512dfaba3a
JIT: Fixed incorrect named parameter handling
2021-09-30 14:51:43 +03:00
4b31cb3eb8
JIT: Fixed memory leak
2021-09-30 13:01:56 +03:00
7710047ed1
JIT x86: Fixed NaN handling
2021-09-28 23:49:26 +03:00
97b5eeeb6c
Fix leak with ASSIGN_OBJ on null
...
We still need to free op1 in this case.
Fixes oss-fuzz 5782176231194624 (part of #38542 ).
2021-09-28 16:33:11 +02:00
17b127a84f
JIT: Fixed result when assigning to typed reference
2021-09-28 14:19:23 +03:00
fe1633f010
Undef result if undef dim warning promoted to exception
...
Fixes oss-fuzz #39278 .
2021-09-28 11:35:53 +02:00
f381079398
Check exception after QM_ASSIGN of undef var
...
While most other exceptions aren't possible when QM_ASSIGN is used
instead of ASSIGN, we still have to watch out for an undef var
notice being promoted to an exception.
2021-09-28 10:58:20 +02:00
9ce388b41b
JIT: Fixed missed zval type initialization
2021-09-27 20:05:50 +03:00
983a4fc4a3
Fix ASSIGN_STATIC_PROP_REF type inference
...
We were not inferring anything for the ASSIGN_STATIC_PROP_REF
result type at all, leaving it as an empty type. In the test
case this results in a live range being incorrectly eliminated,
but this could break in all kinds of other ways as well..
2021-09-22 15:55:25 +02:00
770879702a
Fix JIT typed property inc/dec
...
This was leaking memory for pre-inc/dec of a refcounted typed
property if the result was not used.
The code to do this was unnecessarily complicated, we can base
this on the zend_jit_inc/dec_typed_prop() helper and copy to the
result afterwards.
2021-09-22 15:32:19 +02:00
e588f24276
Fixed type inference
2021-09-22 15:30:30 +03:00
7a93a8a6fd
JIT: Fixed JIT for FETCH_OBJ when op1 is a reference of non-object
2021-09-22 14:52:25 +03:00
19854371ed
Tracing JIT: Fixed bug in register allocator.
...
Type of variable might need to be checked (using type guard) before loading to register.
2021-09-22 00:43:56 +03:00
61445248cb
Don't unconditionally add array value type for undef
...
We have an invariant that an array value type is set if and only
if an array key type is set, which is violated for the case of
undef values for always invalid keys.
2021-09-21 14:54:16 +02:00
f4bcf8c393
Check for undef var in typed property assignment
...
Without this check the assignment would actually silently succeed,
not just skip the warning.
2021-09-21 14:09:26 +02:00
95e0cc06a2
Fix missing undef checks for comparisons
2021-09-21 12:06:32 +02:00
f0f774a129
JIT x86: Fixed register clobbering in code produced for "$x[$y] %= $z".
2021-09-21 10:42:53 +03:00
1b33da5dd2
Don't replace values in unreachable code in sccp
...
While technically legal, this may cause unexpected situations
(in this example, setting an FE_FREE operand to constant null)
and is suboptimal anyway. It's better to preserve the vacuous type
and drop it later (though we currently don't implement this).
2021-09-20 13:12:26 +02:00
01cfd5e4f9
JIT: Fixed incorrect assignment of undefined variable
2021-09-17 18:35:55 +03:00
a49a309386
Fix FETCH_OBJ_IS type inference
...
Even if the property is typed, null is still a valid return
value in the BP_VAR_IS case. Other cases will throw instead.
2021-09-17 17:05:25 +02:00
04209de93c
JIT: Fixed warning when assign undefined variable to property
2021-09-17 16:22:06 +03:00
d46b10296e
Don't jit FE_RESET_R with undef operand
...
The implementation currently assumes that the operand is always
an array, but this did not account for a possibly undef operand.
2021-09-17 12:04:21 +02:00
5e3eaf14fe
JIT: Fixed memory leak in BOOL_NOT when opearnd ia a reference to bool
2021-09-16 17:18:51 +03:00
83f283f5ea
Undef result on throwing typed reference assignment
2021-09-16 15:48:10 +02:00
4c8093a9f1
Don't const evaluate increment of array in SCCP
2021-09-16 14:43:08 +02:00
1548418461
Fix may_throw for ASSIGN_OBJ
...
The code did not account for a number of possible exceptions.
2021-09-16 12:46:53 +02:00
7257e7e5aa
Handle SWITCH_STRING with optimized away FREE
...
This can happen in degenerate cases where we know that the
SWITCH_STRING argument is not refcounted. We should be treating it
in the same way as SWITCH_LONG here.
2021-09-16 11:31:06 +02:00
6de8b08f60
Don't undef result operand if there is none
...
The mod_by_zero and negative_shift helper may also be used by
ASSIGN_OP, in which case there is not necessarily a result operand.
If the stars aligned just right, this used to clobber other parts
of the call frame.
For these two helpers, check whether the result_type is TMP/VAR
before setting to UNDEF:
2021-09-15 14:49:13 +02:00
3ee85ccd4a
Handle undef assignment to typed ref
2021-09-15 10:58:01 +02:00
10bbff8758
Fix JIT for recursive call with too few args
...
We may not generate labels for all leading RECVs. Don't generate
a direct jump if we have less arguments than required.
2021-09-14 15:15:14 +02:00
b610dce079
BIND_STATIC may throw
...
The evaluation of the initializer may throw. This could be refined
by checking whether the initializer is a constant AST. For now
just fix the miscompile.
2021-09-13 17:23:57 +02:00
e7663785a7
Handle undef value in assign_dim jit
...
We should report the undefined variable here and convert it to
null. Passing on undef is particularly insidious here, because
a write_dimension handler may insert it into a hash table
(observed with WeakMap).
2021-09-13 11:09:00 +02:00
8c3d33a054
Also make sure binary op operands can't be undef
...
Otherwise we will end up passing undef to xyz_function etc, which
is not permitted.
2021-09-09 15:08:08 +02:00
06275d940c
JIT: fixed MUL+SEND optimization when MUL throws an exception
2021-09-08 17:53:23 +03:00
e22fb46127
Save register before throwing undef var notice
...
Otherwise we may clobber it while throwing the undef var notice.
This makes the implementation for assign_dim_op line up with
fetch_dim.
2021-09-08 14:45:49 +02:00
b0e16f0e4f
Fix jump after zend_jit_invalid_property_assign()
...
This is supposed to go to the FREE_OP_DATA, currently it crashes.
2021-09-08 12:27:54 +02:00
47ccdecf00
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Fixed bug #81353
2021-08-16 15:04:57 +02:00
d1e956ff31
Fixed bug #81353
...
A user-defined error handler should not be invoked for preload
warnings. We are in a partially shut-down state at that point.
2021-08-16 15:04:17 +02:00
17b5fe13e2
Added test
2021-07-21 19:29:59 +03:00
a9991fbf28
Fixed Bug #80959 (infinite loop in building cfg during JIT compilation)
2021-07-21 14:32:44 +03:00
02acc5ad3b
Fixed Bug #81255 (Memory leak in PHPUnit with functional JIT)
2021-07-20 22:14:32 +03:00
051ff33660
Fix bug #81272 : Fix func info for functions returning EMPTY_ARRAY
...
The empty array has refcount > 1, so we should indicate this in
func info. In most cases this renders the func info redundant,
so drop it entirely.
2021-07-20 14:40:17 +02:00
c5d93aeee9
Fixed incorrec immediate encoding when using LEA optimization
2021-07-19 14:51:08 +03:00
c0e4932816
Fixed bug #81249 (Intermittent property assignment failure with JIT enabled)
2021-07-19 12:11:09 +03:00
ee981619ce
Skip test on 32-bit system
2021-07-19 10:49:43 +03:00
9cd437138e
Fixed bug #81225 (Wrong result with pow operator with JIT enabled)
2021-07-19 10:39:52 +03:00
df16fd149b
Fixed incorrect type inference for "(array)$null".
2021-06-17 13:03:09 +03:00
67cf04f791
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Mitigation for bug #81096
2021-06-10 10:54:21 +02:00
3f4bc94b00
Mitigation for bug #81096
...
This issue is properly fixed by GH-7121 on master. For older
branches, disable the use of range information in SCCP, to
reduce impact of potentially incorrect ranges.
2021-06-10 10:52:53 +02:00
ac65f6af6e
Fixed bug #81051 (Broken property type handling after incrementing reference)
2021-05-27 15:22:34 +03:00
Dmitry Stogov