Merge branch 'PHP-8.3' into PHP-8.4

dstogov · dstogov · commit f68dcc5a1c52 · 2024-10-15T12:03:36.000+03:00
* PHP-8.3: Fix phpGH-16393: Assertion failure in ext/opcache/jit/zend_jit.c:2897
diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c
@@ -2805,26 +2805,29 @@ static void zend_jit_cleanup_func_info(zend_op_array *op_array)
 	}
 }
 
-static int zend_real_jit_func(zend_op_array *op_array, zend_script *script, const zend_op *rt_opline)
+static int zend_real_jit_func(zend_op_array *op_array, zend_script *script, const zend_op *rt_opline, uint8_t trigger)
 {
 	zend_ssa ssa;
 	void *checkpoint;
 	zend_func_info *func_info;
+	uint8_t orig_trigger;
 
 	if (*dasm_ptr == dasm_end) {
 		return FAILURE;
 	}
 
+	orig_trigger = JIT_G(trigger);
+	JIT_G(trigger) = trigger;
 	checkpoint = zend_arena_checkpoint(CG(arena));
 
 	/* Build SSA */
 	memset(&ssa, 0, sizeof(zend_ssa));
 
 	if (op_array->fn_flags & ZEND_ACC_CLOSURE) {
-		if (JIT_G(trigger) == ZEND_JIT_ON_FIRST_EXEC) {
+		if (trigger == ZEND_JIT_ON_FIRST_EXEC) {
 			zend_jit_op_array_extension *jit_extension = (zend_jit_op_array_extension*)ZEND_FUNC_INFO(op_array);
 			op_array = (zend_op_array*) jit_extension->op_array;
-		} else if (JIT_G(trigger) == ZEND_JIT_ON_HOT_COUNTERS) {
+		} else if (trigger == ZEND_JIT_ON_HOT_COUNTERS) {
 			zend_jit_op_array_hot_extension *jit_extension = (zend_jit_op_array_hot_extension*)ZEND_FUNC_INFO(op_array);
 			op_array = (zend_op_array*) jit_extension->op_array;
 		} else {
@@ -2859,11 +2862,13 @@ static int zend_real_jit_func(zend_op_array *op_array, zend_script *script, cons
 
 	zend_jit_cleanup_func_info(op_array);
 	zend_arena_release(&CG(arena), checkpoint);
+	JIT_G(trigger) = orig_trigger;
 	return SUCCESS;
 
 jit_failure:
 	zend_jit_cleanup_func_info(op_array);
 	zend_arena_release(&CG(arena), checkpoint);
+	JIT_G(trigger) = orig_trigger;
 	return FAILURE;
 }
 
@@ -2894,7 +2899,7 @@ static int ZEND_FASTCALL zend_runtime_jit(void)
 			opline->handler = jit_extension->orig_handler;
 
 			/* perform real JIT for this function */
-			zend_real_jit_func(op_array, NULL, NULL);
+			zend_real_jit_func(op_array, NULL, NULL, ZEND_JIT_ON_FIRST_EXEC);
 		} zend_catch {
 			do_bailout = true;
 		} zend_end_try();
@@ -2940,7 +2945,7 @@ void zend_jit_check_funcs(HashTable *function_table, bool is_method) {
 			jit_extension = (zend_jit_op_array_extension*)ZEND_FUNC_INFO(op_array);
 			opline->handler = jit_extension->orig_handler;
 			if (((double)counter / (double)zend_jit_profile_counter) > JIT_G(prof_threshold)) {
-				zend_real_jit_func(op_array, NULL, NULL);
+				zend_real_jit_func(op_array, NULL, NULL, ZEND_JIT_ON_PROF_REQUEST);
 			}
 		}
 	} ZEND_HASH_FOREACH_END();
@@ -2966,7 +2971,7 @@ void ZEND_FASTCALL zend_jit_hot_func(zend_execute_data *execute_data, const zend
 			}
 
 			/* perform real JIT for this function */
-			zend_real_jit_func(op_array, NULL, opline);
+			zend_real_jit_func(op_array, NULL, opline, ZEND_JIT_ON_HOT_COUNTERS);
 		} zend_catch {
 			do_bailout = 1;
 		} zend_end_try();
@@ -3137,7 +3142,7 @@ int zend_jit_op_array(zend_op_array *op_array, zend_script *script)
 	} else if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE) {
 		return zend_jit_setup_hot_trace_counters(op_array);
 	} else if (JIT_G(trigger) == ZEND_JIT_ON_SCRIPT_LOAD) {
-		return zend_real_jit_func(op_array, script, NULL);
+		return zend_real_jit_func(op_array, script, NULL, ZEND_JIT_ON_SCRIPT_LOAD);
 	} else {
 		ZEND_UNREACHABLE();
 	}
diff --git a/ext/opcache/tests/jit/gh16393.phpt b/ext/opcache/tests/jit/gh16393.phpt
@@ -0,0 +1,18 @@
+--TEST--
+GH-16393 (Assertion failure in ext/opcache/jit/zend_jit.c:2897)
+--EXTENSIONS--
+opcache
+--INI--
+opcache.jit=1215
+opcache.jit_buffer_size=64M
+--FILE--
+<?php
+ini_set('opcache.jit', 'tracing');
+class Test {
+}
+$appendProp2 = (function() {
+})->bindTo($test, Test::class);
+$appendProp2();
+?>
+--EXPECTF--
+Warning: Undefined variable $test in %sgh16393.php on line 6
