|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80786 PHP crash using JIT
Submitted: 2021-02-23 00:14 UTC Modified: 2021-02-23 09:05 UTC
From: gfpuba+phpbug at gmail dot com Assigned: dmitry (profile)
Status: Closed Package: JIT
PHP Version: 8.0.3RC1 OS:
Private report: No CVE-ID: None
 [2021-02-23 00:14 UTC] gfpuba+phpbug at gmail dot com
When JIT is enabled, running this code using PHP CLI or with Apache 2.4 results in a crash.
The program runs fine without JIT
I am running the 64bit version
It fails with all php 8 versions

Test script:
$a = new Test();
$a = false;
echo 'Program terminated';

class Test{
	private $value = 11.3;
	public function TestFunc(){	
		$this->value -= 10;

Expected result:
Displays Program terminated

Actual result:
crash in PHP


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-02-23 03:21 UTC] gfpuba+phpbug at gmail dot com
This is this statement that causes PHP to crash:
$this->value -= 10;
 [2021-02-23 09:05 UTC]
-Status: Open +Status: Verified -Operating System: Windows 10 64bit +Operating System: -Assigned To: +Assigned To: dmitry
 [2021-02-23 09:05 UTC]
Reproduces on Linux as well (-d opcache.jit=function).

	cmp $0x5, 0x8(%rax)
	jnz .L9
	vmovsd (%rax), %xmm0
	mov $0xa, %rax
	vxorps %xmm1, %xmm1, %xmm1
	vcvtsi2sd %rax, %xmm1, %xmm1
	vsubsd %xmm1, %xmm0, %xmm0
	vmovsd %xmm0, (%rax)
	jmp .L2

Looks like we're clobbering %rax.
 [2021-02-23 09:22 UTC]
Automatic comment on behalf of
Log: Fixed bug #80786
 [2021-02-23 09:22 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Jun 14 00:01:33 2024 UTC