PHP :: Bug #80634 :: write_property handler of internal classes is skipped on preloaded JITted code

Bug #80634

write_property handler of internal classes is skipped on preloaded JITted code

Submitted:

2021-01-15 23:13 UTC

Modified:

2021-01-19 14:58 UTC

Votes:	3
Avg. Score:	4.3 ± 0.9
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

dktapps at pmmp dot io

Assigned:

dmitry (profile)

Status:

Closed

Package:

JIT

PHP Version:

8.0.1

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

[2021-01-15 23:13 UTC] dktapps at pmmp dot io

Description:
------------
When a class which extends an internal class is preloaded and JIT-compiled, the internal class' write_property handler doesn't get executed. Without preloading it works correctly.

This requires quite an exotic test case to reproduce. While the test case itself doesn't make any sense, it's a case that I've encountered while updating an extension with real code, and I spent some time to create a reproducing test case only using PHP's own builtin classes to ensure that it wasn't some crazy bug in my extension.

Command line is `php -dopcache.enable_cli=1 -dopcache.jit=1205 -dopcache.preload=preload.php test.php`



Test script:
---------------
preload.php:
<?php

class SomeClass extends \DatePeriod{
	public $interval;

	public function __construct(int $v){
		parent::__construct(new \DateTime('2020-12-31'), new \DateInterval("P1Y"), 1);
		$this->interval = $v;
		var_dump($this->interval);
	}
}

test.php:
<?php

$v = new SomeClass(5);

Expected result:
----------------
(this output is produced without preloading or JIT)

PHP Fatal error:  Uncaught Error: Writing to DatePeriod->interval is unsupported in /home/user/pocketmine-mp/preload.php:8
Stack trace:
#0 /home/user/pocketmine-mp/test.php(3): SomeClass->__construct()
#1 {main}
  thrown in /home/user/pocketmine-mp/preload.php on line 8



Actual result:
--------------
int(5)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-01-19 14:58 UTC] nikic@php.net

-Status: Open +Status: Verified -Assigned To: +Assigned To: dmitry

[2021-01-19 14:58 UTC] nikic@php.net

Confirm the behavior. I believe the problem is that under preloading we have a prop_info available here and will generate code based on that and end up ignoring the write_property handler (under needs_slow_path) entirely. Without preloading we only inherit the class at runtime and the problem doesn't occur (but I think as tracing also collects classes at runtime, there is probably some way for it to occur without preloading as well).

Unfortunately, we don't have static information on whether a class of an object has overwritten write_property -- this is determined by the create_object handler and not stored in the class entry.

I think the correct thing to do here is to conservatively not use any prop_info from internal classes (or classes with internal parents).

@dmitry What do you think about this?

[2021-01-20 08:04 UTC] dmitry@php.net

Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6288228b566db29637e041ffd6392d9895d4d223
Log: Fixed bug #80634 (write_property handler of internal classes is skipped on preloaded JITted code)

[2021-01-20 08:04 UTC] dmitry@php.net

-Status: Verified +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Mar 12 15:01:30 2025 UTC