Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:67745 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 24455 invoked from network); 20 Jun 2013 12:12:29 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Jun 2013 12:12:29 -0000 Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.182 as permitted sender) X-PHP-List-Original-Sender: ircmaxell@gmail.com X-Host-Fingerprint: 209.85.220.182 mail-vc0-f182.google.com Received: from [209.85.220.182] ([209.85.220.182:50244] helo=mail-vc0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C8/64-25301-DA1F2C15 for ; Thu, 20 Jun 2013 08:12:29 -0400 Received: by mail-vc0-f182.google.com with SMTP id id13so4729390vcb.13 for ; Thu, 20 Jun 2013 05:12:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=jocigi7RsqT1JB0GGG1fpsDPeaIAfR3LxB5Lj2w8XdU=; b=BkYTAaRptleSuLDSIKpXjBiFR0wSuaBUheGLuu2FkM0OV4hXETw8YyCZmaR+yKZQS0 aQm6N4BP4ZbhsagNSNPm18zvf8KeUenFT/kZL65qawNKQvy3L+KrtsSQTo9VZE721ASG 6ysC7LLUHdiNhH/lA4FtzbK0DTs3pov3afMrlxMRVHLyRlXG+uKh/MakBwlIk+JjoOvG Twip1pnE19CY6U2DE6eSCZ/RqCgEFwa5f9ptbP0Sh7iXYLOrlRwgP/FpBWye2U7RI/Ma Pr7Ot4o8C1DeBkTYF3hHBDXGspTde+4jrlSZ9ReRVPXJFQa0x5qFc/9FdXcCRqDhdrs4 uXzA== MIME-Version: 1.0 X-Received: by 10.52.236.199 with SMTP id uw7mr2487719vdc.18.1371730346112; Thu, 20 Jun 2013 05:12:26 -0700 (PDT) Received: by 10.58.94.201 with HTTP; Thu, 20 Jun 2013 05:12:25 -0700 (PDT) In-Reply-To: References: Date: Thu, 20 Jun 2013 08:12:25 -0400 Message-ID: To: Laruence Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=089e0111d92401fe8904df94dc1a Subject: Re: [PHP-DEV] Disabling the GC during shutdown From: ircmaxell@gmail.com (Anthony Ferrara) --089e0111d92401fe8904df94dc1a Content-Type: text/plain; charset=ISO-8859-1 Laruence, Sorry, but I don't this this explain is right. > > if there is more than one refcount to a zval, then it should never be > freed > > and if a zval is freed, then it must also be removed from the gc roots. > The point here is that the GC is run *while* the zval is being freed. Check out the backtrace here: https://bugs.php.net/bug.php?id=64827 , specifically zval pointer 0x272afb8 It appears 4 times recursively being passed into zend_objects_free_object_storage before the GC is triggered and it segfaults. > according to your explain, the gc segfault while walking through > a hashtable of a object. > Yes, that is what's happening here. zval_mark_grey() is trying to walk through the object's hash table, but the first bucket is already freed, so when it tries to access it bad things happen. > but that doesn't make any sense, since if it segfault in walking, > then it should also segfault when trying to free the hash table later > while dtor the object. > That's the point. The dtor is already happening on that object when the GC tries to run over it again. > disable GC in shutdown is okey for me. but that is just try to > cover the bug somewhere in the refcount handler.. not the right fix. > Looking back through, we still have the problem where we can't null out the zval before destructing the object (like we do with arrays) to prevent this. That's why I suggested one alternative would be to modify zend_objects_store_del_ref_by_handle_ex to also accept the zval, so it can be nulled if the object is going to be freed. However, we could set the object's bucket to invalid in the delref handler before we call free_storage. And then modify the GC to check for a valid bucket... I'll try that patch today to see if it solves the original issue (as it shouldn't result in an API change either)... Thanks for the thoughts... Anthony --089e0111d92401fe8904df94dc1a--