Always load EX(opline) into the current frame in JIT when observers are enabled

bwoebi · bwoebi · commit af098acd6e38 · 2024-04-08T15:09:14.000+02:00
Fixes #13772. Closes #13776.
diff --git a/NEWS b/NEWS
@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.2.19
 
+- Core:
+  . Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall
+    handlers when JIT is enabled). (Bob)
+
 - FPM:
   . Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
     (Jakub Zelenka)
diff --git a/ext/opcache/jit/zend_jit_arm64.dasc b/ext/opcache/jit/zend_jit_arm64.dasc
@@ -9449,7 +9449,12 @@ static int zend_jit_do_fcall(dasm_State **Dst, const zend_op *opline, const zend
 		}
 
 		if (ZEND_OBSERVER_ENABLED) {
-			|	SAVE_IP
+			if (trace && (trace->op != ZEND_JIT_TRACE_END || trace->stop != ZEND_JIT_TRACE_STOP_INTERPRETER)) {
+				ZEND_ASSERT(trace[1].op == ZEND_JIT_TRACE_VM || trace[1].op == ZEND_JIT_TRACE_END);
+				|	SET_EX_OPLINE trace[1].opline, REG0
+			} else {
+				|	SAVE_IP
+			}
 			|	mov FCARG1x, FP
 			|	EXT_CALL zend_observer_fcall_begin, REG0
 		}
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
@@ -10187,7 +10187,12 @@ static int zend_jit_do_fcall(dasm_State **Dst, const zend_op *opline, const zend
 		}
 
 		if (ZEND_OBSERVER_ENABLED) {
-			|	SAVE_IP
+			if (trace && (trace->op != ZEND_JIT_TRACE_END || trace->stop != ZEND_JIT_TRACE_STOP_INTERPRETER)) {
+				ZEND_ASSERT(trace[1].op == ZEND_JIT_TRACE_VM || trace[1].op == ZEND_JIT_TRACE_END);
+				|	SET_EX_OPLINE trace[1].opline, r0
+			} else {
+				|	SAVE_IP
+			}
 			|	mov FCARG1a, FP
 			|	EXT_CALL zend_observer_fcall_begin, r0
 		}
diff --git a/ext/opcache/tests/jit/gh13772.phpt b/ext/opcache/tests/jit/gh13772.phpt
@@ -0,0 +1,26 @@
+--TEST--
+EX(opline) is correctly set for nested JIT user code calls
+--EXTENSIONS--
+opcache
+zend_test
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+zend_test.observer.enabled=1
+zend_test.observer.observe_all=1
+zend_test.observer.show_output=0
+--FILE--
+<?php
+
+function Ack($m, $n) {
+	if ($m == 0) return $n+1;
+	if ($n == 0) return Ack($m-1, 1);
+	return Ack($m - 1, Ack($m, ($n - 1)));
+}
+
+var_dump(Ack(3, 3));
+
+?>
+--EXPECT--
+int(61)
+
diff --git a/ext/zend_test/observer.c b/ext/zend_test/observer.c
@@ -67,8 +67,16 @@ static void observer_show_opcode(zend_execute_data *execute_data)
 	php_printf("%*s<!-- opcode: '%s' -->\n", 2 * ZT_G(observer_nesting_depth), "", zend_get_opcode_name(EX(opline)->opcode));
 }
 
+static inline void assert_observer_opline(zend_execute_data *execute_data) {
+	ZEND_ASSERT(!ZEND_USER_CODE(EX(func)->type) ||
+		(EX(opline) >= EX(func)->op_array.opcodes && EX(opline) < EX(func)->op_array.opcodes + EX(func)->op_array.last) ||
+		(EX(opline) >= EG(exception_op) && EX(opline) < EG(exception_op) + 3));
+}
+
 static void observer_begin(zend_execute_data *execute_data)
 {
+	assert_observer_opline(execute_data);
+
 	if (!ZT_G(observer_show_output)) {
 		return;
 	}
@@ -112,6 +120,8 @@ static void get_retval_info(zval *retval, smart_str *buf)
 
 static void observer_end(zend_execute_data *execute_data, zval *retval)
 {
+	assert_observer_opline(execute_data);
+
 	if (!ZT_G(observer_show_output)) {
 		return;
 	}

Original file line number	Diff line number	Diff line change
`@@ -9449,7 +9449,12 @@ static int zend_jit_do_fcall(dasm_State *Dst, const zend_op opline, const zend`
`9449`	`9449`	`}`
`9450`	`9450`
`9451`	`9451`	`if (ZEND_OBSERVER_ENABLED) {`
`9452`		`- \| SAVE_IP`
	`9452`	`+ if (trace && (trace->op != ZEND_JIT_TRACE_END \|\| trace->stop != ZEND_JIT_TRACE_STOP_INTERPRETER)) {`
	`9453`	`+ ZEND_ASSERT(trace[1].op == ZEND_JIT_TRACE_VM \|\| trace[1].op == ZEND_JIT_TRACE_END);`
	`9454`	`+ \| SET_EX_OPLINE trace[1].opline, REG0`
	`9455`	`+ } else {`
	`9456`	`+ \| SAVE_IP`
	`9457`	`+ }`
`9453`	`9458`	`\| mov FCARG1x, FP`
`9454`	`9459`	`\| EXT_CALL zend_observer_fcall_begin, REG0`
`9455`	`9460`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10187,7 +10187,12 @@ static int zend_jit_do_fcall(dasm_State *Dst, const zend_op opline, const zend`
`10187`	`10187`	`}`
`10188`	`10188`
`10189`	`10189`	`if (ZEND_OBSERVER_ENABLED) {`
`10190`		`- \| SAVE_IP`
	`10190`	`+ if (trace && (trace->op != ZEND_JIT_TRACE_END \|\| trace->stop != ZEND_JIT_TRACE_STOP_INTERPRETER)) {`
	`10191`	`+ ZEND_ASSERT(trace[1].op == ZEND_JIT_TRACE_VM \|\| trace[1].op == ZEND_JIT_TRACE_END);`
	`10192`	`+ \| SET_EX_OPLINE trace[1].opline, r0`
	`10193`	`+ } else {`
	`10194`	`+ \| SAVE_IP`
	`10195`	`+ }`
`10191`	`10196`	`\| mov FCARG1a, FP`
`10192`	`10197`	`\| EXT_CALL zend_observer_fcall_begin, r0`
`10193`	`10198`	`}`
Original file line number	Diff line number	Diff line change
`@@ -67,8 +67,16 @@ static void observer_show_opcode(zend_execute_data *execute_data)`
`67`	`67`	`php_printf("%s<!-- opcode: '%s' -->\n", 2 ZT_G(observer_nesting_depth), "", zend_get_opcode_name(EX(opline)->opcode));`
`68`	`68`	`}`
`69`	`69`
	`70`	`+static inline void assert_observer_opline(zend_execute_data *execute_data) {`
	`71`	`+ ZEND_ASSERT(!ZEND_USER_CODE(EX(func)->type) \|\|`
	`72`	`+ (EX(opline) >= EX(func)->op_array.opcodes && EX(opline) < EX(func)->op_array.opcodes + EX(func)->op_array.last) \|\|`
	`73`	`+ (EX(opline) >= EG(exception_op) && EX(opline) < EG(exception_op) + 3));`
	`74`	`+}`
	`75`	`+`
`70`	`76`	`static void observer_begin(zend_execute_data *execute_data)`
`71`	`77`	`{`
	`78`	`+ assert_observer_opline(execute_data);`
	`79`	`+`
`72`	`80`	`if (!ZT_G(observer_show_output)) {`
`73`	`81`	`return;`
`74`	`82`	`}`
`@@ -112,6 +120,8 @@ static void get_retval_info(zval retval, smart_str buf)`
`112`	`120`
`113`	`121`	`static void observer_end(zend_execute_data execute_data, zval retval)`
`114`	`122`	`{`
	`123`	`+ assert_observer_opline(execute_data);`
	`124`	`+`
`115`	`125`	`if (!ZT_G(observer_show_output)) {`
`116`	`126`	`return;`
`117`	`127`	`}`