From 2940839d280d307fd1e8a06aefbd1fb31f1d3242 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Wed, 22 Jul 2020 13:01:11 +0300
Subject: [PATCH] Prevent incorrect trasing JIT TSSA usage for range() result
 type inference

---
 ext/opcache/Optimizer/zend_func_info.c | 4 +++-
 ext/opcache/Optimizer/zend_func_info.h | 3 ++-
 ext/opcache/jit/zend_jit_trace.c       | 1 +
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ext/opcache/Optimizer/zend_func_info.c b/ext/opcache/Optimizer/zend_func_info.c
index 94a161a136..fb822910a2 100644
--- a/ext/opcache/Optimizer/zend_func_info.c
+++ b/ext/opcache/Optimizer/zend_func_info.c
@@ -55,7 +55,9 @@ typedef struct _func_info_t {
 static uint32_t zend_range_info(const zend_call_info *call_info, const zend_ssa *ssa)
 {
 	if (!call_info->send_unpack
-	 && (call_info->num_args == 2 || call_info->num_args == 3)) {
+	 && (call_info->num_args == 2 || call_info->num_args == 3)
+	 && ssa
+	 && !(ssa->cfg.flags & ZEND_SSA_TSSA)) {
 		zend_op_array *op_array = call_info->caller_op_array;
 		uint32_t t1 = _ssa_op1_info(op_array, ssa, call_info->arg_info[0].opline,
 			&ssa->ops[call_info->arg_info[0].opline - op_array->opcodes]);
diff --git a/ext/opcache/Optimizer/zend_func_info.h b/ext/opcache/Optimizer/zend_func_info.h
index 9599c29fa1..97f60ad37e 100644
--- a/ext/opcache/Optimizer/zend_func_info.h
+++ b/ext/opcache/Optimizer/zend_func_info.h
@@ -21,7 +21,7 @@
 
 #include "zend_ssa.h"
 
-/* func flags */
+/* func/cfg flags */
 #define ZEND_FUNC_INDIRECT_VAR_ACCESS      (1<<0)  /* accesses variables by name  */
 #define ZEND_FUNC_HAS_CALLS                (1<<1)
 #define ZEND_FUNC_VARARG                   (1<<2)  /* uses func_get_args()        */
@@ -33,6 +33,7 @@
 #define ZEND_FUNC_RECURSIVE_INDIRECTLY     (1<<9)
 #define ZEND_FUNC_HAS_EXTENDED_FCALL       (1<<10)
 #define ZEND_FUNC_HAS_EXTENDED_STMT        (1<<11)
+#define ZEND_SSA_TSSA                      (1<<12) /* used by tracing JIT */
 
 typedef struct _zend_func_info zend_func_info;
 typedef struct _zend_call_info zend_call_info;
diff --git a/ext/opcache/jit/zend_jit_trace.c b/ext/opcache/jit/zend_jit_trace.c
index 7a52c78d76..b29a40916a 100644
--- a/ext/opcache/jit/zend_jit_trace.c
+++ b/ext/opcache/jit/zend_jit_trace.c
@@ -1060,6 +1060,7 @@ static zend_ssa *zend_jit_trace_build_tssa(zend_jit_trace_rec *trace_buffer, uin
 
 	/* 2. Construct TSSA */
 	tssa = zend_arena_calloc(&CG(arena), 1, sizeof(zend_tssa));
+	tssa->cfg.flags = ZEND_SSA_TSSA;
 	tssa->cfg.blocks = zend_arena_calloc(&CG(arena), 2, sizeof(zend_basic_block));
 	tssa->blocks = zend_arena_calloc(&CG(arena), 2, sizeof(zend_ssa_block));
 	tssa->cfg.predecessors = zend_arena_calloc(&CG(arena), 2, sizeof(int));
-- 
2.40.0