summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ext/opcache/jit/zend_jit_x86.dasc21
-rw-r--r--ext/opcache/tests/jit/bug80786.phpt25
2 files changed, 36 insertions, 10 deletions
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
index 6c1b93df00..9fdc69a146 100644
--- a/ext/opcache/jit/zend_jit_x86.dasc
+++ b/ext/opcache/jit/zend_jit_x86.dasc
@@ -4428,7 +4428,14 @@ static int zend_jit_math_double_long(dasm_State **Dst,
zend_jit_addr res_addr,
uint32_t res_use_info)
{
- zend_reg result_reg, tmp_reg;
+ zend_reg result_reg, tmp_reg_gp;
+
+ if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_R0) {
+ /* ASSIGN_DIM_OP */
+ tmp_reg_gp = ZREG_R1;
+ } else {
+ tmp_reg_gp = ZREG_R0;
+ }
if (zend_is_commutative(opcode)
&& (Z_MODE(res_addr) != IS_REG || Z_MODE(op1_addr) != IS_REG || Z_REG(res_addr) != Z_REG(op1_addr))) {
@@ -4437,13 +4444,7 @@ static int zend_jit_math_double_long(dasm_State **Dst,
} else {
result_reg = ZREG_XMM0;
}
- if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_R0) {
- /* ASSIGN_DIM_OP */
- tmp_reg = ZREG_R1;
- } else {
- tmp_reg = ZREG_R0;
- }
- | SSE_GET_ZVAL_LVAL result_reg, op2_addr, tmp_reg
+ | SSE_GET_ZVAL_LVAL result_reg, op2_addr, tmp_reg_gp
if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_R0) {
/* ASSIGN_DIM_OP */
if (CAN_USE_AVX()) {
@@ -4485,7 +4486,7 @@ static int zend_jit_math_double_long(dasm_State **Dst,
&& Z_LVAL_P(Z_ZV(op2_addr)) == 0) {
/* +/- 0 */
} else {
- | SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, ZREG_R0
+ | SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, tmp_reg_gp
| AVX_MATH_REG opcode, result_reg, op1_reg, tmp_reg
}
} else {
@@ -4495,7 +4496,7 @@ static int zend_jit_math_double_long(dasm_State **Dst,
&& Z_LVAL_P(Z_ZV(op2_addr)) == 0) {
/* +/- 0 */
} else {
- | SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, ZREG_R0
+ | SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, tmp_reg_gp
| SSE_MATH_REG opcode, result_reg, tmp_reg
}
}
diff --git a/ext/opcache/tests/jit/bug80786.phpt b/ext/opcache/tests/jit/bug80786.phpt
new file mode 100644
index 0000000000..af4675111e
--- /dev/null
+++ b/ext/opcache/tests/jit/bug80786.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug #80786: PHP crash using JIT
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.jit_buffer_size=1M
+opcache.jit=function
+--FILE--
+<?php
+
+$a = new Test();
+$a->TestFunc();
+var_dump($a->value);
+
+class Test{
+ public $value = 11.3;
+
+ public function TestFunc() {
+ $this->value -= 10;
+ }
+}
+
+?>
+--EXPECT--
+float(1.3000000000000007)
View Lorry Controller Status