diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-04-17 09:48:15 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-04-17 09:53:23 +0200 |
| commit | a1eaaa692e91fa28ee1ba050150547cd1317be87 (patch) | |
| tree | 60377f03ae8afed6f8c16e09e1403f6c84f959bc | |
| parent | 7a260a4a1c14ab193414b947fe8df93cdefa9d32 (diff) | |
| download | php-git-a1eaaa692e91fa28ee1ba050150547cd1317be87.tar.gz | |
Fix #79475: [JIT] func_get_args() assertion violation
`func_get_args()` may return `zend_empty_array`, which has refcount 2
to enforce separation. We have to cater to that during type inference
so that the optimization in the JIT macro `SEPARATE_ARRAY` doesn't
prevent the separation.
| -rw-r--r-- | ext/opcache/Optimizer/zend_func_info.c | 2 | ||||
| -rw-r--r-- | ext/opcache/Optimizer/zend_inference.c | 2 | ||||
| -rw-r--r-- | ext/opcache/tests/bug79475.phpt | 15 |
3 files changed, 17 insertions, 2 deletions
diff --git a/ext/opcache/Optimizer/zend_func_info.c b/ext/opcache/Optimizer/zend_func_info.c index 7cde2dd34f..c9c567ffbf 100644 --- a/ext/opcache/Optimizer/zend_func_info.c +++ b/ext/opcache/Optimizer/zend_func_info.c @@ -93,7 +93,7 @@ static const func_info_t func_infos[] = { /* zend */ F1("zend_version", MAY_BE_STRING), FN("func_get_arg", UNKNOWN_INFO), - F1("func_get_args", MAY_BE_FALSE | MAY_BE_ARRAY | MAY_BE_ARRAY_KEY_LONG | MAY_BE_ARRAY_OF_ANY), + FN("func_get_args", MAY_BE_FALSE | MAY_BE_ARRAY | MAY_BE_ARRAY_KEY_LONG | MAY_BE_ARRAY_OF_ANY), F1("get_class_vars", MAY_BE_FALSE | MAY_BE_ARRAY | MAY_BE_ARRAY_KEY_STRING | MAY_BE_ARRAY_OF_ANY | MAY_BE_ARRAY_OF_REF), FN("get_object_vars", MAY_BE_ARRAY | MAY_BE_ARRAY_KEY_ANY | MAY_BE_ARRAY_OF_ANY | MAY_BE_ARRAY_OF_REF), FN("get_mangled_object_vars", MAY_BE_ARRAY | MAY_BE_ARRAY_KEY_ANY | MAY_BE_ARRAY_OF_ANY | MAY_BE_ARRAY_OF_REF), diff --git a/ext/opcache/Optimizer/zend_inference.c b/ext/opcache/Optimizer/zend_inference.c index 8144185d07..f868f78265 100644 --- a/ext/opcache/Optimizer/zend_inference.c +++ b/ext/opcache/Optimizer/zend_inference.c @@ -3465,7 +3465,7 @@ static zend_always_inline int _zend_update_type_info( UPDATE_SSA_TYPE(MAY_BE_LONG, ssa_op->result_def); break; case ZEND_FUNC_GET_ARGS: - UPDATE_SSA_TYPE(MAY_BE_RC1| MAY_BE_ARRAY | MAY_BE_ARRAY_KEY_LONG | MAY_BE_ARRAY_OF_ANY, ssa_op->result_def); + UPDATE_SSA_TYPE(MAY_BE_RC1|MAY_BE_RCN| MAY_BE_ARRAY | MAY_BE_ARRAY_KEY_LONG | MAY_BE_ARRAY_OF_ANY, ssa_op->result_def); break; case ZEND_GET_CLASS: case ZEND_GET_CALLED_CLASS: diff --git a/ext/opcache/tests/bug79475.phpt b/ext/opcache/tests/bug79475.phpt new file mode 100644 index 0000000000..6f536c25f0 --- /dev/null +++ b/ext/opcache/tests/bug79475.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #79475 ([JIT] func_get_args() assertion violation) +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php +function foo() { + $args = func_get_args(); + $args[] = "bar"; +} +foo(); +echo "done\n"; +?> +--EXPECT-- +done |