Fixed bug #81249 (Intermittent property assignment failure with JIT enabled)

dstogov · dstogov · commit c0e49328168b · 2021-07-19T12:11:09.000+03:00
diff --git a/NEWS b/NEWS
@@ -14,6 +14,8 @@ PHP                                                                        NEWS
 - Opcache:
   . Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
     (Dmitry)
+  . Fixed bug #81249 (Intermittent property assignment failure with JIT
+    enabled). (Dmitry)
 
 - Standard:
   . Fixed bug #72146 (Integer overflow on substr_replace). (cmb)
diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c
@@ -3502,12 +3502,12 @@ static zend_bool zend_jit_may_skip_comparison(const zend_op *opline, const zend_
 			 || prev_opcode == ZEND_IS_NOT_IDENTICAL
 			 || prev_opcode == ZEND_CASE_STRICT) {
 				if (ssa_op->op1_use < 0) {
-					if (opline->op1.constant != ssa_opcodes[prev_ssa_op - ssa->ops]->op1.constant) {
+					if (RT_CONSTANT(opline, opline->op1) != RT_CONSTANT(&ssa_opcodes[prev_ssa_op - ssa->ops], ssa_opcodes[prev_ssa_op - ssa->ops]->op1)) {
 						return 0;
 					}
 				}
 				if (ssa_op->op2_use < 0) {
-					if (opline->op2.constant != ssa_opcodes[prev_ssa_op - ssa->ops]->op2.constant) {
+					if (RT_CONSTANT(opline, opline->op2) != RT_CONSTANT(&ssa_opcodes[prev_ssa_op - ssa->ops], ssa_opcodes[prev_ssa_op - ssa->ops]->op2)) {
 						return 0;
 					}
 				}
diff --git a/ext/opcache/tests/jit/bug81249.phpt b/ext/opcache/tests/jit/bug81249.phpt
@@ -0,0 +1,130 @@
+--TEST--
+Bug #81249: Intermittent property assignment failure with JIT enabled
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.jit_buffer_size=1M
+opcache.jit=tracing
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+<?php if (PHP_INT_SIZE != 8) die("skip: 64-bit only"); ?>
+--FILE--
+<?php
+
+declare(strict_types=1);
+
+final class EucJpDecoder
+{
+    private const JIS0212_INDEX = [108 => 728];
+    private const JIS0208_INDEX = [];
+
+    private const CONTINUE = -1;
+    private const FINISHED = -2;
+    private const ERROR = -3;
+
+    /**
+     * @var int
+     */
+    private $lead;
+
+    /**
+     * @var bool
+     */
+    private $isJis0212;
+
+    public function __construct()
+    {
+        $this->lead = 0x00;
+        $this->isJis0212 = false;
+    }
+
+    public function handle(array &$ioQueue, string $byte): int
+    {
+        if ($byte === '') {
+            if ($this->lead !== 0x00) {
+                $this->lead = 0x00;
+
+                return self::ERROR;
+            }
+
+            return self::FINISHED;
+        }
+
+        $byte = ord($byte);
+
+        if ($this->lead === 0x8E && ($byte >= 0xA1 && $byte <= 0xDF)) {
+            $this->lead = 0x00;
+
+            return 0xFF61 - 0xA1 + $byte;
+        }
+
+        if ($this->lead === 0x8F && ($byte >= 0xA1 && $byte <= 0xFE)) {
+            $this->isJis0212 = true;
+            $this->lead = $byte;
+
+            return self::CONTINUE;
+        }
+
+        if ($this->lead !== 0x00) {
+            $lead = $this->lead;
+            $this->lead = 0x00;
+            $codePoint = null;
+
+            if (($lead >= 0xA1 && $lead <= 0xFE) && ($byte >= 0xA1 && $byte <= 0xFE)) {
+                $index = self::JIS0208_INDEX;
+
+                if ($this->isJis0212) {
+                    $index = self::JIS0212_INDEX;
+                }
+
+                $codePoint = $index[($lead - 0xA1) * 94 + $byte - 0xA1] ?? null;
+            }
+
+            $this->isJis0212 = false;
+
+            if ($codePoint !== null) {
+                return $codePoint;
+            }
+
+            if ($byte <= 0x7F) {
+                array_unshift($ioQueue, chr($byte));
+            }
+
+            return self::ERROR;
+        }
+
+        if ($byte <= 0x7F) {
+            return $byte;
+        }
+
+        if ($byte === 0x8E || $byte === 0x8F || ($byte >= 0xA1 && $byte <= 0xFE)) {
+            $this->lead = $byte;
+
+            return self::CONTINUE;
+        }
+
+        return self::ERROR;
+    }
+}
+
+for ($i = 0; $i < 2000; ++$i) {
+    $decoder = new EucJpDecoder();
+
+    $bytes = ["\x8F", "\xA2", "\xAF", ''];
+    $out = null;
+
+    foreach ($bytes as $byte) {
+        $result = $decoder->handle($bytes, $byte);
+
+        if ($result >= 0) {
+            $out = $result;
+        }
+    }
+
+    // $bytes array should be decoded to U+2D8, decimal 728
+    assert($out === 728);
+}
+?>
+OK
+--EXPECT--
+OK

Original file line number	Diff line number	Diff line change
`@@ -3502,12 +3502,12 @@ static zend_bool zend_jit_may_skip_comparison(const zend_op *opline, const zend_`
`3502`	`3502`	`\|\| prev_opcode == ZEND_IS_NOT_IDENTICAL`
`3503`	`3503`	`\|\| prev_opcode == ZEND_CASE_STRICT) {`
`3504`	`3504`	`if (ssa_op->op1_use < 0) {`
`3505`		`- if (opline->op1.constant != ssa_opcodes[prev_ssa_op - ssa->ops]->op1.constant) {`
	`3505`	`+ if (RT_CONSTANT(opline, opline->op1) != RT_CONSTANT(&ssa_opcodes[prev_ssa_op - ssa->ops], ssa_opcodes[prev_ssa_op - ssa->ops]->op1)) {`
`3506`	`3506`	`return 0;`
`3507`	`3507`	`}`
`3508`	`3508`	`}`
`3509`	`3509`	`if (ssa_op->op2_use < 0) {`
`3510`		`- if (opline->op2.constant != ssa_opcodes[prev_ssa_op - ssa->ops]->op2.constant) {`
	`3510`	`+ if (RT_CONSTANT(opline, opline->op2) != RT_CONSTANT(&ssa_opcodes[prev_ssa_op - ssa->ops], ssa_opcodes[prev_ssa_op - ssa->ops]->op2)) {`
`3511`	`3511`	`return 0;`
`3512`	`3512`	`}`
`3513`	`3513`	`}`