php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #72543
Patch bug72543_3.diff revision 2016-07-06 00:31 UTC by dmitry@php.net
Patch bug72543_2.diff revision 2016-07-05 19:57 UTC by dmitry@php.net
Patch bug72543.diff revision 2016-07-05 10:45 UTC by dmitry@php.net

Patch bug72543.diff for Scripting Engine problem Bug #72543

Patch version 2016-07-05 10:45 UTC

Return to Bug #72543 | Download this patch
Patch Revisions:

Developer: dmitry@php.net

diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 03ab7d1..88ff564 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -2897,6 +2897,42 @@ zend_bool zend_is_assign_to_self(zend_ast *var_ast, zend_ast *expr_ast) /* {{{ *
 }
 /* }}} */
 
+/* Detects $a[$n]... = $a[$n] pattern */
+zend_bool zend_is_assign_to_self_array(zend_ast *var_ast, zend_ast *expr_ast) /* {{{ */
+{
+	zend_ast *dim_ast = NULL;
+
+	while (expr_ast->kind == ZEND_AST_SILENCE) {
+		expr_ast = expr_ast->child[0];
+	}
+	if (expr_ast->kind != ZEND_AST_DIM) {
+		return 0;
+	}
+	while (zend_is_variable(var_ast) && var_ast->kind != ZEND_AST_VAR) {
+		dim_ast = var_ast;
+		var_ast = var_ast->child[0];
+	}
+	if (dim_ast == NULL
+	 || dim_ast->kind != ZEND_AST_DIM
+	 || dim_ast->child[1] == NULL
+	 || var_ast->kind != ZEND_AST_VAR
+	 || var_ast->child[0]->kind != ZEND_AST_ZVAL
+	 || expr_ast->child[1] == NULL
+	 || expr_ast->child[0]->kind != ZEND_AST_VAR
+	 || expr_ast->child[0]->child[0]->kind != ZEND_AST_ZVAL) {
+		return 0;
+	}
+
+	{
+		zend_string *name1 = zval_get_string(zend_ast_get_zval(var_ast->child[0]));
+		zend_string *name2 = zval_get_string(zend_ast_get_zval(expr_ast->child[0]->child[0]));
+		zend_bool result = zend_string_equals(name1, name2);
+		zend_string_release(name1);
+		zend_string_release(name2);
+		return result;
+	}
+}
+
 /* Detects if list($a, $b, $c) contains variable with given name */
 zend_bool zend_list_has_assign_to(zend_ast *list_ast, zend_string *name) /* {{{ */
 {
@@ -2978,6 +3014,11 @@ void zend_compile_assign(znode *result, zend_ast *ast) /* {{{ */
 				zend_compile_simple_var_no_cv(&expr_node, expr_ast, BP_VAR_R, 0);
 			} else {
 				zend_compile_expr(&expr_node, expr_ast);
+				if (zend_is_assign_to_self_array(var_ast, expr_ast)) {
+					opline = zend_emit_op(NULL, ZEND_DEREF, &expr_node, NULL);
+					opline->result_type = IS_VAR;
+					opline->result.var = expr_node.u.op.var;
+				}
 			}
 
 			opline = zend_delayed_compile_end(offset);
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index f8082f9..bf0e8a5 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -8116,6 +8116,22 @@ ZEND_VM_HANDLER(49, ZEND_CHECK_VAR, CV, UNUSED)
 	ZEND_VM_NEXT_OPCODE();
 }
 
+ZEND_VM_HANDLER(51, ZEND_DEREF, VAR, UNUSED)
+{
+	USE_OPLINE
+	zval *var_ptr = EX_VAR(opline->op1.var);
+
+	if (UNEXPECTED(Z_ISREF_P(var_ptr))) {
+		if (UNEXPECTED(Z_REFCOUNT_P(var_ptr) == 1)) {
+			ZVAL_UNREF(var_ptr);
+		} else {
+			Z_DELREF_P(var_ptr);
+			ZVAL_COPY(var_ptr, Z_REFVAL_P(var_ptr));
+		}
+	}
+	ZEND_VM_NEXT_OPCODE();
+}
+
 ZEND_VM_TYPE_SPEC_HANDLER(ZEND_ADD, (res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG && op2_info == MAY_BE_LONG), ZEND_ADD_LONG_NO_OVERFLOW, CONST|TMPVARCV, CONST|TMPVARCV, SPEC(NO_CONST_CONST,COMMUTATIVE))
 {
 	USE_OPLINE
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index a495b59..1faa63d 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -21857,6 +21857,22 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_YIELD_SPEC_VAR_UNUSED_HANDLER(
 	ZEND_VM_RETURN();
 }
 
+static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_DEREF_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
+{
+	USE_OPLINE
+	zval *var_ptr = EX_VAR(opline->op1.var);
+
+	if (UNEXPECTED(Z_ISREF_P(var_ptr))) {
+		if (UNEXPECTED(Z_REFCOUNT_P(var_ptr) == 1)) {
+			ZVAL_UNREF(var_ptr);
+		} else {
+			Z_DELREF_P(var_ptr);
+			ZVAL_COPY(var_ptr, Z_REFVAL_P(var_ptr));
+		}
+	}
+	ZEND_VM_NEXT_OPCODE();
+}
+
 static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_IS_IDENTICAL_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
 {
 	USE_OPLINE
@@ -58573,6 +58589,31 @@ void zend_init_opcodes_handlers(void)
 		ZEND_NULL_HANDLER,
 		ZEND_NULL_HANDLER,
 		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_DEREF_SPEC_VAR_UNUSED_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
+		ZEND_NULL_HANDLER,
 		ZEND_BOOL_SPEC_CONST_HANDLER,
 		ZEND_BOOL_SPEC_TMPVAR_HANDLER,
 		ZEND_BOOL_SPEC_TMPVAR_HANDLER,
@@ -61705,36 +61746,35 @@ void zend_init_opcodes_handlers(void)
 		1433 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		1458 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		1483 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG,
-		4571,
-		1493 | SPEC_RULE_OP1,
-		1498 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		1493 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		1518 | SPEC_RULE_OP1,
 		1523 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		1548 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		1573 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		1598,
-		1599 | SPEC_RULE_OP1,
-		1604 | SPEC_RULE_OP2,
-		1609 | SPEC_RULE_RETVAL,
-		1611 | SPEC_RULE_OP2,
-		1616 | SPEC_RULE_OP1,
-		1621,
-		1622 | SPEC_RULE_OP2,
-		1627 | SPEC_RULE_OP1,
-		1632 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG,
-		1642 | SPEC_RULE_OP1,
-		1647 | SPEC_RULE_OP1,
-		1652 | SPEC_RULE_OP2,
-		1657 | SPEC_RULE_OP1,
-		1662 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		1598 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		1623,
+		1624 | SPEC_RULE_OP1,
+		1629 | SPEC_RULE_OP2,
+		1634 | SPEC_RULE_RETVAL,
+		1636 | SPEC_RULE_OP2,
+		1641 | SPEC_RULE_OP1,
+		1646,
+		1647 | SPEC_RULE_OP2,
+		1652 | SPEC_RULE_OP1,
+		1657 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG,
+		1667 | SPEC_RULE_OP1,
+		1672 | SPEC_RULE_OP1,
+		1677 | SPEC_RULE_OP2,
+		1682 | SPEC_RULE_OP1,
 		1687 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		1712 | SPEC_RULE_OP1,
-		1717 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		1712 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		1737 | SPEC_RULE_OP1,
 		1742 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		1767 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		1792 | SPEC_RULE_OP1,
-		1797 | SPEC_RULE_OP1,
-		1802 | SPEC_RULE_OP1,
-		1807 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		1792 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		1817 | SPEC_RULE_OP1,
+		1822 | SPEC_RULE_OP1,
+		1827 | SPEC_RULE_OP1,
 		1832 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		1857 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		1882 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
@@ -61754,80 +61794,80 @@ void zend_init_opcodes_handlers(void)
 		2232 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		2257 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		2282 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		4571,
-		2307,
-		2308,
-		2309,
-		2310,
-		2311,
-		2312 | SPEC_RULE_OP1,
-		2317 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		2342 | SPEC_RULE_OP1,
-		2347 | SPEC_RULE_OP2,
-		2352 | SPEC_RULE_OP1,
-		2357 | SPEC_RULE_OP1,
-		2362 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		2307 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		4596,
+		2332,
+		2333,
+		2334,
+		2335,
+		2336,
+		2337 | SPEC_RULE_OP1,
+		2342 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		2367 | SPEC_RULE_OP1,
+		2372 | SPEC_RULE_OP2,
+		2377 | SPEC_RULE_OP1,
+		2382 | SPEC_RULE_OP1,
 		2387 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		2412 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		2437 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		2462 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG,
-		2472 | SPEC_RULE_OP1,
-		2477 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		2502,
-		2503 | SPEC_RULE_OP1,
-		2508 | SPEC_RULE_OP1,
-		2513 | SPEC_RULE_OP1,
-		2518 | SPEC_RULE_OP1,
-		2523 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		2548 | SPEC_RULE_OP1,
-		2553 | SPEC_RULE_OP1,
-		2558 | SPEC_RULE_OP1,
-		2563 | SPEC_RULE_OP2,
-		2568 | SPEC_RULE_RETVAL,
-		2570 | SPEC_RULE_RETVAL,
-		2572 | SPEC_RULE_RETVAL,
-		2574 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		2462 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		2487 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG,
+		2497 | SPEC_RULE_OP1,
+		2502 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		2527,
+		2528 | SPEC_RULE_OP1,
+		2533 | SPEC_RULE_OP1,
+		2538 | SPEC_RULE_OP1,
+		2543 | SPEC_RULE_OP1,
+		2548 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		2573 | SPEC_RULE_OP1,
+		2578 | SPEC_RULE_OP1,
+		2583 | SPEC_RULE_OP1,
+		2588 | SPEC_RULE_OP2,
+		2593 | SPEC_RULE_RETVAL,
+		2595 | SPEC_RULE_RETVAL,
+		2597 | SPEC_RULE_RETVAL,
 		2599 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		2624 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		2649 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		2674 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA,
-		2799,
-		2800 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		2825,
-		2826 | SPEC_RULE_OP2,
-		2831,
-		2832 | SPEC_RULE_OP1,
-		2837 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		2862 | SPEC_RULE_OP2,
-		2867 | SPEC_RULE_OP2,
-		2872,
-		2873 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA,
-		2998 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		3023,
-		3024,
-		3025,
-		3026 | SPEC_RULE_OP1,
-		3031 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		3056,
-		3057,
-		3058 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		3083,
-		3084,
-		3085,
-		3086 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		3111 | SPEC_RULE_OP1,
-		3116,
-		3117,
-		3118,
-		3119,
-		3120 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		3145 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_DIM_OBJ,
-		3220 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		3245 | SPEC_RULE_OP1,
-		3250 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		3275,
-		3276 | SPEC_RULE_OP2,
-		3281 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		2674 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		2699 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA,
+		2824,
+		2825 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		2850,
+		2851 | SPEC_RULE_OP2,
+		2856,
+		2857 | SPEC_RULE_OP1,
+		2862 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		2887 | SPEC_RULE_OP2,
+		2892 | SPEC_RULE_OP2,
+		2897,
+		2898 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_OP_DATA,
+		3023 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		3048,
+		3049,
+		3050,
+		3051 | SPEC_RULE_OP1,
+		3056 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		3081,
+		3082,
+		3083 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		3108,
+		3109,
+		3110,
+		3111 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		3136 | SPEC_RULE_OP1,
+		3141,
+		3142,
+		3143,
+		3144,
+		3145 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		3170 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_DIM_OBJ,
+		3245 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		3270 | SPEC_RULE_OP1,
+		3275 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		3300,
+		3301 | SPEC_RULE_OP2,
 		3306 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		3331 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		3356 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
@@ -61839,9 +61879,10 @@ void zend_init_opcodes_handlers(void)
 		3506 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		3531 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
 		3556 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		4571,
 		3581 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
-		4571
+		4596,
+		3606 | SPEC_RULE_OP1 | SPEC_RULE_OP2,
+		4596
 	};
 	zend_opcode_handlers = labels;
 		zend_handlers_count = sizeof(labels) / sizeof(void*);
@@ -61948,7 +61989,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3606 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
+				spec = 3631 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
 				if (op->op1_type > op->op2_type) {
 					zend_swap_operands(op);
 				}
@@ -61956,7 +61997,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3631 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
+				spec = 3656 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
 				if (op->op1_type > op->op2_type) {
 					zend_swap_operands(op);
 				}
@@ -61964,7 +62005,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3656 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
+				spec = 3681 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
 				if (op->op1_type > op->op2_type) {
 					zend_swap_operands(op);
 				}
@@ -61975,17 +62016,17 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3681 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
+				spec = 3706 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
 			} else if ((op1_info == MAY_BE_LONG && op2_info == MAY_BE_LONG)) {
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3706 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
+				spec = 3731 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
 			} else if ((op1_info == MAY_BE_DOUBLE && op2_info == MAY_BE_DOUBLE)) {
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3731 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
+				spec = 3756 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
 			}
 			break;
 		case ZEND_MUL:
@@ -61993,7 +62034,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3756 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
+				spec = 3781 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
 				if (op->op1_type > op->op2_type) {
 					zend_swap_operands(op);
 				}
@@ -62001,7 +62042,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3781 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
+				spec = 3806 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
 				if (op->op1_type > op->op2_type) {
 					zend_swap_operands(op);
 				}
@@ -62009,7 +62050,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3806 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
+				spec = 3831 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
 				if (op->op1_type > op->op2_type) {
 					zend_swap_operands(op);
 				}
@@ -62020,7 +62061,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3831 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
+				spec = 3856 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
 				if (op->op1_type > op->op2_type) {
 					zend_swap_operands(op);
 				}
@@ -62028,7 +62069,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3906 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
+				spec = 3931 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
 				if (op->op1_type > op->op2_type) {
 					zend_swap_operands(op);
 				}
@@ -62039,7 +62080,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 3981 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
+				spec = 4006 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
 				if (op->op1_type > op->op2_type) {
 					zend_swap_operands(op);
 				}
@@ -62047,7 +62088,7 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 4056 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
+				spec = 4081 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
 				if (op->op1_type > op->op2_type) {
 					zend_swap_operands(op);
 				}
@@ -62058,12 +62099,12 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 4131 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
+				spec = 4156 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
 			} else if ((op1_info == MAY_BE_DOUBLE && op2_info == MAY_BE_DOUBLE)) {
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 4206 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
+				spec = 4231 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
 			}
 			break;
 		case ZEND_IS_SMALLER_OR_EQUAL:
@@ -62071,70 +62112,70 @@ ZEND_API void zend_vm_set_opcode_handler_ex(zend_op* op, uint32_t op1_info, uint
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 4281 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
+				spec = 4306 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
 			} else if ((op1_info == MAY_BE_DOUBLE && op2_info == MAY_BE_DOUBLE)) {
 				if (op->op1_type == IS_CONST && op->op2_type == IS_CONST) {
 					break;
 				}
-				spec = 4356 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
+				spec = 4381 | SPEC_RULE_OP1 | SPEC_RULE_OP2 | SPEC_RULE_SMART_BRANCH;
 			}
 			break;
 		case ZEND_QM_ASSIGN:
 			if ((op1_info == MAY_BE_DOUBLE)) {
-				spec = 4521 | SPEC_RULE_OP1;
+				spec = 4546 | SPEC_RULE_OP1;
 			} else if ((!(op1_info & ((MAY_BE_ANY|MAY_BE_UNDEF)-(MAY_BE_NULL|MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_LONG|MAY_BE_DOUBLE))))) {
-				spec = 4526 | SPEC_RULE_OP1;
+				spec = 4551 | SPEC_RULE_OP1;
 			}
 			break;
 		case ZEND_PRE_INC:
 			if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) {
-				spec = 4431 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
+				spec = 4456 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
 			} else if ((op1_info == MAY_BE_LONG)) {
-				spec = 4441 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
+				spec = 4466 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
 			} else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) {
-				spec = 4451 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
+				spec = 4476 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
 			}
 			break;
 		case ZEND_PRE_DEC:
 			if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) {
-				spec = 4461 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
+				spec = 4486 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
 			} else if ((op1_info == MAY_BE_LONG)) {
-				spec = 4471 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
+				spec = 4496 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
 			} else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) {
-				spec = 4481 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
+				spec = 4506 | SPEC_RULE_OP1 | SPEC_RULE_RETVAL;
 			}
 			break;
 		case ZEND_POST_INC:
 			if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) {
-				spec = 4491 | SPEC_RULE_OP1;
+				spec = 4516 | SPEC_RULE_OP1;
 			} else if ((op1_info == MAY_BE_LONG)) {
-				spec = 4496 | SPEC_RULE_OP1;
+				spec = 4521 | SPEC_RULE_OP1;
 			} else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) {
-				spec = 4501 | SPEC_RULE_OP1;
+				spec = 4526 | SPEC_RULE_OP1;
 			}
 			break;
 		case ZEND_POST_DEC:
 			if ((res_info == MAY_BE_LONG && op1_info == MAY_BE_LONG)) {
-				spec = 4506 | SPEC_RULE_OP1;
+				spec = 4531 | SPEC_RULE_OP1;
 			} else if ((op1_info == MAY_BE_LONG)) {
-				spec = 4511 | SPEC_RULE_OP1;
+				spec = 4536 | SPEC_RULE_OP1;
 			} else if ((op1_info == (MAY_BE_LONG|MAY_BE_DOUBLE))) {
-				spec = 4516 | SPEC_RULE_OP1;
+				spec = 4541 | SPEC_RULE_OP1;
 			}
 			break;
 		case ZEND_SEND_VAR_EX:
 			if ((op1_info & (MAY_BE_UNDEF|MAY_BE_REF)) == 0) {
-				spec = 4561 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG;
+				spec = 4586 | SPEC_RULE_OP1 | SPEC_RULE_QUICK_ARG;
 			}
 			break;
 		case ZEND_FETCH_DIM_R:
 			if ((!(op2_info & (MAY_BE_UNDEF|MAY_BE_NULL|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF)))) {
-				spec = 4531 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
+				spec = 4556 | SPEC_RULE_OP1 | SPEC_RULE_OP2;
 			}
 			break;
 		case ZEND_SEND_VAR:
 			if ((op1_info & (MAY_BE_UNDEF|MAY_BE_REF)) == 0) {
-				spec = 4556 | SPEC_RULE_OP1;
+				spec = 4581 | SPEC_RULE_OP1;
 			}
 			break;
 		default:
diff --git a/Zend/zend_vm_opcodes.c b/Zend/zend_vm_opcodes.c
index 6dd761d..3b78d30 100644
--- a/Zend/zend_vm_opcodes.c
+++ b/Zend/zend_vm_opcodes.c
@@ -73,7 +73,7 @@ static const char *zend_vm_opcodes_names[187] = {
 	"ZEND_CASE",
 	"ZEND_CHECK_VAR",
 	"ZEND_SEND_VAR_NO_REF_EX",
-	NULL,
+	"ZEND_DEREF",
 	"ZEND_BOOL",
 	"ZEND_FAST_CONCAT",
 	"ZEND_ROPE_INIT",
@@ -263,7 +263,7 @@ static uint32_t zend_vm_opcodes_flags[187] = {
 	0x00000707,
 	0x00000101,
 	0x00001001,
-	0x00000000,
+	0x00000101,
 	0x00000007,
 	0x00000707,
 	0x01000701,
diff --git a/Zend/zend_vm_opcodes.h b/Zend/zend_vm_opcodes.h
index 11903ab..10bcd4f 100644
--- a/Zend/zend_vm_opcodes.h
+++ b/Zend/zend_vm_opcodes.h
@@ -118,6 +118,7 @@ END_EXTERN_C()
 #define ZEND_CASE                             48
 #define ZEND_CHECK_VAR                        49
 #define ZEND_SEND_VAR_NO_REF_EX               50
+#define ZEND_DEREF                            51
 #define ZEND_BOOL                             52
 #define ZEND_FAST_CONCAT                      53
 #define ZEND_ROPE_INIT                        54
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Thu Jan 02 19:01:28 2025 UTC