Fixed codegeneration for NOT

dstogov · dstogov · commit ed37ab9d1418 · 2023-10-31T08:34:14.000+03:00
Fixes oss-fuzz #63749
diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
@@ -3864,7 +3864,8 @@ static void zend_jit_type_check_undef(zend_jit_ctx  *jit,
                                       uint32_t       var,
                                       const zend_op *opline,
                                       bool           check_exception,
-                                      bool           in_cold_path)
+                                      bool           in_cold_path,
+                                      bool           undef_result)
 {
 	ir_ref if_def = ir_IF(type);
 
@@ -3878,7 +3879,11 @@ static void zend_jit_type_check_undef(zend_jit_ctx  *jit,
 	}
 	ir_CALL_1(IR_VOID, ir_CONST_FC_FUNC(zend_jit_undefined_op_helper), ir_CONST_U32(var));
 	if (check_exception) {
-		zend_jit_check_exception(jit);
+		if (undef_result) {
+			zend_jit_check_exception_undef_result(jit, opline);
+		} else {
+			zend_jit_check_exception(jit);
+		}
 	}
 	ir_MERGE_WITH_EMPTY_TRUE(if_def);
 }
@@ -7301,7 +7306,7 @@ static int zend_jit_bool_jmpznz(zend_jit_ctx *jit, const zend_op *opline, uint32
 				zend_jit_type_check_undef(jit,
 					type,
 					opline->op1.var,
-					opline, 1, 0);
+					opline, 1, 0, 1);
 			}
 			if (set_bool) {
 				jit_set_Z_TYPE_INFO(jit, res_addr, set_bool_not ? IS_TRUE : IS_FALSE);
@@ -12201,12 +12206,12 @@ static int zend_jit_fetch_dim_read(zend_jit_ctx       *jit,
 				jit_SET_EX_OPLINE(jit, opline);
 				if (opline->opcode != ZEND_FETCH_DIM_IS && (op1_info & MAY_BE_UNDEF)) {
 					may_throw = 1;
-					zend_jit_type_check_undef(jit, jit_Z_TYPE(jit, op1_addr), opline->op1.var, NULL, 0, 1);
+					zend_jit_type_check_undef(jit, jit_Z_TYPE(jit, op1_addr), opline->op1.var, NULL, 0, 1, 0);
 				}
 
 				if (op2_info & MAY_BE_UNDEF) {
 					may_throw = 1;
-					zend_jit_type_check_undef(jit, jit_Z_TYPE(jit, op2_addr), opline->op2.var, NULL, 0, 1);
+					zend_jit_type_check_undef(jit, jit_Z_TYPE(jit, op2_addr), opline->op2.var, NULL, 0, 1, 0);
 				}
 			}
 
diff --git a/ext/opcache/tests/jit/not_003.phpt b/ext/opcache/tests/jit/not_003.phpt
@@ -0,0 +1,18 @@
+--TEST--
+JIT NOT: 003
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+opcache.protect_memory=1
+--FILE--
+<?php
+set_error_handler(function(){y;}) . !$y;
+?>
+--EXPECTF--
+Fatal error: Uncaught Error: Undefined constant "y" in %snot_003.php:2
+Stack trace:
+#0 %snot_003.php(2): {closure}(2, '%s', '%s', 2)
+#1 {main}
+  thrown in %snot_003.php on line 2

Original file line number	Diff line number	Diff line change
`@@ -3864,7 +3864,8 @@ static void zend_jit_type_check_undef(zend_jit_ctx *jit,`
`3864`	`3864`	`uint32_t var,`
`3865`	`3865`	`const zend_op *opline,`
`3866`	`3866`	`bool check_exception,`
`3867`		`- bool in_cold_path)`
	`3867`	`+ bool in_cold_path,`
	`3868`	`+ bool undef_result)`
`3868`	`3869`	`{`
`3869`	`3870`	`ir_ref if_def = ir_IF(type);`
`3870`	`3871`
`@@ -3878,7 +3879,11 @@ static void zend_jit_type_check_undef(zend_jit_ctx *jit,`
`3878`	`3879`	`}`
`3879`	`3880`	`ir_CALL_1(IR_VOID, ir_CONST_FC_FUNC(zend_jit_undefined_op_helper), ir_CONST_U32(var));`
`3880`	`3881`	`if (check_exception) {`
`3881`		`- zend_jit_check_exception(jit);`
	`3882`	`+ if (undef_result) {`
	`3883`	`+ zend_jit_check_exception_undef_result(jit, opline);`
	`3884`	`+ } else {`
	`3885`	`+ zend_jit_check_exception(jit);`
	`3886`	`+ }`
`3882`	`3887`	`}`
`3883`	`3888`	`ir_MERGE_WITH_EMPTY_TRUE(if_def);`
`3884`	`3889`	`}`
`@@ -7301,7 +7306,7 @@ static int zend_jit_bool_jmpznz(zend_jit_ctx jit, const zend_op opline, uint32`
`7301`	`7306`	`zend_jit_type_check_undef(jit,`
`7302`	`7307`	`type,`
`7303`	`7308`	`opline->op1.var,`
`7304`		`- opline, 1, 0);`
	`7309`	`+ opline, 1, 0, 1);`
`7305`	`7310`	`}`
`7306`	`7311`	`if (set_bool) {`
`7307`	`7312`	`jit_set_Z_TYPE_INFO(jit, res_addr, set_bool_not ? IS_TRUE : IS_FALSE);`
`@@ -12201,12 +12206,12 @@ static int zend_jit_fetch_dim_read(zend_jit_ctx *jit,`
`12201`	`12206`	`jit_SET_EX_OPLINE(jit, opline);`
`12202`	`12207`	`if (opline->opcode != ZEND_FETCH_DIM_IS && (op1_info & MAY_BE_UNDEF)) {`
`12203`	`12208`	`may_throw = 1;`
`12204`		`- zend_jit_type_check_undef(jit, jit_Z_TYPE(jit, op1_addr), opline->op1.var, NULL, 0, 1);`
	`12209`	`+ zend_jit_type_check_undef(jit, jit_Z_TYPE(jit, op1_addr), opline->op1.var, NULL, 0, 1, 0);`
`12205`	`12210`	`}`
`12206`	`12211`
`12207`	`12212`	`if (op2_info & MAY_BE_UNDEF) {`
`12208`	`12213`	`may_throw = 1;`
`12209`		`- zend_jit_type_check_undef(jit, jit_Z_TYPE(jit, op2_addr), opline->op2.var, NULL, 0, 1);`
	`12214`	`+ zend_jit_type_check_undef(jit, jit_Z_TYPE(jit, op2_addr), opline->op2.var, NULL, 0, 1, 0);`
`12210`	`12215`	`}`
`12211`	`12216`	`}`
`12212`	`12217`