Tracing JIT: Fixed abstract stack consistency for [QM_]ASSIGN of CV to itself

Author: dstogov

ext/opcache/jit/zend_jit_trace.c

@@ -5904,7 +5904,10 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						ssa->var_info[ssa_op->result_def].has_range = 1;
 					}
 				}
-				if (ssa_op->op1_def >= 0) {
+				if (ssa_op->op1_def >= 0
+				 && (opline->opcode != ZEND_QM_ASSIGN
+				  || opline->result_type != IS_CV
+				  || opline->result.var != opline->op1.var)) {
 					zend_uchar type = IS_UNKNOWN;
 
 					if (!(ssa->var_info[ssa_op->op1_def].type & MAY_BE_GUARD)
@@ -5963,7 +5966,10 @@ static const void *zend_jit_trace(zend_jit_trace_rec *trace_buffer, uint32_t par
 						ssa->var_info[ssa_op->op1_def].has_range = 1;
 					}
 				}
-				if (ssa_op->op2_def >= 0) {
+				if (ssa_op->op2_def >= 0
+				 && (opline->opcode != ZEND_ASSIGN
+				  || opline->op1_type != IS_CV
+				  || opline->op1.var != opline->op2.var)) {
 					zend_uchar type = IS_UNKNOWN;
 
 					if (!(ssa->var_info[ssa_op->op2_def].type & MAY_BE_GUARD)

ext/opcache/tests/jit/qm_assign_002.phpt

@@ -0,0 +1,29 @@
+--TEST--
+JIT QM_ASSIGN: 002 assign to it self
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function test() {
+    for ($i = 0; $i < 2; $i++) {
+        $a = $a;
+        "-" . $b;
+        $b = [];
+        unset($a);
+    }
+}
+test();
+?>
+DONE
+--EXPECTF--
+Warning: Undefined variable $a in %sqm_assign_002.php on line 4
+
+Warning: Undefined variable $b in %sqm_assign_002.php on line 5
+
+Warning: Undefined variable $a in %sqm_assign_002.php on line 4
+
+Warning: Array to string conversion in %sqm_assign_002.php on line 5
+DONE