php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80802 zend_jit_fetch_indirect_var assert failure with tracing JIT
Submitted: 2021-02-25 22:24 UTC Modified: 2021-03-01 14:15 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: dktapps at pmmp dot io Assigned: dmitry (profile)
Status: Closed Package: JIT
PHP Version: 8.0Git-2021-02-25 (Git) OS: Linux
Private report: No CVE-ID: None
 [2021-02-25 22:24 UTC] dktapps at pmmp dot io
Description:
------------
In code involving inherited static properties, an assert failure may be triggered in the JIT.

This is reproducible on 8.0.3RC1 and PHP-8.0 branch as of 2020-02-25, with a build using `--disable-all --enable-cli --enable-debug --enable-opcache --enable-opcache-jit`.

Run the below script with the following INI settings
opcache.jit=tracing
opcache.jit_buffer_size=1M
opcache.enable_cli=1

Test script:
---------------
<?php

abstract class AsyncTask{
	private static $threadLocalStorage = null;

	protected function storeLocal(string $key, $complexData) : void{
		if(self::$threadLocalStorage === null){
			self::$threadLocalStorage = new \ArrayObject();
		}
		self::$threadLocalStorage[spl_object_id($this)][$key] = $complexData;
	}

	final public function __destruct(){
		$this->reallyDestruct();
		if(self::$threadLocalStorage !== null and isset(self::$threadLocalStorage[$h = spl_object_id($this)])){
			unset(self::$threadLocalStorage[$h]);
			if(self::$threadLocalStorage->count() === 0){
				self::$threadLocalStorage = null;
			}
		}
	}

	protected function reallyDestruct() : void{

	}
}

class Task extends AsyncTask{
	public function __construct(){
		$this->storeLocal("thing1", new stdClass);
	}
}

for($i = 0; $i < 10000; ++$i){
	new Task;
}
echo "OK\n";


Expected result:
----------------
OK

Actual result:
--------------
Using php-src@8813f2e0c31a98828cac4570673ccd8ce79b00af:

php: /home/user/php-src-8.0/ext/opcache/jit/zend_jit_x86.dasc:15224: zend_jit_fetch_indirect_var: Assertion `var_info & (1 << var_type)' failed.
Aborted (core dumped)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-01 14:15 UTC] nikic@php.net
-Assigned To: +Assigned To: dmitry
 [2021-03-01 21:01 UTC] dmitry@php.net
Automatic comment on behalf of dmitry@zend.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=957cb13a4959ed6a802508f14317253bf06f82cd
Log: Fixed bug #80802: (zend_jit_fetch_indirect_var assert failure with tracing JIT)
 [2021-03-01 21:01 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat May 08 10:01:23 2021 UTC