#
798b9d09 |
| 02-Nov-2023 |
Dmitry Stogov |
Fixed GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT
|
#
52bb39e6 |
| 26-Oct-2023 |
Dmitry Stogov |
Backport implementation of iterative Pearce's SCC finding algoritm (#12528) Fixes GH-11795
|
#
b3b46a44 |
| 31-Oct-2023 |
Dmitry Stogov |
Fixed GH-12511: Use must be in next opline assertion with patched infection
|
#
5f46d869 |
| 26-Oct-2023 |
Dmitry Stogov |
Fixed GH-12509: JIT assertion when running php-parser tests
|
#
aa45df48 |
| 24-Oct-2023 |
Dmitry Stogov |
Fixed incorrect type inference
|
#
54452b48 |
| 03-Oct-2023 |
Dmitry Stogov |
Fixed GH-12262: Tracing JIT assertion crash when using phpstan
|
#
643c4ba4 |
| 29-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Revert "Fix GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT" Although it passes CI on 8.1, it causes CI failures in the JIT on 8.2 and higher. See https:
Revert "Fix GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT" Although it passes CI on 8.1, it causes CI failures in the JIT on 8.2 and higher. See https://github.com/php/php-src/actions/runs/6357716718/job/17269225001 This reverts commit e72fc12058dc0ee7bfe534dfa3daf46f3b357190.
show more ...
|
#
e72fc120 |
| 26-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT This test triggers narrowing for two ops: first ZEND_ADD_ARRAY_ELEMENT, and then ZEND_ASSIGN. Th
Fix GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT This test triggers narrowing for two ops: first ZEND_ADD_ARRAY_ELEMENT, and then ZEND_ASSIGN. The type inference happens in the following order: 1) The ZEND_ADD_ARRAY_ELEMENT infers type 0x40e04080 (packed flag is set), arr_type=0 at this point because it hasn't been set by ZEND_INIT_ARRAY yet. 2) The ZEND_INIT_ARRAY infers type 0x40804080 3) The ZEND_ADD_ARRAY_ELEMENT infers type 0x40e04080, arr_type=0x40804080, which does not have the packed flag set while the existing result of ZEND_ADD_ARRAY_ELEMENT has the packed flag set. This seems to occur because of the phi node introduced by the while loop. If I remove the loop the problem goes away. As Arnaud noted, this seems to be caused by a too wide type inference for arr_type==0. We should keep the invariant that if x>=y then key_type(x) >= key_type(y). If we write the possible results down in a table we get: ``` arr_type resulting key type --------------- -------------------------------------------------------------------------- HASH_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH PACKED_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG) HASH || PACKED -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG) 0 -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG) ``` As we can see, `HASH_ONLY > 0` but `MAY_BE_ARRAY_NUMERIC_HASH < MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED`, which violates the invariant. Instead if we modify the zero case to have MAY_BE_ARRAY_NUMERIC_HASH instead, we get the following table which satisfies the invariant. ``` arr_type resulting key type --------------- -------------------------------------------------------------------------- HASH_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH PACKED_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG) HASH || PACKED -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG) 0 -> MAY_BE_ARRAY_NUMERIC_HASH ``` Broke in 1ffbb73. Closes GH-10294.
show more ...
|
#
fbf5216c |
| 30-Apr-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix too wide OR and AND range inference There is a typo which causes the AND and OR range inference to infer a wider range than necessary. Fix this typo. There are many ranges for wh
Fix too wide OR and AND range inference There is a typo which causes the AND and OR range inference to infer a wider range than necessary. Fix this typo. There are many ranges for which the inference is too wide, I just picked one for AND and one for OR that I found through symbolic execution. In this example test, the previous range inferred for test_or was [-27..-1] instead of [-20..-1]. And the previous range inferred for test_and was [-32..-25] instead of [-28..-25]. Closes GH-11170.
show more ...
|
#
0c65b396 |
| 10-Apr-2023 |
Dmitry Stogov |
Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)
|
#
3175f24d |
| 12-Mar-2023 |
Ilija Tovilo |
Fix RC1 assumption for typed properties with __get Unsetting typed properties resorts back to __get which may have RC1. Closes GH-10833
|
#
d94ddbed |
| 14-Feb-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix updating SSA object type for *_ASSIGN_OP (#10458) The code fetched the class entry into ce for objects and static properties. However, when the actual update needs to take place (whe
Fix updating SSA object type for *_ASSIGN_OP (#10458) The code fetched the class entry into ce for objects and static properties. However, when the actual update needs to take place (when result_def exists), the class entry in ce was reset to NULL. So the SSA object type update never happened. Fetch the class entry in the result_def>=0 case instead after the reset of ce to NULL.
show more ...
|
#
81607a62 |
| 30-Jan-2023 |
Dmitry Stogov |
Fix type inference Fixes oss-fuzz #55358
|
#
2787e3cd |
| 24-Jan-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix incorrect check condition in type inference (#10425) The "nothing to do" case would never be hit because the switch block would execute if the opcode is ZEND_ASSIGN_STATIC_PROP_OP,
Fix incorrect check condition in type inference (#10425) The "nothing to do" case would never be hit because the switch block would execute if the opcode is ZEND_ASSIGN_STATIC_PROP_OP, not ZEND_ASSIGN_STATIC_PROP. This meant that we were falling through to the else block. Fix this by correcting the check condition.
show more ...
|
#
c852e0ff |
| 05-Sep-2022 |
Dmitry Stogov |
Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix type inference
|
#
95befc78 |
| 22-Aug-2022 |
Dmitry Stogov |
Fix type inference Fixes oss-fuzz #50272 |
#
d50875c8 |
| 25-Jul-2022 |
Dmitry Stogov |
Fix type inference Fixes oss-fuzz #49423 and #49474 |
#
82d3ad64 |
| 18-Jul-2022 |
Dmitry Stogov |
Fix type inference Fixes oss-fuzz #48908 |
#
b734d456 |
| 18-Jul-2022 |
Dmitry Stogov |
Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix type inference for FETCH_DI_UNSET
|
#
729be469 |
| 14-Jun-2022 |
Dmitry Stogov |
Fix type inference This dixes oss-fuzz #47921 |
#
1b45efb6 |
| 14-Jun-2022 |
Dmitry Stogov |
Fix type inference This fixes oss-fuzz #47920 |
#
b86c6245 |
| 06-Jun-2022 |
Dmitry Stogov |
Fix type inference This fixes oss-fuzz #47777 |
Revision tags: php-8.1.7RC1 |
|
#
aad5fbac |
| 16-May-2022 |
Dmitry Stogov |
Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix type inference
|
#
84c1e99e |
| 11-May-2022 |
Dmitry Stogov |
Fix type inference This fizes oss-fuzz #47044 |
#
f1fc58ed |
| 11-May-2022 |
Dmitry Stogov |
Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix type inference
|