Fix regression

Author: ndossche

Zend/Optimizer/sccp.c

@@ -245,8 +245,6 @@ static bool can_replace_op1(
 		case ZEND_SEND_USER:
 		case ZEND_FE_RESET_RW:
 			return 0;
-		case ZEND_SEND_VAR:
-			return ssa_op->op1_def == -1;
 		/* Do not accept CONST */
 		case ZEND_ROPE_ADD:
 		case ZEND_ROPE_END:
@@ -1052,9 +1050,15 @@ static void sccp_visit_instr(scdf_ctx *scdf, zend_op *opline, zend_ssa_op *ssa_o
 		case ZEND_SEND_VAL:
 		case ZEND_SEND_VAR:
 		{
-			if (opline->opcode == ZEND_SEND_VAR) {
-				/* TODO ? */
-				/* Can be UNDEF or a value copy */
+			SKIP_IF_TOP(op1);
+
+			if (opline->opcode == ZEND_SEND_VAR && ssa_op->op1_def >= 0) {
+				//if (IS_BOT(op1)) {
+				//	SET_RESULT_BOT(op1);
+				//} else {
+				//	/* Can be UNDEF or a value copy */
+				//	SET_RESULT(op1, op1);
+				//}
 				SET_RESULT_BOT(op1);
 			}
 
@@ -1066,7 +1070,7 @@ static void sccp_visit_instr(scdf_ctx *scdf, zend_op *opline, zend_ssa_op *ssa_o
 			}
 
 			call = ctx->call_map[opline - ctx->scdf.op_array->opcodes];
-			if (IS_TOP(op1) || !call || !call->caller_call_opline
+			if (!call || !call->caller_call_opline
 					|| call->caller_call_opline->opcode != ZEND_DO_ICALL) {
 				return;
 			}
@@ -2344,6 +2348,9 @@ static int replace_constant_operands(sccp_ctx *ctx) {
 		FOREACH_USE(var, use) {
 			zend_op *opline = &op_array->opcodes[use];
 			zend_ssa_op *ssa_op = &ssa->ops[use];
+			if (opline->opcode == ZEND_SEND_VAR && ssa_op->op1_def >= 0) {
+				zend_ssa_replace_op1_def_op1_use(ssa, ssa_op);
+			}
 			if (try_replace_op1(ctx, opline, ssa_op, i, value)) {
 				if (opline->opcode == ZEND_NOP) {
 					removed_ops++;