From 6666cc83c53c2e83a100890838b5f6246bf3eb25 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Wed, 18 Dec 2024 15:38:49 +0100 Subject: [PATCH] Fix RC inference of op1 of FETCH_OBJ and INIT_METHOD_CALL Fixes GH-17151 Closes GH-17152 --- NEWS | 2 ++ Zend/Optimizer/zend_inference.c | 4 ++++ ext/opcache/jit/zend_jit_ir.c | 1 + 3 files changed, 7 insertions(+) diff --git a/NEWS b/NEWS index bb783c7018c..83a3337c652 100644 --- a/NEWS +++ b/NEWS @@ -51,6 +51,8 @@ PHP NEWS . opcache_get_configuration() properly reports jit_prof_threshold. (cmb) . Fixed bug GH-17140 (Assertion failure in JIT trace exit with ZEND_FETCH_DIM_FUNC_ARG). (nielsdos, Dmitry) + . Fixed bug GH-17151 (Incorrect RC inference of op1 of FETCH_OBJ and + INIT_METHOD_CALL). (Dmitry, ilutov) - PCNTL: . Fix memory leak in cleanup code of pcntl_exec() when a non stringable diff --git a/Zend/Optimizer/zend_inference.c b/Zend/Optimizer/zend_inference.c index 71692388931..fc6b9b421b6 100644 --- a/Zend/Optimizer/zend_inference.c +++ b/Zend/Optimizer/zend_inference.c @@ -1968,6 +1968,10 @@ static uint32_t get_ssa_alias_types(zend_ssa_alias_kind alias) { /* TODO: support for array keys and ($str . "")*/ \ __type |= MAY_BE_RCN; \ } \ + if ((__type & MAY_BE_RC1) && (__type & MAY_BE_OBJECT)) {\ + /* TODO: object may be captured by magic handlers */\ + __type |= MAY_BE_RCN; \ + } \ if (__ssa_var->alias) { \ __type |= get_ssa_alias_types(__ssa_var->alias); \ } \ diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c index 843d3ae90d8..5661fec934f 100644 --- a/ext/opcache/jit/zend_jit_ir.c +++ b/ext/opcache/jit/zend_jit_ir.c @@ -14426,6 +14426,7 @@ result_fetched: ir_MERGE_list(slow_inputs); jit_SET_EX_OPLINE(jit, opline); + op1_info |= MAY_BE_RC1 | MAY_BE_RCN; /* object may be captured/released in magic handler */ if (opline->opcode == ZEND_FETCH_OBJ_W) { ir_CALL_1(IR_VOID, ir_CONST_FC_FUNC(zend_jit_fetch_obj_w_slow), obj_ref); ir_END_list(end_inputs);