Drop range inference for IS_NULL/IS_FALSE/IS_TRUE.

These values not always converted to IS_LONG (e.g. by -- and ++) and
this leads to incorrect range inferene and later to incorrect JIT code
generation.

Author: dstogov

Zend/Optimizer/zend_inference.c

@@ -1017,15 +1017,6 @@ static bool zend_inference_calc_range(const zend_op_array *op_array, zend_ssa *s
 		}
 		return (tmp->min <= tmp->max);
 	} else if (ssa->vars[var].definition < 0) {
-		if (var < op_array->last_var &&
-		    op_array->function_name) {
-
-			tmp->min = 0;
-			tmp->max = 0;
-			tmp->underflow = 0;
-			tmp->overflow = 0;
-			return 1;
-		}
 		return 0;
 	}
 	line = ssa->vars[var].definition;
@@ -4199,52 +4190,7 @@ static void zend_func_return_info(const zend_op_array   *op_array,
 				if (opline->op1_type == IS_CONST) {
 					zval *zv = CRT_CONSTANT(opline->op1);
 
-					if (Z_TYPE_P(zv) == IS_NULL) {
-						if (tmp_has_range < 0) {
-							tmp_has_range = 1;
-							tmp_range.underflow = 0;
-							tmp_range.min = 0;
-							tmp_range.max = 0;
-							tmp_range.overflow = 0;
-						} else if (tmp_has_range) {
-							if (!tmp_range.underflow) {
-								tmp_range.min = MIN(tmp_range.min, 0);
-							}
-							if (!tmp_range.overflow) {
-								tmp_range.max = MAX(tmp_range.max, 0);
-							}
-						}
-					} else if (Z_TYPE_P(zv) == IS_FALSE) {
-						if (tmp_has_range < 0) {
-							tmp_has_range = 1;
-							tmp_range.underflow = 0;
-							tmp_range.min = 0;
-							tmp_range.max = 0;
-							tmp_range.overflow = 0;
-						} else if (tmp_has_range) {
-							if (!tmp_range.underflow) {
-								tmp_range.min = MIN(tmp_range.min, 0);
-							}
-							if (!tmp_range.overflow) {
-								tmp_range.max = MAX(tmp_range.max, 0);
-							}
-						}
-					} else if (Z_TYPE_P(zv) == IS_TRUE) {
-						if (tmp_has_range < 0) {
-							tmp_has_range = 1;
-							tmp_range.underflow = 0;
-							tmp_range.min = 1;
-							tmp_range.max = 1;
-							tmp_range.overflow = 0;
-						} else if (tmp_has_range) {
-							if (!tmp_range.underflow) {
-								tmp_range.min = MIN(tmp_range.min, 1);
-							}
-							if (!tmp_range.overflow) {
-								tmp_range.max = MAX(tmp_range.max, 1);
-							}
-						}
-					} else if (Z_TYPE_P(zv) == IS_LONG) {
+					if (Z_TYPE_P(zv) == IS_LONG) {
 						if (tmp_has_range < 0) {
 							tmp_has_range = 1;
 							tmp_range.underflow = 0;

Zend/Optimizer/zend_inference.h

@@ -40,7 +40,7 @@
 	{ \
 		if (opline->opN##_type == IS_CONST) { \
 			zval *zv = CRT_CONSTANT(opline->opN); \
-			return (Z_TYPE_P(zv) == IS_LONG || Z_TYPE_P(zv) == IS_TRUE || Z_TYPE_P(zv) == IS_FALSE || Z_TYPE_P(zv) == IS_NULL); \
+			return (Z_TYPE_P(zv) == IS_LONG); \
 		} else { \
 			return (opline->opN##_type != IS_UNUSED && \
 		        ssa->var_info && \
@@ -57,12 +57,6 @@
 			zval *zv = CRT_CONSTANT(opline->opN); \
 			if (Z_TYPE_P(zv) == IS_LONG) { \
 				return Z_LVAL_P(zv); \
-			} else if (Z_TYPE_P(zv) == IS_TRUE) { \
-				return 1; \
-			} else if (Z_TYPE_P(zv) == IS_FALSE) { \
-				return 0; \
-			} else if (Z_TYPE_P(zv) == IS_NULL) { \
-				return 0; \
 			} \
 		} else if (opline->opN##_type != IS_UNUSED && \
 		    ssa->var_info && \
@@ -80,12 +74,6 @@
 			zval *zv = CRT_CONSTANT(opline->opN); \
 			if (Z_TYPE_P(zv) == IS_LONG) { \
 				return Z_LVAL_P(zv); \
-			} else if (Z_TYPE_P(zv) == IS_TRUE) { \
-				return 1; \
-			} else if (Z_TYPE_P(zv) == IS_FALSE) { \
-				return 0; \
-			} else if (Z_TYPE_P(zv) == IS_NULL) { \
-				return 0; \
 			} \
 		} else if (opline->opN##_type != IS_UNUSED && \
 		    ssa->var_info && \
@@ -101,7 +89,7 @@
 	{ \
 		if (opline->opN##_type == IS_CONST) { \
 			zval *zv = CRT_CONSTANT(opline->opN); \
-			if (Z_TYPE_P(zv) == IS_LONG || Z_TYPE_P(zv) == IS_TRUE || Z_TYPE_P(zv) == IS_FALSE || Z_TYPE_P(zv) == IS_NULL) { \
+			if (Z_TYPE_P(zv) == IS_LONG) { \
 				return 0; \
 			} \
 		} else if (opline->opN##_type != IS_UNUSED && \
@@ -118,7 +106,7 @@
 	{ \
 		if (opline->opN##_type == IS_CONST) { \
 			zval *zv = CRT_CONSTANT(opline->opN); \
-			if (Z_TYPE_P(zv) == IS_LONG || Z_TYPE_P(zv) == IS_TRUE || Z_TYPE_P(zv) == IS_FALSE || Z_TYPE_P(zv) == IS_NULL) { \
+			if (Z_TYPE_P(zv) == IS_LONG) { \
 				return 0; \
 			} \
 		} else if (opline->opN##_type != IS_UNUSED && \

ext/opcache/tests/opt/inference_016.phpt

@@ -0,0 +1,23 @@
+--TEST--
+Range inference 016:
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+--FILE--
+<?php
+function test() {
+    $a = $y = null;
+    for(;;$a-- + $a % $a = $y + $a) {
+        var_dump($a);
+    }
+}
+try {
+    @test();
+} catch (Throwable $e) {
+	echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+NULL
+Modulo by zero

ext/opcache/tests/opt/inference_017.phpt

@@ -0,0 +1,21 @@
+--TEST--
+Range inference 017:
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+--FILE--
+<?php
+function test() {
+    for(;;) {
+        $a = $a-- + 0 / $a;
+    }
+}
+try {
+    @test();
+} catch (Throwable $e) {
+	echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Division by zero

ext/opcache/tests/opt/inference_018.phpt

@@ -0,0 +1,23 @@
+--TEST--
+Range inference 018:
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+--FILE--
+<?php
+function test() {
+    for(;;) {
+        $a--;
+        $a &= $a / $a;
+        $a--;
+    }
+}
+try {
+    @test();
+} catch (Throwable $e) {
+	echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Division by zero

ext/opcache/tests/opt/inference_019.phpt

@@ -0,0 +1,22 @@
+--TEST--
+Range inference 019:
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+--FILE--
+<?php
+function test() {
+    $a = $y = null;
+    for($cnt = 0; $cnt < 6; $cnt++) {
+        $e = $a-- + $a *= $a;
+        $a-- + $y -= $e;
+        $a-- + $a *= $a;
+        $a-- + $a *= $a;
+    }
+}
+test();
+?>
+DONE
+--EXPECT--
+DONE