Fixed Bug #80959 (infinite loop in building cfg during JIT compilation)

2024-11-24 02:15:04 +08:00 · 2021-07-21 14:32:44 +03:00 · 2021-07-21 14:32:44 +03:00 · a9991fbf28
commit a9991fbf28
parent a0893865b3
3 changed files with 37 additions and 0 deletions
--- a/2
+++ b/2
@ -20,6 +20,8 @@ PHP                                                                        NEWS
    Nikita)
  . Fixed bug #81272 (Segfault in var[] after array_slice with JIT). (Nikita)
  . Fixed Bug #81255 (Memory leak in PHPUnit with functional JIT). (Dmitry)
+  . Fixed Bug #80959 (infinite loop in building cfg during JIT compilation)
+    (Nikita, Dmitry)

 - Standard:
  . Fixed bug #72146 (Integer overflow on substr_replace). (cmb)
--- a/ext/opcache/Optimizer/zend_cfg.c
+++ b/ext/opcache/Optimizer/zend_cfg.c
@ -890,6 +890,10 @@ int zend_cfg_identify_loops(const zend_op_array *op_array, zend_cfg *cfg) /* {{{
 				j = blocks[j].loop_header;
 			}
 			if (j != i) {
+				if (blocks[j].idom < 0 && j != 0) {
+					/* Ignore blocks that are unreachable or only abnormally reachable. */
+					continue;
+				}
 				blocks[j].loop_header = i;
 				for (k = 0; k < blocks[j].predecessors_count; k++) {
 					zend_worklist_push(&work, cfg->predecessors[blocks[j].predecessor_offset + k]);
--- a/ext/opcache/tests/jit/bug80959.phpt
+++ b/ext/opcache/tests/jit/bug80959.phpt
@ -0,0 +1,31 @@
+--TEST--
+Bug #80959: infinite loop in building cfg during JIT compilation
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.jit_buffer_size=1M
+opcache.jit=tracing
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+function test($a, $b) {
+    echo "Start\n";
+    $i = $j = 0;
+    do {
+        $i++;
+        try {
+           continue;
+        } catch (Exception $e) {
+        }
+        do {
+           $j++;
+        } while ($j < $b);
+    } while ($i < $a);
+    echo "Done $i $j\n";
+}
+test(5, 6);
+?>
+--EXPECT--
+Start
+Done 5 0