c0bb238483
Fixed reference counting inference
...
Fixes oss-fuzz #46084
2022-04-04 15:34:02 +03:00
2b7431cf5b
Fix memory leak
...
Fixed oss-fuzz #45535
2022-03-14 12:57:37 +03:00
151d2ac5ae
Fixed memory leak
...
Fixes oss-fuzz #45191
2022-03-11 11:32:23 +03:00
78c7289f69
Fixed incorrect DCE for FREE
...
Fixes oss-fuzz #44863
2022-02-28 11:44:22 +03:00
ef80dcb80b
Fix GH-8074: Wrong type inference of range() result
...
If either the first or second operand of `range()` may be a string, we
must not exclude the possibility that the result may be an array of
longs.
Closes GH-8131.
2022-02-22 10:14:54 +01:00
7434909dc6
Fix type inference
...
Fixes oss-fuzz #44407
2022-02-11 13:03:36 +03:00
965dafe3e1
Fix too aggressive DCE that leads to memory leak
...
Fixes oss-fuzz #43738
2022-01-28 12:17:46 +03:00
1f58365438
Fix type inference
...
Fixes oss-fuzz #43367
2022-01-10 21:53:35 +03:00
698ac23711
Fixed NAN handling in SCCP
...
Fixes oss-fuzz #43341
2022-01-10 19:39:19 +03:00
b80d30d821
Fix type inference for assign to string offset with invalid index.
...
Fixes oss-fuzz #43277
2022-01-10 16:03:54 +03:00
de358f856f
Fix reference contig inference
...
Fixes oss-fuzz #43032
2021-12-28 09:57:03 +03:00
2b81156f2a
Fix memory leak in SCCP
...
Fixes oss-fuzz #42878
2021-12-24 13:10:22 +03:00
e004e844f7
Fix incorrect optimization of ASSIGN_OP that may lead to memory leak
...
Fixes oss-fuzz #42506
2021-12-20 15:06:32 +03:00
f18bb2477f
Fix type inference for INIT_ARRAY with invalid index
...
Fixes oss-fuzz #42568
2021-12-20 11:40:11 +03:00
230de7721f
Fix incorrect optimization that leads to memory leak
...
Fixes oss-fuzz #42221
2021-12-13 13:08:05 +03:00
0b3a937670
Fix GH-7759: Incorrect return types for hash() and hash_hmac()
...
`hash()` and `hash_hmac()` never return `false`; only `hash_file()` and
`hash_hmac_file()` return `false` in case the data cannot be read.
Closes GH-7760.
2021-12-12 15:39:55 +01:00
6f42c073cf
Remove range inference for booleans.
...
Range inference for bolleans and longs comparison was incorrect.
Fizes oss-fuzz #fuzz-42161.php
2021-12-10 14:32:47 +03:00
0ac3d78d7d
Fix incorrect JMP optimization
...
Fixes oss-fuzz #42155
2021-12-10 01:39:28 +03:00
7b629afe4e
Fixed incorrect DCE of a constructor call
...
Fixez oss-fuzz #42049
2021-12-06 15:59:30 +03:00
aa7280264e
Fix refcount inferemce ($a += $a returns old array with RCN)
...
Fixes oss-fuzz #41670
2021-12-06 11:30:03 +03:00
c1036194d6
JIT: Fix incorrect reference counting inference
...
Fixes oss-fuzz #40747
2021-11-30 12:58:54 +03:00
86430e8e01
Fixed type inference (it's safe to ignore reference counting narrowing)
2021-11-29 23:32:52 +03:00
aff115547f
JIT: Fix exception handling when next array element is already occupied
...
Fixes oss-fuzz #41408
2021-11-29 21:44:00 +03:00
297117bbc5
Disable type narrowing optimization when we contruct SSA for JIT
...
This also revets incorrect fix introduced in f9518c3850
2021-11-29 15:51:54 +03:00
f9518c3850
Fixed incorrect narrowing to double
...
Fixes oss-fuzz #41223
2021-11-25 15:14:04 +03:00
3c53a9fd73
Fixed incorrect refcountion inference for BW_NOT
...
BW_NOT for emtpy string returns empty string
Fixes oss-fuzz #41280
2021-11-25 13:51:56 +03:00
f302430c72
Fixed incorrect DCE for ADD_ARRAY_ELEMENT instruction
...
DCE might remove INIT_ARRAY instruction but then keep the related
ADD_ARRAY_ELEMENT, becuse its both operands need to be freed.
Fixes oss-fuzz #41309
2021-11-25 13:33:26 +03:00
be271f277e
Fix bug #81652
...
We need to check not only for defs but also for uses of the
variable.
2021-11-24 15:18:31 +01:00
292d76d8a4
JIT: Fixed reference-counting inference
2021-11-15 10:39:58 +03:00
535a0553e8
Fixed incorrect reference counter inference
2021-11-08 20:54:17 +03:00
53df29bc29
Drop pi nodes for both old/new pred in replace_predecessor
...
We also need to drop pi nodes for new_pred here, as the pi node
restriction for new_pred is not necessarily true for control
coming from old_pred as well.
Fixes oss-fuzz #40782 .
2021-11-08 14:56:42 +01:00
66d93c63ff
Fixed type inference for FETCH_DIM_W without use
2021-11-03 19:44:38 +03:00
5c43e0c0ee
Fixed incorrect assumption about reference counting
2021-11-01 20:28:05 +03:00
2e29817005
Handle FETCH_DIM_R after FETCH_DIM_FUNC_ARG in inference
...
This can happen if a call is optimized, but FETCH_DIM_FUNC_ARG
cannot be converted to FETCH_DIM_R because it uses an UNUSED op2,
which is not supported by FETCH_DIM_R.
Fixes oss-fuzz 6144185837682688.
2021-11-01 14:26:36 +01:00
f8ec5a1d4c
Fix range inference hang
...
We shouldn't switch from range to no range for ZEND_DIV and instead
explicitly return an overflowing range. Otherwise the range will
not actually get updated during widening, and we'll perform
essentially infinite narrowing.
Fixes oss-fuzz #40566 .
2021-11-01 12:31:34 +01:00
6bd5271c62
Fixed incorrect optimization that may cause JIT assertion
2021-10-18 23:18:52 +03:00
9ebe8494b8
Don't replace tmp with cv in YIELD argument
...
For by-ref generators, these may have different behavior.
Fixes oss-fuzz 6059739298004992.
2021-10-12 14:26:53 +02:00
a4c41d45cd
Fixed type inference for COPY_TMP
2021-10-11 16:56:07 +03:00
ed8ec9d71e
Fixed type inference (ASSIGN_OP with typed reference may cause type conversion)
2021-10-11 10:48:49 +03:00
22ef1fb832
Fixed SSA construction
2021-10-05 16:14:39 +03:00
c958adce70
POST_INC_OBJ/POST_DEC_OBJ don't have optional result
...
Possibly we should be encoding this in the opcode metadata, rather
than maintaining a separate list.
Fixes oss-fuzz #39503 .
2021-10-05 12:05:39 +02:00
d0860f67ca
Fix cache slot assignment for ASSIGN_OBJ_OP
...
ASSIGN_OBJ_OP stores the cache slot in OP_DATA, so this ended up
overwriting the binop opcode instread.
2021-09-30 14:34:12 +02:00
1bb7ee3207
Fix ASSIGN_DIM result inference with typed refs
...
Same issue as with ASSIGN. Also make the handling for ASSIGN more
precise, we can only have conversions between scalar values.
2021-09-28 14:14:01 +02:00
cdc05eba61
Remove outdated code in ASSIGN_DIM type inference
...
All of these cases throw an exception now rather than returning
null.
2021-09-28 14:14:00 +02:00
d8c2ff6486
Fix type inference and SCCP with typed references
...
We can't assume that the return value will be the same as the RHS
if typed references are involved.
2021-09-28 12:59:00 +02:00
17d6efc729
Fix block marking for two arm math
...
This would end up taking the successors_count=2 case, even though
we need to treat SWITCH and MATCH differently. This incorrectly
marked a block as FOLLOW, resulting in incorrect block pass
optimization.
Fixes oss-fuzz #39380 .
2021-09-28 10:37:54 +02:00
7d483418e2
Fix relative offsets when copying JMPZNZ
...
This was doing a plain copy of JMPZNZ, even though it encodes
offsets relative to the opline. As such, the offsets would be
relative to target, while they should be relative to opline.
Fix this by recomputing them.
Fixes oss-fuzz #39295 .
2021-09-27 16:18:40 +02:00
823888c472
Start block at loop var free
...
This ensures that code directly before the loop var free is
separated out (and will generally be eliminated as unreachable).
This fixes some assumptions we have that unreachable loop var free
blocks start with the loop var free.
Fixes oss-fuzz #39395 .
2021-09-27 11:56:37 +02:00
ddf8910237
Fix DCE of unreachable phi in cycle
...
We can't remove a trivial phi of the form x = phi(x), because we
don't have a replacement value. We could drop the whole block
though. SCCP would normally do this, but in this particular case
we only determine non-reachability based on type information.
Fixes oss-fuzz #39316 .
2021-09-27 11:26:31 +02:00
038bc27787
Handle pi nodes in replace_predecessor
...
If we're removing a predecessor because it already exists during
replacement, we should also drop pi nodes for that predecessor.
Fixes oss-fuzz #39276 .
2021-09-27 10:47:47 +02:00
Dmitry Stogov