Merge branch 'PHP-8.2' into PHP-8.3

* PHP-8.2:
  Fix GH-15652: Segmentation fault in the Zend engine when JIT enabled (#15717)

Author: dstogov

ext/opcache/jit/zend_jit.c

@@ -696,16 +696,16 @@ static zend_property_info* zend_get_known_property_info(const zend_op_array *op_
 	return NULL;
 }
 
-static bool zend_may_be_dynamic_property(zend_class_entry *ce, zend_string *member, bool on_this, zend_string *filename)
+static bool zend_may_be_dynamic_property(zend_class_entry *ce, zend_string *member, bool on_this, const zend_op_array *op_array)
 {
 	zend_property_info *info;
 
-	if (!ce || (ce->ce_flags & ZEND_ACC_TRAIT)) {
+	if (!ce || (ce->ce_flags & ZEND_ACC_TRAIT) || (op_array->fn_flags & ZEND_ACC_TRAIT_CLONE)) {
 		return 1;
 	}
 
 	if (!(ce->ce_flags & ZEND_ACC_IMMUTABLE)) {
-		if (ce->info.user.filename != filename) {
+		if (ce->info.user.filename != op_array->filename) {
 			/* class declaration might be changed independently */
 			return 1;
 		}

ext/opcache/jit/zend_jit_arm64.dasc

@@ -12226,7 +12226,7 @@ static int zend_jit_fetch_obj(dasm_State          **Dst,
 		|	cmp REG2, TMP1
 		|	bne >5
 		|	MEM_ACCESS_64_WITH_UOFFSET ldr, REG0, REG0, ((opline->extended_value & ~ZEND_FETCH_OBJ_FLAGS)  + sizeof(void*)), TMP1
-		may_be_dynamic = zend_may_be_dynamic_property(ce, Z_STR_P(member), opline->op1_type == IS_UNUSED, op_array->filename);
+		may_be_dynamic = zend_may_be_dynamic_property(ce, Z_STR_P(member), opline->op1_type == IS_UNUSED, op_array);
 		if (may_be_dynamic) {
 			|	tst REG0, REG0
 			if (opline->opcode == ZEND_FETCH_OBJ_W) {

ext/opcache/jit/zend_jit_x86.dasc

@@ -12994,7 +12994,7 @@ static int zend_jit_fetch_obj(dasm_State          **Dst,
 		|	cmp r2, aword [FCARG1a + offsetof(zend_object, ce)]
 		|	jne >5
 		|	mov r0, aword [r0 + (opline->extended_value & ~ZEND_FETCH_OBJ_FLAGS) + sizeof(void*)]
-		may_be_dynamic = zend_may_be_dynamic_property(ce, Z_STR_P(member), opline->op1_type == IS_UNUSED, op_array->filename);
+		may_be_dynamic = zend_may_be_dynamic_property(ce, Z_STR_P(member), opline->op1_type == IS_UNUSED, op_array);
 		if (may_be_dynamic) {
 			|	test r0, r0
 			if (opline->opcode == ZEND_FETCH_OBJ_W) {

ext/opcache/tests/jit/gh15652.phpt

@@ -0,0 +1,46 @@
+--TEST--
+JIT: FETCH_OBJ 007
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+opcache.jit_hot_func=2
+--FILE--
+<?php
+class C {}
+
+trait T {
+    public function equal(C $type): bool {
+        return $type instanceof self && $this->value === $type->value;
+    }
+}
+
+class C1 extends C {
+    use T;
+    public function __construct(private int $value) {}
+}
+
+class C2 extends C {
+    use T;
+}
+
+$x = new C1(1);
+var_dump($x->equal($x));
+var_dump($x->equal($x));
+$a = new C2("aaa");
+var_dump($a->equal($a));
+var_dump($a->equal($a));
+--EXPECTF--
+bool(true)
+bool(true)
+
+Warning: Undefined property: C2::$value in %sgh15652.php on line 6
+
+Warning: Undefined property: C2::$value in %sgh15652.php on line 6
+bool(true)
+
+Warning: Undefined property: C2::$value in %sgh15652.php on line 6
+
+Warning: Undefined property: C2::$value in %sgh15652.php on line 6
+bool(true)