Fix assertion

Fixes oss-fuzz #65233

Fix various bugs related to DNF types

- GH-11958: DNF types in trait properties do not get bound properly
- GH-11883: Memory leak in zend_type_release() for non-arena allocated DNF typ

Fix various bugs related to DNF types

- GH-11958: DNF types in trait properties do not get bound properly
- GH-11883: Memory leak in zend_type_release() for non-arena allocated DNF types
- Internal trait bound to userland class would not be arena allocated
- Property DNF types were not properly deep copied during lazy loading

Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
Co-authored-by: ju1ius <jules.bernable@gmail.com>

show more ...

Fix memory leak

Fix UB pointer arithmetics on NULL

Closes GH-9559

Save previous observer on the VM stack

This avoids a possible significant performance penalty, when some leaf function was observed, deep in the stack.
As a side effect, we are not itera

Save previous observer on the VM stack

This avoids a possible significant performance penalty, when some leaf function was observed, deep in the stack.
As a side effect, we are not iterating over prev_execute_data anymore and thus, non-observed fake frames, possibly on stack, cannot have any impact on the observer anymore (especially within zend_observer_fcall_end_all).

Saving the previous observer happens now directly on the VM stack. If there is any observer, function frames are allocated an extra zval (the last temporary), which will, on observed frames, contain the previous observed frame address.

show more ...

Fix enum preloading again (#8859)

Allow arbitrary const expressions in backed enums

Closes GH-7821
Closes GH-8190
Closes GH-8418

Fix memory leak

This fixes oss-fuzz #47527

Merge branch 'PHP-8.1'

* PHP-8.1:
Fix memory leak

Fix memory leak

This fixes oss-fuzz #47088

Handle other DO_FCALL opcodes in NEW live range calculation

Make this robust against the case where NEW is terminated by
something other than DO_FCALL, e.g. DO_UCALL. This can't currentl

Handle other DO_FCALL opcodes in NEW live range calculation

Make this robust against the case where NEW is terminated by
something other than DO_FCALL, e.g. DO_UCALL. This can't currently
happen.

show more ...

Merge branch 'PHP-8.1'

Merge branch 'PHP-8.0' into PHP-8.1

Fix memory leak of function attribute hash table (#8070)

==109253== 280 (56 direct, 224 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4
==109253== at 0x4

Fix memory leak of function attribute hash table (#8070)

==109253== 280 (56 direct, 224 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4
==109253== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==109253== by 0x6D9FA2: __zend_malloc (zend_alloc.c:3068)
==109253== by 0x745138: zend_add_attribute (zend_attributes.c:226)
==109253== by 0x6680D1: zend_add_parameter_attribute (zend_attributes.h:102)
==109253== by 0x66B787: zm_startup_zend_test (test.c:478)
==109253== by 0x7224CD: zend_startup_module_ex (zend_API.c:2202)
==109253== by 0x72252C: zend_startup_module_zval (zend_API.c:2217)
==109253== by 0x734288: zend_hash_apply (zend_hash.c:2011)
==109253== by 0x722C30: zend_startup_modules (zend_API.c:2328)
==109253== by 0x67409B: php_module_startup (main.c:2256)
==109253== by 0x88EDDE: php_cli_startup (php_cli.c:409)
==109253== by 0x890F61: main (php_cli.c:1334)

show more ...

Remove JMPZNZ opcode

While JMPZNZ can avoid execution of a separate JMP opcode in some
cases, it also prevents smart branch optimization, so creating
JMPZNZ may actually have a negat

Remove JMPZNZ opcode

While JMPZNZ can avoid execution of a separate JMP opcode in some
cases, it also prevents smart branch optimization, so creating
JMPZNZ may actually have a negative effect. It also adds additional
complexity for optimizations.

Drop JMPZNZ in favor of JMPZ+JMP or JMPNZ+JMP.

Closes GH-7857.

show more ...

Cache method overrides of ArrayAccess in zend_class_entry

Previously, code such as subclasses of SplFixedArray would check for method
overrides when instantiating the objects.

T

Cache method overrides of ArrayAccess in zend_class_entry

Previously, code such as subclasses of SplFixedArray would check for method
overrides when instantiating the objects.

This optimization was mentioned as a followup to GH-6552

show more ...

Merge branch 'PHP-8.1'

* PHP-8.1:
Fix inheritance of class constants if mutable data used

Fix inheritance of class constants if mutable data used

Class constants from parents should always be directly reused,
rather than re-evaluated as a separate copy. Previously this used

Fix inheritance of class constants if mutable data used

Class constants from parents should always be directly reused,
rather than re-evaluated as a separate copy. Previously this used
to happen automatically, as we'd just inherit the class constant
entry from the parent class. With mutable data there may now be
a separate copy of the constant, so we need to use that copy
when updating constants. Otherwise we may evaluate the same
constant multiple times.

Closes GH-7658.

show more ...

Merge branch 'PHP-8.1'

* PHP-8.1:
Fix COPY_TMP live range construction with optimization

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix COPY_TMP live range construction with optimization

Fix COPY_TMP live range construction with optimization

The use may be optimized away, leaving us only with the free use.
Also fix off-by-one error in the other optimization case.

Use more compact representation for packed arrays.

- for packed arrays we store just an array of zvals without keys.
- the elements of packed array are accessible throuf as ht->arPacked[

Use more compact representation for packed arrays.

- for packed arrays we store just an array of zvals without keys.
- the elements of packed array are accessible throuf as ht->arPacked[i]
instead of ht->arData[i]
- in addition to general ZEND_HASH_FOREACH_* macros, we introduced similar
familied for packed (ZEND_HASH_PACKED_FORECH_*) and real hashes
(ZEND_HASH_MAP_FOREACH_*)
- introduced an additional family of macros to access elements of array
(packed or real hashes) ZEND_ARRAY_ELEMET_SIZE, ZEND_ARRAY_ELEMET_EX,
ZEND_ARRAY_ELEMET, ZEND_ARRAY_NEXT_ELEMENT, ZEND_ARRAY_PREV_ELEMENT
- zend_hash_minmax() prototype was changed to compare only values

Because of smaller data set, this patch may show performance improvement
on some apps and benchmarks that use packed arrays. (~1% on PHP-Parser)

TODO:
- sapi/phpdbg needs special support for packed arrays (WATCH_ON_BUCKET).
- zend_hash_sort_ex() may require converting packed arrays to hash.

show more ...

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix COPY_TMP live range construction after optimization

Fix COPY_TMP live range construction after optimization

If we optimize the FREE away, we should switch to constructing
a normal live range, rather than a split live range.

Fixes

Fix COPY_TMP live range construction after optimization

If we optimize the FREE away, we should switch to constructing
a normal live range, rather than a split live range.

Fixes oss-fuzz #39548.

show more ...

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Handle SWITCH_STRING with optimized away FREE