From owner-freebsd-hackers@freebsd.org  Sat Jan 13 23:24:48 2018
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05DD6E5C00E
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Sat, 13 Jan 2018 23:24:48 +0000 (UTC)
 (envelope-from jdavidlists@gmail.com)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com
 [IPv6:2a00:1450:400c:c09::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8ED357D8B6
 for <freebsd-hackers@freebsd.org>; Sat, 13 Jan 2018 23:24:47 +0000 (UTC)
 (envelope-from jdavidlists@gmail.com)
Received: by mail-wm0-x229.google.com with SMTP id f140so18078190wmd.2
 for <freebsd-hackers@freebsd.org>; Sat, 13 Jan 2018 15:24:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:sender:from:date:message-id:subject:to
 :content-transfer-encoding;
 bh=kXopWmSsbkf+pKHapcqLFvftpNmSDISAtRtNCpzw5sM=;
 b=j5qbSSDi9929R9V4Mmj0zTcaWS/t1wfzNL3qP29ktVSU0j+CN0oKfbK9CUCi4a6++9
 coN0y0COjTzgHoI8gi0yWRQOVKw2kvj1zik0XgAuEAoJw4D08om7s3Vqn615R/kxZlJ/
 RB5xgK6Y14fOWjUrhqaLp8KM6EySdLWxvfFUtZMUGObhZ3CFdyHI609KdxZTTTP52cm7
 uJ8wvddfG7vdXoT6SKCEBsq4vrjm30RTM/mx4KqB7K7C8FT1WkhyfPLrudd7XruoZ4pH
 iYWhtHpFGskl0PBbWLtv+tdQv34EI1X74YFX3tt9qOXuikNHFSiaPs4bgBtRIDyN6TIt
 fcdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:sender:from:date:message-id:subject
 :to:content-transfer-encoding;
 bh=kXopWmSsbkf+pKHapcqLFvftpNmSDISAtRtNCpzw5sM=;
 b=HfJ0BPkKbo7CNY3m9xv8PU22q+iof3LQCXGmlDPxm2ZChq9h8LJIWCMAr7e9rdB1AC
 4gxAwVZIG9y8ARFZFDXm1KOBQLL8X30kOfyXdpc01a8CxS9ToJdOez5QIGPVaz09oTrn
 80DrZbyLtu/yxB4Gps1YufPc2V9KkdtWCY9TvaZ5u1YYemJzHoja+7xcpLoIFYEXEejI
 tQna89w1OHeXfHyz4ucR/NUETuMtUwFtRrEZsF9P7r+vMzyjLUOqLAIOyHM/TEgLDsUB
 Sn4B4j+3Uy+6+sh6gidBMmnw8MwsXJbo+RM289zFsRYmfT/mM92dSousmkrpK4VVVfls
 UP9Q==
X-Gm-Message-State: AKwxytccsJUT0gH+/gFjXGxLmT4gVsjOsO/vrB0TOiuLAEKTyTZG0/go
 fYXg825Y6ToxkjxnZPFlcuU8rp5wEjaADV6RYCI25g==
X-Google-Smtp-Source: ACJfBoux+mZzxoDPEILkd3X9FAlp88pFq37PCj3diBidiV0GjS19Aghe25KtFzQdvKi1QUP6EGPUxidxSWFPLxkzTTY=
X-Received: by 10.80.141.23 with SMTP id s23mr2474176eds.234.1515885885457;
 Sat, 13 Jan 2018 15:24:45 -0800 (PST)
MIME-Version: 1.0
Sender: jdavidlists@gmail.com
Received: by 10.80.174.213 with HTTP; Sat, 13 Jan 2018 15:24:45 -0800 (PST)
From: J David <j.david.lists@gmail.com>
Date: Sat, 13 Jan 2018 18:24:45 -0500
X-Google-Sender-Auth: KRlp1EmSvvd18i-bUQS0HNGAvEM
Message-ID: <CABXB=RQoLTiDc8_vGhiv95pxN02Twfi_5m0Q+c7OCAKBe9Np0w@mail.gmail.com>
Subject: FreeBSD 11.1 + Clang 4.0 + PHP source = Core dumps
To: freebsd-hackers@freebsd.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jan 2018 23:24:48 -0000

Starting with Clang 4.0 on FreeBSD 11.1 we are seeing really odd
behavior and crashes on a version of PHP that we compile in house.
It=E2=80=99s not clear if this is a compiler bug, or what exactly is
happening.

For example, this code (from PHP=E2=80=99s intl extension) core dumps:

U_CFUNC TimeZone *timezone_process_timezone_argument(zval *zv_timezone,
                                                     intl_error *outside_er=
ror,
                                                     const char *func)
{
    zval        local_zv_tz;
    char        *message =3D NULL;
    TimeZone    *timeZone;

    if (zv_timezone =3D=3D NULL || Z_TYPE_P(zv_timezone) =3D=3D IS_NULL) {
        timelib_tzinfo *tzinfo =3D get_timezone_info();
        ZVAL_STRING(&local_zv_tz, tzinfo->name);
        zv_timezone =3D &local_zv_tz;
    } else {
        ZVAL_NULL(&local_zv_tz);
    }

    if (Z_TYPE_P(zv_timezone) =3D=3D IS_OBJECT &&
            instanceof_function(Z_OBJCE_P(zv_timezone), TimeZone_ce_ptr)) {

If zv_timezone is passed in as a NULL pointer, this code core dumps on
the =E2=80=9Cif (Z_TYPE_P(zv_timezone)=E2=80=9D and gdb says that zv_timezo=
ne is NULL.
But if you look immediately above, if zv_timezone is NULL it is set to
another value.

If you add a printf of the zv_timezone pointer above the second if
block, it will show that zv_timezone is no longer NULL (because it was
just set to &local_zv_tz), and the program will no longer crash.

This crash can also be =E2=80=9Cfixed=E2=80=9D by placing the following lin=
e (a memory
barrier) above the second if statement:

    __asm__ volatile(=E2=80=9C" : : : "memory");

Although that addresses this one, it seems like there may be a number
of other similar issues throughout the PHP code base.

This just can=E2=80=99t be right; that should not be necessary.  What=E2=80=
=99s going on?

Is this a bug in clang?  Is PHP doing something dodgy?  User error on
our part?  We don=E2=80=99t see this behavior compiling the same source wit=
h
clang 3.x / FreeBSD 10.x.

Thanks for any insight!