Exception on reading property in register-based FETCH_OBJ_R breaks JIT

[YuanchengJiang]

Description

The following code:

<?php
$fusion = $a;
class C {
public int $a;
public function __sleep() {
var_dump($this->a);
}
}
function test(string $name, object $obj) {
$serialized = serialize($obj);
var_dump($serialized, $unserialized);
}
$reflector = new ReflectionClass(C::class);
$obj = $reflector->newLazyGhost(function ($obj) {
}, ReflectionClass::SKIP_INITIALIZATION_ON_SERIALIZE);
test('Ghost', $obj);
try {zip_close($name);} catch (Exception $e) { echo($e); }
try {zip_close($unserialized);} catch (Exception $e) { echo($e); }
try {$cls->override($res);} catch (Exception $e) { echo($e); }
try {$cls->override($serialized);} catch (Exception $e) { echo($e); }

Resulted in this output:

/home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_types.h:1387:9: runtime error: member access within null pointer of type 'zend_refcounted' (aka 'struct _zend_refcounted')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend_types.h:1387:9

To reproduce:

-d "zend_extension=/home/phpfuzz/WorkSpace/flowfusion/php-src/modules/opcache.so" -d "opcache.enable_cli=1" -d "date.timezone=Mars/Utopia_Planitia" -d "opcache.jit=1205"

PHP Version

nightly

Operating System

No response

[devnexen]

could not reproduce it locally

[nielsdos]

Reproduced for me on an NTS, gcc Linux build

[nielsdos]

Simplified (and no need for the timezone argument):

<?php
class C {
    public int $a;
    public function test() {
        var_dump($this->a);
    }
}
$test = new C;
$test->test();