#
86ef8d54 |
| 30-Aug-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-15661: Access null pointer in Zend/Optimizer/zend_inference.c Closes GH-15666.
|
#
5f9b9c4e |
| 15-Apr-2024 |
Dmitry Stogov |
Fixed missed exception
|
#
3a5edcca |
| 29-Jan-2024 |
Ilija Tovilo |
Fix create_object checks Since PHP 8.3, object handlers may be changed by setting ce->default_object_handlers, rather than in ce->create_object. Some checks need to be extended to ch
Fix create_object checks Since PHP 8.3, object handlers may be changed by setting ce->default_object_handlers, rather than in ce->create_object. Some checks need to be extended to check for the default handlers. Closes GH-13272
show more ...
|
#
b33e3eb8 |
| 16-Jan-2024 |
Dmitry Stogov |
Fix zend_may_throw() for FETCH_DIM_IS and ISSET_ISEMPTY_DIM_OBJ Recentlty this insructions were updated to emit warning on inability to convert double index to long. This may lead to exc
Fix zend_may_throw() for FETCH_DIM_IS and ISSET_ISEMPTY_DIM_OBJ Recentlty this insructions were updated to emit warning on inability to convert double index to long. This may lead to exception. This fixes memory leak on wordpress test suite (nightly workflow)
show more ...
|
#
731734da |
| 18-Dec-2023 |
Dmitry Stogov |
Fixed type inference Fixes oss-fuzz #65150
|
#
1e55c976 |
| 01-Dec-2023 |
Dmitry Stogov |
Fixed type inference Fixes oss-fuzz #64577, #64579, #64589
|
#
423a1e58 |
| 28-Nov-2023 |
Dmitry Stogov |
Fixed GH-8251: Narrowing occurred during type inference of ZEND_FETCH_DIM_W
|
#
5a778704 |
| 08-Nov-2023 |
Dmitry Stogov |
Fixed empty array inference
|
#
cb1e8429 |
| 06-Nov-2023 |
Ilija Tovilo |
Fix inference of COPY_TMP Since GH-11592 COPY_TMP may receive and thus define references. Unfortunately, the name COPY_TMP is no longer accurate. Closes GH-12619
|
#
6bf40413 |
| 02-Nov-2023 |
Dmitry Stogov |
Backport fix for HASH/PACKED array inference through MAY_BE_ARRAY_EMPTY flag (#12591) * Fixed HASH/PACKED array inference through MAY_BE_ARRAY_EMPTY flag This fixes GH-12527
Backport fix for HASH/PACKED array inference through MAY_BE_ARRAY_EMPTY flag (#12591) * Fixed HASH/PACKED array inference through MAY_BE_ARRAY_EMPTY flag This fixes GH-12527 * typo
show more ...
|
#
798b9d09 |
| 02-Nov-2023 |
Dmitry Stogov |
Fixed GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT
|
#
52bb39e6 |
| 26-Oct-2023 |
Dmitry Stogov |
Backport implementation of iterative Pearce's SCC finding algoritm (#12528) Fixes GH-11795
|
#
b3b46a44 |
| 31-Oct-2023 |
Dmitry Stogov |
Fixed GH-12511: Use must be in next opline assertion with patched infection
|
#
5f46d869 |
| 26-Oct-2023 |
Dmitry Stogov |
Fixed GH-12509: JIT assertion when running php-parser tests
|
#
aa45df48 |
| 24-Oct-2023 |
Dmitry Stogov |
Fixed incorrect type inference
|
#
54452b48 |
| 03-Oct-2023 |
Dmitry Stogov |
Fixed GH-12262: Tracing JIT assertion crash when using phpstan
|
#
643c4ba4 |
| 29-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Revert "Fix GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT" Although it passes CI on 8.1, it causes CI failures in the JIT on 8.2 and higher. See https:
Revert "Fix GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT" Although it passes CI on 8.1, it causes CI failures in the JIT on 8.2 and higher. See https://github.com/php/php-src/actions/runs/6357716718/job/17269225001 This reverts commit e72fc12058dc0ee7bfe534dfa3daf46f3b357190.
show more ...
|
#
e72fc120 |
| 26-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT This test triggers narrowing for two ops: first ZEND_ADD_ARRAY_ELEMENT, and then ZEND_ASSIGN. Th
Fix GH-10008: Narrowing occurred during type inference of ZEND_ADD_ARRAY_ELEMENT This test triggers narrowing for two ops: first ZEND_ADD_ARRAY_ELEMENT, and then ZEND_ASSIGN. The type inference happens in the following order: 1) The ZEND_ADD_ARRAY_ELEMENT infers type 0x40e04080 (packed flag is set), arr_type=0 at this point because it hasn't been set by ZEND_INIT_ARRAY yet. 2) The ZEND_INIT_ARRAY infers type 0x40804080 3) The ZEND_ADD_ARRAY_ELEMENT infers type 0x40e04080, arr_type=0x40804080, which does not have the packed flag set while the existing result of ZEND_ADD_ARRAY_ELEMENT has the packed flag set. This seems to occur because of the phi node introduced by the while loop. If I remove the loop the problem goes away. As Arnaud noted, this seems to be caused by a too wide type inference for arr_type==0. We should keep the invariant that if x>=y then key_type(x) >= key_type(y). If we write the possible results down in a table we get: ``` arr_type resulting key type --------------- -------------------------------------------------------------------------- HASH_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH PACKED_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG) HASH || PACKED -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG) 0 -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG) ``` As we can see, `HASH_ONLY > 0` but `MAY_BE_ARRAY_NUMERIC_HASH < MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED`, which violates the invariant. Instead if we modify the zero case to have MAY_BE_ARRAY_NUMERIC_HASH instead, we get the following table which satisfies the invariant. ``` arr_type resulting key type --------------- -------------------------------------------------------------------------- HASH_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH PACKED_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG) HASH || PACKED -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG) 0 -> MAY_BE_ARRAY_NUMERIC_HASH ``` Broke in 1ffbb73. Closes GH-10294.
show more ...
|
#
d8696f92 |
| 17-Jul-2023 |
George Peter Banyard |
[RFC] Path to Saner Increment/Decrement operators (#10358) * Add behavioural tests for incdec operators * Add support to ++/-- for objects castable to _IS_NUMBER * Add str_
[RFC] Path to Saner Increment/Decrement operators (#10358) * Add behavioural tests for incdec operators * Add support to ++/-- for objects castable to _IS_NUMBER * Add str_increment() function * Add str_decrement() function RFC: https://wiki.php.net/rfc/saner-inc-dec-operators Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com> Co-authored-by: Arnaud Le Blanc <arnaud.lb@gmail.com>
show more ...
|
#
3d944a36 |
| 09-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Update type inference for ZEND_STRLEN Since PHP 8.0, this cannot return NULL anymore, the only possible return value is long. See https://wiki.php.net/rfc/consistent_type_errors.
|
#
838d80e7 |
| 09-Jul-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Update type inference for ZEND_GET_CLASS and ZEND_GET_CALLED_CLASS These cannot return false anymore since PHP 8.0.
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23, php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3 |
|
#
0b1d750d |
| 11-Aug-2022 |
Ilija Tovilo |
Allow arbitrary expressions in static variable initializer Closes GH-9301
|
#
fbf5216c |
| 30-Apr-2023 |
nielsdos <7771979+nielsdos@users.noreply.github.com> |
Fix too wide OR and AND range inference There is a typo which causes the AND and OR range inference to infer a wider range than necessary. Fix this typo. There are many ranges for wh
Fix too wide OR and AND range inference There is a typo which causes the AND and OR range inference to infer a wider range than necessary. Fix this typo. There are many ranges for which the inference is too wide, I just picked one for AND and one for OR that I found through symbolic execution. In this example test, the previous range inferred for test_or was [-27..-1] instead of [-20..-1]. And the previous range inferred for test_and was [-32..-25] instead of [-28..-25]. Closes GH-11170.
show more ...
|
#
0c65b396 |
| 10-Apr-2023 |
Dmitry Stogov |
Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)
|
#
3175f24d |
| 12-Mar-2023 |
Ilija Tovilo |
Fix RC1 assumption for typed properties with __get Unsetting typed properties resorts back to __get which may have RC1. Closes GH-10833
|