php
diff --git a/‎NEWS‎
Lines changed: 4 additions & 0 deletions b/‎NEWS‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎ext/opcache/ZendAccelerator.c‎
Lines changed: 198 additions & 1 deletion b/‎ext/opcache/ZendAccelerator.c‎
Lines changed: 198 additions & 1 deletion
diff --git a/‎ext/opcache/ZendAccelerator.h‎
Lines changed: 67 additions & 0 deletions b/‎ext/opcache/ZendAccelerator.h‎
Lines changed: 67 additions & 0 deletions
@@ -5,6 +5,10 @@ PHP                                                                        NEWS
 - Curl:
   . Add support for brotli and zstd on Windows. (Shivam Mathur)
 
+- OPcache:
+  . Fixed bug GH-8739 (opcache_reset()/opcache_invalidate() race causes
+    zend_mm_heap corrupted under concurrent load in ZTS and FPM). (superdav42)
+
 15 Jan 2026, PHP 8.3.30
 
 - Core:
 
@@ -132,6 +132,8 @@ static zend_result (*orig_post_startup_cb)(void);
 
 static zend_result accel_post_startup(void);
 static zend_result accel_finish_startup(void);
+static void zend_reset_cache_vars(void);
+static void accel_interned_strings_restore_state(void);
 
 static void preload_shutdown(void);
 static void preload_activate(void);
@@ -398,6 +400,147 @@ static inline void accel_unlock_all(void)
 #endif
 }
 
+/* ====================================================================
+ * Epoch-based reclamation (EBR) for safe opcache_reset()/invalidate()
+ *
+ * Solves: php-src#8739, #14471, #18517, frankenphp#1737, #2265, #2170
+ *
+ * Design:
+ *   - Readers (per-request) publish their epoch on enter, clear on leave.
+ *     Cost: two atomic stores per request. No locks.
+ *   - Writers (opcache_reset) increment the global epoch and defer the
+ *     actual cleanup until all pre-epoch readers have completed.
+ *   - This guarantees that no reader holds a pointer to shared memory
+ *     that is about to be reclaimed.
+ * ==================================================================== */
+
+void accel_epoch_init(void)
+{
+	int i;
+
+	ZCSG(current_epoch) = 1;
+	ZCSG(drain_epoch) = 0;
+	ZCSG(reset_deferred) = false;
+	ZCSG(epoch_slot_next) = 0;
+
+	for (i = 0; i < ACCEL_EPOCH_MAX_SLOTS; i++) {
+		ZCSG(epoch_slots)[i].epoch = ACCEL_EPOCH_INACTIVE;
+	}
+}
+
+static int accel_epoch_alloc_slot(void)
+{
+	int slot;
+
+#if defined(ZEND_WIN32)
+	slot = (int)InterlockedIncrement((volatile LONG *)&ZCSG(epoch_slot_next)) - 1;
+#elif defined(__GNUC__)
+	slot = __atomic_fetch_add(&ZCSG(epoch_slot_next), 1, __ATOMIC_SEQ_CST);
+#else
+	slot = ZCSG(epoch_slot_next)++;
+#endif
+
+	if (slot >= ACCEL_EPOCH_MAX_SLOTS) {
+		return ACCEL_EPOCH_NO_SLOT;
+	}
+	return slot;
+}
+
+void accel_epoch_enter(void)
+{
+	int slot = ZCG(epoch_slot);
+
+	if (UNEXPECTED(slot == ACCEL_EPOCH_NO_SLOT)) {
+		slot = accel_epoch_alloc_slot();
+		ZCG(epoch_slot) = slot;
+	}
+
+	if (EXPECTED(slot >= 0 && slot < ACCEL_EPOCH_MAX_SLOTS)) {
+		uint64_t epoch = ACCEL_ATOMIC_LOAD_64(&ZCSG(current_epoch));
+		ZCG(local_epoch) = epoch;
+		ACCEL_ATOMIC_STORE_64(&ZCSG(epoch_slots)[slot].epoch, epoch);
+	}
+}
+
+void accel_epoch_leave(void)
+{
+	int slot = ZCG(epoch_slot);
+
+	if (EXPECTED(slot >= 0 && slot < ACCEL_EPOCH_MAX_SLOTS)) {
+		ACCEL_ATOMIC_STORE_64(&ZCSG(epoch_slots)[slot].epoch, ACCEL_EPOCH_INACTIVE);
+	}
+}
+
+static uint64_t accel_min_active_epoch(void)
+{
+	uint64_t min_epoch = ACCEL_EPOCH_INACTIVE;
+	int i;
+
+	for (i = 0; i < ACCEL_EPOCH_MAX_SLOTS; i++) {
+		uint64_t e = ACCEL_ATOMIC_LOAD_64(&ZCSG(epoch_slots)[i].epoch);
+		if (e < min_epoch) {
+			min_epoch = e;
+		}
+	}
+	return min_epoch;
+}
+
+bool accel_deferred_reset_pending(void)
+{
+	return ZCSG(reset_deferred);
+}
+
+void accel_try_complete_deferred_reset(void)
+{
+	uint64_t drain_epoch;
+	uint64_t min_epoch;
+
+	if (!ZCSG(reset_deferred)) {
+		return;
+	}
+
+	drain_epoch = ACCEL_ATOMIC_LOAD_64(&ZCSG(drain_epoch));
+	min_epoch = accel_min_active_epoch();
+
+	if (min_epoch > drain_epoch) {
+		zend_shared_alloc_lock();
+
+		if (ZCSG(reset_deferred)) {
+			zend_accel_error(ACCEL_LOG_DEBUG, "Completing deferred opcache reset (drain_epoch=%" PRIu64 ", min_active=%" PRIu64 ")",
+				drain_epoch, min_epoch);
+
+			zend_map_ptr_reset();
+			zend_reset_cache_vars();
+			zend_accel_hash_clean(&ZCSG(hash));
+
+			if (ZCG(accel_directives).interned_strings_buffer) {
+				accel_interned_strings_restore_state();
+			}
+
+			zend_shared_alloc_restore_state();
+
+			if (ZCSG(preload_script)) {
+				preload_restart();
+			}
+
+#ifdef HAVE_JIT
+			zend_jit_restart();
+#endif
+
+			ZCSG(accelerator_enabled) = ZCSG(cache_status_before_restart);
+			if (ZCSG(last_restart_time) < ZCG(request_time)) {
+				ZCSG(last_restart_time) = ZCG(request_time);
+			} else {
+				ZCSG(last_restart_time)++;
+			}
+
+			ZCSG(reset_deferred) = false;
+		}
+
+		zend_shared_alloc_unlock();
+	}
+}
+
 /* Interned strings support */
 
 /* O+ disables creation of interned strings by regular PHP compiler, instead,
@@ -2671,11 +2814,24 @@ zend_result accel_activate(INIT_FUNC_ARGS)
 		ZCG(counted) = false;
 	}
 
+	/* Enter the current epoch BEFORE checking for pending restart.
+	 * This ensures that if a reset is initiated after this point,
+	 * the deferred-reset logic will wait for us to leave. */
+	accel_epoch_enter();
+
+	/* Check if a deferred reset from a previous opcache_reset() can
+	 * now be completed (all pre-epoch readers have finished). */
+	if (ZCSG(reset_deferred)) {
+		accel_try_complete_deferred_reset();
+	}
+
 	if (ZCSG(restart_pending)) {
 		zend_shared_alloc_lock();
 		if (ZCSG(restart_pending)) { /* check again, to ensure that the cache wasn't already cleaned by another process */
 			if (accel_is_inactive()) {
-				zend_accel_error(ACCEL_LOG_DEBUG, "Restarting!");
+				/* All processes/threads are inactive (legacy flock check).
+				 * We can do the cleanup immediately. */
+				zend_accel_error(ACCEL_LOG_DEBUG, "Restarting! (immediate — no active readers)");
 				ZCSG(restart_pending) = false;
 				switch ZCSG(restart_reason) {
 					case ACCEL_RESTART_OOM:
@@ -2714,6 +2870,31 @@ zend_result accel_activate(INIT_FUNC_ARGS)
 					ZCSG(last_restart_time)++;
 				}
 				accel_restart_leave();
+			} else if (!ZCSG(reset_deferred)) {
+				/* Readers are still active. Defer the actual cleanup to a
+				 * future request end, after all current readers have left.
+				 * This is the core of the epoch-based reclamation approach. */
+				zend_accel_error(ACCEL_LOG_DEBUG, "Deferring opcache restart (active readers detected)");
+				ZCSG(restart_pending) = false;
+
+				switch ZCSG(restart_reason) {
+					case ACCEL_RESTART_OOM:
+						ZCSG(oom_restarts)++;
+						break;
+					case ACCEL_RESTART_HASH:
+						ZCSG(hash_restarts)++;
+						break;
+					case ACCEL_RESTART_USER:
+						ZCSG(manual_restarts)++;
+						break;
+				}
+
+				ACCEL_ATOMIC_STORE_64(&ZCSG(drain_epoch), ACCEL_ATOMIC_LOAD_64(&ZCSG(current_epoch)));
+				ACCEL_ATOMIC_INC_64(&ZCSG(current_epoch));
+
+				ZCSG(cache_status_before_restart) = ZCSG(accelerator_enabled);
+				ZCSG(accelerator_enabled) = false;
+				ZCSG(reset_deferred) = true;
 			}
 		}
 		zend_shared_alloc_unlock();
@@ -2768,6 +2949,18 @@ zend_result accel_post_deactivate(void)
 		return SUCCESS;
 	}
 
+	/* Leave the epoch — this thread/process no longer holds references
+	 * to shared OPcache data. */
+	accel_epoch_leave();
+
+	/* If a deferred reset is pending, check if we were the last reader
+	 * from the old epoch. If so, complete the reset now. */
+	if (!file_cache_only && accel_shared_globals && ZCSG(reset_deferred)) {
+		SHM_UNPROTECT();
+		accel_try_complete_deferred_reset();
+		SHM_PROTECT();
+	}
+
 	zend_shared_alloc_safe_unlock(); /* be sure we didn't leave cache locked */
 	accel_unlock_all();
 	ZCG(counted) = false;
@@ -2911,6 +3104,9 @@ static zend_result zend_accel_init_shm(void)
 
 	zend_reset_cache_vars();
 
+	/* Initialize epoch-based reclamation tracking */
+	accel_epoch_init();
+
 	ZCSG(oom_restarts) = 0;
 	ZCSG(hash_restarts) = 0;
 	ZCSG(manual_restarts) = 0;
@@ -2937,6 +3133,7 @@ static void accel_globals_ctor(zend_accel_globals *accel_globals)
 	memset(accel_globals, 0, sizeof(zend_accel_globals));
 	accel_globals->key = zend_string_alloc(ZCG_KEY_LEN, true);
 	GC_MAKE_PERSISTENT_LOCAL(accel_globals->key);
+	accel_globals->epoch_slot = ACCEL_EPOCH_NO_SLOT;
 }
 
 static void accel_globals_dtor(zend_accel_globals *accel_globals)
 
@@ -51,10 +51,52 @@
 #include "zend_extensions.h"
 #include "zend_compile.h"
 
+#include <stdint.h>
+
 #include "Optimizer/zend_optimizer.h"
 #include "zend_accelerator_hash.h"
 #include "zend_accelerator_debug.h"
 
+/* Maximum number of concurrent readers tracked for epoch-based reclamation.
+ * Each slot is padded to a cache line to avoid false sharing.
+ * This limits the number of concurrent threads (ZTS) or processes (FPM)
+ * that can be tracked. Excess readers degrade to the legacy flock-based path. */
+#define ACCEL_EPOCH_MAX_SLOTS 256
+
+/* Sentinel value meaning "this slot is not in an active request" */
+#define ACCEL_EPOCH_INACTIVE  UINT64_MAX
+
+/* Sentinel value meaning "no slot has been assigned to this thread/process" */
+#define ACCEL_EPOCH_NO_SLOT   (-1)
+
+/*
+ * Portable 64-bit atomic operations for epoch tracking.
+ * These use compiler builtins matching the patterns in Zend/zend_atomic.h,
+ * extended to uint64_t which zend_atomic.h does not cover.
+ */
+#if defined(ZEND_WIN32)
+# define ACCEL_ATOMIC_LOAD_64(ptr)       InterlockedCompareExchange64((volatile LONG64 *)(ptr), 0, 0)
+# define ACCEL_ATOMIC_STORE_64(ptr, val) InterlockedExchange64((volatile LONG64 *)(ptr), (LONG64)(val))
+# define ACCEL_ATOMIC_INC_64(ptr)        InterlockedIncrement64((volatile LONG64 *)(ptr))
+#elif defined(__clang__) && __has_feature(c_atomic)
+# define ACCEL_ATOMIC_LOAD_64(ptr)       __c11_atomic_load((_Atomic(uint64_t) *)(ptr), __ATOMIC_ACQUIRE)
+# define ACCEL_ATOMIC_STORE_64(ptr, val) __c11_atomic_store((_Atomic(uint64_t) *)(ptr), (uint64_t)(val), __ATOMIC_RELEASE)
+# define ACCEL_ATOMIC_INC_64(ptr)        (__c11_atomic_fetch_add((_Atomic(uint64_t) *)(ptr), 1, __ATOMIC_SEQ_CST) + 1)
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 7))
+# define ACCEL_ATOMIC_LOAD_64(ptr)       __atomic_load_n((volatile uint64_t *)(ptr), __ATOMIC_ACQUIRE)
+# define ACCEL_ATOMIC_STORE_64(ptr, val) __atomic_store_n((volatile uint64_t *)(ptr), (uint64_t)(val), __ATOMIC_RELEASE)
+# define ACCEL_ATOMIC_INC_64(ptr)        __atomic_add_fetch((volatile uint64_t *)(ptr), 1, __ATOMIC_SEQ_CST)
+#elif defined(__GNUC__)
+# define ACCEL_ATOMIC_LOAD_64(ptr)       __sync_fetch_and_or((volatile uint64_t *)(ptr), 0)
+# define ACCEL_ATOMIC_STORE_64(ptr, val) do { __sync_synchronize(); *(volatile uint64_t *)(ptr) = (uint64_t)(val); __sync_synchronize(); } while (0)
+# define ACCEL_ATOMIC_INC_64(ptr)        __sync_add_and_fetch((volatile uint64_t *)(ptr), 1)
+#else
+/* Fallback: volatile without barriers. Correct on x86 TSO; may need fence on ARM. */
+# define ACCEL_ATOMIC_LOAD_64(ptr)       (*(volatile uint64_t *)(ptr))
+# define ACCEL_ATOMIC_STORE_64(ptr, val) (*(volatile uint64_t *)(ptr) = (uint64_t)(val))
+# define ACCEL_ATOMIC_INC_64(ptr)        (++(*(volatile uint64_t *)(ptr)))
+#endif
+
 #ifndef PHPAPI
 # ifdef ZEND_WIN32
 #  define PHPAPI __declspec(dllimport)
@@ -116,6 +158,14 @@ typedef struct _zend_early_binding {
 	uint32_t cache_slot;
 } zend_early_binding;
 
+/* Per-thread/process epoch slot for safe reclamation.
+ * Padded to a full cache line (64 bytes) to prevent false sharing
+ * between concurrently-active reader threads/processes. */
+typedef struct _zend_accel_epoch_slot {
+	volatile uint64_t epoch;  /* Current epoch or ACCEL_EPOCH_INACTIVE */
+	char padding[56];         /* Pad to 64-byte cache line */
+} zend_accel_epoch_slot;
+
 typedef struct _zend_persistent_script {
 	zend_script    script;
 	zend_long      compiler_halt_offset;   /* position of __HALT_COMPILER or -1 */
@@ -216,6 +266,9 @@ typedef struct _zend_accel_globals {
 #ifndef ZEND_WIN32
 	zend_ulong              root_hash;
 #endif
+	/* Epoch-based reclamation: per-thread/process state */
+	int                     epoch_slot;       /* Index into ZCSG(epoch_slots), or ACCEL_EPOCH_NO_SLOT */
+	uint64_t                local_epoch;      /* Snapshot of global epoch at request start */
 	/* preallocated shared-memory block to save current script */
 	void                   *mem;
 	zend_persistent_script *current_persistent_script;
@@ -273,6 +326,13 @@ typedef struct _zend_accel_shared_globals {
 	void *jit_traces;
 	const void **jit_exit_groups;
 
+	/* Epoch-based reclamation for safe opcache_reset()/invalidate() (GH#8739) */
+	volatile uint64_t current_epoch;
+	volatile uint64_t drain_epoch;
+	volatile bool     reset_deferred;
+	volatile int32_t  epoch_slot_next;
+	zend_accel_epoch_slot epoch_slots[ACCEL_EPOCH_MAX_SLOTS];
+
 	/* Interned Strings Support (must be the last element) */
 	zend_string_table interned_strings;
 } zend_accel_shared_globals;
@@ -319,6 +379,13 @@ void accelerator_shm_read_unlock(void);
 zend_string *accel_make_persistent_key(zend_string *path);
 zend_op_array *persistent_compile_file(zend_file_handle *file_handle, int type);
 
+/* Epoch-based reclamation API */
+void accel_epoch_init(void);
+void accel_epoch_enter(void);
+void accel_epoch_leave(void);
+bool accel_deferred_reset_pending(void);
+void accel_try_complete_deferred_reset(void);
+
 #define IS_ACCEL_INTERNED(str) \
 	((char*)(str) >= (char*)ZCSG(interned_strings).start && (char*)(str) < (char*)ZCSG(interned_strings).top)