From 8f421ab193cfce9f91a42bee83b744fd419414ea Mon Sep 17 00:00:00 2001
From: mwilliams <mwilliams@fb.com>
Date: Thu, 27 Jun 2013 11:53:44 -0700
Subject: [PATCH] Mark registers dirty before entering catch-traces

Otherwise we end up with bizarre stack corruption.
---
 hphp/runtime/vm/jit/codegen.cpp      |  7 ++++++-
 hphp/runtime/vm/jit/unwind-x64.cpp   |  1 +
 hphp/test/quick/bad_setm.php         | 19 +++++++++++++++++++
 hphp/test/quick/bad_setm.php.expectf | 12 ++++++++++++
 4 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 hphp/test/quick/bad_setm.php
 create mode 100644 hphp/test/quick/bad_setm.php.expectf

diff --git a/hphp/runtime/vm/jit/codegen.cpp b/hphp/runtime/vm/jit/codegen.cpp
index 56c309370..625e6d812 100644
--- a/hphp/runtime/vm/jit/codegen.cpp
+++ b/hphp/runtime/vm/jit/codegen.cpp
@@ -840,12 +840,17 @@ void CodeGenerator::cgBeginCatch(IRInstruction* inst) {
   PhysRegSaverParity::emitPops(m_as, info.savedRegs);
 }
 
+static void unwindResumeHelper(_Unwind_Exception* data) {
+  tl_regState = VMRegState::CLEAN;
+  _Unwind_Resume(data);
+}
+
 void CodeGenerator::cgEndCatch(IRInstruction* inst) {
   m_as.cmpb (0, rVmTl[TargetCache::kUnwinderSideExitOff]);
   unlikelyIfBlock(CC_E,
     [&](Asm& as) { // doSideExit == false, so call _Unwind_Resume
       as.loadq(rVmTl[TargetCache::kUnwinderScratchOff], rdi);
-      as.call ((TCA)_Unwind_Resume); // pass control back to the unwinder
+      as.call ((TCA)unwindResumeHelper); // pass control back to the unwinder
       as.ud2();
     });
 
diff --git a/hphp/runtime/vm/jit/unwind-x64.cpp b/hphp/runtime/vm/jit/unwind-x64.cpp
index f2785c483..afb3af6cd 100644
--- a/hphp/runtime/vm/jit/unwind-x64.cpp
+++ b/hphp/runtime/vm/jit/unwind-x64.cpp
@@ -99,6 +99,7 @@ bool install_catch_trace(_Unwind_Context* ctx, _Unwind_Exception* exn,
     TargetCache::header()->unwinderTv = ism->tv();
   }
   _Unwind_SetIP(ctx, (uint64_t)catchTrace);
+  tl_regState = VMRegState::DIRTY;
 
   return true;
 }
diff --git a/hphp/test/quick/bad_setm.php b/hphp/test/quick/bad_setm.php
new file mode 100644
index 000000000..e3238e925
--- /dev/null
+++ b/hphp/test/quick/bad_setm.php
@@ -0,0 +1,19 @@
+<?php
+
+function test($a, $b, $c, $d, $e) {
+  $k = array();
+  foreach ($a as $id) {
+    $k[$id] = foo($id, $b, $c, $d, $e);
+    $k[$id] = foo($k[$id], $b);
+  }
+}
+
+function foo($a, $b) {
+  return $a ?: $b;
+}
+
+function main() {
+  test(array(array('foo'), array('bar'), array('baz')), null, 1, 2, 3);
+}
+
+main();
diff --git a/hphp/test/quick/bad_setm.php.expectf b/hphp/test/quick/bad_setm.php.expectf
new file mode 100644
index 000000000..b0291415c
--- /dev/null
+++ b/hphp/test/quick/bad_setm.php.expectf
@@ -0,0 +1,12 @@
+HipHop Warning: Illegal offset type in %s/test/quick/bad_setm.php on line 6
+HipHop Warning: Invalid operand type was used: Invalid type used as key in %s/test/quick/bad_setm.php on line 7
+HipHop Notice: Undefined index: Array in %s/test/quick/bad_setm.php on line 7
+HipHop Warning: Illegal offset type in %s/test/quick/bad_setm.php on line 7
+HipHop Warning: Illegal offset type in %s/test/quick/bad_setm.php on line 6
+HipHop Warning: Invalid operand type was used: Invalid type used as key in %s/test/quick/bad_setm.php on line 7
+HipHop Notice: Undefined index: Array in %s/test/quick/bad_setm.php on line 7
+HipHop Warning: Illegal offset type in %s/test/quick/bad_setm.php on line 7
+HipHop Warning: Illegal offset type in %s/test/quick/bad_setm.php on line 6
+HipHop Warning: Invalid operand type was used: Invalid type used as key in %s/test/quick/bad_setm.php on line 7
+HipHop Notice: Undefined index: Array in %s/test/quick/bad_setm.php on line 7
+HipHop Warning: Illegal offset type in %s/test/quick/bad_setm.php on line 7