The following code poses a problem in the JIT:
```php
class A {
public $prop = 1;
}
class B extends A {
public $prop = 1 {
get => parent::$prop::get() * 2;
}
}
function test(A $a) {
var_dump($a->prop);
}
test(new B);
```
The JIT would assume A::$prop in test() could be accessed directly
through OBJ_PROP_NUM(). However, since child classes can add new hooks
to existing properties, this assumption no longer holds.
To avoid introducing more JIT checks, a hooked property that overrides a
unhooked property now results in a separate zval slot that is used
instead of the parent slot. This causes the JIT to pick the slow path
due to an IS_UNDEF value in the parent slot.
zend_class_entry.properties_info_table poses a problem in that
zend_get_property_info_for_slot() and friends will be called using the
child slot, which does not store its property info, since the parent
slot already does. In this case, zend_get_property_info_for_slot() now
provides a fallback that will iterate all property infos to find the
correct one.
This also uncovered a bug (see Zend/tests/property_hooks/dump.phpt)
where the default value of a parent property would accidentally be
inherited by the child property.
Fixes GH-17376
Closes GH-17870
If a lazy object is created for a class whose constants can not be updated, then
we have created an instance of a non-instantiable class. This breaks the
expectations of clone.
Here I ensure that a class has its constants updated before creating a lazy
instance of it.
Fixes OSS-Fuzz #71407
Closes GH-15856
Supporting object reset while its properties are being iterated would increase
complexity for little benefit. Furthermore it may not be possible to ensure a
consistent behavior between ghosts and proxies (wrt to iteration position).
Iteration is detected by checking if the object's properties ht has iterators.
This requires refactoring the hooked get_iterator() implementation to ensure
that it creates a properties ht iterator immediately.
Closes GH-15960
zend_lazy_object_get_properties() is used by zend_std_get_properties_ex() to fetch the properties of lazy objects. It initializes the object and returns its properties.
When initialization fails we return an empty ht because most callers do not check for NULL. We rely on the exception thrown during initialization. We also assign that empty ht to zend_object.properties for the same reasons.
We asserted that zend_object.properties was either NULL or &zend_empty_array, but there are other cases in which a uninitialized lazy object may have a properties ht.
Here I remove the assertion, and return the existing properties ht if there is one. Otherwise I return zend_new_array(0) instead of &zend_emtpy_array as not all callers expect an immutable array (e.g. FE_FETCH does not).
zend_get_property_info_for_slot(obj, slot) assumes that 'slot' belongs to 'obj', but that may not be the case for lazy proxies.
Fortunately, the property info is often already available in path when it is needed.
For other cases, I make zend_get_property_info_for_slot() aware of lazy objects, and add zend_get_property_info_for_slot_self() for cases where the 'slot' is known to belong to the object itself.
Fixes oss-fuzz #71446
