Bug #81432 JIT bug (tracing mode only) with named arguments
Submitted: 2021-09-12 14:12 UTC Modified: 2021-10-06 17:07 UTC
From: julien dot boudry at gmail dot com Assigned:
Status: Open Package: JIT
PHP Version: 8.0.11 OS: Windows 10 + Linux (With Docker)
Private report: No CVE-ID: None
 [2021-09-12 14:12 UTC] julien dot boudry at gmail dot com

I made many attempts to reproduce this bug in a theoretical way with a very easily understandable PHP code. And my efforts did not succeed and it must be used in the context of a rather heavy project.
However, with further effort to reproduce it, it is I believe quite aberrant and easy to see just by following the trace. Since it mixes variables passed to a function call in a totally impossible way.

* Occurs only in opcache.jit=tracing mode, but everything works fine with opcache.jit=function, also works fine without JIT (with opcache enabled or disabled).
* Does not seem to be able to be reproduced without the use of named arguments. If I remove the named argument, everything works fine.
* Sometimes it works fine for no reason. Especially after a first run (but not after a second run) after modifying a file, which seems to point to a cache problem?
* Is not reproducible in PHP 8.1-RC1!
* Happens with 8.0.10 x64 NTS (tested on Windows and Linux (official PHP Docker images on WSL2)

The details and means of reproduction are detailed here:

Test script:

Expected result:
Same result as without opcache.jit=tracing, not any error.

Actual result:
PHP Fatal error:  Uncaught TypeError: CondorcetPHP\Condorcet\Result::__construct(): Argument #6 ($seats) must be of type ?int, CondorcetPHP\Condorcet\Election given, called in C:\dev_scripts\Condorcet\lib\Algo\Method.php on line 84 and defined in C:\dev_scripts\Condorcet\lib\Result.php:89
Stack trace:
#0 C:\dev_scripts\Condorcet\lib\Algo\Method.php(84): CondorcetPHP\Condorcet\Result->__construct()
#1 C:\dev_scripts\Condorcet\lib\Algo\Methods\STV\SingleTransferableVote.php(91): CondorcetPHP\Condorcet\Algo\Method->createResult()
#2 C:\dev_scripts\Condorcet\lib\Algo\Method.php(63): CondorcetPHP\Condorcet\Algo\Methods\STV\SingleTransferableVote->compute()
#3 C:\dev_scripts\Condorcet\lib\ElectionProcess\ResultsProcess.php(80): CondorcetPHP\Condorcet\Algo\Method->getResult()
#4 C:\dev_scripts\Condorcet\Dev\bugs\JitBug.php(37): CondorcetPHP\Condorcet\Election->getResult()
#5 {main}


 [2021-09-14 12:54 UTC] julien dot boudry at gmail dot com
Reproduce it easily with Docker Official images:

(from docker image php:8.0.10-cli-bullseye)

apt-get update && apt-get install -qq git

git clone

cd Condorcet

#(not necessary today)
git checkout 31093192e8fa21e1

# Working fine
php Dev/bugs/JitBug.php
# OR
php -dzend_extension=opcache -dopcache.enable_cli=1 Dev/bugs/JitBug.php
# OR
php -dzend_extension=opcache -dopcache.enable_cli=1 -dopcache.jit_buffer_size=100M -dopcache.jit=function Dev/bugs/JitBug.php

# Failing
php -dzend_extension=opcache -dopcache.enable_cli=1 -dopcache.jit_buffer_size=100M -dopcache.jit=tracing Dev/bugs/JitBug.php
 [2021-10-06 16:57 UTC] julien dot boudry at gmail dot com
-PHP Version: 8.0.10 +PHP Version: 8.0.11
 [2021-10-06 16:57 UTC] julien dot boudry at gmail dot com
Still the same with php version 8.0.11
 [2021-10-06 17:07 UTC]
This might have been fixed by, which is part of 8.0.12.
 [2021-10-06 21:51 UTC] julien dot boudry at gmail dot com
I just tested PHP 8.0.12RC1 on windows, the result is still exactly the same.

(and it's always working fine on all 8.1 RC)
 [2021-11-29 09:55 UTC] julien dot boudry at gmail dot com
Now, the bug happening on 8.1RC6, wich is a regression from the initial bug report (it's was working on 8.1).

I'm beginning to ask if it's not dependent of the computer... (always amd64 under official docker images).
 [2022-12-06 04:27 UTC] austinpatrick711 at gmail dot com
