diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c index 5661fec934f7d..6b74621517f2d 100644 --- a/ext/opcache/jit/zend_jit_ir.c +++ b/ext/opcache/jit/zend_jit_ir.c @@ -13380,6 +13380,14 @@ static int zend_jit_assign_dim_op(zend_jit_ctx *jit, op1_addr = zend_jit_prepare_array_update(jit, opline, op1_info, op1_addr, &if_type, &ht_ref, &may_throw); + if (Z_MODE(op3_addr) == IS_REG + && Z_LOAD(op3_addr) + && jit->ra[Z_SSA_VAR(op3_addr)].ref == IR_NULL) { + /* Force load */ + zend_jit_use_reg(jit, op3_addr); + } + + if (op1_info & (MAY_BE_UNDEF|MAY_BE_NULL|MAY_BE_ARRAY)) { uint32_t var_def_info = zend_array_element_type(op1_def_info, opline->op1_type, 1, 0); @@ -15015,6 +15023,13 @@ static int zend_jit_assign_obj_op(zend_jit_ctx *jit, && prop_type != IS_REFERENCE && (op1_info & (MAY_BE_ANY|MAY_BE_UNDEF)) == MAY_BE_OBJECT); + if (Z_MODE(val_addr) == IS_REG + && Z_LOAD(val_addr) + && jit->ra[Z_SSA_VAR(val_addr)].ref == IR_NULL) { + /* Force load */ + zend_jit_use_reg(jit, val_addr); + } + if (!prop_info) { ir_ref run_time_cache = ir_LOAD_A(jit_EX(run_time_cache)); ir_ref ref = ir_LOAD_A(ir_ADD_OFFSET(run_time_cache, (opline+1)->extended_value & ~ZEND_FETCH_OBJ_FLAGS)); diff --git a/ext/opcache/tests/jit/gh17190.phpt b/ext/opcache/tests/jit/gh17190.phpt new file mode 100644 index 0000000000000..d4bb4372b9215 --- /dev/null +++ b/ext/opcache/tests/jit/gh17190.phpt @@ -0,0 +1,32 @@ +--TEST-- +GH-17190 (Assertion failure ext/opcache/jit/ir/ir_gcm.c) +--EXTENSIONS-- +opcache +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.file_update_protection=0 +opcache.jit_buffer_size=32M +opcache.jit=function +--FILE-- +>= $overflow; + $remaining = 31 - $overflow; + $overflow = $split <= $remaining ? 0 : $split - $remaining; + } + } +} +?> +--EXPECT-- +634125391