View Issue Details

IDProjectCategoryView StatusLast Update
0002108XdebugCode Coveragepublic2022-12-10 18:32
ReporterNaktibalda Assigned Toderick  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Platformi386OSUbuntuOS Version22.04
Product Version3.1.4 
Fixed in Version3.2.0 
Summary0002108: Segfault on PHP8.1 with PHPUnit 10 when path coverage is enabled
Description

I noticed that Codeception Github Actions builds that test PHPUnit 10 started failing on 3rd of August.
It happens on PHP 8.1.8 with Xdebug 3.1.2 and 3.1.4.
There is no more than 20 method calls between xdebug_start_code_coverage(7) and the place of segmentation fault, so it should be easy to debug, but I haven't managed to reproduce this fault with standalone script or test project containing just a few tests, so full Codeception repository is required for reproducing this fault.

Segmentation fault happens in this loop: https://github.com/Codeception/Codeception/blob/c6595a9a13d1f46b9e98e8bb190f980fc17d67ef/src/Codeception/Test/Test.php#L153-L160

            foreach ($this->hooks as $hook) {
                if ($hook === 'codeCoverage' && !$this->collectCodeCoverage) {
                    continue;
                }
                if (method_exists($this, $hook . 'Start')) {
                    $this->{$hook . 'Start'}();
                }
            }

There are 4 items in hooks array

        'ignoreIfMetadataBlocked',
        'codeCoverage',
        'assertionCounter',
        'errorLogger'

codeCoverage hook executes xdebug_start_code_coverage(7) (indirectly, through php-code-coverage library)
then assertionCounter hook executes \PHPUnit\Framework\Assert::resetCount()) and segmentation fault happens on}after$this->{$hook . 'Start'}();`

I attached backtrace produced by gdb, but crash didn't happen when executed with valgrind:

XDEBUG_MODE=coverage valgrind php codecept run tests/unit/Codeception/StepTest.php -o 'c
overage: path_coverage: true' --coverage >valgrind.log 2>&1

Steps To Reproduce

git clone https://github.com/Codeception/Codeception.git -b xdebug-segfault
cd Codeception
composer install
XDEBUG_MODE=coverage ./codecept run tests/unit/Codeception/StepTest.php -o 'coverage: path_coverage: true' --coverage

TagsNo tags attached.
Attached Files
stacktrace.txt (12,855 bytes)   
stacktrace with Xdebug 3.1.4

(gdb) run
Starting program: /usr/bin/php codecept run tests/unit/Codeception/StepTest.php -o coverage:\ path_coverage:\ true --coverage
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Codeception PHP Testing Framework v5.0.0 https://helpukrainewin.org
[Seed] 842083929
[Detaching after vfork from child process 18094]

Unit Tests (11) ---------------------------------------------------------------------------------------------------------------------
- StepTest: Am on url
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff72cde0e in xdebug_branch_info_mark_reached (filename=0x7ffff22951e0, function_name=0x7fffffff8f50 "Codeception\\Test\\Test->realRun", op_array=0x7ffff222b890, opcode_nr=54) at ./build-8.1/src/coverage/branch_info.c:390
390     ./build-8.1/src/coverage/branch_info.c: No such file or directory.
(gdb) bt full
#0  0x00007ffff72cde0e in xdebug_branch_info_mark_reached (filename=0x7ffff22951e0,
    function_name=0x7fffffff8f50 "Codeception\\Test\\Test->realRun", op_array=0x7ffff222b890, opcode_nr=54)
    at ./build-8.1/src/coverage/branch_info.c:390
        i = 0
        key = <optimized out>
        dummy = 0x36
        tail_fse = 0x555555d80450
        file = 0x555555da9e20
        function = 0x555556bb6a60
        branch_info = 0x555556a270d0
#1  0x00007ffff72e4e16 in xdebug_print_opcode_info.constprop.0.isra.0 (cur_opcode=<optimized out>, execute_data=<optimized out>,
    execute_data=<optimized out>) at ./build-8.1/src/coverage/code_coverage.c:173
        op_array = 0x7ffff222b890
        func_info = {object_class = 0x7ffff2851990, scope_class = 0x0, function = 0x555555dad880 "m\204\217", type = 3,
          internal = 0}
        function_name = "Codeception\\Test\\Test->realRun\000t\\Test->realRun\000\000n\000\000\000[", '\000' <repeats 19 times>, "\200\034\377\366\377\177\000\000 \000\000\000\000\000\000\000\001", '\000' <repeats 15 times>, "p*\332UUU\000\000`6\332UUU\000\000\000\000\000\000\000\000\000\060\200c\332UUU\000\000\000\315P\266(\372.\\\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\240\207\a]UU\000\000\020\221\377\377\377\177\000\000`\221\377\377\377\177\000\000\030\273.\367\377\177\000\000\360\263]\362\377\177\000\000"...
        opnr = 54
#2  0x00007ffff72ce088 in xdebug_common_override_handler (execute_data=0x7ffff4a16c50)
    at ./build-8.1/src/coverage/code_coverage.c:241
        lineno = 153
        op_array = 0x7ffff222b890
        cur_opcode = 0x7ffff22696c0
#3  0x000055555589fafd in ?? ()
No symbol table info available.
#4  0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#5  0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#6  0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a16c50) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff222b890
        edata = <optimized out>
        fse = 0x555555d80450
        function_nr = 46721
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#7  0x0000555555660c36 in ?? ()
No symbol table info available.
#8  0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#9  0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#10 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a16770) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff2740cf0
        edata = <optimized out>
        fse = 0x555555d80380
        function_nr = 46564
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#11 0x0000555555660c36 in ?? ()
No symbol table info available.
#12 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#13 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#14 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a16620) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff26b8830
        edata = <optimized out>
        fse = 0x555555d802b0
        function_nr = 44922
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
--Type <RET> for more, q to quit, c to continue without paging--
#15 0x0000555555660c36 in ?? ()
No symbol table info available.
#16 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#17 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#18 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a16490) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff4bdfda0
        edata = <optimized out>
        fse = 0x555555d801e0
        function_nr = 13425
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#19 0x0000555555660c36 in ?? ()
No symbol table info available.
#20 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#21 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#22 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a160e0) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff4bdfca8
        edata = <optimized out>
        fse = 0x555555d80110
        function_nr = 13045
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#23 0x0000555555660c36 in ?? ()
No symbol table info available.
#24 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#25 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#26 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a14bf0) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff2873b18
        edata = <optimized out>
        fse = 0x555555d80040
        function_nr = 10054
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#27 0x0000555555660ee7 in ?? ()
No symbol table info available.
#28 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#29 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#30 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a14850) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff4ab91d0
        edata = <optimized out>
        fse = 0x555555d7ff70
        function_nr = 9590
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#31 0x0000555555660ee7 in ?? ()
No symbol table info available.
#32 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#33 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#34 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a14290) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff4bddef0
        edata = <optimized out>
        fse = 0x555555d7fea0
        function_nr = 9586
        code_coverage_function_name = 0x0
--Type <RET> for more, q to quit, c to continue without paging--
        code_coverage_filename = 0x0
        code_coverage_init = 0
#35 0x0000555555660ee7 in ?? ()
No symbol table info available.
#36 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#37 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#38 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a13c40) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff4bdbdf0
        edata = <optimized out>
        fse = 0x555555d7fdd0
        function_nr = 9247
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#39 0x0000555555660ee7 in ?? ()
No symbol table info available.
#40 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#41 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#42 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a13760) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff4bdbbf8
        edata = <optimized out>
        fse = 0x555555d7fd00
        function_nr = 8806
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#43 0x0000555555660ee7 in ?? ()
No symbol table info available.
#44 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#45 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#46 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a13670) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff4bdad98
        edata = <optimized out>
        fse = 0x555555d7fc30
        function_nr = 8803
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#47 0x0000555555660c36 in ?? ()
No symbol table info available.
#48 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#49 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#50 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a13100) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff4a79838
        edata = <optimized out>
        fse = 0x555555d7fb60
        function_nr = 332
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#51 0x0000555555660c36 in ?? ()
No symbol table info available.
#52 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#53 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#54 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a13080) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff4a99100
        edata = <optimized out>
        fse = 0x555555d7fa90
--Type <RET> for more, q to quit, c to continue without paging--
        function_nr = 1
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#55 0x00005555558799c4 in ?? ()
No symbol table info available.
#56 0x00005555558aa904 in zend_vm_call_opcode_handler ()
No symbol table info available.
#57 0x00007ffff35c4ce8 in php_pcov_execute_ex () from /usr/lib/php/20210902/pcov.so
No symbol table info available.
#58 0x00007ffff72bf6db in xdebug_execute_ex (execute_data=0x7ffff4a13020) at ./build-8.1/src/base/base.c:779
        op_array = 0x7ffff4a99000
        edata = <optimized out>
        fse = 0x555555d7f9c0
        function_nr = 0
        code_coverage_function_name = 0x0
        code_coverage_filename = 0x0
        code_coverage_init = 0
#59 0x00005555558a9e29 in zend_execute ()
No symbol table info available.
#60 0x000055555583a590 in zend_execute_scripts ()
No symbol table info available.
#61 0x00005555557d569a in php_execute_script ()
No symbol table info available.
#62 0x0000555555922680 in ?? ()
No symbol table info available.
#63 0x000055555567ac37 in ?? ()
No symbol table info available.
#64 0x00007ffff6e01d90 in __libc_start_call_main (main=main@entry=0x55555567a860, argc=argc@entry=7, argv=argv@entry=0x7fffffffdfa8)
    at ../sysdeps/nptl/libc_start_call_main.h:58
        self = <optimized out>
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -3060918040658887128, 140737488347048, 93824993437792, 93824997187160,
                140737354125376, 3060918041777749544, 3060902392975801896}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0,
              0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#65 0x00007ffff6e01e40 in __libc_start_main_impl (main=0x55555567a860, argc=7, argv=0x7fffffffdfa8, init=<optimized out>,
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdf98) at ../csu/libc-start.c:392
No locals.
#66 0x000055555567bd95 in _start ()
No symbol table info available.
(gdb)
stacktrace.txt (12,855 bytes)   
valgrind.log (21,925 bytes)   
==18275== Memcheck, a memory error detector
==18275== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==18275== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==18275== Command: php codecept run tests/unit/Codeception/StepTest.php -o coverage:\ path_coverage:\ true --coverage
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A969E7: ???
==18275==    by 0x7A969E7: ???
==18275==    by 0x7A969E8: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A969E7: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A96627: ???
==18275==    by 0x7A96627: ???
==18275==    by 0x7A96628: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A96627: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A963E7: ???
==18275==    by 0x7A963E7: ???
==18275==    by 0x7A963E8: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A963E7: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A96327: ???
==18275==    by 0x7A96327: ???
==18275==    by 0x7A96328: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A96327: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A95DE7: ???
==18275==    by 0x7A95DE7: ???
==18275==    by 0x7A95DE8: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A95DE7: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A96867: ???
==18275==    by 0x7A96867: ???
==18275==    by 0x7A96868: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A96867: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A964A7: ???
==18275==    by 0x7A964A7: ???
==18275==    by 0x7A964A8: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A964A7: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A96447: ???
==18275==    by 0x7A96447: ???
==18275==    by 0x7A96448: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A96447: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A96567: ???
==18275==    by 0x7A96567: ???
==18275==    by 0x7A96568: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A96567: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A96BC7: ???
==18275==    by 0x7A96BC7: ???
==18275==    by 0x7A96BC8: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A96BC7: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A96507: ???
==18275==    by 0x7A96507: ???
==18275==    by 0x7A96508: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A96507: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BEF8BF: ???
==18275==    by 0x7A968C7: ???
==18275==    by 0x7A968C7: ???
==18275==    by 0x7A968C8: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A968C7: ???
==18275== 
Codeception PHP Testing Framework v5.0.0 https://helpukrainewin.org
[Seed] 856495978

Unit Tests (11) ---------------------------------------------------------------------------------------------------------------------
- StepTest: Long arguments==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x51A2DFE: xdebug_branch_info_mark_reached (branch_info.c:387)
==18275==    by 0x51B9E15: xdebug_print_opcode_info.constprop.0.isra.0 (code_coverage.c:173)
==18275==    by 0x51A3087: xdebug_common_override_handler.lto_priv.0 (code_coverage.c:241)
==18275==    by 0x453AFC: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275== 
==18275== Use of uninitialised value of size 8
==18275==    at 0x51A2E0E: xdebug_branch_info_mark_reached (branch_info.c:390)
==18275==    by 0x51B9E15: xdebug_print_opcode_info.constprop.0.isra.0 (code_coverage.c:173)
==18275==    by 0x51A3087: xdebug_common_override_handler.lto_priv.0 (code_coverage.c:241)
==18275==    by 0x453AFC: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x389F07: ap_php_conv_10 (in /usr/bin/php8.1)
==18275==    by 0x38AA39: ??? (in /usr/bin/php8.1)
==18275==    by 0x38B9FD: ap_php_vsnprintf (in /usr/bin/php8.1)
==18275==    by 0x51988E1: xdebug_sprintf (str.c:222)
==18275==    by 0x51A2E51: xdebug_branch_info_mark_reached (branch_info.c:397)
==18275==    by 0x51B9E15: xdebug_print_opcode_info.constprop.0.isra.0 (code_coverage.c:173)
==18275==    by 0x51A3087: xdebug_common_override_handler.lto_priv.0 (code_coverage.c:241)
==18275==    by 0x453AFC: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x389F42: ap_php_conv_10 (in /usr/bin/php8.1)
==18275==    by 0x38AA39: ??? (in /usr/bin/php8.1)
==18275==    by 0x38B9FD: ap_php_vsnprintf (in /usr/bin/php8.1)
==18275==    by 0x51988E1: xdebug_sprintf (str.c:222)
==18275==    by 0x51A2E51: xdebug_branch_info_mark_reached (branch_info.c:397)
==18275==    by 0x51B9E15: xdebug_print_opcode_info.constprop.0.isra.0 (code_coverage.c:173)
==18275==    by 0x51A3087: xdebug_common_override_handler.lto_priv.0 (code_coverage.c:241)
==18275==    by 0x453AFC: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x484ED28: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==18275==    by 0x51A2E5C: xdebug_branch_info_mark_reached (branch_info.c:399)
==18275==    by 0x51B9E15: xdebug_print_opcode_info.constprop.0.isra.0 (code_coverage.c:173)
==18275==    by 0x51A3087: xdebug_common_override_handler.lto_priv.0 (code_coverage.c:241)
==18275==    by 0x453AFC: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275== 
==18275== Use of uninitialised value of size 8
==18275==    at 0x518F2E1: xdebug_hash_extended_find (hash.c:215)
==18275==    by 0x51A2E74: xdebug_branch_info_mark_reached (branch_info.c:399)
==18275==    by 0x51B9E15: xdebug_print_opcode_info.constprop.0.isra.0 (code_coverage.c:173)
==18275==    by 0x51A3087: xdebug_common_override_handler.lto_priv.0 (code_coverage.c:241)
==18275==    by 0x453AFC: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x484ED28: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==18275==    by 0x51A2F86: xdebug_branch_info_mark_reached (branch_info.c:401)
==18275==    by 0x51B9E15: xdebug_print_opcode_info.constprop.0.isra.0 (code_coverage.c:173)
==18275==    by 0x51A3087: xdebug_common_override_handler.lto_priv.0 (code_coverage.c:241)
==18275==    by 0x453AFC: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275== 
==18275== Use of uninitialised value of size 8
==18275==    at 0x518FF89: xdebug_hash_add_or_update (hash.c:160)
==18275==    by 0x51A2F9C: xdebug_branch_info_mark_reached (branch_info.c:401)
==18275==    by 0x51B9E15: xdebug_print_opcode_info.constprop.0.isra.0 (code_coverage.c:173)
==18275==    by 0x51A3087: xdebug_common_override_handler.lto_priv.0 (code_coverage.c:241)
==18275==    by 0x453AFC: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x51A33D9: xdebug_coverage_count_line_if_active (code_coverage.c:961)
==18275==    by 0x5193AA4: xdebug_add_stack_frame (base.c:653)
==18275==    by 0x5194103: xdebug_execute_internal (base.c:866)
==18275==    by 0x214F57: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214EE6: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214EE6: ??? (in /usr/bin/php8.1)
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BE3D09: ???
==18275==    by 0x7A943A7: ???
==18275==    by 0x7A943A7: ???
==18275==    by 0x7A943A8: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A943A7: ???
==18275== 

✔ StepTest: Long arguments (1.84s)
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BF4895: ???
==18275==    by 0x7A94BE7: ???
==18275==    by 0x7A94BE7: ???
==18275==    by 0x7A94BE8: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A94BE7: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BF4895: ???
==18275==    by 0x7A95067: ???
==18275==    by 0x7A95067: ???
==18275==    by 0x7A95068: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A95067: ???
==18275== 
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BF4895: ???
==18275==    by 0x7A94E27: ???
==18275==    by 0x7A94E27: ???
==18275==    by 0x7A94E28: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A94E27: ???
==18275== 
- StepTest: Array as argument
✔ StepTest: Array as argument (0.55s)
- StepTest: Formatted output==18275== Invalid read of size 8
==18275==    at 0x51A33D0: xdebug_coverage_count_line_if_active (code_coverage.c:961)
==18275==    by 0x5193AA4: xdebug_add_stack_frame (base.c:653)
==18275==    by 0x5194103: xdebug_execute_internal (base.c:866)
==18275==    by 0x214CAC: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214EE6: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214EE6: ??? (in /usr/bin/php8.1)
==18275==  Address 0x7d36690 is 16 bytes inside a block of size 32 free'd
==18275==    at 0x484B27F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==18275==    by 0x5190287: UnknownInlinedFun (llist.c:122)
==18275==    by 0x5190287: xdebug_llist_remove (llist.c:101)
==18275==    by 0x519050B: xdebug_llist_empty (llist.c:169)
==18275==    by 0x51906CC: xdebug_llist_destroy (llist.c:175)
==18275==    by 0x5190873: xdebug_hash_destroy (hash.c:283)
==18275==    by 0x51A1C29: xdebug_coverage_file_dtor.lto_priv.0 (code_coverage.c:61)
==18275==    by 0x518D415: hash_element_dtor (hash.c:74)
==18275==    by 0x5190287: UnknownInlinedFun (llist.c:122)
==18275==    by 0x5190287: xdebug_llist_remove (llist.c:101)
==18275==    by 0x519050B: xdebug_llist_empty (llist.c:169)
==18275==    by 0x51906CC: xdebug_llist_destroy (llist.c:175)
==18275==    by 0x5190873: xdebug_hash_destroy (hash.c:283)
==18275==    by 0x51A1EF9: zif_xdebug_stop_code_coverage (code_coverage.c:735)
==18275==  Block was alloc'd at
==18275==    at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==18275==    by 0x519018A: xdebug_hash_add_or_update (hash.c:173)
==18275==    by 0x51A2317: xdebug_branch_info_add_branches_and_paths (branch_info.c:472)
==18275==    by 0x51A287C: prefill_from_oparray (code_coverage.c:580)
==18275==    by 0x51A2BBA: UnknownInlinedFun (code_coverage.c:598)
==18275==    by 0x51A2BBA: UnknownInlinedFun (code_coverage.c:594)
==18275==    by 0x51A2BBA: UnknownInlinedFun (code_coverage.c:620)
==18275==    by 0x51A2BBA: xdebug_prefill_code_coverage.lto_priv.0 (code_coverage.c:648)
==18275==    by 0x51A2C1C: xdebug_code_coverage_start_of_function (code_coverage.c:657)
==18275==    by 0x51A456A: xdebug_coverage_execute_ex.part.0 (code_coverage.c:998)
==18275==    by 0x519481C: xdebug_execute_ex (base.c:762)
==18275==    by 0x214C35: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275== 

✔ StepTest: Formatted output (1.86s)
- StepTest: Get html
✔ StepTest: Get html (0.65s)
- StepTest: Am on url
✔ StepTest: Am on url (0.60s)
- StepTest: Multi byte text length is measured correctly
✔ StepTest: Multi byte text length is measured correctly (0.58s)
- StepTest: No args
✔ StepTest: No args (0.58s)
- StepTest: Get arguments==18275== Invalid read of size 8
==18275==    at 0x51A33D0: xdebug_coverage_count_line_if_active (code_coverage.c:961)
==18275==    by 0x5193AA4: xdebug_add_stack_frame (base.c:653)
==18275==    by 0x5194103: xdebug_execute_internal (base.c:866)
==18275==    by 0x214F57: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214EE6: ??? (in /usr/bin/php8.1)
==18275==    by 0x45E903: zend_vm_call_opcode_handler (in /usr/bin/php8.1)
==18275==    by 0x9657CE7: php_pcov_execute_ex (in /usr/lib/php/20210902/pcov.so)
==18275==    by 0x51946DA: xdebug_execute_ex (base.c:779)
==18275==    by 0x214EE6: ??? (in /usr/bin/php8.1)
==18275==  Address 0x7d3c660 is 16 bytes inside a block of size 256 free'd
==18275==    at 0x484B27F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==18275==    by 0x519AC15: xdebug_path_free (branch_info.c:230)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==  Block was alloc'd at
==18275==    at 0x484DCD3: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==18275==    by 0x519ABE0: UnknownInlinedFun (branch_info.c:164)
==18275==    by 0x519ABE0: xdebug_path_new (branch_info.c:221)
==18275==    by 0x519AC44: xdebug_branch_find_path (branch_info.c:263)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275==    by 0x519AD0A: xdebug_branch_find_path (branch_info.c:271)
==18275== 

✔ StepTest: Get arguments (1.82s)
- StepTest: Single quoted string as argument
✔ StepTest: Single quoted string as argument (0.62s)
- StepTest: See uppercase text
✔ StepTest: See uppercase text (0.59s)
- StepTest: See multi line string in single line
✔ StepTest: See multi line string in single line (0.59s)
-------------------------------------------------------------------------------------------------------------------------------------


Code Coverage Report:    
  2022-08-07 14:28:05    
                         
 Summary:                
  Classes:  0.00% (0/25) 
  Methods:  0.00% (0/104)
  Paths:    0.00% (0/5820)
  Branches:    0.00% (0/519)
  Lines:    0.00% (0/938)

Remote CodeCoverage reports are not printed to console
==18275== Conditional jump or move depends on uninitialised value(s)
==18275==    at 0x9BE3D09: ???
==18275==    by 0x7A94287: ???
==18275==    by 0x7A94287: ???
==18275==    by 0x7A94288: ???
==18275==    by 0x7D0B8BF: ???
==18275==    by 0x7A94287: ???
==18275== 

Time: 01:00.293, Memory: 388.49 MB

OK (11 tests, 23 assertions)
==18275== 
==18275== HEAP SUMMARY:
==18275==     in use at exit: 6,613,588 bytes in 78,928 blocks
==18275==   total heap usage: 6,356,254 allocs, 6,277,326 frees, 928,736,518 bytes allocated
==18275== 
==18275== LEAK SUMMARY:
==18275==    definitely lost: 34,424 bytes in 561 blocks
==18275==    indirectly lost: 6,490,060 bytes in 76,901 blocks
==18275==      possibly lost: 0 bytes in 0 blocks
==18275==    still reachable: 89,104 bytes in 1,466 blocks
==18275==         suppressed: 0 bytes in 0 blocks
==18275== Rerun with --leak-check=full to see details of leaked memory
==18275== 
==18275== Use --track-origins=yes to see where uninitialised values come from
==18275== For lists of detected and suppressed errors, rerun with: -s
==18275== ERROR SUMMARY: 94 errors from 28 contexts (suppressed: 0 from 0)
valgrind.log (21,925 bytes)   
Operating SystemLinux
PHP Version8.1.0-8.1.4

Activities

Naktibalda

2022-08-07 19:14

reporter   ~0006351

Failing build sets minimum-stability to dev and installs a lot of branches.

I identified that segmentation fault happens since this commit in symfony/console library https://github.com/symfony/console/commit/5b066d629a77b03ba804f4030a0f13f83665886b

derick

2022-08-09 10:02

administrator   ~0006354

Hi,

thanks for the small reproducible case, but when I run it, i get a PHP error:

$ XDEBUG_MODE=coverage ./codecept run tests/unit/Codeception/StepTest.php -o 'coverage: path_coverage: true' --coverage
Codeception PHP Testing Framework v5.0.0 https://helpukrainewin.org
[Seed] 1249552899

Fatal error: Declaration of Codeception\PHPUnit\Wrapper\Test::run(PHPUnit\Framework\TestResult $result): void must be compatible with PHPUnit\Framework\Test::run(): void in /tmp/2108/Codeception/src/PHPUnit/Wrapper/PhpUnit10/Test.php on line 10

And I don't see what I need to update to fix this.

cheers,
Derick

derick

2022-08-09 11:01

administrator   ~0006355

OK. I have made this change:

diff --git src/PHPUnit/Wrapper/PhpUnit10/Test.php src/PHPUnit/Wrapper/PhpUnit10/Test.php
index 4ee087c64..b76916f7f 100644
--- src/PHPUnit/Wrapper/PhpUnit10/Test.php
+++ src/PHPUnit/Wrapper/PhpUnit10/Test.php
@@ -7,7 +7,7 @@

 abstract class Test implements PHPUnitTest
 {
-    public function run(TestResult $result): void
+    public function run(): void
     {
         // does nothing
     }

And when running with USE_ZEND_ALLOC=0, I am getting the following valgrind warnings, which can easily turn into actual crashes:

$ XDEBUG_MODE=coverage valgrind php ./codecept run tests/unit/Codeception/StepTest.php -o 'coverage: path_coverage: true' --coverage
==1074664== Memcheck, a memory error detector
==1074664== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1074664== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==1074664== Command: php ./codecept run tests/unit/Codeception/StepTest.php -o coverage:\ path_coverage:\ true --coverage
==1074664== 
Codeception PHP Testing Framework v5.0.0 https://helpukrainewin.org
[Seed] 1642368277

Unit Tests (11) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- StepTest: No args==1074664== Conditional jump or move depends on uninitialised value(s)
==1074664==    at 0x929A42B: xdebug_branch_info_mark_reached (branch_info.c:376)
==1074664==    by 0x929B1C5: xdebug_print_opcode_info (code_coverage.c:171)
==1074664==    by 0x929B4BA: xdebug_common_override_handler (code_coverage.c:239)
==1074664==    by 0x9A6F7E: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3134)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664== 
==1074664== Use of uninitialised value of size 8
==1074664==    at 0x929A51A: xdebug_branch_info_mark_reached (branch_info.c:379)
==1074664==    by 0x929B1C5: xdebug_print_opcode_info (code_coverage.c:171)
==1074664==    by 0x929B4BA: xdebug_common_override_handler (code_coverage.c:239)
==1074664==    by 0x9A6F7E: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3134)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664== 
==1074664== Conditional jump or move depends on uninitialised value(s)
==1074664==    at 0x8CBA10: ap_php_conv_10 (snprintf.c:232)
==1074664==    by 0x8CCA61: format_converter (snprintf.c:745)
==1074664==    by 0x8CDAB2: strx_printv (snprintf.c:1092)
==1074664==    by 0x8CDD0F: ap_php_vsnprintf (snprintf.c:1141)
==1074664==    by 0x928ACCD: xdebug_sprintf (str.c:222)
==1074664==    by 0x929A56F: xdebug_branch_info_mark_reached (branch_info.c:386)
==1074664==    by 0x929B1C5: xdebug_print_opcode_info (code_coverage.c:171)
==1074664==    by 0x929B4BA: xdebug_common_override_handler (code_coverage.c:239)
==1074664==    by 0x9A6F7E: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3134)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664== 
==1074664== Conditional jump or move depends on uninitialised value(s)
==1074664==    at 0x8CBA8C: ap_php_conv_10 (snprintf.c:249)
==1074664==    by 0x8CCA61: format_converter (snprintf.c:745)
==1074664==    by 0x8CDAB2: strx_printv (snprintf.c:1092)
==1074664==    by 0x8CDD0F: ap_php_vsnprintf (snprintf.c:1141)
==1074664==    by 0x928ACCD: xdebug_sprintf (str.c:222)
==1074664==    by 0x929A56F: xdebug_branch_info_mark_reached (branch_info.c:386)
==1074664==    by 0x929B1C5: xdebug_print_opcode_info (code_coverage.c:171)
==1074664==    by 0x929B4BA: xdebug_common_override_handler (code_coverage.c:239)
==1074664==    by 0x9A6F7E: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3134)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664== 
==1074664== Conditional jump or move depends on uninitialised value(s)
==1074664==    at 0x8CCAB9: format_converter (snprintf.c:750)
==1074664==    by 0x8CDAB2: strx_printv (snprintf.c:1092)
==1074664==    by 0x8CDD0F: ap_php_vsnprintf (snprintf.c:1141)
==1074664==    by 0x928ACCD: xdebug_sprintf (str.c:222)
==1074664==    by 0x929A56F: xdebug_branch_info_mark_reached (branch_info.c:386)
==1074664==    by 0x929B1C5: xdebug_print_opcode_info (code_coverage.c:171)
==1074664==    by 0x929B4BA: xdebug_common_override_handler (code_coverage.c:239)
==1074664==    by 0x9A6F7E: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3134)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664== 
==1074664== Conditional jump or move depends on uninitialised value(s)
==1074664==    at 0x4845818: strlen (vg_replace_strmem.c:494)
==1074664==    by 0x929A57F: xdebug_branch_info_mark_reached (branch_info.c:388)
==1074664==    by 0x929B1C5: xdebug_print_opcode_info (code_coverage.c:171)
==1074664==    by 0x929B4BA: xdebug_common_override_handler (code_coverage.c:239)
==1074664==    by 0x9A6F7E: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3134)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664== 
==1074664== Use of uninitialised value of size 8
==1074664==    at 0x9284400: xdebug_hash_extended_find (hash.c:215)
==1074664==    by 0x929A5A9: xdebug_branch_info_mark_reached (branch_info.c:388)
==1074664==    by 0x929B1C5: xdebug_print_opcode_info (code_coverage.c:171)
==1074664==    by 0x929B4BA: xdebug_common_override_handler (code_coverage.c:239)
==1074664==    by 0x9A6F7E: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3134)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664== 
==1074664== Conditional jump or move depends on uninitialised value(s)
==1074664==    at 0x4845818: strlen (vg_replace_strmem.c:494)
==1074664==    by 0x929A5F3: xdebug_branch_info_mark_reached (branch_info.c:390)
==1074664==    by 0x929B1C5: xdebug_print_opcode_info (code_coverage.c:171)
==1074664==    by 0x929B4BA: xdebug_common_override_handler (code_coverage.c:239)
==1074664==    by 0x9A6F7E: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3134)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664== 
==1074664== Use of uninitialised value of size 8
==1074664==    at 0x92840F6: xdebug_hash_add_or_update (hash.c:160)
==1074664==    by 0x929A61A: xdebug_branch_info_mark_reached (branch_info.c:390)
==1074664==    by 0x929B1C5: xdebug_print_opcode_info (code_coverage.c:171)
==1074664==    by 0x929B4BA: xdebug_common_override_handler (code_coverage.c:239)
==1074664==    by 0x9A6F7E: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3134)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A2262: ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1728)
==1074664== 
==1074664== Conditional jump or move depends on uninitialised value(s)
==1074664==    at 0x929D7C9: xdebug_coverage_count_line_if_active (code_coverage.c:933)
==1074664==    by 0x929D833: xdebug_coverage_count_line_if_branch_check_active (code_coverage.c:941)
==1074664==    by 0x927DE0A: xdebug_add_stack_frame (base.c:704)
==1074664==    by 0x927E6B6: xdebug_execute_internal (base.c:921)
==1074664==    by 0x9A27CD: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1872)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A26A6: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1837)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664==    by 0x9A26A6: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1837)
==1074664==    by 0x9A703B: ZEND_USER_OPCODE_SPEC_HANDLER (zend_vm_execute.h:3153)
==1074664==    by 0xA143A1: execute_ex (zend_vm_execute.h:55868)
==1074664==    by 0x927E339: xdebug_execute_ex (base.c:830)
==1074664== 

Now to find out why... and how to fix it :-)

Naktibalda

2022-08-13 18:25

reporter   ~0006363

Priority can be changed to low, because segmentation fault no longer happens after https://github.com/symfony/console/commit/8fe565067c4e8786d10e6ba36b161fc10e4c5224

Naktibalda

2022-11-20 12:04

reporter   ~0006448

symfony/console 6.2.0-BETA3 causes segmentation fault with path coverage again after: https://github.com/symfony/console/commit/01c90dba590bcdc5699597b8090407b4441dfad4

Naktibalda

2022-11-20 18:24

reporter   ~0006449

I failed to reproduce this segfault without Codeception, here is the smallest reproduction I can make: https://github.com/Naktibalda/codeception-segfault

I noticed that segfault doesn't happen if foreach in linked symfony/console code is removed ($commandSignals is empty, removing code inside loop makes no difference).

Naktibalda

2022-12-02 20:40

reporter   ~0006457

This segmentation fault was released as symfony/console 5.4.16, 6.0.16, 6.1.8 and 6.2.0
It affects Codeception 5 when used with PHPUnit 9.5 too.

Let's wait and see if anyone uses path coverage with Codeception 5.

Naktibalda

2022-12-02 20:41

reporter   ~0006458

https://github.com/Naktibalda/codeception-segfault/actions/runs/3604838128/jobs/6074617926#step:5:13

derick

2022-12-05 11:34

administrator   ~0006459

I can reproduce this with your minimal codeception case. Going to see why now though :-)

derick

2022-12-05 18:23

administrator   ~0006460

Last edited: 2022-12-05 18:39

I have made this PR, which address both your initial reproduce case, as well as your minimal one:
https://github.com/xdebug/xdebug/pull/873

Would you be able to test with this branch? It's https://github.com/derickr/xdebug/tree/issue2108-cc-segfault

cheers,
Derick

Naktibalda

2022-12-08 18:12

reporter   ~0006465

Testing Xdebug looks complicated, it would be nice if you had step-by-step instructions how to do it.

Ot looks like compiled xdebug is unlikely to collaborate with installed php on Ubuntu 22.04, am I wrong about it?
I could try to reuse your CircleCI script to build a docker image, but it is time consuming and I have nothing substantially different from what you already tested to test, so most likely I won't test it.

Please merge your pull request if it looks good to you.

derick

2022-12-08 18:44

administrator   ~0006466

Testing is covered in the README: https://github.com/xdebug/xdebug#testing

But I meant more, compile the Xdebug branch that I pointed to, and then run your tests :-)

In any case, I have merged it (through https://github.com/xdebug/xdebug/pull/873), and it will be part of the 3.2.0 release, that I will be making straight away.

Naktibalda

2022-12-10 18:32

reporter   ~0006472

Thank you, I can confirm that Xdebug 3.2.0 no longer causes this segmentation fault.

Issue History

Date Modified Username Field Change
2022-08-07 11:32 Naktibalda New Issue
2022-08-07 11:32 Naktibalda File Added: stacktrace.txt
2022-08-07 11:32 Naktibalda File Added: valgrind.log
2022-08-07 19:14 Naktibalda Note Added: 0006351
2022-08-09 10:02 derick Note Added: 0006354
2022-08-09 10:02 derick Assigned To => derick
2022-08-09 10:02 derick Status new => feedback
2022-08-09 11:01 derick Note Added: 0006355
2022-08-13 18:25 Naktibalda Note Added: 0006363
2022-08-13 18:25 Naktibalda Status feedback => assigned
2022-11-20 12:04 Naktibalda Note Added: 0006448
2022-11-20 18:24 Naktibalda Note Added: 0006449
2022-12-02 20:40 Naktibalda Note Added: 0006457
2022-12-02 20:41 Naktibalda Note Added: 0006458
2022-12-05 11:34 derick Note Added: 0006459
2022-12-05 18:23 derick Status assigned => feedback
2022-12-05 18:23 derick Note Added: 0006460
2022-12-05 18:39 derick Note Edited: 0006460
2022-12-08 18:12 Naktibalda Note Added: 0006465
2022-12-08 18:12 Naktibalda Status feedback => assigned
2022-12-08 18:44 derick Status assigned => closed
2022-12-08 18:44 derick Resolution open => fixed
2022-12-08 18:44 derick Fixed in Version => 3.2dev
2022-12-08 18:44 derick Note Added: 0006466
2022-12-08 18:52 derick Fixed in Version 3.2dev => 3.2.0
2022-12-10 18:32 Naktibalda Note Added: 0006472