Rewrite watchpoints to be much more stable

This mainly involves a separate abstraction layer for elements (e.g. $a->b) and watchpoints (on pointer of the Bucket for example).
Also better comparison handling (value backup vs. page dumps).

It is not yet finished (there are sometimes false positives announced and names not yet perfect), but the functionality is working and not crashing as far as I have tested.
Future scope is also relative watchpoints, e.g. "w $this->val expression()" which does not have the symbol tables as basis, but the value (in this example: return value of expression()) as basis.

Author: bwoebi

Zend/zend.c

@@ -300,6 +300,9 @@ ZEND_API void zend_print_flat_zval_r(zval *expr) /* {{{ */
 			ZEND_PUTS(")");
 			break;
 		}
+		case IS_REFERENCE:
+			zend_print_flat_zval_r(Z_REFVAL_P(expr));
+			break;
 		default:
 			zend_print_variable(expr);
 			break;
@@ -355,6 +358,9 @@ static void zend_print_zval_r_to_buf(smart_str *buf, zval *expr, int indent) /*
 		case IS_LONG:
 			smart_str_append_long(buf, Z_LVAL_P(expr));
 			break;
+		case IS_REFERENCE:
+			zend_print_zval_r_to_buf(buf, Z_REFVAL_P(expr), indent);
+			break;
 		default:
 			{
 				zend_string *str = zval_get_string(expr);

main/SAPI.c

@@ -479,10 +479,9 @@ SAPI_API void sapi_activate(void)
 
 		/* Cookies */
 		SG(request_info).cookie_data = sapi_module.read_cookies();
-
-		if (sapi_module.activate) {
-			sapi_module.activate();
-		}
+	}
+	if (sapi_module.activate) {
+		sapi_module.activate();
 	}
 	if (sapi_module.input_filter_init) {
 		sapi_module.input_filter_init();

sapi/phpdbg/phpdbg.c

@@ -75,6 +75,7 @@ PHP_INI_END()
 
 static zend_bool phpdbg_booted = 0;
 static zend_bool phpdbg_fully_started = 0;
+zend_bool use_mm_wrappers = 0;
 
 static inline void php_phpdbg_globals_ctor(zend_phpdbg_globals *pg) /* {{{ */
 {
@@ -189,79 +190,27 @@ static void php_phpdbg_destroy_registered(zval *data) /* {{{ */
 	destroy_zend_function(function);
 } /* }}} */
 
+static void php_phpdbg_destroy_file_source(zval *data) /* {{{ */
+{
+	phpdbg_file_source *source = (phpdbg_file_source *) Z_PTR_P(data);
+	destroy_op_array(&source->op_array);
+	if (source->buf) {
+		efree(source->buf);
+	}
+	efree(source);
+} /* }}} */
+
 
 static PHP_RINIT_FUNCTION(phpdbg) /* {{{ */
 {
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE], 8, NULL, php_phpdbg_destroy_bp_file, 0);
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_PENDING], 8, NULL, php_phpdbg_destroy_bp_file, 0);
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_SYM], 8, NULL, php_phpdbg_destroy_bp_symbol, 0);
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_FUNCTION_OPLINE], 8, NULL, php_phpdbg_destroy_bp_methods, 0);
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD_OPLINE], 8, NULL, php_phpdbg_destroy_bp_methods, 0);
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_OPLINE], 8, NULL, php_phpdbg_destroy_bp_methods, 0);
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_OPLINE], 8, NULL, php_phpdbg_destroy_bp_opline, 0);
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_OPCODE], 8, NULL, php_phpdbg_destroy_bp_opcode, 0);
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD], 8, NULL, php_phpdbg_destroy_bp_methods, 0);
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_COND], 8, NULL, php_phpdbg_destroy_bp_condition, 0);
-	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_MAP], 8, NULL, NULL, 0);
-
-	zend_hash_init(&PHPDBG_G(seek), 8, NULL, NULL, 0);
-	zend_hash_init(&PHPDBG_G(registered), 8, NULL, php_phpdbg_destroy_registered, 0);
+	/* deactivate symbol table caching to have these properly destroyed upon stack leaving (especially important for watchpoints) */
+	EG(symtable_cache_limit) = EG(symtable_cache) - 1;
 
 	return SUCCESS;
 } /* }}} */
 
 static PHP_RSHUTDOWN_FUNCTION(phpdbg) /* {{{ */
 {
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE]);
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_PENDING]);
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_SYM]);
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FUNCTION_OPLINE]);
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD_OPLINE]);
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_OPLINE]);
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_OPLINE]);
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_OPCODE]);
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD]);
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_COND]);
-	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_MAP]);
-	zend_hash_destroy(&PHPDBG_G(file_sources));
-	zend_hash_destroy(&PHPDBG_G(seek));
-	zend_hash_destroy(&PHPDBG_G(registered));
-	zend_hash_destroy(&PHPDBG_G(watchpoints));
-	zend_llist_destroy(&PHPDBG_G(watchlist_mem));
-
-	if (PHPDBG_G(buffer)) {
-		free(PHPDBG_G(buffer));
-		PHPDBG_G(buffer) = NULL;
-	}
-
-	if (PHPDBG_G(exec)) {
-		efree(PHPDBG_G(exec));
-		PHPDBG_G(exec) = NULL;
-	}
-
-	if (PHPDBG_G(oplog)) {
-		fclose(PHPDBG_G(oplog));
-		PHPDBG_G(oplog) = NULL;
-	}
-
-	if (PHPDBG_G(ops)) {
-		destroy_op_array(PHPDBG_G(ops));
-		efree(PHPDBG_G(ops));
-		PHPDBG_G(ops) = NULL;
-	}
-
-	if (PHPDBG_G(oplog_list)) {
-		phpdbg_oplog_list *cur = PHPDBG_G(oplog_list);
-		do {
-			phpdbg_oplog_list *prev = cur->prev;
-			efree(cur);
-			cur = prev;
-		} while (cur != NULL);
-
-		zend_arena_destroy(PHPDBG_G(oplog_arena));
-		PHPDBG_G(oplog_list) = NULL;
-	}
-
 	return SUCCESS;
 } /* }}} */
 
@@ -845,8 +794,86 @@ static void php_sapi_phpdbg_log_message(char *message, int syslog_type_int) /* {
 }
 /* }}} */
 
+static int php_sapi_phpdbg_activate(void) /* {{{ */
+{
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE], 8, NULL, php_phpdbg_destroy_bp_file, 0);
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_PENDING], 8, NULL, php_phpdbg_destroy_bp_file, 0);
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_SYM], 8, NULL, php_phpdbg_destroy_bp_symbol, 0);
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_FUNCTION_OPLINE], 8, NULL, php_phpdbg_destroy_bp_methods, 0);
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD_OPLINE], 8, NULL, php_phpdbg_destroy_bp_methods, 0);
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_OPLINE], 8, NULL, php_phpdbg_destroy_bp_methods, 0);
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_OPLINE], 8, NULL, php_phpdbg_destroy_bp_opline, 0);
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_OPCODE], 8, NULL, php_phpdbg_destroy_bp_opcode, 0);
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD], 8, NULL, php_phpdbg_destroy_bp_methods, 0);
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_COND], 8, NULL, php_phpdbg_destroy_bp_condition, 0);
+	zend_hash_init(&PHPDBG_G(bp)[PHPDBG_BREAK_MAP], 8, NULL, NULL, 0);
+
+	zend_hash_init(&PHPDBG_G(seek), 8, NULL, NULL, 0);
+	zend_hash_init(&PHPDBG_G(registered), 8, NULL, php_phpdbg_destroy_registered, 0);
+
+	zend_hash_init(&PHPDBG_G(file_sources), 0, NULL, php_phpdbg_destroy_file_source, 0);
+	phpdbg_setup_watchpoints();
+
+	return SUCCESS;
+}
+
 static int php_sapi_phpdbg_deactivate(void) /* {{{ */
 {
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE]);
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_PENDING]);
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_SYM]);
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FUNCTION_OPLINE]);
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD_OPLINE]);
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_FILE_OPLINE]);
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_OPLINE]);
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_OPCODE]);
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_METHOD]);
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_COND]);
+	zend_hash_destroy(&PHPDBG_G(bp)[PHPDBG_BREAK_MAP]);
+	zend_hash_destroy(&PHPDBG_G(file_sources));
+	zend_hash_destroy(&PHPDBG_G(seek));
+	zend_hash_destroy(&PHPDBG_G(registered));
+	phpdbg_destroy_watchpoints();
+
+	/* hack to restore mm_heap->use_custom_heap in order to receive memory leak info */
+	if (use_mm_wrappers) {
+		/* ASSUMING that mm_heap->use_custom_heap is the first element of the struct ... */
+		*(int *) zend_mm_get_heap() = 0;
+	}
+
+	if (PHPDBG_G(buffer)) {
+		free(PHPDBG_G(buffer));
+		PHPDBG_G(buffer) = NULL;
+	}
+
+	if (PHPDBG_G(exec)) {
+		efree(PHPDBG_G(exec));
+		PHPDBG_G(exec) = NULL;
+	}
+
+	if (PHPDBG_G(oplog)) {
+		fclose(PHPDBG_G(oplog));
+		PHPDBG_G(oplog) = NULL;
+	}
+
+	if (PHPDBG_G(ops)) {
+		destroy_op_array(PHPDBG_G(ops));
+		efree(PHPDBG_G(ops));
+		PHPDBG_G(ops) = NULL;
+	}
+
+	if (PHPDBG_G(oplog_list)) {
+		phpdbg_oplog_list *cur = PHPDBG_G(oplog_list);
+		do {
+			phpdbg_oplog_list *prev = cur->prev;
+			efree(cur);
+			cur = prev;
+		} while (cur != NULL);
+
+		zend_arena_destroy(PHPDBG_G(oplog_arena));
+		PHPDBG_G(oplog_list) = NULL;
+	}
+
 	fflush(stdout);
 	if (SG(request_info).argv0) {
 		free(SG(request_info).argv0);
@@ -994,7 +1021,7 @@ static sapi_module_struct phpdbg_sapi_module = {
 	php_sapi_phpdbg_module_startup, /* startup */
 	php_module_shutdown_wrapper,    /* shutdown */
 
-	NULL,                           /* activate */
+	php_sapi_phpdbg_activate,       /* activate */
 	php_sapi_phpdbg_deactivate,     /* deactivate */
 
 	php_sapi_phpdbg_ub_write,       /* unbuffered write */
@@ -1236,11 +1263,11 @@ void phpdbg_signal_handler(int sig, siginfo_t *info, void *context) /* {{{ */
 	switch (sig) {
 		case SIGBUS:
 		case SIGSEGV:
-			if (PHPDBG_G(sigsegv_bailout)) {
-				LONGJMP(*PHPDBG_G(sigsegv_bailout), FAILURE);
-			}
 			is_handled = phpdbg_watchpoint_segfault_handler(info, context);
 			if (is_handled == FAILURE) {
+				if (PHPDBG_G(sigsegv_bailout)) {
+					LONGJMP(*PHPDBG_G(sigsegv_bailout), FAILURE);
+				}
 				zend_sigaction(sig, &PHPDBG_G(old_sigsegv_signal), NULL);
 			}
 			break;
@@ -1308,7 +1335,6 @@ int main(int argc, char **argv) /* {{{ */
 	FILE* stream = NULL;
 	char *print_opline_func;
 	zend_bool ext_stmt = 0;
-	zend_bool use_mm_wrappers = 0;
 	zend_bool is_exit;
 	int exit_status;
 
@@ -1635,8 +1661,6 @@ int main(int argc, char **argv) /* {{{ */
 
 		use_mm_wrappers = !_malloc && !_realloc && !_free;
 
-		phpdbg_init_list();
-
 		PHPDBG_G(original_free_function) = _free;
 		_free = phpdbg_watch_efree;
 
@@ -1650,14 +1674,14 @@ int main(int argc, char **argv) /* {{{ */
 			zend_mm_set_custom_handlers(mm_heap, _malloc, _free, _realloc);
 		}
 
-		phpdbg_setup_watchpoints();
-
 #if defined(ZEND_SIGNALS) && !defined(_WIN32)
 		zend_try {
 			zend_signal_activate();
 		} zend_end_try();
 #endif
 
+		phpdbg_init_list();
+
 		PHPDBG_G(sapi_name_ptr) = sapi_name;
 
 		if (exec) { /* set execution context */
@@ -1976,11 +2000,6 @@ int main(int argc, char **argv) /* {{{ */
 			}
 		}
 
-		/* hack to restore mm_heap->use_custom_heap in order to receive memory leak info */
-		if (use_mm_wrappers) {
-			/* ASSUMING that mm_heap->use_custom_heap is the first element of the struct ... */
-			*(int *) mm_heap = 0;
-		}
 		zend_try {
 			php_request_shutdown(NULL);
 		} zend_end_try();

sapi/phpdbg/phpdbg.h

@@ -253,12 +253,15 @@ ZEND_BEGIN_MODULE_GLOBALS(phpdbg)
 #endif
 	phpdbg_btree watchpoint_tree;                /* tree with watchpoints */
 	phpdbg_btree watch_HashTables;               /* tree with original dtors of watchpoints */
-	HashTable watchpoints;                       /* watchpoints */
+	HashTable watch_elements;                    /* user defined watch elements */
 	HashTable watch_collisions;                  /* collision table to check if multiple watches share the same recursive watchpoint */
-	zend_llist watchlist_mem;                    /* triggered watchpoints */
+	HashTable watch_recreation;                  /* watch elements pending recreation of their respective watchpoints */
+	HashTable watch_free;                        /* pointers to watch for being freed */
+	HashTable *watchlist_mem;                    /* triggered watchpoints */
+	HashTable *watchlist_mem_backup;             /* triggered watchpoints backup table while iterating over it */
 	zend_bool watchpoint_hit;                    /* a watchpoint was hit */
 	void (*original_free_function)(void *);      /* the original AG(mm_heap)->_free function */
-	phpdbg_watchpoint_t *watch_tmp;              /* temporary pointer for a watchpoint */
+	phpdbg_watch_element *watch_tmp;             /* temporary pointer for a watch element */
 
 	char *exec;                                  /* file to execute */
 	size_t exec_len;                             /* size of exec */

sapi/phpdbg/phpdbg_btree.c

@@ -25,14 +25,17 @@
 	branch = branch->branches[!!(n)];
 
 #ifdef _Win32
-# define emalloc malloc
-# define efree free
+# undef pemalloc
+# undef pefree
+# define pemalloc(size, persistent) malloc(size)
+# define pefree(ptr, persistent) free(ptr)
 #endif
 
 /* depth in bits */
 void phpdbg_btree_init(phpdbg_btree *tree, zend_ulong depth) {
 	tree->depth = depth;
 	tree->branch = NULL;
+	tree->persistent = 0;
 	tree->count = 0;
 }
 
@@ -157,7 +160,7 @@ int phpdbg_btree_insert_or_update(phpdbg_btree *tree, zend_ulong idx, void *ptr,
 		}
 
 		{
-			phpdbg_btree_branch *memory = *branch = emalloc((i + 2) * sizeof(phpdbg_btree_branch));
+			phpdbg_btree_branch *memory = *branch = pemalloc((i + 2) * sizeof(phpdbg_btree_branch), tree->persistent);
 			do {
 				(*branch)->branches[!((idx >> i) % 2)] = NULL;
 				branch = &(*branch)->branches[(idx >> i) % 2];
@@ -199,22 +202,22 @@ int phpdbg_btree_delete(phpdbg_btree *tree, zend_ulong idx) {
 	tree->count--;
 
 	if (i_last_dual_branch == -1) {
-		efree(tree->branch);
+		pefree(tree->branch, tree->persistent);
 		tree->branch = NULL;
 	} else {
 		if (last_dual_branch->branches[last_dual_branch_branch] == last_dual_branch + 1) {
 			phpdbg_btree_branch *original_branch = last_dual_branch->branches[!last_dual_branch_branch];
 
 			memcpy(last_dual_branch + 1, last_dual_branch->branches[!last_dual_branch_branch], (i_last_dual_branch + 1) * sizeof(phpdbg_btree_branch));
-			efree(last_dual_branch->branches[!last_dual_branch_branch]);
+			pefree(last_dual_branch->branches[!last_dual_branch_branch], tree->persistent);
 			last_dual_branch->branches[!last_dual_branch_branch] = last_dual_branch + 1;
 
 			branch = last_dual_branch->branches[!last_dual_branch_branch];
 			for (i = i_last_dual_branch; i--;) {
 				branch = (branch->branches[branch->branches[1] == ++original_branch] = last_dual_branch + i_last_dual_branch - i + 1);
 			}
 		} else {
-			efree(last_dual_branch->branches[last_dual_branch_branch]);
+			pefree(last_dual_branch->branches[last_dual_branch_branch], tree->persistent);
 		}
 
 		last_dual_branch->branches[last_dual_branch_branch] = NULL;
@@ -223,6 +226,26 @@ int phpdbg_btree_delete(phpdbg_btree *tree, zend_ulong idx) {
 	return SUCCESS;
 }
 
+void phpdbg_btree_clean_recursive(phpdbg_btree_branch *branch, zend_ulong depth, zend_bool persistent) {
+	phpdbg_btree_branch *start = branch;
+	while (depth--) {
+		zend_bool use_branch = branch + 1 == branch->branches[0];
+		if (branch->branches[use_branch]) {
+			phpdbg_btree_clean_recursive(branch->branches[use_branch], depth, persistent);
+		}
+	}
+
+	pefree(start, persistent);
+}
+
+void phpdbg_btree_clean(phpdbg_btree *tree) {
+	if (tree->branch) {
+		phpdbg_btree_clean_recursive(tree->branch, tree->depth, tree->persistent);
+		tree->branch = NULL;
+		tree->count = 0;
+	}
+}
+
 void phpdbg_btree_branch_dump(phpdbg_btree_branch *branch, zend_ulong depth) {
 	if (branch) {
 		if (depth--) {