Skip to content

Commit

Permalink
Fix incorrect register allocation
Browse files Browse the repository at this point in the history 
Fixes oss-fuzz #44006
  • Loading branch information
@dstogov
dstogov committed Jan 28, 2022
1 parent 965dafe commit f711c96
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 4 deletions.
8 changes: 6 additions & 2 deletions ext/opcache/jit/zend_jit.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1394,13 +1394,17 @@ static int zend_jit_compute_liveness(const zend_op_array *op_array, zend_ssa *ss
if (ssa->ops[line].op1_use >= 0 &&
intervals[ssa->ops[line].op1_use] &&
ssa->ops[line].op1_use_chain < 0 &&
!ssa->vars[ssa->ops[line].op1_use].phi_use_chain) {
!ssa->vars[ssa->ops[line].op1_use].phi_use_chain &&
(ssa->var_info[i].type & MAY_BE_ANY) ==
(ssa->var_info[ssa->ops[line].op1_use].type & MAY_BE_ANY)) {
zend_jit_add_hint(intervals, i, ssa->ops[line].op1_use);
} else if (opline->opcode != ZEND_SUB &&
ssa->ops[line].op2_use >= 0 &&
intervals[ssa->ops[line].op2_use] &&
ssa->ops[line].op2_use_chain < 0 &&
!ssa->vars[ssa->ops[line].op2_use].phi_use_chain) {
!ssa->vars[ssa->ops[line].op2_use].phi_use_chain &&
(ssa->var_info[i].type & MAY_BE_ANY) ==
(ssa->var_info[ssa->ops[line].op2_use].type & MAY_BE_ANY)) {
zend_jit_add_hint(intervals, i, ssa->ops[line].op2_use);
}
}
Expand Down
8 changes: 6 additions & 2 deletions ext/opcache/jit/zend_jit_trace.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2945,7 +2945,9 @@ static zend_lifetime_interval** zend_jit_trace_allocate_registers(zend_jit_trace
if (ssa->ops[line].op1_use >= 0 &&
intervals[ssa->ops[line].op1_use] &&
ssa->ops[line].op1_use_chain < 0 &&
!ssa->vars[ssa->ops[line].op1_use].phi_use_chain) {
!ssa->vars[ssa->ops[line].op1_use].phi_use_chain &&
(ssa->var_info[i].type & MAY_BE_ANY) ==
(ssa->var_info[ssa->ops[line].op1_use].type & MAY_BE_ANY)) {

zend_ssa_phi *phi = ssa->vars[ssa->ops[line].op1_use].definition_phi;
if (phi &&
Expand All @@ -2958,7 +2960,9 @@ static zend_lifetime_interval** zend_jit_trace_allocate_registers(zend_jit_trace
ssa->ops[line].op2_use >= 0 &&
intervals[ssa->ops[line].op2_use] &&
ssa->ops[line].op2_use_chain < 0 &&
!ssa->vars[ssa->ops[line].op2_use].phi_use_chain) {
!ssa->vars[ssa->ops[line].op2_use].phi_use_chain &&
(ssa->var_info[i].type & MAY_BE_ANY) ==
(ssa->var_info[ssa->ops[line].op2_use].type & MAY_BE_ANY)) {

zend_ssa_phi *phi = ssa->vars[ssa->ops[line].op2_use].definition_phi;
if (phi &&
Expand Down
20 changes: 20 additions & 0 deletions ext/opcache/tests/jit/add_013.phpt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
--TEST--
JIT ADD: 013 register allocation (incorrect hinting)
--INI--
opcache.enable=1
opcache.enable_cli=1
opcache.file_update_protection=0
opcache.jit_buffer_size=1M
--FILE--
<?php
function y(){
$j = 2;
for (; $a = $j - 7 + $y = $a - 7; $a = $a + 1 / 3) {
$j++;
if ($j > 4) break;
}
}

This comment has been minimized.

Sign in to view

Copy link
@KsaR99

KsaR99 Jan 28, 2022
edited

Contributor

y(); is expected to be missed?

  • Just guessing, all other tests have a fnc. call.

This comment has been minimized.

Sign in to view

Copy link
@dstogov

dstogov Jan 31, 2022

Author Member

It's OK. The assertion was triggered during compilation of this function.
?>
DONE
--EXPECT--
DONE

0 comments on commit f711c96

Please sign in to comment.