Skip to content

Fix GH-14873: PHP 8.4 min function fails on typed integer #14876

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix GH-14873: PHP 8.4 min function fails on typed integer #14876

wants to merge 1 commit into from

Conversation

nielsdos
Copy link
Member

@nielsdos nielsdos commented Jul 8, 2024

The DFA pass may cause the op1 and result argument to be equal to each other. In the VM we always use ZVAL_NULL(result) first, which will also destroy the first argument. Use a temporary result to fix the issue.

@nielsdos nielsdos linked an issue Jul 8, 2024 that may be closed by this pull request
PHP 8.4 min function fails on typed integer #14873
Closed
@nielsdos nielsdos force-pushed the flf-result-null branch 2 times, most recently from bdb8a03 to 4354ce4 Compare July 8, 2024 14:27
@nielsdos nielsdos force-pushed the flf-result-null branch 2 times, most recently from e6ff7b4 to 7fb919a Compare July 8, 2024 19:45
@nielsdos
Fix phpGH-14873: PHP 8.4 min function fails on typed integer
7fb919a 
The DFA pass may cause the op1 and result argument to be equal to each
other. In the VM we always use ZVAL_NULL(result) first, which will also
destroy the first argument. Use a temporary result to fix the issue.
@nielsdos nielsdos closed this Jul 8, 2024
@nielsdos nielsdos mentioned this pull request Jul 8, 2024
Closed
@iluuu1994
Copy link
Member

I wonder if it might be easier to adjust the DFA pass instead, by special casing frameless calls. This would also avoid the copy in the VM.

@nielsdos
Copy link
Member Author

nielsdos commented Jul 9, 2024

Maybe. Then you do have an extra copy opline though from the temporary return value to the CV AFAIK

@iluuu1994
Copy link
Member

@nielsdos Not having looked at this yet, it seems that was mostly the case anyway, given we haven't seen any other failures, right?

@nielsdos
Copy link
Member Author

nielsdos commented Jul 9, 2024

@nielsdos Not having looked at this yet, it seems that was mostly the case anyway, given we haven't seen any other failures, right?

That is true.

@Alkarex
Copy link

Alkarex commented Jul 10, 2024

max() does not seem to be affected. I am not familiar with the code, but maybe the same logic could be done to min()?

@nielsdos
Copy link
Member Author

max() does not seem to be affected. I am not familiar with the code, but maybe the same logic could be done to min()?

max() is in fact affected. The bug is not in the min/max implementation but either in the optimizer of the VM/JIT depending on the PoV.

nielsdos added a commit to nielsdos/php-src that referenced this pull request Jul 10, 2024
@nielsdos
Fix phpGH-14873: PHP 8.4 min function fails on typed integer
52952e7 
The problem is that this line in the VM: `ZVAL_NULL(result);` changes the type
of arg1 as well, because after the DFA pass the result and input both use
CV0($result).
We should not contract assignments with CVs in frameless calls with
arguments.
An older attempt is found at phpGH-14876 that tried to modify the VM/JIT.
@nielsdos nielsdos mentioned this pull request Jul 10, 2024
Closed
nielsdos added a commit to nielsdos/php-src that referenced this pull request Jul 10, 2024
@nielsdos
Fix phpGH-14873: PHP 8.4 min function fails on typed integer
3d0885f 
The problem is that this line in the VM: `ZVAL_NULL(result);` changes the type
of arg1 as well, because after the DFA pass the result and input both use
CV0($result).
We should not contract assignments with CVs in frameless calls with
arguments.
An older attempt is found at phpGH-14876 that tried to modify the VM/JIT.
nielsdos added a commit that referenced this pull request Jul 12, 2024
@nielsdos
Fix GH-14873: PHP 8.4 min function fails on typed integer
1a07bb9 
The problem is that this line in the VM: `ZVAL_NULL(result);` changes the type
of arg1 as well, because after the DFA pass the result and input both use
CV0($result).
We should not contract assignments with CVs in frameless calls with
arguments.
An older attempt is found at GH-14876 that tried to modify the VM/JIT.

Closes GH-14903.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dstogov dstogov Awaiting requested review from dstogov dstogov will be requested when the pull request is marked ready for review dstogov is a code owner

@bukka bukka Awaiting requested review from bukka bukka will be requested when the pull request is marked ready for review bukka is a code owner

Assignees
No one assigned
Labels
Category: Engine Extension: opcache Extension: standard
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PHP 8.4 min function fails on typed integer
3 participants
@nielsdos @iluuu1994 @Alkarex