JIT: Check exception on exit

[arnaud-lb]

Fixes GH-18262. See #18262 (comment).

In zend_jit_fetch_obj(), we may emit a type guard (in zend_jit_guard_fetch_result_type()) before the exception check. When an exception is throw while fetching a property and the guard fails, we ignore the exception and start side tracing. In GH-18262 an assertion fails during tracing because EG(exception) is set.

Here I add a new exit flag ZEND_JIT_EXIT_CHECK_EXCEPTION, that enables exception checking during exit/deoptimization. This seems ideal because this ensures that house keeping is done before exception handling (freeing op1), and avoids duplicating the exception check in zend_jit_fetch_obj(). Also, it is my understanding that deoptimization is required before handling the exception in this case.

We already checked for exceptions during exit/deoptimization, but only when ZEND_JIT_EXIT_FREE_OP1 or ZEND_JIT_EXIT_FREE_OP2 were set (presumably to handle exceptions thrown during dtor). Here I make it possible to request it explicitly with ZEND_JIT_EXIT_CHECK_EXCEPTION.

I had to change exception checking in zend_jit_trace_exit() to handle two issues:

• By returning 1, we were telling the caller (zend_jit_trace_exit_stub()) to execute the original op handler of EG(current_execute_data)->opline, but in reality we want to execute EX(opline), which should be EG(exception_op).
• EX(opline) is set to %r15 in zend_jit_trace_exit_stub() before calling zend_jit_trace_exit(), but this may be the address of a zend_execute_data when IP is being reused to cache EX(call) (which was the case here). This is usually not an issue because we override EX(opline) again in zend_jit_trace_exit_stub(), in most cases, except when checking exceptions.

BTW, I think it may be possible to stop reusing IP / %r15 for holding the value of EX(opline) (edit: I meant EX(call)) in the new JIT? From my understanding this was very convenient in the old JIT, but it seems unnecessary now.

[ndossche]

Makes sense to me. Please see my 2 minor remarks.

[ndossche]

I can't comment on the line, but maybe it's better to change line 14484 to flags |= ZEND_JIT_EXIT_FREE_OP1;. It doesn't matter here because you also check exceptions when OP1 needs to be freed, but it would be more "future-proof"/"semantically right".

[arnaud-lb]

Oh right, that's actually a mistake. Thank you for spotting this.

[ndossche]

Maybe also make sure this gets printed out in zend_jit_dump_exit_info?

[dstogov]

The patch looks good and I suppose it's completely right.
Please hold it by Monday/Tuesday. I hope I'll find time to play with it.

[dstogov]

Everything is fine!