Fixed bug #80786

Don't use r0 as temporary register in math_double_long if it is
already used for a memory result.

This was already done in one branch, but not the other.

diff --git a/NEWS b/NEWS
index 57409eb955efeaa710bb3b01c90724750f82f594..e3e8be870b5258ad6daf1c23c15831de22101260 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ PHP                                                                        NEWS
   . Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
     (cmb)
 
+- Opcache:
+  . Fixed bug #80786 (PHP crash using JIT). (Nikita)
+
 - Session:
   . Fixed bug #80774 (session_name() problem with backslash). (cmb)
 

diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
index ceaa2b9a5a9c89c89b218087ff820ce974ecc047..0df475e468a837c60b43ba6134797d21dd4c43fb 100644 (file)
--- a/ext/opcache/jit/zend_jit_x86.dasc
+++ b/ext/opcache/jit/zend_jit_x86.dasc
@@ -4428,7 +4428,14 @@ static int zend_jit_math_double_long(dasm_State    **Dst,
                                      zend_jit_addr   res_addr,
                                      uint32_t        res_use_info)
 {
-       zend_reg result_reg, tmp_reg;
+       zend_reg result_reg, tmp_reg_gp;
+
+       if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_R0) {
+               /* ASSIGN_DIM_OP */
+               tmp_reg_gp = ZREG_R1;
+       } else {
+               tmp_reg_gp = ZREG_R0;
+       }
 
        if (zend_is_commutative(opcode)
         && (Z_MODE(res_addr) != IS_REG || Z_MODE(op1_addr) != IS_REG || Z_REG(res_addr) != Z_REG(op1_addr))) {
@@ -4437,13 +4444,7 @@ static int zend_jit_math_double_long(dasm_State    **Dst,
                } else {
                        result_reg = ZREG_XMM0;
                }
-               if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_R0) {
-                       /* ASSIGN_DIM_OP */
-                       tmp_reg = ZREG_R1;
-               } else {
-                       tmp_reg = ZREG_R0;
-               }
-               |       SSE_GET_ZVAL_LVAL result_reg, op2_addr, tmp_reg
+               |       SSE_GET_ZVAL_LVAL result_reg, op2_addr, tmp_reg_gp
                if (Z_MODE(res_addr) == IS_MEM_ZVAL && Z_REG(res_addr) == ZREG_R0) {
                        /* ASSIGN_DIM_OP */
                        if (CAN_USE_AVX()) {
@@ -4485,7 +4486,7 @@ static int zend_jit_math_double_long(dasm_State    **Dst,
                         && Z_LVAL_P(Z_ZV(op2_addr)) == 0) {
                                /* +/- 0 */
                        } else {
-                               |       SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, ZREG_R0
+                               |       SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, tmp_reg_gp
                                |       AVX_MATH_REG opcode, result_reg, op1_reg, tmp_reg
                        }
                } else {
@@ -4495,7 +4496,7 @@ static int zend_jit_math_double_long(dasm_State    **Dst,
                         && Z_LVAL_P(Z_ZV(op2_addr)) == 0) {
                                /* +/- 0 */
                        } else {
-                               |       SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, ZREG_R0
+                               |       SSE_GET_ZVAL_LVAL tmp_reg, op2_addr, tmp_reg_gp
                                |       SSE_MATH_REG opcode, result_reg, tmp_reg
                        }
                }

diff --git a/ext/opcache/tests/jit/bug80786.phpt b/ext/opcache/tests/jit/bug80786.phpt
new file mode 100644 (file)
index 0000000..af46751
--- /dev/null
+++ b/ext/opcache/tests/jit/bug80786.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug #80786: PHP crash using JIT
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.jit_buffer_size=1M
+opcache.jit=function
+--FILE--
+<?php
+
+$a = new Test();
+$a->TestFunc();
+var_dump($a->value);
+
+class Test{
+       public $value = 11.3;
+
+       public function TestFunc() {
+               $this->value -= 10;
+       }
+}
+
+?>
+--EXPECT--
+float(1.3000000000000007)