Tracing JIT: Fixed incorrect assumtion about temporary variable types clobbered by *_ROPE instructions

Author: dstogov

ext/opcache/jit/zend_jit_trace.c

@@ -5783,6 +5783,19 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 				SET_STACK_REG(stack, EX_VAR_TO_NUM(opline->op1.var), ZREG_NONE);
 			}
 
+			if (opline->opcode == ZEND_ROPE_INIT) {
+				/* clear stack slots used by rope */
+				uint32_t var = EX_VAR_TO_NUM(opline->result.var);
+				uint32_t count =
+					((opline->extended_value * sizeof(void*)) + (sizeof(zval)-1)) / sizeof(zval);
+
+				do {
+					SET_STACK_TYPE(stack, var, IS_UNKNOWN, 1);
+					var++;
+					count--;
+				} while (count);
+			}
+
 			if (ssa_op) {
 				zend_ssa_range tmp;
 

ext/opcache/tests/jit/rope_001.phpt

@@ -0,0 +1,17 @@
+--TEST--
+JIT ROPE: 001 *_ROPE may types of temporary variables
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+$a = "";
+$b = 1;
+var_dump(" $a $a" == " $a" . -$b);
+var_dump(" $a $a" == " $a" . -$b);
+?>
+--EXPECT--
+bool(false)
+bool(false)