-
Notifications
You must be signed in to change notification settings - Fork 7.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Internal closure causes JIT failure #17307
Comments
Similar to the other issue with these bcmath loops, I can't reproduce this one either... |
My CPU is the Intel i7 14gen and my OS is Ubuntu. I use docker: https://hub.docker.com/layers/0599jiangyc/flowfusion/latest/images/sha256-ee8d6d8bbec99203c39f40042587d5d7eb5a17422ec160b7061f04c91af08301 I guess it is not ARM specific. |
I could not reproduce this even in the container.
I also tried ZTS, makes no difference for me. Also not all questions were answered: please share the configure line and stacktrace. |
Oh interesting, I am able to reproduce it in Valgrind, but not outside of it for some reason... |
Slightly reduced: <?php
$simple = new SimpleXMLElement("<root><a/><b/></root>");
function run_bcmath_tests(
$firstTerms,
$closure
) {
foreach ($firstTerms as $firstTerm) {
$closure($firstTerm, "10", 10);
}
}
run_bcmath_tests($simple, bcsub(...)); |
Computed used stack size seems wrong. diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
index 79ddfae4d6f..81bf9a9c922 100644
--- a/ext/opcache/jit/zend_jit_ir.c
+++ b/ext/opcache/jit/zend_jit_ir.c
@@ -8518,6 +8518,13 @@ static int zend_jit_push_call_frame(zend_jit_ctx *jit, const zend_op *opline, co
ir_ref tmp = ir_LOAD_U8(ir_ADD_OFFSET(func_ref, offsetof(zend_function, type)));
if_internal_func = ir_IF(ir_AND_U8(tmp, ir_CONST_U8(1)));
ir_IF_FALSE(if_internal_func);
+ } else {
+ used_stack_ref = ir_HARD_COPY_A(used_stack_ref); /* load constant once */
+
+ // JIT: if (EXPECTED(ZEND_USER_CODE(func->type))) {
+ ir_ref tmp = ir_LOAD_U8(ir_ADD_OFFSET(func_ref, offsetof(zend_closure, func.type)));
+ if_internal_func = ir_IF(ir_AND_U8(tmp, ir_CONST_U8(1)));
+ ir_IF_FALSE(if_internal_func);
}
// JIT: used_stack += (func->op_array.last_var + func->op_array.T - MIN(func->op_array.num_args, num_args)) * sizeof(zval);
@@ -8545,7 +8552,7 @@ static int zend_jit_push_call_frame(zend_jit_ctx *jit, const zend_op *opline, co
}
ref = ir_SUB_A(used_stack_ref, ref);
- if (is_closure) {
+ if (0&&is_closure) {
used_stack_ref = ref;
} else {
ir_MERGE_WITH_EMPTY_TRUE(if_internal_func);
This patch fixes #17196 too, so I'm closing that one as a duplicate. |
`bcadd(...)` is a closure for an internal function, and `zend_jit_push_call_frame` takes into account both last_var and the difference in argument numbers not only for user code but also for internal code. However, this is inconsistent with `zend_vm_calc_used_stack`, causing argument corruption. Making this consistent fixes the issue. I could only reproduce the assertion failure when using Valgrind.
`bcadd(...)` is a closure for an internal function, and `zend_jit_push_call_frame` takes into account both last_var and the difference in argument numbers not only for user code but also for internal code. However, this is inconsistent with `zend_vm_calc_used_stack`, causing argument corruption. Making this consistent fixes the issue. I could only reproduce the assertion failure when using Valgrind.
This is a backport of phpGH-17319 to fix phpGH-17307 on lower branches.
This is a backport of phpGH-17319 to fix phpGH-17307 on lower branches.
Description
The following code:
Resulted in this output:
To reproduce:
PHP Version
nightly
Operating System
No response
The text was updated successfully, but these errors were encountered: