Add runtime-enabled heap debugging capabilities #18172
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
arnaud-lb
changed the title
arnaud-lb
changed the title
TimWolla
reviewed
Mar 28, 2025
There was a problem hiding this comment.
Thank you! I can confirm that the padding option is particularly useful in catching refcounting bugs, since it will make the:
ZEND_ASSERT(p->refcount > 0);
in zend_gc_delref() functional. Without the padding, the refcount would be overwritten by ZendMM metadata on free, thus preventing the assertion from ever triggering.
The check_freelists_on_shutdown option would also detect this on shutdown, but that would happen much later.
I've got a few comments inline, but overall this looks very good and helpful in catching some of my past production bugs.
TimWolla
reviewed
Mar 28, 2025
TimWolla
reviewed
Mar 28, 2025
Co-authored-by: Tim Düsterhus <[email protected]>
TimWolla
approved these changes
Mar 31, 2025
dstogov
approved these changes
Mar 31, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Debugging memory corruption issues in production can be difficult when it's not possible to use a debug build or ASAN/MSAN/Valgrind (e.g. for performance reasons).
This PR makes it possible to enable some basic heap debugging helpers without rebuilding PHP. This is controlled by the environment variable
ZEND_MM_DEBUG. The env var takes a comma-separated list of parameters:poison_free=byte: Override freed blocks with the specified byte value (represented as a number)poison_alloc=byte: Override newly allocated blocks with the specified byte value (represented as a number)padding=bytes: Pad allocated blocks with the specified amount of bytes (if non-zero, a value >= 16 is recommended to not break alignments)check_freelists_on_shutdown=0|1: Enable checking freelist consistency on shutdownExample:
ZEND_MM_DEBUG=poison_free=0xbe,poison_alloc=0xeb,padding=16,check_freelists_on_shutdown=1 php ....This is based on an idea of @TimWolla.
Implementation
This is implemented by installing custom handlers when
ZEND_MM_DEBUGis set.Overhead
This has zero overhead when
ZEND_MM_DEBUGis not set. WhenZEND_MM_DEBUGis set, the overhead is about 8.5% on the Symfony Demo benchmark.Goals:
Non-goals: