From bf786d0d28fc6e6bb068e8e1beb369c6e86f346a Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Tue, 15 Oct 2024 12:00:59 +0300 Subject: [PATCH] Fix GH-16393: Assertion failure in ext/opcache/jit/zend_jit.c:2897 --- ext/opcache/jit/zend_jit.c | 15 ++++++++++----- ext/opcache/tests/jit/gh16393.phpt | 18 ++++++++++++++++++ 2 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 ext/opcache/tests/jit/gh16393.phpt diff --git a/ext/opcache/jit/zend_jit.c b/ext/opcache/jit/zend_jit.c index d9b61a5bdcf..f0176d24b2d 100644 --- a/ext/opcache/jit/zend_jit.c +++ b/ext/opcache/jit/zend_jit.c @@ -4190,16 +4190,19 @@ static void zend_jit_cleanup_func_info(zend_op_array *op_array) } } -static int zend_real_jit_func(zend_op_array *op_array, zend_script *script, const zend_op *rt_opline) +static int zend_real_jit_func(zend_op_array *op_array, zend_script *script, const zend_op *rt_opline, uint8_t trigger) { zend_ssa ssa; void *checkpoint; zend_func_info *func_info; + uint8_t orig_trigger; if (*dasm_ptr == dasm_end) { return FAILURE; } + orig_trigger = JIT_G(trigger); + JIT_G(trigger) = trigger; checkpoint = zend_arena_checkpoint(CG(arena)); /* Build SSA */ @@ -4232,11 +4235,13 @@ static int zend_real_jit_func(zend_op_array *op_array, zend_script *script, cons zend_jit_cleanup_func_info(op_array); zend_arena_release(&CG(arena), checkpoint); + JIT_G(trigger) = orig_trigger; return SUCCESS; jit_failure: zend_jit_cleanup_func_info(op_array); zend_arena_release(&CG(arena), checkpoint); + JIT_G(trigger) = orig_trigger; return FAILURE; } @@ -4267,7 +4272,7 @@ static int ZEND_FASTCALL zend_runtime_jit(void) opline->handler = jit_extension->orig_handler; /* perform real JIT for this function */ - zend_real_jit_func(op_array, NULL, NULL); + zend_real_jit_func(op_array, NULL, NULL, ZEND_JIT_ON_FIRST_EXEC); } zend_catch { do_bailout = true; } zend_end_try(); @@ -4313,7 +4318,7 @@ void zend_jit_check_funcs(HashTable *function_table, bool is_method) { jit_extension = (zend_jit_op_array_extension*)ZEND_FUNC_INFO(op_array); opline->handler = jit_extension->orig_handler; if (((double)counter / (double)zend_jit_profile_counter) > JIT_G(prof_threshold)) { - zend_real_jit_func(op_array, NULL, NULL); + zend_real_jit_func(op_array, NULL, NULL, ZEND_JIT_ON_PROF_REQUEST); } } } ZEND_HASH_FOREACH_END(); @@ -4339,7 +4344,7 @@ void ZEND_FASTCALL zend_jit_hot_func(zend_execute_data *execute_data, const zend } /* perform real JIT for this function */ - zend_real_jit_func(op_array, NULL, opline); + zend_real_jit_func(op_array, NULL, opline, ZEND_JIT_ON_HOT_COUNTERS); } zend_catch { do_bailout = 1; } zend_end_try(); @@ -4507,7 +4512,7 @@ ZEND_EXT_API int zend_jit_op_array(zend_op_array *op_array, zend_script *script) } else if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE) { return zend_jit_setup_hot_trace_counters(op_array); } else if (JIT_G(trigger) == ZEND_JIT_ON_SCRIPT_LOAD) { - return zend_real_jit_func(op_array, script, NULL); + return zend_real_jit_func(op_array, script, NULL, ZEND_JIT_ON_SCRIPT_LOAD); } else { ZEND_UNREACHABLE(); } diff --git a/ext/opcache/tests/jit/gh16393.phpt b/ext/opcache/tests/jit/gh16393.phpt new file mode 100644 index 00000000000..c93b06fda8c --- /dev/null +++ b/ext/opcache/tests/jit/gh16393.phpt @@ -0,0 +1,18 @@ +--TEST-- +GH-16393 (Assertion failure in ext/opcache/jit/zend_jit.c:2897) +--EXTENSIONS-- +opcache +--INI-- +opcache.jit=1215 +opcache.jit_buffer_size=64M +--FILE-- +bindTo($test, Test::class); +$appendProp2(); +?> +--EXPECTF-- +Warning: Undefined variable $test in %sgh16393.php on line 6