This adds a debug handler to DOM objects. #8

tml · 2012-03-20T03:25:44Z

No description provided.

cataphract · 2012-03-20T07:37:26Z

This seems a to be a lot code that could be replaced with just returning the prop_handler table. Why do you have it this way? Does the implementation of read_property called by zend_read_property do some magic I'm unaware for?

Also, it seems that here you're ignoring the dynamic properties that might exist in the object property hash table.

tml · 2012-03-20T14:55:24Z

In fact, the dynamic properties are what I'm trying to give value to by using zend_read_property. If we only return the prop_handler table, we get "&UNKNOWN:0" as the value for each property. By using zend_read_property, we can actually provide meaningful values for these.

tml · 2012-03-20T15:09:04Z

I should note that this is just an attempt to get some movement on a debug handler for DOM - I would certainly not object to someone wanting to write a better implementation; for example, I just blatantly ignore anything that's not a string, bool, long, double, or array because my attempts to handle objects like 'parentNode->firstChild->parentNode->firstChild->...' quickly became a mess.

dsp · 2012-03-24T08:55:27Z

this was obviously commited as d046827

DynASM/x86 permits register names of the form Ra(expr) where "expr" is an arbitrary C expression and "Ra" is register class. This allows registers to be selected dynamically at runtime. However the Arm64 port only accepts static register names such as "x1", "w5", etc. This patch extends the DynASM parser for arm64 to accept expressions of the form Rx(expr) where "x" is a register class such as "x", "w", "q", etc. A new action DASM_VREG patches the instruction with the dynamic register index passed as an argument (similar to how dynamic register names work on x86). To correctly patch the instruction we need to know the bit position of the register in the instruction word. This is now passed into parse_reg() and encoded in the low bits of the DASM_VREG opcode. To avoid duplication of the bit position in code like shl(parse_reg(..., 5), 5) parse_reg() now returns the shifted register index. Besides, with the introduction of dynmiac register names, the original method, i.e 'p[-2]', to accessing 'scale' field for action DASM_IMML, might be polluted. As a result, load/store with an immediate or type maps, would be affected. This patch passes 'scale' as the parameter to DASM_IMML. Example [1]: | cmp Rx(15), php#42 | mov x3, php#1 | add Rw(5+1), Rw(7), Rw(22) | ldr Rx(4), [Rx(2), php#8]! | str x0, [Rx(2), #offsetof(struct stu, age)] | ldr x8, STATE->get_ch Disassembly: 0xffffb5498000: cmp x15, #0x2a 0xffffb5498004: movz w3, #0x1 0xffffb5498008: add w6, w7, w22 0xffffb549800c: ldr x4, [x2, php#8]! 0xffffb5498010: str x0, [x2, php#8] 0xffffb5498014: ldr x8, [x2, php#8] Test environment: We're using an ARM-based server, with Ubuntu-20 and GCC-10. Disambler library capstone[2] should be installed in advance. After building the PHP, the 'minilua' can be found in 'PHP-SRC/ext/opcache/' directory. Our test case can be run with the following commands: $ PHP-SRC/ext/opcache/minilua \ PHP-SRC/ext/opcache/jit/dynasm/dynasm.lua -o test.c \ -D ARM64=1 test-dyn-regs.c $ gcc test.c -o test -lcapstone $ ./test [1] https://github.com/shqking/misc/blob/main/php-dynasm-test/test-dyn-regs.c [2] https://www.capstone-engine.org/ Co-Developed-by: Nick Gasson <[email protected]>

The following opcodes would be generated: ... BB1: 0003 JMP BB3 BB2: 0004 INIT_FCALL 1 96 string("chr") 0005 #10.T3 [long] = SR #3.CV0($int) [long] #7.CV2($i) ... 0006 #11.T4 [long] RANGE[0..127] = BW_AND #10.T3 [long] ... 0007 #12.T3 [long] RANGE[128..255] = BW_OR #11.T4 [long] ... 0008 SEND_VAL #12.T3 [long] RANGE[128..255] 1 0009 #13.V3 [ref, rc1, rcn, any] = DO_ICALL 0010 ASSIGN_OP (CONCAT) #6.CV1($out) [rc1, rcn, string] 0011 ADD #7.CV2($i)... int(7) #7.CV2($i) ... -> #15.CV2($i) ... BB3: 0012 #8.T4 [long] = SR #3.CV0($int) #7.CV2($i) [long, double] 0013 #9.T3 [bool] RANGE[0..1] = IS_SMALLER int(128) #8.T4 0014 JMPNZ #9.T3 [bool] RANGE[0..1] BB2 ... Main changes are: 1. SR opcode covers new path in function zend_jit_long_math_helper(). 2. BW_AND and BW_OR opcodes are supported. See macro LONG_OP. 3. Function zend_jit_concat_helper() is added to support ASSIGN_OP opcode. Speficically, CONCAT and FAST_CONCAT is supported for statements "$out .= ...". 4. New path is covered in function zend_jit_cmp_long_long() by IS_SMALLER opcode. 5. New path is covered in macros ZVAL_PTR_DTOR and ZVAL_DTOR_FUNC when leaving.

even without sanitizers, it is reproducible but with the following ``` <?php $g = gmp_init(256); var_dump(gmp_pow($g, PHP_INT_MAX)); ``` we get this ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==286922==ERROR: AddressSanitizer: FPE on unknown address 0x03e8000460ca (pc 0x7faf6c69de5c bp 0x400000000000004 sp 0x7ffe9843c740 T0) #0 0x7faf6c69de5c in __pthread_kill_implementation nptl/pthread_kill.c:44 #1 0x7faf6c649c81 in __GI_raise ../sysdeps/posix/raise.c:26 php#2 0x7faf6db9386c in __gmp_exception (/lib/x86_64-linux-gnu/libgmp.so.10+0xd86c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) php#3 0x7faf6db938d3 in __gmp_overflow_in_mpz (/lib/x86_64-linux-gnu/libgmp.so.10+0xd8d3) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) php#4 0x7faf6dbac95c in __gmpz_realloc (/lib/x86_64-linux-gnu/libgmp.so.10+0x2695c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) php#5 0x7faf6dba9038 in __gmpz_n_pow_ui (/lib/x86_64-linux-gnu/libgmp.so.10+0x23038) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) php#6 0x5565ae1ccd9f in zif_gmp_pow /home/dcarlier/Contribs/php-src/ext/gmp/gmp.c:1286 php#7 0x5565aee96ea9 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:1312 php#8 0x5565af144320 in execute_ex /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:56075 php#9 0x5565af160f07 in zend_execute /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:60439 php#10 0x5565aed6fafe in zend_execute_scripts /home/dcarlier/Contribs/php-src/Zend/zend.c:1842 php#11 0x5565aeae70a8 in php_execute_script /home/dcarlier/Contribs/php-src/main/main.c:2578 php#12 0x5565af532f4e in do_cli /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:964 php#13 0x5565af535877 in main /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:1334 php#14 0x7faf6c633d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 php#15 0x7faf6c633e24 in __libc_start_main_impl ../csu/libc-start.c:360 php#16 0x5565adc04040 in _start (/home/dcarlier/Contribs/php-src/sapi/cli/php+0x2604040) (BuildId: 949049955bdf8b7197390b1978a1dfc3ef6fdf38) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE nptl/pthread_kill.c:44 in __pthread_kill_implementation ==286922==ABORTING ```

even without sanitizers, it is reproducible but with the following ``` <?php $g = gmp_init(256); var_dump(gmp_pow($g, PHP_INT_MAX)); ``` we get this ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==286922==ERROR: AddressSanitizer: FPE on unknown address 0x03e8000460ca (pc 0x7faf6c69de5c bp 0x400000000000004 sp 0x7ffe9843c740 T0) #0 0x7faf6c69de5c in __pthread_kill_implementation nptl/pthread_kill.c:44 #1 0x7faf6c649c81 in __GI_raise ../sysdeps/posix/raise.c:26 #2 0x7faf6db9386c in __gmp_exception (/lib/x86_64-linux-gnu/libgmp.so.10+0xd86c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) #3 0x7faf6db938d3 in __gmp_overflow_in_mpz (/lib/x86_64-linux-gnu/libgmp.so.10+0xd8d3) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) #4 0x7faf6dbac95c in __gmpz_realloc (/lib/x86_64-linux-gnu/libgmp.so.10+0x2695c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) #5 0x7faf6dba9038 in __gmpz_n_pow_ui (/lib/x86_64-linux-gnu/libgmp.so.10+0x23038) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) #6 0x5565ae1ccd9f in zif_gmp_pow /home/dcarlier/Contribs/php-src/ext/gmp/gmp.c:1286 #7 0x5565aee96ea9 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:1312 #8 0x5565af144320 in execute_ex /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:56075 #9 0x5565af160f07 in zend_execute /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:60439 #10 0x5565aed6fafe in zend_execute_scripts /home/dcarlier/Contribs/php-src/Zend/zend.c:1842 #11 0x5565aeae70a8 in php_execute_script /home/dcarlier/Contribs/php-src/main/main.c:2578 #12 0x5565af532f4e in do_cli /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:964 #13 0x5565af535877 in main /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:1334 #14 0x7faf6c633d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #15 0x7faf6c633e24 in __libc_start_main_impl ../csu/libc-start.c:360 #16 0x5565adc04040 in _start (/home/dcarlier/Contribs/php-src/sapi/cli/php+0x2604040) (BuildId: 949049955bdf8b7197390b1978a1dfc3ef6fdf38) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE nptl/pthread_kill.c:44 in __pthread_kill_implementation ==286922==ABORTING ```

even without sanitizers, it is reproducible but with the following ``` <?php $g = gmp_init(256); var_dump(gmp_pow($g, PHP_INT_MAX)); ``` we get this ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==286922==ERROR: AddressSanitizer: FPE on unknown address 0x03e8000460ca (pc 0x7faf6c69de5c bp 0x400000000000004 sp 0x7ffe9843c740 T0) #0 0x7faf6c69de5c in __pthread_kill_implementation nptl/pthread_kill.c:44 #1 0x7faf6c649c81 in __GI_raise ../sysdeps/posix/raise.c:26 php#2 0x7faf6db9386c in __gmp_exception (/lib/x86_64-linux-gnu/libgmp.so.10+0xd86c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) php#3 0x7faf6db938d3 in __gmp_overflow_in_mpz (/lib/x86_64-linux-gnu/libgmp.so.10+0xd8d3) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) php#4 0x7faf6dbac95c in __gmpz_realloc (/lib/x86_64-linux-gnu/libgmp.so.10+0x2695c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) php#5 0x7faf6dba9038 in __gmpz_n_pow_ui (/lib/x86_64-linux-gnu/libgmp.so.10+0x23038) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) php#6 0x5565ae1ccd9f in zif_gmp_pow /home/dcarlier/Contribs/php-src/ext/gmp/gmp.c:1286 php#7 0x5565aee96ea9 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:1312 php#8 0x5565af144320 in execute_ex /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:56075 php#9 0x5565af160f07 in zend_execute /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:60439 php#10 0x5565aed6fafe in zend_execute_scripts /home/dcarlier/Contribs/php-src/Zend/zend.c:1842 php#11 0x5565aeae70a8 in php_execute_script /home/dcarlier/Contribs/php-src/main/main.c:2578 php#12 0x5565af532f4e in do_cli /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:964 php#13 0x5565af535877 in main /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:1334 php#14 0x7faf6c633d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 php#15 0x7faf6c633e24 in __libc_start_main_impl ../csu/libc-start.c:360 php#16 0x5565adc04040 in _start (/home/dcarlier/Contribs/php-src/sapi/cli/php+0x2604040) (BuildId: 949049955bdf8b7197390b1978a1dfc3ef6fdf38) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE nptl/pthread_kill.c:44 in __pthread_kill_implementation ==286922==ABORTING ```

even without sanitizers, it is reproducible but with the following ``` <?php $g = gmp_init(256); var_dump(gmp_pow($g, PHP_INT_MAX)); ``` we get this ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==286922==ERROR: AddressSanitizer: FPE on unknown address 0x03e8000460ca (pc 0x7faf6c69de5c bp 0x400000000000004 sp 0x7ffe9843c740 T0) #0 0x7faf6c69de5c in __pthread_kill_implementation nptl/pthread_kill.c:44 #1 0x7faf6c649c81 in __GI_raise ../sysdeps/posix/raise.c:26 #2 0x7faf6db9386c in __gmp_exception (/lib/x86_64-linux-gnu/libgmp.so.10+0xd86c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) #3 0x7faf6db938d3 in __gmp_overflow_in_mpz (/lib/x86_64-linux-gnu/libgmp.so.10+0xd8d3) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) #4 0x7faf6dbac95c in __gmpz_realloc (/lib/x86_64-linux-gnu/libgmp.so.10+0x2695c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) #5 0x7faf6dba9038 in __gmpz_n_pow_ui (/lib/x86_64-linux-gnu/libgmp.so.10+0x23038) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38) #6 0x5565ae1ccd9f in zif_gmp_pow /home/dcarlier/Contribs/php-src/ext/gmp/gmp.c:1286 #7 0x5565aee96ea9 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:1312 #8 0x5565af144320 in execute_ex /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:56075 #9 0x5565af160f07 in zend_execute /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:60439 #10 0x5565aed6fafe in zend_execute_scripts /home/dcarlier/Contribs/php-src/Zend/zend.c:1842 #11 0x5565aeae70a8 in php_execute_script /home/dcarlier/Contribs/php-src/main/main.c:2578 #12 0x5565af532f4e in do_cli /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:964 #13 0x5565af535877 in main /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:1334 #14 0x7faf6c633d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #15 0x7faf6c633e24 in __libc_start_main_impl ../csu/libc-start.c:360 #16 0x5565adc04040 in _start (/home/dcarlier/Contribs/php-src/sapi/cli/php+0x2604040) (BuildId: 949049955bdf8b7197390b1978a1dfc3ef6fdf38) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE nptl/pthread_kill.c:44 in __pthread_kill_implementation ==286922==ABORTING ``` close GH-16384

Added DOM Debug handler

4182b1c

dsp closed this Mar 24, 2012

cpriest mentioned this pull request Nov 10, 2012

Accessors: SIGSEGV on basic usage cpriest/php-src#3

Closed

Draal mentioned this pull request Apr 7, 2013

Exif crash on unknown encoding was fixed #293

Closed

dstogov referenced this pull request Apr 17, 2015

Added GC checks and improvements

276080e

GXhua mentioned this pull request Jul 31, 2020

Update zend_execute_API.c #5911

Closed

shqking mentioned this pull request Mar 30, 2021

DynASM/arm64: allow dynamic register names #6819

Closed

AlexeyZamorov mentioned this pull request Aug 26, 2021

Update interface.c #7376

Closed

dstogov referenced this pull request Sep 2, 2021

JIT: Better code for ADD/SUB/MUL and references in tracing JIT.

7690fa0

dstogov referenced this pull request Nov 19, 2021

Fixed date/diff where the difference in hour is less than 1

e4679ef

derickr mentioned this pull request Jan 3, 2022

Segfaults with PHP 7.4.27 fpm and mysqlnd driver #7877

Closed

zebroid mentioned this pull request Feb 20, 2022

(JIT?) PHP-FPM 8.1.2 segfault on Linux amd64 #8125

Closed

unix-world mentioned this pull request Mar 4, 2022

Apache / PHP segfaults (PHP 8.0 and 8.1, but also 7.4) #8159

Closed

mokraemer mentioned this pull request Mar 10, 2022

pear install: error in malloc_consolidate #8185

Closed

0xhacking mentioned this pull request Mar 17, 2022

Opcache enable Crash Core dump #8209

Closed

ffang-imvu mentioned this pull request Jun 15, 2022

Segmentation faults in 8.1.5 with opcache enabled #8797

Closed

ErikRoelofs mentioned this pull request Jun 23, 2022

imagecopyresized() error message refers to the wrong argument as problematic #8848

Closed

gregherrell mentioned this pull request Aug 17, 2022

JIT segmentation fault in PHP 8.1 #7817

Open

pfrappe mentioned this pull request Jan 28, 2023

Apache Segmentation fault (11) disappears after print_r on a variable. can't understand... #10430

Open

kinghuaq mentioned this pull request May 12, 2023

PHP crash after:[ error ] [2]imap_open(): Couldn't open stream #10895

Closed

slawomir-pryczek mentioned this pull request May 15, 2023

In some specific cases SWITCH with one default statement will cause segfault #11245

Closed

aswingit mentioned this pull request May 23, 2023

Seg fault observed while loading dl with RTLD_DEEPBIND #11291

Closed

sysadminpower2019 mentioned this pull request Jun 11, 2023

Issues only when uploading files with php-fpm. Using Project castopod and php8.2.7 #11425

Closed

dunglas mentioned this pull request Sep 17, 2023

Segmentation fault when building Symfony cache on Alpine #12234

Closed

jcencekibm mentioned this pull request Apr 1, 2024

Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket #13860

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

This adds a debug handler to DOM objects. #8

This adds a debug handler to DOM objects. #8

tml commented Mar 20, 2012

cataphract commented Mar 20, 2012

tml commented Mar 20, 2012

tml commented Mar 20, 2012

dsp commented Mar 24, 2012

This adds a debug handler to DOM objects. #8

This adds a debug handler to DOM objects. #8

Conversation

tml commented Mar 20, 2012

cataphract commented Mar 20, 2012

tml commented Mar 20, 2012

tml commented Mar 20, 2012

dsp commented Mar 24, 2012