php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80786 PHP crash using JIT
Submitted: 2021-02-23 00:14 UTC Modified: 2021-02-23 09:05 UTC
From: gfpuba+phpbug at gmail dot com Assigned: dmitry (profile)
Status: Closed Package: JIT
PHP Version: 8.0.3RC1 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: gfpuba+phpbug at gmail dot com
New email:
PHP Version: OS:

 

 [2021-02-23 00:14 UTC] gfpuba+phpbug at gmail dot com 
Description:
------------
When JIT is enabled, running this code using PHP CLI or with Apache 2.4 results in a crash.
The program runs fine without JIT
I am running the 64bit version
It fails with all php 8 versions

Test script:
---------------
<?php 
$a = new Test();
$a->TestFunc();
$a = false;
echo 'Program terminated';

class Test{
	private $value = 11.3;
	
	public function TestFunc(){	
		$this->value -= 10;
	}
}


Expected result:
----------------
Displays Program terminated

Actual result:
--------------
crash in PHP

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-02-23 03:21 UTC] gfpuba+phpbug at gmail dot com 
Clarification:
This is this statement that causes PHP to crash:
$this->value -= 10;
 [2021-02-23 09:05 UTC] nikic@php.net
-Status: Open +Status: Verified -Operating System: Windows 10 64bit +Operating System: -Assigned To: +Assigned To: dmitry
 [2021-02-23 09:05 UTC] nikic@php.net 
Reproduces on Linux as well (-d opcache.jit=function).

.L8:
	cmp $0x5, 0x8(%rax)
	jnz .L9
	vmovsd (%rax), %xmm0
	mov $0xa, %rax
	vxorps %xmm1, %xmm1, %xmm1
	vcvtsi2sd %rax, %xmm1, %xmm1
	vsubsd %xmm1, %xmm0, %xmm0
	vmovsd %xmm0, (%rax)
	jmp .L2

Looks like we're clobbering %rax.
 [2021-02-23 09:22 UTC] nikic@php.net 
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=79cf2c56d3c95b184fbdbe2a9bc4afe7bb0dc557
Log: Fixed bug #80786
 [2021-02-23 09:22 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 15:01:30 2024 UTC