try to fix JIT/Optimizations

Girgias · Girgias · commit 12db8aa3e5b9 · 2025-08-31T18:56:09.000+02:00
diff --git a/Zend/Optimizer/block_pass.c b/Zend/Optimizer/block_pass.c
@@ -436,21 +436,14 @@ static void zend_optimize_block(zend_basic_block *block, zend_op_array *op_array
 					Tsource[VAR_NUM(opline->op1.var)] = NULL;
 					break;
 				}
-				ZEND_FALLTHROUGH;
-
-			case ZEND_IS_EQUAL:
-			case ZEND_IS_NOT_EQUAL:
 				if (opline->op1_type == IS_CONST &&
-				    opline->op2_type == IS_CONST) {
+					opline->op2_type == IS_CONST) {
 					goto optimize_constant_binary_op;
-				}
-		        /* IS_EQ(TRUE, X)      => BOOL(X)
-		         * IS_EQ(FALSE, X)     => BOOL_NOT(X)
-		         * IS_NOT_EQ(TRUE, X)  => BOOL_NOT(X)
-		         * IS_NOT_EQ(FALSE, X) => BOOL(X)
-		         * CASE(TRUE, X)       => BOOL(X)
-		         * CASE(FALSE, X)      => BOOL_NOT(X)
-		         */
+					}
+				/*
+				 * CASE(TRUE, X)       => BOOL(X)
+				 * CASE(FALSE, X)      => BOOL_NOT(X)
+				 */
 				if (opline->op1_type == IS_CONST &&
 					(Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_FALSE ||
 					 Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_TRUE)) {
@@ -464,19 +457,34 @@ static void zend_optimize_block(zend_basic_block *block, zend_op_array *op_array
 					SET_UNUSED(opline->op2);
 					++(*opt_count);
 					goto optimize_bool;
-				} else if (opline->op2_type == IS_CONST &&
-				           (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_FALSE ||
-				            Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_TRUE)) {
-					/* Optimization of comparison with "null" is not safe,
-					 * because ("0" == null) is not equal to !("0")
-					 */
-					opline->opcode =
-						((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP2_LITERAL(opline))) == IS_TRUE)) ?
-						ZEND_BOOL : ZEND_BOOL_NOT;
-					SET_UNUSED(opline->op2);
-					++(*opt_count);
-					goto optimize_bool;
+					 } else if (opline->op2_type == IS_CONST &&
+								(Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_FALSE ||
+								 Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_TRUE)) {
+					 	/* Optimization of comparison with "null" is not safe,
+						  * because ("0" == null) is not equal to !("0")
+						  */
+					 	opline->opcode =
+							 ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP2_LITERAL(opline))) == IS_TRUE)) ?
+							 ZEND_BOOL : ZEND_BOOL_NOT;
+					 	SET_UNUSED(opline->op2);
+					 	++(*opt_count);
+					 	goto optimize_bool;
+								 }
+				break;
+
+			case ZEND_IS_EQUAL:
+			case ZEND_IS_NOT_EQUAL:
+				if (opline->op1_type == IS_CONST &&
+				    opline->op2_type == IS_CONST) {
+					goto optimize_constant_binary_op;
 				}
+				/* IS_EQ(TRUE, X)      => BOOL(X)
+				 * IS_EQ(FALSE, X)     => BOOL_NOT(X)
+				 * IS_NOT_EQ(TRUE, X)  => BOOL_NOT(X)
+				 * IS_NOT_EQ(FALSE, X) => BOOL(X)
+				 * Those optimizations are not safe if the other operand end up being NAN
+				 * as BOOL/BOOL_NOT will warn which IS_EQUAL/IS_NOT_EQUAL do not.
+				 */
 				break;
 			case ZEND_IS_IDENTICAL:
 				if (opline->op1_type == IS_CONST &&
diff --git a/Zend/Optimizer/dce.c b/Zend/Optimizer/dce.c
@@ -95,8 +95,6 @@ static inline bool may_have_side_effects(
 		case ZEND_DIV:
 		case ZEND_MOD:
 		case ZEND_BOOL_XOR:
-		case ZEND_BOOL:
-		case ZEND_BOOL_NOT:
 		case ZEND_BW_NOT:
 		case ZEND_SL:
 		case ZEND_SR:
@@ -106,7 +104,6 @@ static inline bool may_have_side_effects(
 		case ZEND_IS_SMALLER_OR_EQUAL:
 		case ZEND_CASE:
 		case ZEND_CASE_STRICT:
-		case ZEND_CAST:
 		case ZEND_ROPE_INIT:
 		case ZEND_ROPE_ADD:
 		case ZEND_INIT_ARRAY:
@@ -126,6 +123,27 @@ static inline bool may_have_side_effects(
 		case ZEND_ARRAY_KEY_EXISTS:
 			/* No side effects */
 			return 0;
+		case ZEND_CAST: {
+			uint32_t t1 = OP1_INFO();
+			/* Cast from NAN emits warning */
+			if (t1 & MAY_BE_DOUBLE) {
+				return true;
+			}
+			if (t1 & MAY_BE_ARRAY) {
+				/* Array cast to string emits warning */
+				return opline->extended_value == IS_STRING;
+			}
+			return false;
+		}
+		case ZEND_BOOL:
+		case ZEND_BOOL_NOT: {
+			uint32_t t1 = OP1_INFO();
+			/* Cast from NAN emits warning */
+			if (t1 & MAY_BE_DOUBLE) {
+				return true;
+			}
+			return false;
+		}
 		case ZEND_FREE:
 			return opline->extended_value == ZEND_FREE_VOID_CAST;
 		case ZEND_ADD_ARRAY_ELEMENT:
diff --git a/Zend/Optimizer/sccp.c b/Zend/Optimizer/sccp.c
@@ -335,6 +335,10 @@ static inline zend_result ct_eval_bool_cast(zval *result, zval *op) {
 		ZVAL_TRUE(result);
 		return SUCCESS;
 	}
+	/* NAN warns when casting */
+	if (Z_TYPE_P(op) == IS_DOUBLE && zend_isnan(Z_DVAL_P(op))) {
+		return FAILURE;
+	}
 
 	ZVAL_BOOL(result, zend_is_true(op));
 	return SUCCESS;
diff --git a/Zend/Optimizer/zend_inference.c b/Zend/Optimizer/zend_inference.c
@@ -5105,14 +5105,16 @@ ZEND_API bool zend_may_throw_ex(const zend_op *opline, const zend_ssa_op *ssa_op
 		case ZEND_PRE_DEC:
 		case ZEND_POST_DEC:
 			return (t1 & (MAY_BE_NULL|MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE));
-		case ZEND_BOOL_NOT:
 		case ZEND_JMPZ:
 		case ZEND_JMPNZ:
 		case ZEND_JMPZ_EX:
 		case ZEND_JMPNZ_EX:
-		case ZEND_BOOL:
 		case ZEND_JMP_SET:
 			return (t1 & MAY_BE_OBJECT);
+		case ZEND_BOOL:
+		case ZEND_BOOL_NOT:
+			/* NAN Cast to bool will warn */
+			return (t1 & MAY_BE_OBJECT) || (t1 & MAY_BE_DOUBLE);
 		case ZEND_BOOL_XOR:
 			return (t1 & MAY_BE_OBJECT) || (t2 & MAY_BE_OBJECT);
 		case ZEND_IS_EQUAL:
diff --git a/Zend/Optimizer/zend_optimizer.c b/Zend/Optimizer/zend_optimizer.c
@@ -74,6 +74,9 @@ zend_result zend_optimizer_eval_unary_op(zval *result, uint8_t opcode, zval *op1
 		}
 		return unary_op(result, op1);
 	} else { /* ZEND_BOOL */
+		if (Z_TYPE_P(op1) == IS_DOUBLE && zend_isnan(Z_DVAL_P(op1))) {
+			return FAILURE;
+		}
 		ZVAL_BOOL(result, zend_is_true(op1));
 		return SUCCESS;
 	}
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
@@ -10027,6 +10027,19 @@ ZEND_API bool zend_unary_op_produces_error(uint32_t opcode, const zval *op)
 		}
 		return Z_TYPE_P(op) <= IS_TRUE || !zend_is_op_long_compatible(op);
 	}
+	/* Can happen when called from zend_optimizer_eval_unary_op() */
+	if (
+		opcode == ZEND_IS_EQUAL
+		|| opcode == ZEND_IS_NOT_EQUAL
+		|| opcode == ZEND_BOOL
+		|| opcode == ZEND_BOOL_NOT
+	) {
+		/* BW_NOT on string does not convert the string into an integer. */
+		if (Z_TYPE_P(op) == IS_DOUBLE) {
+			return true;
+		}
+		return false;
+	}
 
 	return 0;
 }
@@ -10210,7 +10223,7 @@ static void zend_compile_binary_op(znode *result, zend_ast *ast) /* {{{ */
 	}
 
 	do {
-		// TODO do not do this for NAN?
+		/* TODO: Do this optimization when other side is not float as NAN will warn and we don't want that
 		if (opcode == ZEND_IS_EQUAL || opcode == ZEND_IS_NOT_EQUAL) {
 			if (left_node.op_type == IS_CONST) {
 				if (Z_TYPE(left_node.u.constant) == IS_FALSE) {
@@ -10233,7 +10246,8 @@ static void zend_compile_binary_op(znode *result, zend_ast *ast) /* {{{ */
 					break;
 				}
 			}
-		} else if (opcode == ZEND_IS_IDENTICAL || opcode == ZEND_IS_NOT_IDENTICAL) {
+		} else */
+		if (opcode == ZEND_IS_IDENTICAL || opcode == ZEND_IS_NOT_IDENTICAL) {
 			/* convert $x === null to is_null($x) (i.e. ZEND_TYPE_CHECK opcode). Do the same thing for false/true. (covers IS_NULL, IS_FALSE, and IS_TRUE) */
 			if (left_node.op_type == IS_CONST) {
 				if (Z_TYPE(left_node.u.constant) <= IS_TRUE && Z_TYPE(left_node.u.constant) >= IS_NULL) {
@@ -12040,6 +12054,10 @@ static zend_op *zend_delayed_compile_var(znode *result, zend_ast *ast, uint32_t
 
 bool zend_try_ct_eval_cast(zval *result, uint32_t type, zval *op1)
 {
+	/* NAN warns when casting */
+	if (UNEXPECTED(Z_TYPE_P(op1) == IS_DOUBLE && zend_isnan(Z_DVAL_P(op1)))) {
+		return false;
+	}
 	switch (type) {
 		case _IS_BOOL:
 			ZVAL_BOOL(result, zval_is_true(op1));
diff --git a/Zend/zend_execute.h b/Zend/zend_execute.h
@@ -233,6 +233,9 @@ static zend_always_inline void zend_cast_zval_to_object(zval *result, zval *expr
 		}
 		Z_OBJ_P(result)->properties = ht;
 	} else if (Z_TYPE_P(expr) != IS_NULL) {
+		if (UNEXPECTED(Z_TYPE_P(expr) == IS_DOUBLE && zend_isnan(Z_DVAL_P(expr)))) {
+			zend_nan_coerced_to_type_warning(IS_OBJECT);
+		}
 		Z_OBJ_P(result)->properties = ht = zend_new_array(1);
 		expr = zend_hash_add_new(ht, ZSTR_KNOWN(ZEND_STR_SCALAR), expr);
 		if (op1_type == IS_CONST) {
@@ -247,6 +250,9 @@ static zend_always_inline void zend_cast_zval_to_array(zval *result, zval *expr,
 	extern zend_class_entry *zend_ce_closure;
 	if (op1_type == IS_CONST || Z_TYPE_P(expr) != IS_OBJECT || Z_OBJCE_P(expr) == zend_ce_closure) {
 		if (Z_TYPE_P(expr) != IS_NULL) {
+			if (UNEXPECTED(Z_TYPE_P(expr) == IS_DOUBLE && zend_isnan(Z_DVAL_P(expr)))) {
+				zend_nan_coerced_to_type_warning(IS_ARRAY);
+			}
 			ZVAL_ARR(result, zend_new_array(1));
 			expr = zend_hash_index_add_new(Z_ARRVAL_P(result), 0, expr);
 			if (op1_type == IS_CONST) {
diff --git a/ext/opcache/jit/zend_jit_helpers.c b/ext/opcache/jit/zend_jit_helpers.c
@@ -16,6 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
+#include "Zend/zend_portability.h"
 #include "Zend/zend_types.h"
 #include "Zend/zend_API.h"
 
@@ -2575,6 +2576,11 @@ static void ZEND_FASTCALL zend_jit_invalid_array_access(zval *container)
 	zend_error(E_WARNING, "Trying to access array offset on %s", zend_zval_value_name(container));
 }
 
+static void ZEND_FASTCALL zend_jit_check_nan_to_bool_coercion(void)
+{
+	zend_nan_coerced_to_type_warning(_IS_BOOL);
+}
+
 static void ZEND_FASTCALL zend_jit_invalid_property_read(zval *container, const char *property_name)
 {
 	zend_error(E_WARNING, "Attempt to read property \"%s\" on %s", property_name, zend_zval_value_name(container));
diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
@@ -7729,7 +7729,14 @@ static int zend_jit_bool_jmpznz(zend_jit_ctx *jit, const zend_op *opline, uint32
 			if_double = ir_IF(ir_EQ(type, ir_CONST_U8(IS_DOUBLE)));
 			ir_IF_TRUE(if_double);
 		}
-		ref = ir_NE(jit_Z_DVAL(jit, op1_addr), ir_CONST_DOUBLE(0.0));
+
+		ir_ref dval = jit_Z_DVAL(jit, op1_addr);ir_ref is_nan = ir_NE(dval, dval);
+		ir_ref if_val = ir_IF(is_nan);
+		ir_IF_TRUE_cold(if_val);
+			ir_CALL(IR_VOID, ir_CONST_FC_FUNC(zend_jit_check_nan_to_bool_coercion));
+		ir_MERGE_WITH_EMPTY_FALSE(if_val);
+
+		ref = ir_NE(dval, ir_CONST_DOUBLE(0.0));
 		if (branch_opcode == ZEND_BOOL || branch_opcode == ZEND_BOOL_NOT) {
 			if (set_bool_not) {
 				jit_set_Z_TYPE_INFO_ref(jit, jit_ZVAL_ADDR(jit, res_addr),

Original file line number	Diff line number	Diff line change
`@@ -74,6 +74,9 @@ zend_result zend_optimizer_eval_unary_op(zval result, uint8_t opcode, zval op1`
`74`	`74`	`}`
`75`	`75`	`return unary_op(result, op1);`
`76`	`76`	`} else { /* ZEND_BOOL */`
	`77`	`+ if (Z_TYPE_P(op1) == IS_DOUBLE && zend_isnan(Z_DVAL_P(op1))) {`
	`78`	`+ return FAILURE;`
	`79`	`+ }`
`77`	`80`	`ZVAL_BOOL(result, zend_is_true(op1));`
`78`	`81`	`return SUCCESS;`
`79`	`82`	`}`