Fix edge cases in JIT for ASSIGN_DIM_OP.

dstogov · dstogov · commit 4744dc8d2131 · 2021-05-24T13:35:04.000+03:00
(This fixes Zend/tests/bug79947.phpt and
Zend/tests/undef_index_to_exception.phpt without PROFITABILITY_CHECKS).
diff --git a/ext/opcache/jit/zend_jit_arm64.dasc b/ext/opcache/jit/zend_jit_arm64.dasc
@@ -6104,7 +6104,6 @@ static int zend_jit_assign_dim_op(dasm_State **Dst, const zend_op *opline, uint3
 				|	LOAD_ADDR CARG3, binary_op
 				|	SET_EX_OPLINE opline, REG0
 				|	EXT_CALL zend_jit_assign_op_to_typed_ref, REG0
-				zend_jit_check_exception(Dst);
 				|	b >9
 				|.code
 				|1:
@@ -6171,18 +6170,34 @@ static int zend_jit_assign_dim_op(dasm_State **Dst, const zend_op *opline, uint3
 		|	LOAD_ZVAL_ADDR CARG3, op3_addr
 		|	LOAD_ADDR CARG4, binary_op
 		|	EXT_CALL zend_jit_assign_dim_op_helper, REG0
-		if (!zend_jit_check_exception(Dst)) {
-			return 0;
-		}
 
 		if (op1_info & (MAY_BE_UNDEF|MAY_BE_NULL|MAY_BE_FALSE|MAY_BE_ARRAY)) {
 			|	b >9 // END
 			|.code
 		}
 	}
 
+	if ((op1_info & (MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF)) == MAY_BE_ARRAY
+	 && (op2_info & ((MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_STRING))) == 0
+	 && (op1_data_info & ((MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_DOUBLE))) == 0) {
+		|.cold_code
+	}
+
 	|9:
+	|	FREE_OP (opline+1)->op1_type, (opline+1)->op1, op1_data_info, 0, opline, ZREG_TMP1, ZREG_TMP2
 	|	FREE_OP opline->op2_type, opline->op2, op2_info, 0, opline, ZREG_TMP1, ZREG_TMP2
+	if (may_throw) {
+		zend_jit_check_exception(Dst);
+	}
+
+	if ((op1_info & (MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF)) == MAY_BE_ARRAY
+	 && (op2_info & ((MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_STRING))) == 0
+	 && (op1_data_info & ((MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_DOUBLE))) == 0) {
+		|	b >9
+		|	FREE_OP opline->op2_type, opline->op2, op2_info, 0, opline, ZREG_TMP1, ZREG_TMP2
+		|.code
+		|9:
+	}
 
 	return 1;
 }
diff --git a/ext/opcache/jit/zend_jit_x86.dasc b/ext/opcache/jit/zend_jit_x86.dasc
@@ -6558,7 +6558,6 @@ static int zend_jit_assign_dim_op(dasm_State **Dst, const zend_op *opline, uint3
 				|.if not(X64)
 				|	add r4, 12
 				|.endif
-				zend_jit_check_exception(Dst);
 				|	jmp >9
 				|.code
 				|1:
@@ -6634,18 +6633,34 @@ static int zend_jit_assign_dim_op(dasm_State **Dst, const zend_op *opline, uint3
 		|.if not(X64)
 		|	add r4, 8
 		|.endif
-		if (!zend_jit_check_exception(Dst)) {
-			return 0;
-		}
 
 		if (op1_info & (MAY_BE_UNDEF|MAY_BE_NULL|MAY_BE_FALSE|MAY_BE_ARRAY)) {
 			|	jmp >9 // END
 			|.code
 		}
 	}
 
+	if ((op1_info & (MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF)) == MAY_BE_ARRAY
+	 && (op2_info & ((MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_STRING))) == 0
+	 && (op1_data_info & ((MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_DOUBLE))) == 0) {
+		|.cold_code
+	}
+
 	|9:
+	|	FREE_OP (opline+1)->op1_type, (opline+1)->op1, op1_data_info, 0, opline
 	|	FREE_OP opline->op2_type, opline->op2, op2_info, 0, opline
+	if (may_throw) {
+		zend_jit_check_exception(Dst);
+	}
+
+	if ((op1_info & (MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF)) == MAY_BE_ARRAY
+	 && (op2_info & ((MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_STRING))) == 0
+	 && (op1_data_info & ((MAY_BE_ANY|MAY_BE_REF|MAY_BE_UNDEF) - (MAY_BE_LONG|MAY_BE_DOUBLE))) == 0) {
+		|	jmp >9
+		|	FREE_OP opline->op2_type, opline->op2, op2_info, 0, opline
+		|.code
+		|9:
+	}
 
 	return 1;
 }
