Skip to content

Commit

Permalink
Merge branch 'PHP-8.2' into PHP-8.3
Browse files Browse the repository at this point in the history 
* PHP-8.2:
  Fixed phpGH-12382: JIT Index invalid or out of range error
  • Loading branch information
@dstogov
dstogov committed Oct 9, 2023
2 parents d3273c1 + b38c57b commit 9e1e1bc
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 7 deletions.
44 changes: 37 additions & 7 deletions ext/opcache/jit/zend_jit_x86.dasc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4408,6 +4408,7 @@ static int zend_jit_math_long_long(dasm_State **Dst,
uint32_t res_use_info,
int may_overflow)
{
bool must_set_cflags = 0;
bool same_ops = zend_jit_same_addr(op1_addr, op2_addr);
zend_reg result_reg;
zend_reg tmp_reg = ZREG_R0;
Expand All @@ -4430,34 +4431,63 @@ static int zend_jit_math_long_long(dasm_State **Dst,
tmp_reg = ZREG_FCARG1;
}

if (may_overflow) {
must_set_cflags = 1;
} else {
const zend_op *next_opline = opline + 1;

if (next_opline->opcode == ZEND_IS_EQUAL ||
next_opline->opcode == ZEND_IS_NOT_EQUAL ||
next_opline->opcode == ZEND_IS_SMALLER ||
next_opline->opcode == ZEND_IS_SMALLER_OR_EQUAL ||
next_opline->opcode == ZEND_CASE ||
next_opline->opcode == ZEND_IS_IDENTICAL ||
next_opline->opcode == ZEND_IS_NOT_IDENTICAL ||
next_opline->opcode == ZEND_CASE_STRICT) {
if (next_opline->op1_type == IS_CONST
&& Z_TYPE_P(RT_CONSTANT(next_opline, next_opline->op1)) == IS_LONG
&& Z_LVAL_P(RT_CONSTANT(next_opline, next_opline->op1)) == 0
&& next_opline->op2_type == opline->result_type
&& next_opline->op2.var == opline->result.var) {
must_set_cflags = 1;
} else if (next_opline->op2_type == IS_CONST
&& Z_TYPE_P(RT_CONSTANT(next_opline, next_opline->op2)) == IS_LONG
&& Z_LVAL_P(RT_CONSTANT(next_opline, next_opline->op2)) == 0
&& next_opline->op2_type == opline->result_type
&& next_opline->op2.var == opline->result.var) {
must_set_cflags = 1;
}
}
}

if (opcode == ZEND_MUL &&
Z_MODE(op2_addr) == IS_CONST_ZVAL &&
Z_LVAL_P(Z_ZV(op2_addr)) == 2) {
if (Z_MODE(op1_addr) == IS_REG && !may_overflow) {
if (Z_MODE(op1_addr) == IS_REG && !must_set_cflags) {
| lea Ra(result_reg), [Ra(Z_REG(op1_addr))+Ra(Z_REG(op1_addr))]
} else {
| GET_ZVAL_LVAL result_reg, op1_addr
| add Ra(result_reg), Ra(result_reg)
}
} else if (opcode == ZEND_MUL &&
Z_MODE(op2_addr) == IS_CONST_ZVAL &&
!may_overflow &&
!must_set_cflags &&
Z_LVAL_P(Z_ZV(op2_addr)) > 0 &&
zend_long_is_power_of_two(Z_LVAL_P(Z_ZV(op2_addr)))) {
| GET_ZVAL_LVAL result_reg, op1_addr
| shl Ra(result_reg), zend_long_floor_log2(Z_LVAL_P(Z_ZV(op2_addr)))
} else if (opcode == ZEND_MUL &&
Z_MODE(op1_addr) == IS_CONST_ZVAL &&
Z_LVAL_P(Z_ZV(op1_addr)) == 2) {
if (Z_MODE(op2_addr) == IS_REG && !may_overflow) {
if (Z_MODE(op2_addr) == IS_REG && !must_set_cflags) {
| lea Ra(result_reg), [Ra(Z_REG(op2_addr))+Ra(Z_REG(op2_addr))]
} else {
| GET_ZVAL_LVAL result_reg, op2_addr
| add Ra(result_reg), Ra(result_reg)
}
} else if (opcode == ZEND_MUL &&
Z_MODE(op1_addr) == IS_CONST_ZVAL &&
!may_overflow &&
!must_set_cflags &&
Z_LVAL_P(Z_ZV(op1_addr)) > 0 &&
zend_long_is_power_of_two(Z_LVAL_P(Z_ZV(op1_addr)))) {
| GET_ZVAL_LVAL result_reg, op2_addr
Expand All @@ -4468,19 +4498,19 @@ static int zend_jit_math_long_long(dasm_State **Dst,
| GET_ZVAL_LVAL result_reg, op1_addr
| shr Ra(result_reg), zend_long_floor_log2(Z_LVAL_P(Z_ZV(op2_addr)))
} else if (opcode == ZEND_ADD &&
!may_overflow &&
!must_set_cflags &&
Z_MODE(op1_addr) == IS_REG &&
Z_MODE(op2_addr) == IS_CONST_ZVAL &&
IS_SIGNED_32BIT(Z_LVAL_P(Z_ZV(op2_addr)))) {
| lea Ra(result_reg), [Ra(Z_REG(op1_addr))+Z_LVAL_P(Z_ZV(op2_addr))]
} else if (opcode == ZEND_ADD &&
!may_overflow &&
!must_set_cflags &&
Z_MODE(op2_addr) == IS_REG &&
Z_MODE(op1_addr) == IS_CONST_ZVAL &&
IS_SIGNED_32BIT(Z_LVAL_P(Z_ZV(op1_addr)))) {
| lea Ra(result_reg), [Ra(Z_REG(op2_addr))+Z_LVAL_P(Z_ZV(op1_addr))]
} else if (opcode == ZEND_SUB &&
!may_overflow &&
!must_set_cflags &&
Z_MODE(op1_addr) == IS_REG &&
Z_MODE(op2_addr) == IS_CONST_ZVAL &&
IS_SIGNED_32BIT(-Z_LVAL_P(Z_ZV(op2_addr)))) {
Expand Down
39 changes: 39 additions & 0 deletions ext/opcache/tests/jit/gh12382.phpt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
--TEST--
GH-12382: JIT Index invalid or out of range error
--INI--
opcache.enable=1
opcache.enable_cli=1
--FILE--
<?php
function applyMaskPenaltyRule3(SplFixedArray $array) : void
{
for ($y = 0; $y < 21; ++$y) {
for ($x = 0; $x < 21; ++$x) {
if (
(
$x + 10 < 21
&& 0 === $array[$y][$x + 7]
)
|| (
$x - 4 >= 0
&& 0 === $array[$y][$x - 1]
)
) {
}
}
}
}

$matrix = SplFixedArray::fromArray(
array_map(
fn (array $arr): SplFixedArray => SplFixedArray::fromArray($arr),
[[1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, ], [1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, ], [1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, ], [1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, ], [1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, ], [1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, ], [1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, ], [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ], [0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, ], [0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, ], [0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, ], [1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, ], [1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, ], [0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, ], [1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, ], [1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, ], [1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, ], [1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, ], [1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, ], [1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, ], [1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, ], ]
)
);

applyMaskPenaltyRule3($matrix);
applyMaskPenaltyRule3($matrix);
?>
DONE
--EXPECT--
DONE

0 comments on commit 9e1e1bc

Please sign in to comment.