff <+286>: movl $0x0, -0xb8(%rbp) 0x10a459509 <+296>: movq 0x2b40(%rip), %r13 ; (void )0x000000010a305ed8: ap_server_conf 0x10a459510 <+303>: movq (%r13), %r12 0x10a459514 <+307>: movl 0x302d(%rip), %r14d ; mpm_prefork_module + 8 (lldb) frame variable (lldb) frame info frame #28: 0x000000010a4594ff mod_mpm_prefork.so`prefork_run + 286 (lldb) frame select 29 frame #29: 0x000000010a2c624b httpd`ap_run_mpm + 64 httpd`ap_run_mpm: 0x10a2c624b <+64>: cmpl $-0x1, %eax 0x10a2c624e <+67>: jne 0x10a2c626c ; <+97> 0x10a2c6250 <+69>: incq %r14 0x10a2c6253 <+72>: movq 0x3f9f6(%rip), %rax ; _hooks + 16 (lldb) frame variable (lldb) frame info frame #29: 0x000000010a2c624b httpd`ap_run_mpm + 64 (lldb) frame select 30 frame #30: 0x000000010a2babf0 httpd`main + 2108 httpd`main: 0x10a2babf0 <+2108>: movl %eax, %r15d 0x10a2babf3 <+2111>: testl %r15d, %r15d 0x10a2babf6 <+2114>: je 0x10a2baa48 ; <+1684> 0x10a2babfc <+2120>: cmpl $-0x2, %r15d (lldb) frame variable (lldb) frame info frame #30: 0x000000010a2babf0 httpd`main + 2108 (lldb) frame select 31 frame #31: 0x00007fff6e57ded9 libdyld.dylib`start + 1 libdyld.dylib`start: 0x7fff6e57ded9 <+1>: movl %eax, %edi 0x7fff6e57dedb <+3>: callq 0x7fff6e58fabc ; symbol stub for: exit 0x7fff6e57dee0 <+8>: hlt libdyld.dylib`dyld3::kdebug_trace_dyld_marker: 0x7fff6e57dee1 <+0>: pushq %rbp (lldb) frame variable (lldb) frame info frame #31: 0x00007fff6e57ded9 libdyld.dylib`start + 1 (lldb) frame select 32 error: Frame index (32) out of range. lldb-output.txt (25,232 bytes)

derick 2019-02-12 19:15 administrator ~0004899	Thanks for that. I just did a live debugging session with somebody through IRC and screensharing, and we came to the same conclusions, with albeit slightly better output (See attached screenshots). Unfortunately, I still don't understand what goes wrong, except for the crash... xdebug-foo2.png (570,636 bytes)

deek 2019-02-12 22:43 reporter ~0004901	Looks like I got the same results as both dv-ds and derick from my ticket 0001626. I tried to check the value of i_string from within lldb without much success. `(lldb) frame var -L i_string 0x00007ffeefbfd9d0: (zend_string ) i_string = 0x0000000104201dc0 (lldb) frame var -L &i_string scalar: (zend_string ) &i_string = 0x00007ffeefbfd9d` lldb-output-xdebug-2.7.0rc1-deek.txt (5,579 bytes) (lldb) target create "php" ruCurrent executable set to 'php' (x86_64). (lldb) settings set -- target.run-args "xdebugTest.php" (lldb) run Process 53913 launched: '/usr/local/bin/php' (x86_64) xdebug.so was compiled with optimization - stepping may behave oddly; variables may not be available. Process 53913 stopped thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001041a5e77 xdebug.so`xdebug_var_export_xml_node at xdebug_var.c:1715 [opt] 1712 zend_string tmp_fullname_zstr; 1713 1714 #if PHP_VERSION_ID >= 70300 -> 1715 tmp_fullname_zstr = php_addslashes(i_string); 1716 #else 1717 tmp_fullname_zstr = php_addslashes(i_string, 0); 1718 #endif Target 0: (php) stopped. (lldb) register read General Purpose Registers: rax = 0x00000001002ca489 php`php_addslashes rbx = 0x000000000000000c rcx = 0x5f44494f52444e41 rdx = 0x0000000000000004 rdi = 0x0000000104201dc0 rsi = 0x0000000104201068 rbp = 0x00007ffeefbfda30 rsp = 0x00007ffeefbfd960 r8 = 0x454d4f485f44494f r9 = 0x0000000103600000 r10 = 0x0000000003ffffff r11 = 0x0000000000000d70 r12 = 0x000000010427f400 r13 = 0x0000000104201dc0 r14 = 0x0000000000000c80 r15 = 0x0000000104201050 rip = 0x00000001041a5e77 xdebug.so`xdebug_var_export_xml_node + 2647 [inlined] xdebug_array_element_export_xml_node + 173 at xdebug_var.c:2028 xdebug.so`xdebug_var_export_xml_node + 2474 at xdebug_var.c:2028 rflags = 0x0000000000010202 cs = 0x000000000000002b fs = 0x0000000000000000 gs = 0x0000000000000000 (lldb) frame variable (zval ) zv_nptr = <variable not available> (zend_ulong) index_key = <variable not available> (zend_string ) hash_key = 0x0000000104201050 (xdebug_xml_node ) parent = <variable not available> (xdebug_str ) parent_name = <variable not available> (xdebug_var_export_options ) options = <variable not available> (xdebug_xml_node ) node = 0x0000000103651390 (xdebug_str ) name = <variable not available> (xdebug_str) full_name = <variable not available> (zend_string ) i_string = 0x0000000104201dc0 (zend_string ) tmp_fullname_zstr = <variable not available> (lldb) frame var -L i_string 0x00007ffeefbfd9d0: (zend_string ) i_string = 0x0000000104201dc0 (lldb) frame var -L &i_string scalar: (zend_string ) &i_string = 0x00007ffeefbfd9d0 (lldb) bt all thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001041a5e77 xdebug.so`xdebug_var_export_xml_node at xdebug_var.c:1715 [opt] frame #1: 0x00000001041a5dca xdebug.so`xdebug_var_export_xml_node(struc=<unavailable>, name=0x00000001036511e0, node=0x0000000103650ff0, options=<unavailable>, level=1) at xdebug_var.c:2028 [opt] frame #2: 0x00000001041a51c4 xdebug.so`xdebug_get_zval_value_xml_node_ex(name=<unavailable>, val=0x00007ffeefbfdb60, var_type=<unavailable>, options=0x000000010364d820) at xdebug_var.c:2167 [opt] frame #3: 0x00000001041938f1 xdebug.so`xdebug_dbgp_handle_context_get [inlined] get_symbol(name=0x0000000000000007, options=0x000000010364d820) at xdebug_handler_dbgp.c:285 [opt] frame #4: 0x00000001041938ad xdebug.so`xdebug_dbgp_handle_context_get [inlined] add_variable_node(node=0x0000000103650420, name=0x0000000000000007, var_only=0, non_null=0, no_eval=0, options=0x000000010364d820) at xdebug_handler_dbgp.c:1331 [opt] frame #5: 0x00000001041938ad xdebug.so`xdebug_dbgp_handle_context_get [inlined] attach_context_vars(node=0x0000000103650420, options=0x000000010364d820, context_id=<unavailable>, depth=<unavailable>, func=<unavailable>) at xdebug_handler_dbgp.c:1706 [opt] frame #6: 0x00000001041934ae xdebug.so`xdebug_dbgp_handle_context_get(retval=0x00007ffeefbfdc60, context=<unavailable>, args=<unavailable>) at xdebug_handler_dbgp.c:1865 [opt] frame #7: 0x00000001041909be xdebug.so`xdebug_dbgp_cmdloop [inlined] xdebug_dbgp_parse_option(context=0x00000001041b33e8, line=<unavailable>, flags=<unavailable>, retval=0x0000000103650420) at xdebug_handler_dbgp.c:2123 [opt] frame #8: 0x0000000104190884 xdebug.so`xdebug_dbgp_cmdloop(context=0x00000001041b33e8, bail=1) at xdebug_handler_dbgp.c:2167 [opt] frame #9: 0x0000000104191813 xdebug.so`xdebug_dbgp_breakpoint(context=0x00000001041b33e8, stack=<unavailable>, file=<unavailable>, lineno=<unavailable>, type=<unavailable>, exception=0x0000000000000000, code=0x0000000000000000, message=0x0000000000000000) at xdebug_handler_dbgp.c:2442 [opt] frame #10: 0x0000000104189ad1 xdebug.so`xdebug_statement_call(frame=<unavailable>) at xdebug.c:0 [opt] frame #11: 0x000000010037ab80 php`zend_llist_apply_with_argument + 31 frame #12: 0x00000001003feb95 php`ZEND_EXT_STMT_SPEC_HANDLER + 47 frame #13: 0x00000001003c0a8e php`execute_ex + 98 frame #14: 0x0000000104188914 xdebug.so`xdebug_execute_ex(execute_data=0x0000000104220030) at xdebug.c:1903 [opt] frame #15: 0x00000001003c0c0a php`zend_execute + 318 frame #16: 0x00000001003859fa php`zend_execute_scripts + 277 frame #17: 0x000000010033142f php`php_execute_script + 639 frame #18: 0x00000001004315b7 php`do_cli + 3857 frame #19: 0x0000000100430539 php`main + 1234 frame #20: 0x00007fff60ce0ed9 libdyld.dylib`start + 1 lldb-output-xdebug-2.7.0rc1-deek.txt (5,579 bytes)

dv-ds 2019-02-13 12:16 reporter ~0004902	Is the following of any use? (lldb) frame select 0 frame #0: 0x000000010f953ef3 xdebug.soxdebug_array_element_export_xml_node(zv_nptr=0x000000010fa7a600, index_key=12731958461851390867, hash_key=0x000000010fa61060, level=0, parent=0x00007f96c66075c0, parent_name=0x00007f96c6607610, options=0x00007f96c9383ed0) at xdebug_var.c:1715 1712 zend_string *tmp_fullname_zstr; 1713 1714 #if PHP_VERSION_ID >= 70300 -> 1715 tmp_fullname_zstr = php_addslashes(i_string); 1716 #else 1717 tmp_fullname_zstr = php_addslashes(i_string, 0); 1718 #endif (lldb) dis xdebug.soxdebug_array_element_export_xml_node: [...] 0x10f953eb5 <+581>: callq 0x10f959f90 ; symbol stub for: __memcpy_chk 0x10f953eba <+586>: movq 0xc187(%rip), %rcx ; (void )0x000000010c6f1ae9: php_addslashes 0x10f953ec1 <+593>: movq -0x98(%rbp), %rdx 0x10f953ec8 <+600>: movq -0x88(%rbp), %rsi 0x10f953ecf <+607>: movb $0x0, 0x18(%rdx,%rsi) 0x10f953ed4 <+612>: movq -0x98(%rbp), %rdx 0x10f953edb <+619>: movq %rdx, -0x100(%rbp) 0x10f953ee2 <+626>: movq (%rcx), %rcx 0x10f953ee5 <+629>: movq -0x100(%rbp), %rdi 0x10f953eec <+636>: movq %rax, -0x128(%rbp) -> 0x10f953ef3 <+643>: callq %rcx 0x10f953ef5 <+645>: movq %rax, -0x108(%rbp) 0x10f953efc <+652>: movq -0xb0(%rbp), %rax 0x10f953f03 <+659>: addq $0x18, %rax 0x10f953f07 <+663>: movq -0xb0(%rbp), %rcx 0x10f953f0e <+670>: movq 0x10(%rcx), %rcx 0x10f953f12 <+674>: addq $0x1, %rcx 0x10f953f16 <+678>: subq $0x1, %rcx 0x10f953f1a <+682>: movq %rax, %rdi 0x10f953f1d <+685>: movq %rcx, %rsi 0x10f953f20 <+688>: callq 0x10f95a5d2 ; symbol stub for: xdebug_str_create [...] (lldb) p/x `$rcx` (long) $36 = 0x56415741e5894855 (lldb) x/64x `$rcx` error: memory read failed for 0x56415741e5894800

dv-ds 2019-02-13 12:22 reporter ~0004903	Note that the address mentioned above evaluates as follows: (lldb) dis -a `0x000000010c6f1ae9` libphp7.so`php_addslashes: 0x10c6f1ae9 <+0>: pushq %rbp 0x10c6f1aea <+1>: movq %rsp, %rbp [...]

derick 2019-02-13 12:58 administrator ~0004904	This almost looks like the php_addslashes function call is wrong. But Xdebug does nothing special with this function. I am wondering whether there is another memory corruption going on here. Maybe it's worth trying to do this with the zend memory manager turned off, which you can do by setting "export USE_ZEND_ALLOC=0" as an environment variable (but make sure they propagate to PHP/PHP-FPM — phpinfo() and or var_dump($_ENV) should tell you).

dv-ds 2019-02-13 15:06 reporter ~0004905	I set USE_ZEND_ALLOC=0 now and phpinfo() confirms it ($_ENV does not however). However, I still get the same error and the same instructions: 0x107fe5eb5 <+581>: callq 0x107febf90 ; symbol stub for: __memcpy_chk 0x107fe5eba <+586>: movq 0xc187(%rip), %rcx ; (void )0x0000000104d84ae9: php_addslashes 0x107fe5ec1 <+593>: movq -0x98(%rbp), %rdx 0x107fe5ec8 <+600>: movq -0x88(%rbp), %rsi 0x107fe5ecf <+607>: movb $0x0, 0x18(%rdx,%rsi) 0x107fe5ed4 <+612>: movq -0x98(%rbp), %rdx 0x107fe5edb <+619>: movq %rdx, -0x100(%rbp) 0x107fe5ee2 <+626>: movq (%rcx), %rcx 0x107fe5ee5 <+629>: movq -0x100(%rbp), %rdi 0x107fe5eec <+636>: movq %rax, -0x128(%rbp) -> 0x107fe5ef3 <+643>: callq %rcx 0x107fe5ef5 <+645>: movq %rax, -0x108(%rbp) 0x107fe5efc <+652>: movq -0xb0(%rbp), %rax 0x107fe5f03 <+659>: addq $0x18, %rax 0x107fe5f07 <+663>: movq -0xb0(%rbp), %rcx 0x107fe5f0e <+670>: movq 0x10(%rcx), %rcx 0x107fe5f12 <+674>: addq $0x1, %rcx 0x107fe5f16 <+678>: subq $0x1, %rcx 0x107fe5f1a <+682>: movq %rax, %rdi 0x107fe5f1d <+685>: movq %rcx, %rsi 0x107fe5f20 <+688>: callq 0x107fec5d2 ; symbol stub for: xdebug_str_create

derick 2019-02-13 20:39 administrator ~0004906	I have been talking to Nikita today, and it seems that a hunch "it looks like addslashes is not a function" seems to be correct. Nikita theorizes that this problem occurs because PHP and Xdebug are targetted at a different architecture. PHP's php_addslashes calls have an optimisation for SSE4.2 systems, which gets only enabled on machines that support it. So if PHP was compiled on a system that doesn't enable it, and yours does, then the calling convention is off and you get a crash. It's possible that a hint on what happens can be found in the ./configure line that can be found in phpinfo() output (<code>php -i \| grep Configure</code>). Unfortunately, there is currently no clean way around this without a hack (i.e., copying the php_addslashes function into the Xdebug source code). Nikita suggests to try to compile Xdebug with <code> ./configure CFLAGS="-march=native" </code> to see if that addresses the problem until this can be sorted out in PHP itself.

deek 2019-02-13 21:30 reporter ~0004907	Looks like you beat me to it. I just found these lines in the PHP src which are exactly what you describe. https://github.com/php/php-src/blob/php-7.3.1/ext/standard/php_string.h#L127-L133

deek 2019-02-13 21:45 reporter ~0004908	Please excuse any misunderstanding about this complex code, this might be way of the mark. Would it be possible to leverage the code in the PHP source that checks for the SSE4.2 instructions in XDebug 2.7 as well? https://github.com/php/php-src/blob/php-7.3.1/ext/standard/string.c#L3902-L3919

dv-ds 2019-02-14 04:09 reporter ~0004909	So if PHP was compiled on a system that doesn't enable it, and yours does, then the calling convention is off and you get a crash. That seems to be the case indeed! I don't see any mention of SSE4.2 in the output of php -i, whereas sysctl -a \| grep machdep.cpu.features lists it. You did not hear it from me, but what I did now was: Edit /usr/local/include/php/Zend/zend_portability.h Change ZEND_INTRIN_SSE4_2_FUNC_PTR from 1 to 0 Recompile Xdebug There are a bunch of flags in there, so I have no idea if there is more that needs to be hacked. Probably some upstream flag is a less bad thing to mess with. And clearly this is not a proper solution... Nevertheless, after this change I can't reproduce the scenarios I described in "Steps To Reproduce". I have not done extensive testing, but it looks very promising. Assuming no other issues pop up, this is good enough on my side for now as I also can't think of a non-awkward workaround on the Xdebug side. It doesn't necessarily merit closing the issue, but I'll leave that up to you and others affected by this issue.

derick 2019-02-14 15:23 administrator ~0004910	This has now been fixed in PHP (for PHP 7.3.3 (https://github.com/php/php-src/pull/3826/files) and PHP 7.4-dev (https://github.com/php/php-src/pull/3828/files)). I will be adding a workaround for Xdebug for the two broken PHP versions (i.e., copy the addslashes code into the Xdebug source code, so that no ABI conflicts exist), and then release a new release candidate.

derick 2019-02-15 13:10 administrator ~0004912	Fixed in GIT for Xdebug 2.7.0RC2 (soon to be released)

deek 2019-02-16 00:38 reporter ~0004914	Verified that Xdebug 2.7.0RC2 fixes the issues I was having from ticket 0001627.

Date Modified	Username	Field	Change
2019-02-04 11:10	dv-ds	New Issue
2019-02-04 11:13	dv-ds	Note Added: 0004871
2019-02-11 17:15	derick	Note Added: 0004885
2019-02-11 17:15	derick	Assigned To	=> derick
2019-02-11 17:15	derick	Status	new => feedback
2019-02-12 09:33	dv-ds	File Added: xdebug_0001625.log
2019-02-12 09:33	dv-ds	Note Added: 0004888
2019-02-12 09:33	dv-ds	Status	feedback => assigned
2019-02-12 16:00	derick	Note Added: 0004890
2019-02-12 16:00	derick	Status	assigned => feedback
2019-02-12 16:01	derick	Relationship added	has duplicate 0001626
2019-02-12 16:53	dv-ds	Note Added: 0004895
2019-02-12 16:53	dv-ds	Status	feedback => assigned
2019-02-12 16:59	dv-ds	Note Added: 0004896
2019-02-12 17:29	dv-ds	Note Added: 0004897
2019-02-12 18:16	dv-ds	File Added: lldb-output.txt
2019-02-12 18:16	dv-ds	Note Added: 0004898
2019-02-12 19:15	derick	File Added: xdebug-foo2.png
2019-02-12 19:15	derick	Note Added: 0004899
2019-02-12 22:43	deek	File Added: lldb-output-xdebug-2.7.0rc1-deek.txt
2019-02-12 22:43	deek	Note Added: 0004901
2019-02-13 12:16	dv-ds	Note Added: 0004902
2019-02-13 12:22	dv-ds	Note Added: 0004903
2019-02-13 12:58	derick	Note Added: 0004904
2019-02-13 15:06	dv-ds	Note Added: 0004905
2019-02-13 20:39	derick	Note Added: 0004906
2019-02-13 21:30	deek	Note Added: 0004907
2019-02-13 21:45	deek	Note Added: 0004908
2019-02-14 04:09	dv-ds	Note Added: 0004909
2019-02-14 15:23	derick	Note Added: 0004910
2019-02-14 15:25	derick	Relationship added	has duplicate 0001627
2019-02-15 13:10	derick	Status	assigned => closed
2019-02-15 13:10	derick	Resolution	open => fixed
2019-02-15 13:10	derick	Fixed in Version	=> 2.7.0
2019-02-15 13:10	derick	Note Added: 0004912
2019-02-15 13:11	derick	Summary	Segfault when evaluating variables => Work around ABI conflicts in PHP 7.3.0/PHP 7.3.1
2019-02-15 15:10	derick	Fixed in Version	2.7.0 => 2.7.0RC2
2019-02-15 15:12	derick	Target Version	=> 2.7.0
2019-02-16 00:38	deek	Note Added: 0004914
2020-03-12 16:33	derick	Category	Remote Debugging => Step Debugging

View Issue Details

Relationships

Activities

Issue History

has duplicate	0001626	resolved	derick	Segmentation fault when superglobal query is run
has duplicate	0001627	resolved	derick	Segmentation fault