Edit report at https://bugs.php.net/bug.php?id=63635&edit=1
ID: 63635
Comment by: r...@php.net
Reported by: r...@php.net
Summary: Segfault in gc_collect_cycles
Status: Open
Type: Bug
Package: *General Issues
Operating System: GNU/Linux (Fedora 18)
PHP Version: 5.4.9
Block user comment: N
Private report: N
New Comment:
Note: without the circular reference, no segfault.
$this->childs[] = $this;
Previous Comments:
------------------------------------------------------------------------
[2012-11-28 11:17:44] r...@php.net
Description:
------------
When using huge object tree with circular reference,
With zend.enable_gc=0 : lot of memory consumed
With zend.enable_gc=1 : segfault
(gdb) bt
#0 0x00000000005e23d9 in gc_zval_possible_root (zv=0x19e5500) at
/usr/src/debug/php-5.4.9/Zend/zend_gc.c:143
#1 0x00000000005e40f7 in zend_object_std_dtor (object=0x7fffcf6f2020) at
/usr/src/debug/php-5.4.9/Zend/zend_objects.c:54
#2 0x00000000005e4129 in zend_objects_free_object_storage
(object=0x7fffcf6f2020) at /usr/src/debug/php-5.4.9/Zend/zend_objects.c:137
#3 0x00000000005e9e53 in zend_objects_store_del_ref_by_handle_ex (handle=3273,
handlers=<optimized out>)
at /usr/src/debug/php-5.4.9/Zend/zend_objects_API.c:220
#4 0x00000000005e220e in gc_collect_cycles () at
/usr/src/debug/php-5.4.9/Zend/zend_gc.c:832
#5 0x00000000005e2303 in gc_zobj_possible_root (zv=0x19e5500,
zv@entry=0x1967560) at /usr/src/debug/php-5.4.9/Zend/zend_gc.c:221
#6 0x00000000005e23ea in gc_zval_possible_root (zv=zv@entry=0x1967560) at
/usr/src/debug/php-5.4.9/Zend/zend_gc.c:143
#7 0x00000000005f2ffd in gc_zval_check_possible_root (z=0x1967560) at
/usr/src/debug/php-5.4.9/Zend/zend_gc.h:183
#8 i_zval_ptr_dtor (zval_ptr=0x1967560) at
/usr/src/debug/php-5.4.9/Zend/zend_execute.h:97
#9 zend_leave_helper_SPEC (execute_data=0x7ffff7f855f8) at
/usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:468
#10 0x0000000000624067 in execute (op_array=0x7ffff7fbfdf8) at
/usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:410
#11 0x00007ffff17e0fd2 in xdebug_execute () from
/usr/lib64/php/modules/xdebug.so
#12 0x000000000066a529 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7f85060) at
/usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:669
#13 0x0000000000624067 in execute (op_array=0x7ffff7fbdab0) at
/usr/src/debug/php-5.4.9/Zend/zend_vm_execute.h:410
#14 0x00007ffff17e0fd2 in xdebug_execute () from
/usr/lib64/php/modules/xdebug.so
#15 0x00000000005c4dec in zend_execute_scripts (type=type@entry=8,
retval=retval@entry=0x0, file_count=file_count@entry=3)
at /usr/src/debug/php-5.4.9/Zend/zend.c:1309
#16 0x000000000056475d in php_execute_script
(primary_file=primary_file@entry=0x7fffffffcbb0) at
/usr/src/debug/php-5.4.9/main/main.c:2482
#17 0x000000000066ca66 in do_cli (argc=2, argv=0x7fffffffe048) at
/usr/src/debug/php-5.4.9/sapi/cli/php_cli.c:988
#18 0x0000000000425b0a in main (argc=2, argv=0x7fffffffe048) at
/usr/src/debug/php-5.4.9/sapi/cli/php_cli.c:1364
Test script:
---------------
<?php
class Node {
public $parent = NULL;
public $childs = array();
function __construct(Node $parent=NULL) {
if ($parent) {
$parent->childs[] = $this;
}
$this->childs[] = $this;
}
function __destruct() {
$this->childs = NULL;
}
}
define("MAX", 16);
while (true) {
printf("Memory: %6.2fMB ->", memory_get_usage()/1024/1024);
$top = new Node();
for ($i=0 ; $i<MAX ; $i++) {
$ci = new Node($top);
for ($j=0 ; $j<MAX ; $j++) {
$cj = new Node($ci);
for ($k=0 ; $k<MAX ; $k++) {
$ck = new Node($cj);
}
}
}
printf(" %6.2fMB\n", memory_get_usage()/1024/1024);
}
Expected result:
----------------
No segfault.
Actual result:
--------------
$ php -d zend.enable_gc=1 repro.ph
...
Memory: 3.40MB -> 5.62MB
Memory: 5.62MB -> 3.40MB
Memory: 3.40MB -> 5.62MB
Memory: 5.62MB -> 7.83MB
Memory: 7.83MB ->
Program received signal SIGSEGV, Segmentation fault.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=63635&edit=1
