Skip to content

Commit a5d84ba

Browse files
dstogovdstogov
committed
Merge branch 'PHP-8.1'
* PHP-8.1: Tracing JIT: Fix incorrect guard elimination
2 parents 66c4ade + 5762fc5 commit a5d84ba

File tree

2 files changed

+57
-5
lines changed

2 files changed

+57
-5
lines changed

ext/opcache/jit/zend_jit_trace.c

Lines changed: 32 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1082,6 +1082,9 @@ static int is_checked_guard(const zend_ssa *tssa, const zend_op **ssa_opcodes, u
10821082
&& (tssa->var_info[tssa->ops[idx].op1_use].type & MAY_BE_STRING)) {
10831083
return 0;
10841084
}
1085+
if (!(tssa->var_info[tssa->ops[idx].op1_use].type & (MAY_BE_LONG|MAY_BE_DOUBLE))) {
1086+
return 0;
1087+
}
10851088
return 1;
10861089
} else if (opline->opcode == ZEND_ASSIGN_OP
10871090
&& (opline->extended_value == ZEND_ADD
@@ -1110,11 +1113,7 @@ static int is_checked_guard(const zend_ssa *tssa, const zend_op **ssa_opcodes, u
11101113
const zend_op *opline = ssa_opcodes[idx];
11111114
if (opline->opcode == ZEND_ADD
11121115
|| opline->opcode == ZEND_SUB
1113-
|| opline->opcode == ZEND_MUL
1114-
|| opline->opcode == ZEND_PRE_DEC
1115-
|| opline->opcode == ZEND_PRE_INC
1116-
|| opline->opcode == ZEND_POST_DEC
1117-
|| opline->opcode == ZEND_POST_INC) {
1116+
|| opline->opcode == ZEND_MUL) {
11181117
if ((opline->op1_type & (IS_VAR|IS_CV))
11191118
&& tssa->ops[idx].op1_use >= 0
11201119
&& (tssa->var_info[tssa->ops[idx].op1_use].type & MAY_BE_REF)) {
@@ -1125,6 +1124,34 @@ static int is_checked_guard(const zend_ssa *tssa, const zend_op **ssa_opcodes, u
11251124
&& (tssa->var_info[tssa->ops[idx].op2_use].type & MAY_BE_REF)) {
11261125
return 0;
11271126
}
1127+
if (opline->op1_type == IS_CONST) {
1128+
zval *zv = RT_CONSTANT(opline, opline->op1);
1129+
if (Z_TYPE_P(zv) != IS_LONG && Z_TYPE_P(zv) != IS_DOUBLE) {
1130+
return 0;
1131+
}
1132+
} else if (!(tssa->var_info[tssa->ops[idx].op1_use].type & (MAY_BE_LONG|MAY_BE_DOUBLE))) {
1133+
return 0;
1134+
}
1135+
if (opline->op2_type == IS_CONST) {
1136+
zval *zv = RT_CONSTANT(opline, opline->op2);
1137+
if (Z_TYPE_P(zv) != IS_LONG && Z_TYPE_P(zv) != IS_DOUBLE) {
1138+
return 0;
1139+
}
1140+
} else if (!(tssa->var_info[tssa->ops[idx].op2_use].type & (MAY_BE_LONG|MAY_BE_DOUBLE))) {
1141+
return 0;
1142+
}
1143+
} else if (opline->opcode == ZEND_PRE_DEC
1144+
|| opline->opcode == ZEND_PRE_INC
1145+
|| opline->opcode == ZEND_POST_DEC
1146+
|| opline->opcode == ZEND_POST_INC) {
1147+
if ((opline->op1_type & (IS_VAR|IS_CV))
1148+
&& tssa->ops[idx].op1_use >= 0
1149+
&& (tssa->var_info[tssa->ops[idx].op1_use].type & MAY_BE_REF)) {
1150+
return 0;
1151+
}
1152+
if (!(tssa->var_info[tssa->ops[idx].op1_use].type & (MAY_BE_LONG|MAY_BE_DOUBLE))) {
1153+
return 0;
1154+
}
11281155
return 1;
11291156
}
11301157
}

ext/opcache/tests/jit/add_014.phpt

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
--TEST--
2+
JIT ADD: 014 incorrect guard elimination
3+
--INI--
4+
opcache.enable=1
5+
opcache.enable_cli=1
6+
opcache.file_update_protection=0
7+
opcache.jit_buffer_size=1M
8+
--FILE--
9+
<?php
10+
function test() {
11+
$s = null;
12+
$i = $a + $a = $j = 2;
13+
for ($a = 0; $i < 20; $a = !$a + $s .= 0xfff0001/34028236692903846346336*6) {
14+
$a = !$a + $a &= 74444444 - 444 >> 4 - $j++;
15+
if ($j > 14) break;
16+
}
17+
}
18+
try {
19+
@test();
20+
} catch (Throwable $e) {
21+
echo $e->getMessage() . "\n";
22+
}
23+
?>
24+
--EXPECT--
25+
Bit shift by negative number

0 commit comments

Comments
 (0)