Assertion `source_list->ptr == prop' failed. in psalm

[danog]

Description

Got the following assertion when running multiple Psalm unit tests: https://github.com/danog/php-src/actions/runs/11871508040/job/33084124984#step:10:1959

php: /home/runner/work/php-src/php-src/Zend/zend_execute.c:3975: zend_ref_del_type_source: Assertion `source_list->ptr == prop' failed.

Config is in #12406, reproducer command is:

php --repeat 2 -f .github/jit_check.php /tmp/psalm/vendor/bin/phpunit /tmp/psalm/tests/UnusedVariableTest.php

PHP Version

nightly

Operating System

No response

[nielsdos]

I pushed a fix today with a reference handling fix that affects both the interpreter and the JIT. Would be great if this could be retested on the current master branch.

[danog]

This specific issue seems to be absent; there were quite a few (possibly false positive) leak detections by asan though.

Would you be available to merge #12406 if I were to update the PR, keeping the new nightly.php parallelization script to reduce runtimes?

It seems a bit silly to me that e2e tests are rendered less capable of finding JIT bugs just to avoid using some extra github action minutes.

[danog]

For example, when running bugs/16_psalm_all.sh from https://github.com/danog/jit_bugs:

psalm (be92afa0733581f53247c1f4d01b60af12151bd9): /usr/bin/php --repeat 2 -f /app/wrap.php /tmp/psalm/vendor/bin/phpunit /tmp/psalm/tests/CastTest.php terminated with status 139:
Executing for the first time...
PHPUnit 9.6.22 by Sebastian Bergmann and contributors.

Random Seed:   1741166712

S.S.S                                                               5 / 5 (100%)

Time: 13:47.450, Memory: 0 bytes

OK, but incomplete, skipped, or risky tests!
Tests: 5, Assertions: 2, Skipped: 3.
Finished execution, repeating...
PHPUnit 9.6.22 by Sebastian Bergmann and contributors.

Random Seed:   1741167541

S.SS.                                                               5 / 5 (100%)

Time: 00:11.246, Memory: 0 bytes

OK, but incomplete, skipped, or risky tests!
Tests: 5, Assertions: 2, Skipped: 3.

=================================================================
==430==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 256 byte(s) in 8 object(s) allocated from:
    #0 0x71f9513327e0 in realloc (/usr/lib/llvm-19/lib/clang/19/lib/linux/libclang_rt.asan-x86_64.so+0x10b7e0) (BuildId: 099ae46d67ba6d4420a132d1488f30c4c6978d9e)
    #1 0x5e73a4581fab in __zend_realloc /php-src/Zend/zend_alloc.c:3299:6
    #2 0x5e73a4581a5c in _erealloc /php-src/Zend/zend_alloc.c:2758:10
    #3 0x71f94acfdbe4 in zend_jit_fast_concat_tmp_helper /php-src/ext/opcache/jit/zend_jit_helpers.c:1790:6
    #4 0x71f94242e478  (<unknown module>)
    #5 0x5e73a46c0cff in zend_execute /php-src/Zend/zend_vm_execute.h:64247:2
    #6 0x5e73a4a773d0 in zend_execute_script /php-src/Zend/zend.c:1943:3
    #7 0x5e73a43824ff in php_execute_script_ex /php-src/main/main.c:2584:13
    #8 0x5e73a43829b8 in php_execute_script /php-src/main/main.c:2624:9
    #9 0x5e73a4a7d4bd in do_cli /php-src/sapi/cli/php_cli.c:952:5
    #10 0x5e73a4a7b8d7 in main /php-src/sapi/cli/php_cli.c:1355:18
    #11 0x71f95046a1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
    #12 0x71f95046a28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
    #13 0x5e73a3806004 in _start (/usr/bin/php+0x406004) (BuildId: 556df9bda14ce0e414ffaf1a837d571805ee9e1d)

SUMMARY: AddressSanitizer: 256 byte(s) leaked in 8 allocation(s).

The supposed leak always happens in zend_jit_fast_concat_tmp_helper

[nielsdos]

The leak should be fixed via #17977, turns out it was not JIT specific.
As for your PR: I think it's valuable, I think we should rebase it and see what the current issues are, fix them, and once fixed we should consider merging.
As for this issue: as it no longer reproduces we can close this. Thanks.