Fixed Bug #80959 (infinite loop in building cfg during JIT compilation)

php · Jul 21, 2021 · a9991fb · a9991fb
1 parent a089386
commit a9991fb
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 0 deletions.
diff --git a/NEWS b/NEWS
@@ -20,6 +20,8 @@ PHP                                                                        NEWS
     Nikita)
   . Fixed bug #81272 (Segfault in var[] after array_slice with JIT). (Nikita)
   . Fixed Bug #81255 (Memory leak in PHPUnit with functional JIT). (Dmitry)
+  . Fixed Bug #80959 (infinite loop in building cfg during JIT compilation)
+    (Nikita, Dmitry)
 
 - Standard:
   . Fixed bug #72146 (Integer overflow on substr_replace). (cmb)

diff --git a/ext/opcache/Optimizer/zend_cfg.c b/ext/opcache/Optimizer/zend_cfg.c
@@ -890,6 +890,10 @@ int zend_cfg_identify_loops(const zend_op_array *op_array, zend_cfg *cfg) /* {{{
 				j = blocks[j].loop_header;
 			}
 			if (j != i) {
+				if (blocks[j].idom < 0 && j != 0) {
+					/* Ignore blocks that are unreachable or only abnormally reachable. */
+					continue;
+				}
 				blocks[j].loop_header = i;
 				for (k = 0; k < blocks[j].predecessors_count; k++) {
 					zend_worklist_push(&work, cfg->predecessors[blocks[j].predecessor_offset + k]);

diff --git a/ext/opcache/tests/jit/bug80959.phpt b/ext/opcache/tests/jit/bug80959.phpt
@@ -0,0 +1,31 @@
+--TEST--
+Bug #80959: infinite loop in building cfg during JIT compilation
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.jit_buffer_size=1M
+opcache.jit=tracing
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+function test($a, $b) {
+    echo "Start\n";
+    $i = $j = 0;
+    do {
+        $i++;
+        try {
+           continue;
+        } catch (Exception $e) {
+        }
+        do {
+           $j++;
+        } while ($j < $b);
+    } while ($i < $a);
+    echo "Done $i $j\n";
+}
+test(5, 6);
+?>
+--EXPECT--
+Start
+Done 5 0