study
study copied to clipboard
php-extension-research
未正确维护closures object引用计数导致core dumped
问题描述 协程创建传入的闭包op_array分配在closures object成员属性,当yield后会被以参数释减少引用计数, resume后closures object已被释放,将高概率性触发core dumped。 协程execute_data分配阶段应该手动对closures增加一次引用计数
以下是错误bt
Starting program: /usr/local/php7.3/bin/php -dextension=/usr/local/php7.3/lib/php/extensions/debug-non-zts-20180731/study.so -f /vagrant/www/tests/coroutine/bug.php [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". int(0) int(1) int(0) int(1) string(9) "cid_a_end" Program received signal SIGSEGV, Segmentation fault. 0x00000000009cb10c in zend_gc_delref (p=0x3) at /vagrant/www/php-src-win/Zend/zend_types.h:996 996 return --(p->refcount); (gdb) bt #0 0x00000000009cb10c in zend_gc_delref (p=0x3) at /vagrant/www/php-src-win/Zend/zend_types.h:996 #1 0x00000000009d310b in i_free_compiled_variables (execute_data=0x7ffff3e7b070) at /vagrant/www/php-src-win/Zend/zend_execute.c:2361 #2 0x00000000009d6260 in zend_leave_helper_SPEC () at /vagrant/www/php-src-win/Zend/zend_vm_execute.h:641 #3 0x00000000009dc2bb in ZEND_RETURN_SPEC_CONST_HANDLER () at /vagrant/www/php-src-win/Zend/zend_vm_execute.h:2808 #4 0x00000000009d5a8d in execute_ex (ex=0x7ffff3e7b070) at /vagrant/www/php-src-win/Zend/zend_vm_execute.h:43
以下是复现代码 `<?php study_event_init(); $cid_a = Sgo(function () { $b = function () { $arr = debug_backtrace(); }; for($i=0;$i<=2;$i++){ Study\Coroutine::yield(); $arr =range(1,100002); $b(); } var_dump("cid_a_end"); });
$cid_b = Sgo(function () { $b = function (){ $arr = debug_backtrace(); };
for($i=0;$i<=2;$i++){
Study\Coroutine::yield();
$arr =range(1,100001);
$b();
}
var_dump("cid_b_end");
});
$count = 0 ; $i= 0; while ($count<=4){ if($i>1){ $i=0; } Study\Coroutine::resume($i==0?$cid_a:$cid_b); var_dump($i); $i++; $count++; } study_event_wait();`
