Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
  Fixed GH-11127 (JIT fault)

Author: dstogov

ext/opcache/jit/zend_jit_arm64.dasc

@@ -8734,7 +8734,17 @@ static int zend_jit_init_fcall(dasm_State **Dst, const zend_op *opline, uint32_t
 		|	// if (CACHED_PTR(opline->result.num))
 		|	ldr REG2, EX->run_time_cache
 		|	MEM_ACCESS_64_WITH_UOFFSET ldr, REG0, REG2, opline->result.num, TMP1
-		|	cbz REG0, >1
+		if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE
+		 && func
+		 && (func->common.fn_flags & ZEND_ACC_IMMUTABLE)
+		 && opline->opcode != ZEND_INIT_FCALL) {
+			/* Called func may be changed because of recompilation. See ext/opcache/tests/jit/init_fcall_003.phpt */
+			|	LOAD_ADDR REG1, ((ptrdiff_t)func)
+			|	cmp REG0, REG1
+			|	bne >1
+		} else {
+			|	cbz REG0, >1
+		}
 		|.cold_code
 		|1:
 		if (opline->opcode == ZEND_INIT_FCALL

ext/opcache/jit/zend_jit_x86.dasc

@@ -9369,8 +9369,28 @@ static int zend_jit_init_fcall(dasm_State **Dst, const zend_op *opline, uint32_t
 		|	// if (CACHED_PTR(opline->result.num))
 		|	mov r2, EX->run_time_cache
 		|	mov r0, aword [r2 + opline->result.num]
-		|	test r0, r0
-		|	jz >1
+		if (JIT_G(trigger) == ZEND_JIT_ON_HOT_TRACE
+		 && func
+		 && (func->common.fn_flags & ZEND_ACC_IMMUTABLE)
+		 && opline->opcode != ZEND_INIT_FCALL) {
+			/* Called func may be changed because of recompilation. See ext/opcache/tests/jit/init_fcall_003.phpt */
+			|   .if X64
+			||		if (!IS_SIGNED_32BIT(func)) {
+			|			mov64 r1, ((ptrdiff_t)func)
+			|			cmp r0, r1
+			||		} else {
+			|			cmp r0, func
+			||		}
+			|	.else
+			|		cmp r0, func
+			|	.endif
+			|	jnz >1
+			|.cold_code
+			|1:
+		} else {
+			|	test r0, r0
+			|	jz >1
+		}
 		|.cold_code
 		|1:
 		if (opline->opcode == ZEND_INIT_FCALL

ext/opcache/tests/jit/init_fcall_003.inc

@@ -0,0 +1,6 @@
+<?php
+define('C', '1');
+function f($u) {
+    return $u==C ? '0' : '1';
+}
+?>

ext/opcache/tests/jit/init_fcall_003.phpt

@@ -0,0 +1,27 @@
+--TEST--
+JIT INIT_FCALL: 003 incorrect init fcall guard (fail with tracing JIT and --repeat 3)
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+opcache.jit_max_polymorphic_calls=0
+opcache.jit=tracing
+opcache.jit_hot_loop=64
+opcache.jit_hot_func=127
+opcache.jit_hot_return=8
+opcache.jit_hot_side_exit=8
+--FILE--
+<?php
+include(__DIR__ . '/init_fcall_003.inc');
+for($a=1; $a<100; $a++){
+    f('1');
+    f('1');
+    f('1');
+}
+touch(__DIR__ . '/init_fcall_003.inc');
+opcache_invalidate(__DIR__ . '/init_fcall_003.inc', true);
+?>
+DONE
+--EXPECT--
+DONE