Skip to content

Commit 1985437

Browse files
dstogovdstogov
committed
Tracing JIT: Fixed bug in register allocator.
Type of variable might need to be checked (using type guard) before loading to register.
1 parent 6144524 commit 1985437

File tree

2 files changed

+49
-0
lines changed

2 files changed

+49
-0
lines changed

ext/opcache/jit/zend_jit_trace.c

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3758,8 +3758,17 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
37583758

37593759
if (ival) {
37603760
if (ival->flags & ZREG_LOAD) {
3761+
uint32_t info = ssa->var_info[phi->ssa_var].type;
37613762
ZEND_ASSERT(ival->reg != ZREG_NONE);
37623763

3764+
if (info & MAY_BE_GUARD) {
3765+
if (!zend_jit_type_guard(&dasm_state, opline, phi->var, concrete_type(info))) {
3766+
goto jit_failure;
3767+
}
3768+
info &= ~MAY_BE_GUARD;
3769+
ssa->var_info[phi->ssa_var].type = info;
3770+
SET_STACK_TYPE(stack, i, concrete_type(info), 1);
3771+
}
37633772
SET_STACK_REG_EX(stack, phi->var, ival->reg, ZREG_LOAD);
37643773
if (!zend_jit_load_var(&dasm_state, ssa->var_info[phi->ssa_var].type, ssa->vars[phi->ssa_var].var, ival->reg)) {
37653774
goto jit_failure;

ext/opcache/tests/jit/reg_alloc_004.phpt

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
--TEST--
2+
Register Alloction 004: Check guard before register load
3+
--INI--
4+
opcache.enable=1
5+
opcache.enable_cli=1
6+
opcache.file_update_protection=0
7+
opcache.jit_buffer_size=1M
8+
opcache.protect_memory=1
9+
opcache.jit=tracing
10+
opcache.jit_hot_func=1
11+
--SKIPIF--
12+
<?php require_once('skipif.inc'); ?>
13+
--FILE--
14+
<?php
15+
function createTree($depth) {
16+
if (!$depth) {
17+
return;
18+
}
19+
$depth--;
20+
[createTree($d), createTree($depth)]();
21+
}
22+
createTree(4);
23+
?>
24+
--EXPECTF--
25+
Warning: Undefined variable $d in %sreg_alloc_004.php on line 7
26+
27+
Warning: Undefined variable $d in %sreg_alloc_004.php on line 7
28+
29+
Warning: Undefined variable $d in %sreg_alloc_004.php on line 7
30+
31+
Warning: Undefined variable $d in %sreg_alloc_004.php on line 7
32+
33+
Fatal error: Uncaught Error: First array member is not a valid class name or object in %sreg_alloc_004.php:7
34+
Stack trace:
35+
#0 %sreg_alloc_004.php(7): createTree(0)
36+
#1 %sreg_alloc_004.php(7): createTree(1)
37+
#2 %sreg_alloc_004.php(7): createTree(2)
38+
#3 %sreg_alloc_004.php(9): createTree(3)
39+
#4 {main}
40+
thrown in %sreg_alloc_004.php on line 7

0 commit comments

Comments
 (0)