Fixed missed exception

Fix GH-13834: Applying non-zero offset 36 to null pointer in zend_jit.c (#13846)

* Fix GH-13834: Applying non-zero offset 36 to null pointer in zend_jit.c

ssa_op can be NULL in func

Fix GH-13834: Applying non-zero offset 36 to null pointer in zend_jit.c (#13846)

* Fix GH-13834: Applying non-zero offset 36 to null pointer in zend_jit.c

ssa_op can be NULL in function JIT. Doing pointer arithmetic on a NULL
pointer is undefined behaviour. Undefined behaviour can be dangerous
because the optimizer may assume then that the variable is not actually
NULL.

To solve this:
1. Add ADVANCE_SSA_OP() to safely add an offset to ssa_op in zend_jit.c
2. For inference, add an extra offset argument to the helper functions.

To reproduce this, use Clang (not GCC) on a test like
sapi/cli/tests/gh12363.phpt (or other tests also work).

* Remove -fno-sanitize=pointer-overflow flag from CI

* Fix NULL pointer offsets added to the stack_map

* Fix an offset add on a potentially NULL ssa->ops

* Fix NULL pointer arithmetic in zend_range_info()

* Address review comments

show more ...

Improve optimizer support for class constants (#13438)

The following optimizations are added:

- Constant folding of final class constants
- Type inference of typed class constan

Improve optimizer support for class constants (#13438)

The following optimizations are added:

- Constant folding of final class constants
- Type inference of typed class constants

show more ...

Fix RC inference narrowing for ASSIGN_OBJ

Fixes oss-fuzz #66519
Closes GH-13345

Implement stackless internal function calls

Co-authored-by: Dmitry Stogov <dmitry@zend.com>

Closes GH-12461

Fix RC inference for DECLARE_LAMBDA_FUNCTION

It doesn't seem like the VM can return RCn. However, the JIT fails without it.
I'll need to look into this more closely.

Add type inference for various missing opcodes

Closes GH-13304

Improve ZEND_FETCH_CLASS_STATIC static inference for final classes

Same as 95f7335.

Improve ASSIGN_OBJ RC inference

ASSIGN_OBJ may only modify RC if it implements __set.

Closes GH-13237

Improve ZEND_NEW RC inference

ZEND_NEW returns RC1 if the instanciated class has no constructor.

Closes GH-13239

Fix create_object checks

Since PHP 8.3, object handlers may be changed by setting
ce->default_object_handlers, rather than in ce->create_object. Some checks need
to be extended to ch

Fix create_object checks

Since PHP 8.3, object handlers may be changed by setting
ce->default_object_handlers, rather than in ce->create_object. Some checks need
to be extended to check for the default handlers.

Closes GH-13272

show more ...

Improve is_instanceof inference (#13238)

When a class is final, it may be treated as !is_instanceof.

Avoid new SSA var for ASSIGN_OBJ_REF without RC inference

Previously, this variable was necessary because of auto-vivification on
UNDEF/null/false. It's now only used for RC inference, a

Avoid new SSA var for ASSIGN_OBJ_REF without RC inference

Previously, this variable was necessary because of auto-vivification on
UNDEF/null/false. It's now only used for RC inference, as auto-vivification has
been removed.

This implicitly solves an inference problem for $obj->bar &= $obj; where we get
a new variable for both literal references to $obj, with the first one getting
the RCn flag, and the second one getting the MAY_BE_REFERENCE flag. Thus, the
first variable will be missing the reference type, causing a false-positive type
inference warning.

If we want to verify RC inference at some point we'll need a better solution.

Closes GH-13233

show more ...

Fix zend_may_throw() for FETCH_DIM_IS and ISSET_ISEMPTY_DIM_OBJ

Recentlty this insructions were updated to emit warning on inability to
convert double index to long. This may lead to exc

Fix zend_may_throw() for FETCH_DIM_IS and ISSET_ISEMPTY_DIM_OBJ

Recentlty this insructions were updated to emit warning on inability to
convert double index to long. This may lead to exception.

This fixes memory leak on wordpress test suite (nightly workflow)

show more ...

Fixed type inference

Fixes oss-fuzz #65150

Fixed type inference

Fixes oss-fuzz #64577, #64579, #64589

Fixed GH-8251: Narrowing occurred during type inference of ZEND_FETCH_DIM_W

Fixed empty array inference

Fix inference of COPY_TMP

Since GH-11592 COPY_TMP may receive and thus define references. Unfortunately,
the name COPY_TMP is no longer accurate.

Closes GH-12619

Fixed HASH/PACKED array inference through MAY_BE_ARRAY_EMPTY flag (#12591)

* Fixed HASH/PACKED array inference through MAY_BE_ARRAY_EMPTY flag

This fixes GH-12527

* typo

Fixed GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT

Fixed GH-12511: Use must be in next opline assertion with patched infection

Implement iterative Pearce's SCC finding algoritm (#12528)

* Switch to Pearce's SCC algorithm

* Implement iterative Pearce's SCC algorithm

* Wrap "goto" with "#ifdef SYM_RA

Implement iterative Pearce's SCC finding algoritm (#12528)

* Switch to Pearce's SCC algorithm

* Implement iterative Pearce's SCC algorithm

* Wrap "goto" with "#ifdef SYM_RANGE"

show more ...

Fixed GH-12509: JIT assertion when running php-parser tests

Fixed code generation for DETCH_DIM_R

Fixes oss-fuzz #63613 and #63619