php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80786 PHP crash using JIT
Submitted: 2021-02-23 00:14 UTC Modified: 2021-02-23 09:05 UTC
From: gfpuba+phpbug at gmail dot com Assigned: dmitry (profile)
Status: Closed Package: JIT
PHP Version: 8.0.3RC1 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: gfpuba+phpbug at gmail dot com
New email:
PHP Version: OS:

 

 [2021-02-23 00:14 UTC] gfpuba+phpbug at gmail dot com
Description:
------------
When JIT is enabled, running this code using PHP CLI or with Apache 2.4 results in a crash.
The program runs fine without JIT
I am running the 64bit version
It fails with all php 8 versions

Test script:
---------------
<?php 
$a = new Test();
$a->TestFunc();
$a = false;
echo 'Program terminated';

class Test{
	private $value = 11.3;
	
	public function TestFunc(){	
		$this->value -= 10;
	}
}


Expected result:
----------------
Displays Program terminated

Actual result:
--------------
crash in PHP

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-02-23 03:21 UTC] gfpuba+phpbug at gmail dot com
Clarification:
This is this statement that causes PHP to crash:
$this->value -= 10;
 [2021-02-23 09:05 UTC] nikic@php.net
-Status: Open +Status: Verified -Operating System: Windows 10 64bit +Operating System: -Assigned To: +Assigned To: dmitry
 [2021-02-23 09:05 UTC] nikic@php.net
Reproduces on Linux as well (-d opcache.jit=function).

.L8:
	cmp $0x5, 0x8(%rax)
	jnz .L9
	vmovsd (%rax), %xmm0
	mov $0xa, %rax
	vxorps %xmm1, %xmm1, %xmm1
	vcvtsi2sd %rax, %xmm1, %xmm1
	vsubsd %xmm1, %xmm0, %xmm0
	vmovsd %xmm0, (%rax)
	jmp .L2

Looks like we're clobbering %rax.
 [2021-02-23 09:22 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=79cf2c56d3c95b184fbdbe2a9bc4afe7bb0dc557
Log: Fixed bug #80786
 [2021-02-23 09:22 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat May 08 11:01:23 2021 UTC