Skip to content

PHP 8.2.0-dev crashes on Apple Silicon with JIT turned on #9370

New issue
New issue
Closed
Closed
PHP 8.2.0-dev crashes on Apple Silicon with JIT turned on#9370
Assignees
devnexen
Labels
BugCategory: JITOS: macOSStatus: Verified
@jdp1024

Description

@jdp1024
jdp1024
opened on Aug 18, 2022

Description

PHP 8.2.0-dev crashes on Apple Silicon M1.

~ uname -a
Darwin bogon 21.6.0 Darwin Kernel Version 21.6.0: Wed Aug 10 14:28:23 PDT 2022; root:xnu-8020.141.5~2/RELEASE_ARM64_T6000 arm64

The bench.php program crashes with JIT on. It runs fine when JIT is turned off.

~ lldb /opt/php/bin/php bench.php
(lldb) target create "/opt/php/bin/php"
Current executable set to '/opt/php/bin/php' (arm64).
(lldb) settings set -- target.run-args  "bench.php"
(lldb) r
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x138000ce0)
    frame #0: 0x0000000138000ce0
->  0x138000ce0: stp    x29, x30, [sp, #-0x30]!
    0x138000ce4: stp    x27, x28, [sp, #0x20]
    0x138000ce8: mov    x27, x0
    0x138000cec: mov    w15, #0x1
Target 0: (php) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x138000ce0)
  * frame #0: 0x0000000138000ce0
    frame #1: 0x00000001005effa8 php`execute_ex(ex=0x0000000102215020) at zend_vm_execute.h:55794:7
    frame #2: 0x00000001005f0698 php`zend_execute(op_array=0x0000000102293500, return_value=0x0000000000000000) at zend_vm_execute.h:60362:2
    frame #3: 0x000000010059d7b8 php`zend_execute_scripts(type=8, retval=0x0000000000000000, file_count=3) at zend.c:1780:4
    frame #4: 0x00000001004cafd4 php`php_execute_script(primary_file=0x000000016fdff2f8) at main.c:2535:13
    frame #5: 0x00000001008354b0 php`do_cli(argc=2, argv=0x0000600000202e00) at php_cli.c:964:5
    frame #6: 0x00000001008345c4 php`main(argc=2, argv=0x0000600000202e00) at php_cli.c:1333:18
    frame #7: 0x000000010133d08c dyld`start + 520

Obviously 0x0000000138000ce0 is a JIT block and it seems to lack the R/X bit.

In zend_jit_protect, when HAVE_PTHREAD_JIT_WRITE_PROTECT_NP is defined, the function calls pthread_jit_write_protect_np(1) and exits. It works on x64 macOS systems, but dasm_buf is inaccessible in Apple Silicon.

I commented the return statement after pthread_jit_write_protect_np(1); and PHP runs fine.

#ifdef HAVE_PTHREAD_JIT_WRITE_PROTECT_NP
		if (zend_write_protect) {
			pthread_jit_write_protect_np(1);
			//return;
		}
#endif

PHP Version

PHP 8.2.0-dev

Operating System

macOS 12.5.1

Metadata

Metadata

Assignees

Labels

BugCategory: JITOS: macOSStatus: Verified

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions