使用 GDB 調試 PHP 代碼,解決 PHP 代碼死循環

（給PHP開發者加星標，提升PHP技能）

轉自：韓天峰

http://rango.swoole.com/archives/325

最近在幫同事解決Swoole Server問題時，發現有1個worker進程一直處於R的狀態，而且CPU耗時非常高。初步斷定是PHP代碼中發生死循環。

下面通過一段代碼展示如何解決PHP死循環問題。

$array = array();for($i = 0; $i < 10000; $i++){    $array[] = $i;}include __DIR__."/include.php";
while(1){    usleep(10);    $keys = array_flip($array);    $index = array_search(rand(1500, 9999), $array);    $str = str_repeat('A', $index);    $strb = test($index, $str);}
function test($index, $str){    return str_replace('A', 'B', $str);}
通過ps aux得到進程ID和狀態如下，使用gdb -p 進程ptrace跟蹤，通過bt命令得到調用棧
htf 3834 2.6 0.2 166676 22060 pts/12 R+ 10:50 0:12 php dead_loop.phpgdb -p 3834(gdb) bt#0 0x00000000008cc03f in zend_mm_check_ptr (heap=0x1eaa2c0, ptr=0x2584910, silent=1, __zend_filename=0xee3d40 "/home/htf/workspace/php-5.4.27/Zend/zend_variables.c",__zend_lineno=182, __zend_orig_filename=0xee1888 "/home/htf/workspace/php-5.4.27/Zend/zend_execute_API.c", __zend_orig_lineno=437)at /home/htf/workspace/php-5.4.27/Zend/zend_alloc.c:1485#1 0x00000000008cd643 in _zend_mm_free_int (heap=0x1eaa2c0, p=0x2584910, __zend_filename=0xee3d40 "/home/htf/workspace/php-5.4.27/Zend/zend_variables.c", __zend_lineno=182,__zend_orig_filename=0xee1888 "/home/htf/workspace/php-5.4.27/Zend/zend_execute_API.c", __zend_orig_lineno=437) at /home/htf/workspace/php-5.4.27/Zend/zend_alloc.c:2064#2 0x00000000008cebf7 in _efree (ptr=0x2584910, __zend_filename=0xee3d40 "/home/htf/workspace/php-5.4.27/Zend/zend_variables.c", __zend_lineno=182,__zend_orig_filename=0xee1888 "/home/htf/workspace/php-5.4.27/Zend/zend_execute_API.c", __zend_orig_lineno=437) at /home/htf/workspace/php-5.4.27/Zend/zend_alloc.c:2436#3 0x00000000008eda0a in _zval_ptr_dtor (zval_ptr=0x25849a0, __zend_filename=0xee3d40 "/home/htf/workspace/php-5.4.27/Zend/zend_variables.c", __zend_lineno=182)at /home/htf/workspace/php-5.4.27/Zend/zend_execute_API.c:437#4 0x00000000008fe687 in _zval_ptr_dtor_wrapper (zval_ptr=0x25849a0) at /home/htf/workspace/php-5.4.27/Zend/zend_variables.c:182#5 0x000000000091259f in zend_hash_destroy (ht=0x7f7263f6e380) at /home/htf/workspace/php-5.4.27/Zend/zend_hash.c:560#6 0x00000000008fe2c5 in _zval_dtor_func (zvalue=0x7f726426fe50, __zend_filename=0xeea290 "/home/htf/workspace/php-5.4.27/Zend/zend_execute.c", __zend_lineno=901)at /home/htf/workspace/php-5.4.27/Zend/zend_variables.c:45#7 0x0000000000936656 in _zval_dtor (zvalue=0x7f726426fe50, __zend_filename=0xeea290 "/home/htf/workspace/php-5.4.27/Zend/zend_execute.c", __zend_lineno=901)at /home/htf/workspace/php-5.4.27/Zend/zend_variables.h:35#8 0x0000000000939747 in zend_assign_to_variable (variable_ptr_ptr=0x7f7263f8e738, value=0x7f726426f6a8) at /home/htf/workspace/php-5.4.27/Zend/zend_execute.c:901#9 0x0000000000997ee5 in ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0x7f726d04b2a8) at /home/htf/workspace/php-5.4.27/Zend/zend_vm_execute.h:33168#10 0x000000000093b5fd in execute (op_array=0x21d58b0) at /home/htf/workspace/php-5.4.27/Zend/zend_vm_execute.h:410#11 0x0000000000901692 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/htf/workspace/php-5.4.27/Zend/zend.c:1315#12 0x000000000087926a in php_execute_script (primary_file=0x7ffffe0038d0) at /home/htf/workspace/php-5.4.27/main/main.c:2502#13 0x00000000009a32e3 in do_cli (argc=2, argv=0x7ffffe004d18) at /home/htf/workspace/php-5.4.27/sapi/cli/php_cli.c:989#14 0x00000000009a4491 in main (argc=2, argv=0x7ffffe004d18) at /home/htf/workspace/php-5.4.27/sapi/cli/php_cli.c:1365
執行gdb後，死循環的進程會變成T的狀態，表示正在Trace。這個是獨佔的，所以不能再使用strace/gdb或者其他ptrace工具對此進程進行調試。另外此進程會中斷執行。gdb輸入c後，程序繼續向下運行。然後再次按下ctrl + c中斷程序。通過bt命令查看進程的調用棧。
(gdb) bt __zend_orig_filename=0xee5a38 "/home/htf/workspace/php-5.4.27/Zend/zend_hash.c", __zend_orig_lineno=412) at /home/htf/workspace/php-5.4.27/Zend/zend_alloc.c:1895__zend_orig_filename=0xee5a38 "/home/htf/workspace/php-5.4.27/Zend/zend_hash.c", __zend_orig_lineno=412) at /home/htf/workspace/php-5.4.27/Zend/zend_alloc.c:2425__zend_filename=0xe43410 "/home/htf/workspace/php-5.4.27/ext/standard/array.c", __zend_lineno=2719) at /home/htf/workspace/php-5.4.27/Zend/zend_hash.c:412at /home/htf/workspace/php-5.4.27/ext/standard/array.c:2719
兩次的BT信息不一樣，這是因為程序在不同的位置中斷。看到execute (op_array=0x21d58b0) 這一行，這裡就是PHP執行op_array的入口了。gdb下輸入f 6，(通過調用棧編號可得)。
(gdb) f 6#6 0x000000000093b5fd in execute (op_array=0x21d58b0) at /home/htf/workspace/php-5.4.27/Zend/zend_vm_execute.h:410410 if ((ret = OPLINE->handler(execute_data TSRMLS_CC)) > 0) {(gdb) p *op_array$2 = {type = 2 '\002', function_name = 0x7f726d086540 "test", scope = 0x0, fn_flags = 134217728, prototype = 0x0, num_args = 2, required_num_args = 2, arg_info = 0x7f726d086bd8,refcount = 0x7f726d0870f0, opcodes = 0x7f726424d600, last = 8, vars = 0x7f726424e890, last_var = 2, T = 1, brk_cont_array = 0x0, last_brk_cont = 0, try_catch_array = 0x0,last_try_catch = 0, static_variables = 0x0, this_var = 4294967295, filename = 0x7f726424ba38 "/home/htf/wwwroot/include.php", line_start = 12, line_end = 15, doc_comment = 0x0,doc_comment_len = 0, early_binding = 4294967295, literals = 0x7f726424eae0, last_literal = 4, run_time_cache = 0x7f726450bfb0, last_cache_slot = 1, reserved = {0x0, 0x0, 0x0, 0x0}}
這裡的filename就能看到op_array是哪個PHP文件的。然後輸入f 0進入當前位置。
(gdb) p **executor_globals.opline_ptr$4 = {handler = 0x93ff9c , op1 = {constant = 1680133296, var = 1680133296, num = 1680133296, hash = 140129283132592, opline_num = 1680133296,jmp_addr = 0x7f726424ccb0, zv = 0x7f726424ccb0, literal = 0x7f726424ccb0, ptr = 0x7f726424ccb0}, op2 = {constant = 0, var = 0, num = 0, hash = 0, opline_num = 0, jmp_addr = 0x0,zv = 0x0, literal = 0x0, ptr = 0x0}, result = {constant = 32, var = 32, num = 32, hash = 32, opline_num = 32, jmp_addr = 0x20, zv = 0x20, literal = 0x20, ptr = 0x20},extended_value = 1, lineno = 5, opcode = 60 '
這裡的lineno表示OPCODE所在的代碼行數，可以到對應文件裡去看下是哪行代碼。使用GDB可以查看到更多的信息，這裡就不再一一介紹了，有興趣各位可以自行嘗試。
zbacktrace的使用
zend官方提供了一個gdb的腳本，對指令進行了封裝，可以直接看到php函數的調用關係。在php原始碼包的根目錄中有一個.gdbinit。使用
source your_php_src_path/.gdbinitzbacktrace
可以直接看到PHP函數的調用堆棧。
- EOF -
看完本文有收穫？請分享給更多人
關注「PHP開發者」加星標，提升PHP技能

點讚和在看就是最大的支持❤️