Cphalcon: Segfault with empty conditions. bind and limit

And without empty conditions it works fine ?

When i will be in home i will check it on debug version

Can't understand why, but this segfault is reproducible only after another

Core was generated by `php-fpm: pool www                                                            '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00005611170544db in zend_hash_find ()
(gdb) bt
#0  0x00005611170544db in zend_hash_find ()
#1  0x0000561117054c26 in _zend_hash_merge ()
#2  0x000056111703b011 in add_function ()
#3  0x00007f47f56d2775 in zim_Phalcon_Mvc_Model_Query_execute () from /usr/lib/php/20151012/phalcon.so
#4  0x0000561117030f7a in dtrace_execute_internal ()
#5  0x00007f47f587584b in zephir_call_user_function () from /usr/lib/php/20151012/phalcon.so
#6  0x00007f47f586e0cf in zephir_call_class_method_aparams () from /usr/lib/php/20151012/phalcon.so
#7  0x00007f47f56b3e84 in zim_Phalcon_Mvc_Model__groupResult () from /usr/lib/php/20151012/phalcon.so
#8  0x0000561117030f7a in dtrace_execute_internal ()
#9  0x00007f47f587584b in zephir_call_user_function () from /usr/lib/php/20151012/phalcon.so
#10 0x00007f47f586e0cf in zephir_call_class_method_aparams () from /usr/lib/php/20151012/phalcon.so
#11 0x00007f47f56a5754 in zim_Phalcon_Mvc_Model_count () from /usr/lib/php/20151012/phalcon.so
#12 0x0000561117030f7a in dtrace_execute_internal ()
#13 0x00005611170c49f0 in ?? ()
#14 0x000056111708083b in execute_ex ()

Maybe it's about some opcache or something ?

Can reproduce after adding Robots::count()

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);

$di = new Phalcon\DI\FactoryDefault();

$di->setShared('db', function () {
    $connection = new Phalcon\Db\Adapter\Pdo\Mysql([
        'adapter'  => 'Mysql',
        'host'     => 'localhost',
        'port'     => 3306,
        'dbname'   => 'test',
        'username' => 'root',
        'charset'  => 'utf8',
        'options'  => [
            PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
        ]
    ]);

    return $connection;
});

class Robots extends Phalcon\Mvc\Model
{
    public $id;

    public function getSource()
    {
        return 'robots';
    }
}

$args = [
    'conditions' => '', //required
    'bind'       => [], // required
    'limit'      => 10 // required
];

// segfault after second request
Robots::find($args);
Robots::count($args);

After first request got error "Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 1443299720 bytes)", after second segfault

If switch order of count//find got error "Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in"

First post i have segfault too with opcache enabled, after disabling it it works fine. Of course it should work with opcache too, so it's not solution.

Is this only happening on php7?

On debug version though it looks like there is some infinite loop without any segfault etc.

On php 5.x everything works fine, both opcache and without it.

After increasing execution time and running apache in gdb and after some time deaataching gdb i got:

Program received signal SIGINT, Interrupt.
0x00007ffff3ae2d1a in zend_hash_find_bucket (ht=0x7fffd42d9808, key=0x7fffefc65180) at /root/.phpbrew/build/7.0.5-debug/Zend/zend_hash.c:495
495                     p = HT_HASH_TO_BUCKET_EX(arData, idx);
(gdb) bt 
#0  0x00007ffff3ae2d1a in zend_hash_find_bucket (ht=0x7fffd42d9808, key=0x7fffefc65180) at /root/.phpbrew/build/7.0.5-debug/Zend/zend_hash.c:495
#1  0x00007ffff3ae305a in _zend_hash_add_or_update_i (ht=0x7fffd42d9808, key=0x7fffefc65180, pData=0x7fffffffacb0, flag=1, 
    __zend_filename=0x7fffe7de7c10 "/root/.phpbrew/php/7.0.5-debug/include/php/Zend/zend_hash.h", __zend_lineno=407) at /root/.phpbrew/build/7.0.5-debug/Zend/zend_hash.c:568
#2  0x00007ffff3ae3558 in _zend_hash_str_update (ht=0x7fffd42d9808, str=0x7fffefc65158 "APL0", len=4, pData=0x7fffffffacb0, 
    __zend_filename=0x7fffe7de7c10 "/root/.phpbrew/php/7.0.5-debug/include/php/Zend/zend_hash.h", __zend_lineno=407) at /root/.phpbrew/build/7.0.5-debug/Zend/zend_hash.c:667
#3  0x00007fffe78edf92 in zend_symtable_str_update () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#4  0x00007fffe78ef659 in zephir_update_property_array () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#5  0x00007fffe7c9d0fa in zim_Phalcon_Mvc_Model_Query_Builder_getPhql () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#6  0x00007fffe78fec5a in zephir_call_function_opt () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#7  0x00007fffe78f94dc in zephir_call_user_function () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#8  0x00007fffe78f9b97 in zephir_call_class_method_aparams () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#9  0x00007fffe7c9d870 in zim_Phalcon_Mvc_Model_Query_Builder_getQuery () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#10 0x00007fffe78fec5a in zephir_call_function_opt () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#11 0x00007fffe78f94dc in zephir_call_user_function () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#12 0x00007fffe78f9b97 in zephir_call_class_method_aparams () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#13 0x00007fffe7bd7e84 in zim_Phalcon_Mvc_Model_find () from /root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so
#14 0x00007ffff3b2cfaa in ZEND_DO_FCALL_SPEC_HANDLER () at /root/.phpbrew/build/7.0.5-debug/Zend/zend_vm_execute.h:842
#15 0x00007ffff3b2be2c in execute_ex (ex=0x7fffefc12030) at /root/.phpbrew/build/7.0.5-debug/Zend/zend_vm_execute.h:414
#16 0x00007ffff3b2bf3e in zend_execute (op_array=0x7fffefc6b000, return_value=0x0) at /root/.phpbrew/build/7.0.5-debug/Zend/zend_vm_execute.h:458
#17 0x00007ffff3ad0afe in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/.phpbrew/build/7.0.5-debug/Zend/zend.c:1427
#18 0x00007ffff3a3dd69 in php_execute_script (primary_file=0x7fffffffdc90) at /root/.phpbrew/build/7.0.5-debug/main/main.c:2487
#19 0x00007ffff3b9080d in php_handler (r=0x7ffff7e560a0) at /root/.phpbrew/build/7.0.5-debug/sapi/apache2handler/sapi_apache2.c:678
#20 0x00005555555aabe0 in ap_run_handler ()
#21 0x00005555555ab129 in ap_invoke_handler ()
#22 0x00005555555c06ca in ap_process_async_request ()
#23 0x00005555555c09a4 in ap_process_request ()
#24 0x00005555555bd442 in ?? ()
#25 0x00005555555b4220 in ap_run_process_connection ()
#26 0x00007ffff4690767 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#27 0x00007ffff469096c in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#28 0x00007ffff46916b1 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#29 0x00005555555918ae in ap_run_mpm ()
#30 0x000055555558b046 in main ()

print_r(Robots::find([
    'conditions' => '', // required
    'bind'       => [], // required
    'limit' => 10
])->getFirst()->toArray());

On non-debug:

On first run it returns:

Array ( [id] => 1 [name] => Robotina [type] => mechanical [year] => 1972 [datetime] => 1972-01-01 00:00:00 [text] => text )

On second:

Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 549294713384 bytes) in /vagrant/www/test/index.php on line 65

On third:

Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 5211826059845967944 bytes) in /vagrant/www/test/index.php on line 65

After this there is maximum execution time error.

Looks like some memory leak with opcache, php7 and phalcon.

On debug:

Array ( [id] => 1 [name] => Robotina [type] => mechanical [year] => 1972 [datetime] => 1972-01-01 00:00:00 [text] => text )

Allowed memory size of 1073741824 bytes exhausted at /root/.phpbrew/build/7.0.5-debug/Zend/zend_string.h:121 (tried to allocate 14987980108248341376 bytes) in /vagrant/www/test/index.php on line 65

Also after removing limit it works fine

It looks like any combination of bind(no matter if empty or dont) and limit is causing this problem.

Also with limit and non-empty bind and condition with limit stack looks like here both on debug and non-debug:

#0  0x000000000000000a in ?? ()
#1  0x00007fba855d7f7b in execute_ex (ex=<optimized out>) at /root/.phpbrew/build/7.0.5/Zend/zend_vm_execute.h:414
#2  0x00007fba85620f37 in zend_execute (op_array=0x7fba81a67000, op_array@entry=0x7fba72e0e8d0, return_value=return_value@entry=0x7fba81a12030)
    at /root/.phpbrew/build/7.0.5/Zend/zend_vm_execute.h:458
#3  0x00007fba8559be34 in zend_execute_scripts (type=type@entry=8, retval=0x7fba81a12030, retval@entry=0x0, file_count=file_count@entry=3) at /root/.phpbrew/build/7.0.5/Zend/zend.c:1427
#4  0x00007fba85540018 in php_execute_script (primary_file=primary_file@entry=0x7ffe9187cf70) at /root/.phpbrew/build/7.0.5/main/main.c:2487
#5  0x00007fba85622872 in php_handler (r=<optimized out>) at /root/.phpbrew/build/7.0.5/sapi/apache2handler/sapi_apache2.c:678
#6  0x00007fba89a85be0 in ap_run_handler ()
#7  0x00007fba89a86129 in ap_invoke_handler ()
#8  0x00007fba89a9b6ca in ap_process_async_request ()
#9  0x00007fba89a9b9a4 in ap_process_request ()
#10 0x00007fba89a98442 in ?? ()
#11 0x00007fba89a8f220 in ap_run_process_connection ()
#12 0x00007fba860c0767 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#13 0x00007fba860c09a6 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#14 0x00007fba860c0a06 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#15 0x00007fba860c16e0 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#16 0x00007fba89a6c8ae in ap_run_mpm ()
#17 0x00007fba89a66046 in main ()

But after removing again limit it works. What is weird only combination of limit and bind breaks it.

To be honest for me this is huge bug(label Bug - High ?), because in all my apps i use pretty much everywhere conditions + limit + bind.

Until fixing this next stable version shouldn't be released.

Added a possible fix for this in https://github.com/phalcon/cphalcon/commit/d6855cc7d44071764d72f552c9cc77f16ae42d71, can you please try again using latest 2.1.x?

Working for me !

working for me also.

I am the only one who gets seg faults when there is a syntax error in the query ?

ex:

"conditions" => " name == ?1",

Works for me, as well.
All my app's tests now pass on php 7.0.

Does not work for me:

$ git checkout 2.1.x
Already on '2.1.x'
Your branch is up-to-date with 'origin/2.1.x'.

$ git log -1
commit ca93fcfba6de4d81a960c8aa84d17356e1fa1c1e
Author: Andres Gutierrez <[email protected]>
Date:   Mon Jul 25 01:08:39 2016 -0500

Using latest Zephir [ci skip]

$ git branch --contains d6855cc7d44071764d72f552c9cc77f16ae42d71
* 2.1.x
  3.0.x

$ zephir version
0.9.3a-dev-d5a040ae8b

$ cat /etc/php/7.0/mods-available/opcache.ini |grep cli
opcache.enable_cli = 1

$ php -v
PHP 7.0.8-0ubuntu0.16.04.1 (cli) ( NTS )

zephir fullclean && zephir build --backend=ZendEngine3 && /etc/init.d/php7.0-fpm restart

$ php -e ./phalcon-coredump.php
Segmentation fault (core dumped)

--
$ git checkout 3.0.x
zephir fullclean && zephir build --backend=ZendEngine3

$ php -r 'print Phalcon\Version::get();'
3.0.0

$ php -e ./phalcon-coredump.php
Segmentation fault (core dumped)

And stack is the same ? Also try maybe with latest zephir ?

$ gdb /usr/bin/php

(gdb) run -e /var/www/phalcon-coredump.php
Starting program: /usr/bin/php -e /var/www/phalcon-coredump.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
__memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:245
245 ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S: No such file or directory.

(gdb) bt
#0  __memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:245
#1  0x00005555557c02c1 in _zend_hash_str_update ()
#2  0x00007fffe62f6387 in zephir_array_update_zval () from /usr/lib/php/20151012/phalcon.so
#3  0x00007fffe60f3052 in zim_Phalcon_Mvc_Model_Query__executeSelect () from /usr/lib/php/20151012/phalcon.so
#4  0x00005555557a294a in dtrace_execute_internal ()
#5  0x00007fffe62f370b in zephir_call_user_function () from /usr/lib/php/20151012/phalcon.so
#6  0x00007fffe62eb42f in zephir_call_class_method_aparams () from /usr/lib/php/20151012/phalcon.so
#7  0x00007fffe60e8a90 in zim_Phalcon_Mvc_Model_Query_execute () from /usr/lib/php/20151012/phalcon.so
#8  0x00005555557a294a in dtrace_execute_internal ()
#9  0x00007fffe62f370b in zephir_call_user_function () from /usr/lib/php/20151012/phalcon.so
#10 0x00007fffe62eb42f in zephir_call_class_method_aparams () from /usr/lib/php/20151012/phalcon.so
#11 0x00007fffe613a9a4 in zim_Phalcon_Mvc_Model__groupResult () from /usr/lib/php/20151012/phalcon.so
#12 0x00005555557a294a in dtrace_execute_internal ()
#13 0x00007fffe62f370b in zephir_call_user_function () from /usr/lib/php/20151012/phalcon.so
#14 0x00007fffe62eb42f in zephir_call_class_method_aparams () from /usr/lib/php/20151012/phalcon.so
#15 0x00007fffe612ccb4 in zim_Phalcon_Mvc_Model_count () from /usr/lib/php/20151012/phalcon.so
#16 0x00005555557a294a in dtrace_execute_internal ()
#17 0x00005555558376d0 in ?? ()
#18 0x00005555557f2d1b in execute_ex ()
#19 0x00005555557a27e1 in dtrace_execute_ex ()
#20 0x0000555555846ae7 in zend_execute ()
#21 0x00005555557b29e3 in zend_execute_scripts ()
#22 0x00005555557533c0 in php_execute_script ()
#23 0x00005555558487a7 in ?? ()
#24 0x0000555555638064 in main ()

i am sorry but just because for everyone else seems to be fine, in phpinfo -> phalcon in build date you see today right ?

yes, i see

$ /usr/bin/php -i|grep -i zephir -B 5 && /usr/bin/php /var/www/phalcon-coredump.php
Web framework delivered as a C-extension for PHP
phalcon => enabled
Author => Phalcon Team and contributors
Version => 3.0.0
Build Date => Jul 27 2016 11:34:15
Powered by Zephir => Version 0.9.3a-dev-d5a040ae8b
Segmentation fault

I will check it later on fpm when home.

@alpaxo What's the content of phalcon-coredump.php? Can you use zephir builddev --backend=ZendEngine3 instead of zephir build --backend=ZendEngine3?

@andresgutierrez

(gdb) run -e /var/www/phalcon-coredump.php
Starting program: /usr/bin/php -e /var/www/phalcon-coredump.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
__memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:245
245 ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S: No such file or directory.
(gdb) bt
#0  __memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:245
#1  0x00005555557c02c1 in _zend_hash_str_update ()
#2  0x00007fffde9bc256 in zend_symtable_str_update (pData=0x7fffffff8930, len=1431655920, str=0x7ffff3803938 "", 
    ht=0x7ffff387c348) at /usr/include/php/20151012/Zend/zend_hash.h:407
#3  zephir_array_update_zval (arr=0x7fffffff8910, index=0x7fffffff89c0, value=0x7fffffff8930, flags=1280)
    at /opt/cphalcon/ext/kernel/array.c:489
#4  0x00007fffdee9cb3c in zim_Phalcon_Mvc_Model_Query__executeSelect (execute_data=0x7ffff3814250, 
    return_value=0x7fffffff9660) at /opt/cphalcon/ext/phalcon/mvc/model/query.zep.c:4097
#5  0x00005555557a294a in dtrace_execute_internal ()
#6  0x00007fffde9cc627 in zephir_call_function_opt (fci=0x7fffffff8f30, fci_cache=0x7fffffff8f00, info=0x7fffffff9030, 
    params=0x7fffffff9740) at /opt/cphalcon/ext/kernel/extended/fcall.c:1156
#7  0x00007fffde9c5f6a in zephir_call_user_function (object_pp=0x7fffffff9730, obj_ce=0x555555f24c70, 
    type=zephir_fcall_method, function_name=0x0, retval_ptr=0x7fffffff9660, cache_entry=0x0, cache_slot=361, 
    param_count=3, params=0x7fffffff9740, info=0x7fffffff9030) at /opt/cphalcon/ext/kernel/fcall.c:455
#8  0x00007fffde9c6738 in zephir_call_class_method_aparams (return_value_ptr=0x7fffffff9660, ce=0x555555f24c70, 
    type=zephir_fcall_method, object=0x7fffffff9730, method_name=0x7fffdf6e390f "_executeselect", method_len=14, 
    cache_entry=0x0, cache_slot=361, param_count=3, params=0x7fffffff9740) at /opt/cphalcon/ext/kernel/fcall.c:655
#9  0x00007fffdeeac72c in zim_Phalcon_Mvc_Model_Query_execute (execute_data=0x7ffff38141d0, 
    return_value=0x7fffffffa1f0) at /opt/cphalcon/ext/phalcon/mvc/model/query.zep.c:5036
#10 0x00005555557a294a in dtrace_execute_internal ()
#11 0x00007fffde9cc627 in zephir_call_function_opt (fci=0x7fffffff9b50, fci_cache=0x7fffffff9b20, info=0x7fffffff9c50, 
    params=0x7fffffffa2e0) at /opt/cphalcon/ext/kernel/extended/fcall.c:1156
#12 0x00007fffde9c5f6a in zephir_call_user_function (object_pp=0x7fffffffa240, obj_ce=0x555555f24c70, 
    type=zephir_fcall_method, function_name=0x0, retval_ptr=0x7fffffffa1f0, cache_entry=0x0, cache_slot=0, 
    param_count=2, params=0x7fffffffa2e0, info=0x7fffffff9c50) at /opt/cphalcon/ext/kernel/fcall.c:455
#13 0x00007fffde9c6738 in zephir_call_class_method_aparams (return_value_ptr=0x7fffffffa1f0, ce=0x555555f24c70, 
    type=zephir_fcall_method, object=0x7fffffffa240, method_name=0x7fffdf680dd2 "execute", method_len=7, 
    cache_entry=0x0, cache_slot=0, param_count=2, params=0x7fffffffa2e0) at /opt/cphalcon/ext/kernel/fcall.c:655
#14 0x00007fffdedbfad7 in zim_Phalcon_Mvc_Model__groupResult (execute_data=0x7ffff3814140, return_value=0x7fffffffa990)
   at /opt/cphalcon/ext/phalcon/mvc/model.zep.c:1814
#15 0x00005555557a294a in dtrace_execute_internal ()
#16 0x00007fffde9cc627 in zephir_call_function_opt (fci=0x7fffffffa6f0, fci_cache=0x7fffffffa6c0, info=0x7fffffffa7f0, 
    params=0x7fffffffa9d0) at /opt/cphalcon/ext/kernel/extended/fcall.c:1156
#17 0x00007fffde9c5f6a in zephir_call_user_function (object_pp=0x0, obj_ce=0x0, type=zephir_fcall_self, function_name=0x0, 
    retval_ptr=0x7fffffffa990, cache_entry=0x0, cache_slot=0, param_count=3, params=0x7fffffffa9d0, info=0x7fffffffa7f0)
    at /opt/cphalcon/ext/kernel/fcall.c:455
#18 0x00007fffde9c6738 in zephir_call_class_method_aparams (return_value_ptr=0x7fffffffa990, ce=0x0, type=zephir_fcall_self, 
    object=0x0, method_name=0x7fffdf685e3a "_groupresult", method_len=12, cache_entry=0x0, cache_slot=0, param_count=3, 
    params=0x7fffffffa9d0) at /opt/cphalcon/ext/kernel/fcall.c:655
#19 0x00007fffdedc02a0 in zim_Phalcon_Mvc_Model_count (execute_data=0x7ffff38140d0, return_value=0x7ffff38140b0)
    at /opt/cphalcon/ext/phalcon/mvc/model.zep.c:1870
#20 0x00005555557a294a in dtrace_execute_internal ()
#21 0x00005555558376d0 in ?? ()
#22 0x00005555557f2d1b in execute_ex ()
#23 0x00005555557a27e1 in dtrace_execute_ex ()
#24 0x0000555555846ae7 in zend_execute ()
#25 0x00005555557b29e3 in zend_execute_scripts ()
#26 0x00005555557533c0 in php_execute_script ()
#27 0x00005555558487a7 in ?? ()
#28 0x0000555555638064 in main ()

contents of phalcon-coredump.php

<?php
$di = new Phalcon\DI\FactoryDefault();

$di->setShared('db', function () {
    $connection = new Phalcon\Db\Adapter\Pdo\Mysql([
        'adapter'  => 'Mysql',
        'host'     => 'localhost',
        'port'     => 3306,
        'dbname'   => 'test',
        'username' => 'root',
        'password' => '',
        'charset'  => 'utf8',
        'options'  => [
            PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
        ]
    ]);

    return $connection;
});

class Robots extends Phalcon\Mvc\Model
{
    public $id;

    public function getSource()
    {
        return 'robots';
    }
}

$args = [
    'bind'       => [], // required
    'limit'      => 10 // required
];

// segfault with enabled opcache (opcache.enable_cli => On => On)
Robots::find($args);
Robots::count($args);

What a hell, don't works for mee too xD but i was checking this.....

@andresgutierrez

With latest commit have out of memory. On next queries. When trying it in valgrind i have seg fault. Without core dump. Except of memory leaks i have:

==18866== 1 errors in context 1 of 10785:
==18866== Invalid read of size 8
==18866==    at 0x4C2F880: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18866==    by 0x902D5AF: memcpy (string3.h:51)
==18866==    by 0x902D5AF: zend_string_init (zend_string.h:159)
==18866==    by 0x902D5AF: _zend_hash_str_update (zend_hash.c:666)
==18866==    by 0xD6F1336: zephir_array_update_zval (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD910BA1: zim_Phalcon_Mvc_Model_Query__executeSelect (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F8316: zephir_call_function_opt (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F55DE: zephir_call_user_function (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F60BD: zephir_call_class_method_aparams (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD9165DF: zim_Phalcon_Mvc_Model_Query_execute (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F8316: zephir_call_function_opt (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F55DE: zephir_call_user_function (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F60BD: zephir_call_class_method_aparams (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD8AFCDB: zim_Phalcon_Mvc_Model_find (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==  Address 0x1cfffff8 is not stack'd, malloc'd or (recently) free'd
==18866== 
==18866== 
==18866== 1 errors in context 2 of 10785:
==18866== Source and destination overlap in memcpy(0x1d000018, 0xd0612f8, 360292336)
==18866==    at 0x4C2F71C: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18866==    by 0x902D5AF: memcpy (string3.h:51)
==18866==    by 0x902D5AF: zend_string_init (zend_string.h:159)
==18866==    by 0x902D5AF: _zend_hash_str_update (zend_hash.c:666)
==18866==    by 0xD6F1336: zephir_array_update_zval (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD910BA1: zim_Phalcon_Mvc_Model_Query__executeSelect (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F8316: zephir_call_function_opt (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F55DE: zephir_call_user_function (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F60BD: zephir_call_class_method_aparams (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD9165DF: zim_Phalcon_Mvc_Model_Query_execute (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F8316: zephir_call_function_opt (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F55DE: zephir_call_user_function (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD6F60BD: zephir_call_class_method_aparams (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)
==18866==    by 0xD8AFCDB: zim_Phalcon_Mvc_Model_find (in /root/.phpbrew/php/7.0.5/lib/php/extensions/no-debug-non-zts-20151012/phalcon.so)

Will try to run valgrind with gdb and see where it goes. Well, can't figure out how to work valgrind with gdb.

Okay, i managed to work it for example from your code with opcache, for some reason it works with valgrind and export USE_ZEND_ALLOC=0 and export ZEND_DONT_UNLOAD_MODULES=1

But there is MANY erros like invalid write of size/invalid read of size and other despite of (many)memory leaks:

http://pastebin.com/uTrgECPJ

Also when testing it in php cli i have:

zephir_memory_restore_stack_common: observed variable #23 (0xffeffbac0) has too many references (4294967295), type=6  [(null)]
#0  0xf1cf8c0 [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zephir_print_backtrace+0x2b) [0xf1cf8c0]]
#1  0xf1cdc3e [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(+0x69dcc3e) [0xf1cdc3e]]
#2  0xf1cdd41 [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zephir_memory_restore_stack+0xfa) [0xf1cdd41]]
#3  0xf554bfa [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zim_Phalcon_Mvc_Model_Query__executeSelect+0x5e78) [0xf554bfa]]
#4  0xf1e0c26 [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zephir_call_function_opt+0xb2c) [0xf1e0c26]]
#5  0xf1db3a4 [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zephir_call_user_function+0x540) [0xf1db3a4]]
#6  0xf1dbb68 [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zephir_call_class_method_aparams+0x284) [0xf1dbb68]]
#7  0xf55dacd [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zim_Phalcon_Mvc_Model_Query_execute+0x14d9) [0xf55dacd]]
#8  0xf1e0c26 [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zephir_call_function_opt+0xb2c) [0xf1e0c26]]
#9  0xf1db3a4 [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zephir_call_user_function+0x540) [0xf1db3a4]]
#10  0xf1dbb68 [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zephir_call_class_method_aparams+0x284) [0xf1dbb68]]
#11  0xf4ae2bd [/root/.phpbrew/php/7.0.5-debug/lib/php/extensions/debug-non-zts-20151012/phalcon.so(zim_Phalcon_Mvc_Model_find+0xe53) [0xf4ae2bd]]
#12  0xa0bcc2 [php() [0xa0bcc2]]
#13  0xa0ab44 [php(execute_ex+0x29) [0xa0ab44]]
#14  0xa0ac56 [php(zend_execute+0xf3) [0xa0ac56]]
#15  0x9af816 [php(zend_execute_scripts+0x17b) [0x9af816]]
#16  0x91ca81 [php(php_execute_script+0x452) [0x91ca81]]
#17  0xa6f89a [php() [0xa6f89a]]
#18  0xa70a59 [php() [0xa70a59]]
#19  0x6e3dec5 [/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x6e3dec5]]
#20  0x433529 [php() [0x433529]]

with export USE_ZEND_ALLOC=0, with export USE_ZEND_ALLOC=1 i have:

Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in /vagrant/www/test/index.php:50
Stack trace:
#0 [internal function]: PDOStatement->execute()
#1 [internal function]: Phalcon\Db\Adapter\Pdo->executePrepared(Object(PDOStatement), Array, Array)
#2 [internal function]: Phalcon\Db\Adapter\Pdo->query('SELECT `robots`...', Array, Array)
#3 [internal function]: Phalcon\Mvc\Model\Query->_executeSelect(Array, Array, Array)
#4 [internal function]: Phalcon\Mvc\Model\Query->execute()
#5 /vagrant/www/test/index.php(50): Phalcon\Mvc\Model::find(Array)
#6 {main}

Working on latest zephir and phalcon for me.

@alpaxo does it work for you ?

@Jurigag so is it solved by branch 3.0.x now?

Glad to hear that

@tembem for me yes, also it was added to tests and opcache enabled in travis and all passing.

@Jurigag for now it works for me too