Improve fix for bug #75687

Adding an (incorrect) UNDEF here may cause subsequent narrowing in other places. Instead, let's try to handle this edge-case once for all instructions...
php · Dec 16, 2017 · 8a45323 · 8a45323
1 parent f01d5fa
commit 8a45323
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/ext/opcache/Optimizer/zend_inference.c b/ext/opcache/Optimizer/zend_inference.c
@@ -2154,6 +2154,24 @@ static int zend_update_type_info(const zend_op_array *op_array,
 	t1 = OP1_INFO();
 	t2 = OP2_INFO();
 
+	/* If one of the operands cannot have any type, this means the operand derives from
+	 * unreachable code. Propagate the empty result early, so that that the following
+	 * code may assume that operands have at least one type. */
+	if (!(t1 & (MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_CLASS|MAY_BE_ERROR))
+			|| !(t2 & (MAY_BE_ANY|MAY_BE_UNDEF|MAY_BE_CLASS|MAY_BE_ERROR))) {
+		tmp = 0;
+		if (ssa_ops[i].result_def >= 0) {
+			UPDATE_SSA_TYPE(tmp, ssa_ops[i].result_def);
+		} 
+		if (ssa_ops[i].op1_def >= 0) { 
+			UPDATE_SSA_TYPE(tmp, ssa_ops[i].op1_def);
+		} 
+		if (ssa_ops[i].op2_def >= 0) { 
+			UPDATE_SSA_TYPE(tmp, ssa_ops[i].op2_def);
+		} 
+		return 1;
+	} 
+
 	switch (opline->opcode) {
 		case ZEND_ADD:
 		case ZEND_SUB:
@@ -3338,9 +3356,6 @@ int zend_infer_types_ex(const zend_op_array *op_array, const zend_script *script
 							/* Ignore the constraint (either ce instanceof constraint->ce or
 							 * they are unrelated, as far as we can statically determine) */
 						}
-					} else if ((tmp & MAY_BE_ANY) == 0) {
-						/* FIXME: usage in unreachable block */
-						tmp |= MAY_BE_UNDEF;
 					}
 				}