From 08e759120690520e99f9f2d38afeb21bcd1de197 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Mon, 20 Feb 2023 19:42:35 +0300 Subject: [PATCH] Fix (at lease part of the) #GH-10635: ARM64 function JIT causes impossible assertion --- ext/opcache/jit/zend_jit_arm64.dasc | 10 +++++----- ext/opcache/jit/zend_jit_x86.dasc | 10 +++++----- ext/opcache/tests/jit/gh10635.phpt | 28 ++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 10 deletions(-) create mode 100644 ext/opcache/tests/jit/gh10635.phpt diff --git a/ext/opcache/jit/zend_jit_arm64.dasc b/ext/opcache/jit/zend_jit_arm64.dasc index 7bca5be068b18..432d3a6b1e9bb 100644 --- a/ext/opcache/jit/zend_jit_arm64.dasc +++ b/ext/opcache/jit/zend_jit_arm64.dasc @@ -12349,7 +12349,7 @@ static int zend_jit_fetch_obj(dasm_State **Dst, type_loaded = 1; prop_addr = ZEND_ADDR_MEM_ZVAL(ZREG_FCARG1, 0); if (opline->opcode == ZEND_FETCH_OBJ_W - && (!ce || ce_is_instanceof || (ce->ce_flags & ZEND_ACC_HAS_TYPE_HINTS))) { + && (!ce || ce_is_instanceof || (ce->ce_flags & (ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_TRAIT)))) { uint32_t flags = opline->extended_value & ZEND_FETCH_OBJ_FLAGS; | ldr REG0, EX->run_time_cache @@ -12833,7 +12833,7 @@ static int zend_jit_incdec_obj(dasm_State **Dst, | ldr TMP1, [FCARG1x, #offsetof(zend_object, ce)] | cmp REG2, TMP1 | bne >7 - if (!ce || ce_is_instanceof || (ce->ce_flags & ZEND_ACC_HAS_TYPE_HINTS)) { + if (!ce || ce_is_instanceof || (ce->ce_flags & (ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_TRAIT))) { | MEM_ACCESS_64_WITH_UOFFSET ldr, TMP1, REG0, (opline->extended_value + sizeof(void*) * 2), TMP1 | cbnz TMP1, >7 } @@ -13267,7 +13267,7 @@ static int zend_jit_assign_obj_op(dasm_State **Dst, | ldr TMP2, [FCARG1x, #offsetof(zend_object, ce)] | cmp REG2, TMP2 | bne >7 - if (!ce || ce_is_instanceof || (ce->ce_flags & ZEND_ACC_HAS_TYPE_HINTS)) { + if (!ce || ce_is_instanceof || (ce->ce_flags & (ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_TRAIT))) { | MEM_ACCESS_64_WITH_UOFFSET ldr, TMP1, REG0, ((opline+1)->extended_value + sizeof(void*) * 2), TMP1 | cbnz TMP1, >7 } @@ -13645,7 +13645,7 @@ static int zend_jit_assign_obj(dasm_State **Dst, | ldr TMP1, [FCARG1x, #offsetof(zend_object, ce)] | cmp REG2, TMP1 | bne >5 - if (!ce || ce_is_instanceof || (ce->ce_flags & ZEND_ACC_HAS_TYPE_HINTS)) { + if (!ce || ce_is_instanceof || (ce->ce_flags & (ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_TRAIT))) { | MEM_ACCESS_64_WITH_UOFFSET ldr, FCARG2x, REG0, (opline->extended_value + sizeof(void*) * 2), TMP1 } | MEM_ACCESS_64_WITH_UOFFSET ldr, REG0, REG0, (opline->extended_value + sizeof(void*)), TMP1 @@ -13656,7 +13656,7 @@ static int zend_jit_assign_obj(dasm_State **Dst, | IF_TYPE TMP1w, IS_UNDEF, >5 | mov FCARG1x, TMP2 prop_addr = ZEND_ADDR_MEM_ZVAL(ZREG_FCARG1, 0); - if (!ce || ce_is_instanceof || (ce->ce_flags & ZEND_ACC_HAS_TYPE_HINTS)) { + if (!ce || ce_is_instanceof || (ce->ce_flags & (ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_TRAIT))) { | cbnz FCARG2x, >1 |.cold_code |1: diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc index af4500d9835a1..6749f8a1e1cc7 100644 --- a/ext/opcache/jit/zend_jit_x86.dasc +++ b/ext/opcache/jit/zend_jit_x86.dasc @@ -13075,7 +13075,7 @@ static int zend_jit_fetch_obj(dasm_State **Dst, type_loaded = 1; prop_addr = ZEND_ADDR_MEM_ZVAL(ZREG_FCARG1, 0); if (opline->opcode == ZEND_FETCH_OBJ_W - && (!ce || ce_is_instanceof || (ce->ce_flags & ZEND_ACC_HAS_TYPE_HINTS))) { + && (!ce || ce_is_instanceof || (ce->ce_flags & (ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_TRAIT)))) { uint32_t flags = opline->extended_value & ZEND_FETCH_OBJ_FLAGS; | mov r0, EX->run_time_cache @@ -13571,7 +13571,7 @@ static int zend_jit_incdec_obj(dasm_State **Dst, | mov r2, aword [r0 + opline->extended_value] | cmp r2, aword [FCARG1a + offsetof(zend_object, ce)] | jne >7 - if (!ce || ce_is_instanceof || (ce->ce_flags & ZEND_ACC_HAS_TYPE_HINTS)) { + if (!ce || ce_is_instanceof || (ce->ce_flags & (ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_TRAIT))) { | cmp aword [r0 + opline->extended_value + sizeof(void*) * 2], 0 | jnz >7 } @@ -14044,7 +14044,7 @@ static int zend_jit_assign_obj_op(dasm_State **Dst, | mov r2, aword [r0 + (opline+1)->extended_value] | cmp r2, aword [FCARG1a + offsetof(zend_object, ce)] | jne >7 - if (!ce || ce_is_instanceof || (ce->ce_flags & ZEND_ACC_HAS_TYPE_HINTS)) { + if (!ce || ce_is_instanceof || (ce->ce_flags & (ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_TRAIT))) { | cmp aword [r0 + (opline+1)->extended_value + sizeof(void*) * 2], 0 | jnz >7 } @@ -14463,7 +14463,7 @@ static int zend_jit_assign_obj(dasm_State **Dst, | mov r2, aword [r0 + opline->extended_value] | cmp r2, aword [FCARG1a + offsetof(zend_object, ce)] | jne >5 - if (!ce || ce_is_instanceof || (ce->ce_flags & ZEND_ACC_HAS_TYPE_HINTS)) { + if (!ce || ce_is_instanceof || (ce->ce_flags & (ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_TRAIT))) { | mov FCARG2a, aword [r0 + opline->extended_value + sizeof(void*) * 2] } | mov r0, aword [r0 + opline->extended_value + sizeof(void*)] @@ -14472,7 +14472,7 @@ static int zend_jit_assign_obj(dasm_State **Dst, | IF_TYPE byte [FCARG1a + r0 + 8], IS_UNDEF, >5 | add FCARG1a, r0 prop_addr = ZEND_ADDR_MEM_ZVAL(ZREG_FCARG1, 0); - if (!ce || ce_is_instanceof || (ce->ce_flags & ZEND_ACC_HAS_TYPE_HINTS)) { + if (!ce || ce_is_instanceof || (ce->ce_flags & (ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_TRAIT))) { | test FCARG2a, FCARG2a | jnz >1 |.cold_code diff --git a/ext/opcache/tests/jit/gh10635.phpt b/ext/opcache/tests/jit/gh10635.phpt new file mode 100644 index 0000000000000..0f4b43c033b40 --- /dev/null +++ b/ext/opcache/tests/jit/gh10635.phpt @@ -0,0 +1,28 @@ +--TEST-- +GH-10635: Function JIT causes impossible assertion +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.file_update_protection=0 +opcache.jit_buffer_size=1M +--FILE-- +a); + } +} +class C { + use T; + private array $a = [1]; +} +$o = new C; +$o->foo(); +unset($o); +$o = new C; +$o->foo(); +unset($o); +?> +DONE +--EXPECT-- +DONE