Fix incorrect handling of ZEND_ACC_FINAL flag in JIT (php#16778)

Author: dstogov

ext/opcache/jit/zend_jit.c

@@ -3169,7 +3169,7 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op
 						if (opline->op1_type == IS_UNUSED) {
 							op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN;
 							ce = op_array->scope;
-							ce_is_instanceof = (ce->ce_flags & ZEND_ACC_FINAL) != 0;
+							ce_is_instanceof = !(ce->ce_flags & ZEND_ACC_FINAL);
 							op1_addr = 0;
 							on_this = 1;
 						} else {
@@ -3217,7 +3217,7 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op
 						if (opline->op1_type == IS_UNUSED) {
 							op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN;
 							ce = op_array->scope;
-							ce_is_instanceof = (ce->ce_flags & ZEND_ACC_FINAL) != 0;
+							ce_is_instanceof = !(ce->ce_flags & ZEND_ACC_FINAL);
 							op1_addr = 0;
 							on_this = 1;
 						} else {
@@ -3258,7 +3258,7 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op
 						if (opline->op1_type == IS_UNUSED) {
 							op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN;
 							ce = op_array->scope;
-							ce_is_instanceof = (ce->ce_flags & ZEND_ACC_FINAL) != 0;
+							ce_is_instanceof = !(ce->ce_flags & ZEND_ACC_FINAL);
 							op1_addr = 0;
 							on_this = 1;
 						} else {
@@ -3761,7 +3761,7 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op
 							op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN;
 							op1_addr = 0;
 							ce = op_array->scope;
-							ce_is_instanceof = (ce->ce_flags & ZEND_ACC_FINAL) != 0;
+							ce_is_instanceof = !(ce->ce_flags & ZEND_ACC_FINAL);
 							on_this = 1;
 						} else {
 							op1_info = OP1_INFO();
@@ -3912,7 +3912,7 @@ static int zend_jit(const zend_op_array *op_array, zend_ssa *ssa, const zend_op
 							op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN;
 							op1_addr = 0;
 							ce = op_array->scope;
-							ce_is_instanceof = (ce->ce_flags & ZEND_ACC_FINAL) != 0;
+							ce_is_instanceof = !(ce->ce_flags & ZEND_ACC_FINAL);
 							on_this = 1;
 						} else {
 							op1_info = OP1_INFO();

ext/opcache/jit/zend_jit_trace.c

@@ -4648,7 +4648,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						if (opline->op1_type == IS_UNUSED) {
 							op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN;
 							ce = op_array->scope;
-							ce_is_instanceof = (ce->ce_flags & ZEND_ACC_FINAL) != 0;
+							ce_is_instanceof = !(ce->ce_flags & ZEND_ACC_FINAL);
 							op1_addr = 0;
 							on_this = 1;
 						} else {
@@ -4739,7 +4739,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						if (opline->op1_type == IS_UNUSED) {
 							op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN;
 							ce = op_array->scope;
-							ce_is_instanceof = (ce->ce_flags & ZEND_ACC_FINAL) != 0;
+							ce_is_instanceof = !(ce->ce_flags & ZEND_ACC_FINAL);
 							op1_addr = 0;
 							on_this = 1;
 						} else {
@@ -4819,7 +4819,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						if (opline->op1_type == IS_UNUSED) {
 							op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN;
 							ce = op_array->scope;
-							ce_is_instanceof = (ce->ce_flags & ZEND_ACC_FINAL) != 0;
+							ce_is_instanceof = !(ce->ce_flags & ZEND_ACC_FINAL);
 							op1_addr = 0;
 							on_this = 1;
 						} else {
@@ -5839,7 +5839,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						if (opline->op1_type == IS_UNUSED) {
 							op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN;
 							ce = op_array->scope;
-							ce_is_instanceof = (ce->ce_flags & ZEND_ACC_FINAL) != 0;
+							ce_is_instanceof = !(ce->ce_flags & ZEND_ACC_FINAL);
 							op1_addr = 0;
 							on_this = 1;
 						} else {
@@ -6118,7 +6118,7 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						if (opline->op1_type == IS_UNUSED) {
 							op1_info = MAY_BE_OBJECT|MAY_BE_RC1|MAY_BE_RCN;
 							ce = op_array->scope;
-							ce_is_instanceof = (ce->ce_flags & ZEND_ACC_FINAL) != 0;
+							ce_is_instanceof = !(ce->ce_flags & ZEND_ACC_FINAL);
 							op1_addr = 0;
 							on_this = 1;
 						} else {

ext/opcache/tests/jit/assign_obj_005.phpt

@@ -0,0 +1,38 @@
+--TEST--
+JIT ASSIGN_OBJ: Typed & not-typed property 
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+interface I {
+}
+abstract class C1 implements I {
+    public function __construct($x) {
+        $this->x = $x;
+    }
+}
+class C2 extends C1 {
+    public $x = 0;
+}
+class C3 extends C1 {
+    public int $x = 0;
+}
+$o = new C2("abcd");
+var_dump($o->x);
+$o = new C3(42);
+var_dump($o->x);
+$o = new C3("abcd");
+var_dump($o->x);
+?>
+--EXPECTF--
+string(4) "abcd"
+int(42)
+
+Fatal error: Uncaught TypeError: Cannot assign string to property C3::$x of type int in %sassign_obj_005.php:6
+Stack trace:
+#0 %sassign_obj_005.php(19): C1->__construct('abcd')
+#1 {main}
+  thrown in %sassign_obj_005.php on line 6