Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 Jan 2018 18:24:45 -0500
From:      J David <j.david.lists@gmail.com>
To:        freebsd-hackers@freebsd.org
Subject:   FreeBSD 11.1 + Clang 4.0 + PHP source = Core dumps
Message-ID:  <CABXB=RQoLTiDc8_vGhiv95pxN02Twfi_5m0Q%2Bc7OCAKBe9Np0w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Starting with Clang 4.0 on FreeBSD 11.1 we are seeing really odd
behavior and crashes on a version of PHP that we compile in house.
It=E2=80=99s not clear if this is a compiler bug, or what exactly is
happening.

For example, this code (from PHP=E2=80=99s intl extension) core dumps:

U_CFUNC TimeZone *timezone_process_timezone_argument(zval *zv_timezone,
                                                     intl_error *outside_er=
ror,
                                                     const char *func)
{
    zval        local_zv_tz;
    char        *message =3D NULL;
    TimeZone    *timeZone;

    if (zv_timezone =3D=3D NULL || Z_TYPE_P(zv_timezone) =3D=3D IS_NULL) {
        timelib_tzinfo *tzinfo =3D get_timezone_info();
        ZVAL_STRING(&local_zv_tz, tzinfo->name);
        zv_timezone =3D &local_zv_tz;
    } else {
        ZVAL_NULL(&local_zv_tz);
    }

    if (Z_TYPE_P(zv_timezone) =3D=3D IS_OBJECT &&
            instanceof_function(Z_OBJCE_P(zv_timezone), TimeZone_ce_ptr)) {

If zv_timezone is passed in as a NULL pointer, this code core dumps on
the =E2=80=9Cif (Z_TYPE_P(zv_timezone)=E2=80=9D and gdb says that zv_timezo=
ne is NULL.
But if you look immediately above, if zv_timezone is NULL it is set to
another value.

If you add a printf of the zv_timezone pointer above the second if
block, it will show that zv_timezone is no longer NULL (because it was
just set to &local_zv_tz), and the program will no longer crash.

This crash can also be =E2=80=9Cfixed=E2=80=9D by placing the following lin=
e (a memory
barrier) above the second if statement:

    __asm__ volatile(=E2=80=9C" : : : "memory");

Although that addresses this one, it seems like there may be a number
of other similar issues throughout the PHP code base.

This just can=E2=80=99t be right; that should not be necessary.  What=E2=80=
=99s going on?

Is this a bug in clang?  Is PHP doing something dodgy?  User error on
our part?  We don=E2=80=99t see this behavior compiling the same source wit=
h
clang 3.x / FreeBSD 10.x.

Thanks for any insight!

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABXB=RQoLTiDc8_vGhiv95pxN02Twfi_5m0Q%2Bc7OCAKBe9Np0w>