SCCP fixes

iluuu1994 · iluuu1994 · commit 4a1bce17c7f4 · 2023-10-31T18:18:08.000+01:00
diff --git a/Zend/Optimizer/sccp.c b/Zend/Optimizer/sccp.c
@@ -1721,7 +1721,7 @@ static void sccp_visit_instr(scdf_ctx *scdf, zend_op *opline, zend_ssa_op *ssa_o
 			switch (opline->opcode) {
 	 			case ZEND_FRAMELESS_ICALL_3: {
 					zend_op *op_data = opline + 1;
-					args[2] = get_op2_value(ctx, op_data, &ctx->scdf.ssa->ops[op_data - ctx->scdf.op_array->opcodes]);
+					args[2] = get_op1_value(ctx, op_data, &ctx->scdf.ssa->ops[op_data - ctx->scdf.op_array->opcodes]);
 					ZEND_FALLTHROUGH;
 				}
 				case ZEND_FRAMELESS_ICALL_2:
@@ -1732,6 +1732,17 @@ static void sccp_visit_instr(scdf_ctx *scdf, zend_op *opline, zend_ssa_op *ssa_o
 					break;
 			}
 			uint32_t num_args = ZEND_FLF_NUM_ARGS(opline->opcode);
+			for (uint32_t i = 0; i < num_args; i++) {
+				if (!args[i]) {
+					SET_RESULT_BOT(result);
+					return;
+				} else if (IS_BOT(args[i]) || IS_PARTIAL_ARRAY(args[i])) {
+					SET_RESULT_BOT(result);
+					return;
+				} else if (IS_TOP(args[i])) {
+					return;
+				}
+			}
 			zend_function *func = (*zend_frameless_function_0_functions_lists[num_args])[opline->extended_value];
 			if (ct_eval_func_call_ex(scdf->op_array, &zv, func, num_args, args) == SUCCESS) {
 				SET_RESULT(result, &zv);
diff --git a/Zend/Optimizer/zend_dfg.c b/Zend/Optimizer/zend_dfg.c
@@ -122,6 +122,7 @@ static zend_always_inline void _zend_dfg_add_use_def_op(const zend_op_array *op_
 			}
 			break;
 		case ZEND_ASSIGN_STATIC_PROP_OP:
+		case ZEND_FRAMELESS_ICALL_3:
 			next = opline + 1;
 			if (next->op1_type & (IS_CV|IS_VAR|IS_TMP_VAR)) {
 				var_num = EX_VAR_TO_NUM(next->op1.var);
diff --git a/ext/opcache/tests/ct_eval_frameless_001.phpt b/ext/opcache/tests/ct_eval_frameless_001.phpt
diff --git a/ext/opcache/tests/ct_eval_frameless_002.phpt b/ext/opcache/tests/ct_eval_frameless_002.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Test ct eval of frameless function
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+opcache.opt_debug_level=0x20000
+--EXTENSIONS--
+opcache
+--FILE--
+<?php
+echo substr('foo', 1, $foo ? 1 : 1);
+?>
+--EXPECTF--
+$_main:
+     ; (lines=3, args=0, vars=1, tmps=0)
+     ; (after optimizer)
+     ; %sct_eval_frameless_002.php:1-4
+0000 CHECK_VAR CV0($foo)
+0001 ECHO string("o")
+0002 RETURN int(1)
+
+Warning: Undefined variable $foo in %s on line %d
+o

Original file line number	Diff line number	Diff line change
`@@ -122,6 +122,7 @@ static zend_always_inline void _zend_dfg_add_use_def_op(const zend_op_array *op_`
`122`	`122`	`}`
`123`	`123`	`break;`
`124`	`124`	`case ZEND_ASSIGN_STATIC_PROP_OP:`
	`125`	`+ case ZEND_FRAMELESS_ICALL_3:`
`125`	`126`	`next = opline + 1;`
`126`	`127`	`if (next->op1_type & (IS_CV\|IS_VAR\|IS_TMP_VAR)) {`
`127`	`128`	`var_num = EX_VAR_TO_NUM(next->op1.var);`