Always use separate static_members_table

When running without opcache, static_members_table is shared with
default_static_members_table. This is visible in reflection output,
because ReflectionProperty::getDefaultValue() will return the
current value, rather than the default value.

Address this by never sharing the table, which matches the behavior
we already see under opcache.

Fixes bug #80821.

Closes GH-7299.

Author: nikic

NEWS

@@ -7,6 +7,10 @@ PHP                                                                        NEWS
   . Fixed Bug #80959 (infinite loop in building cfg during JIT compilation)
     (Nikita, Dmitry)
 
+- Reflection:
+  . Fixed bug #80821 (ReflectionProperty::getDefaultValue() returns current
+    value for statics). (Nikita)
+
 22 Jul 2021, PHP 8.1.0beta1
 
 - Core:

Zend/zend_API.c

@@ -1422,10 +1422,8 @@ ZEND_API zend_result zend_update_class_constants(zend_class_entry *class_type) /
 	if (class_type->default_static_members_count) {
 		static_members_table = CE_STATIC_MEMBERS(class_type);
 		if (!static_members_table) {
-			if (class_type->type == ZEND_INTERNAL_CLASS || (ce_flags & (ZEND_ACC_IMMUTABLE|ZEND_ACC_PRELOADED))) {
-				zend_class_init_statics(class_type);
-				static_members_table = CE_STATIC_MEMBERS(class_type);
-			}
+			zend_class_init_statics(class_type);
+			static_members_table = CE_STATIC_MEMBERS(class_type);
 		}
 	}
 
@@ -4087,12 +4085,13 @@ ZEND_API zend_property_info *zend_declare_typed_property(zend_class_entry *ce, z
 		}
 		ZVAL_COPY_VALUE(&ce->default_static_members_table[property_info->offset], property);
 		if (!ZEND_MAP_PTR(ce->static_members_table)) {
-			ZEND_ASSERT(ce->type == ZEND_INTERNAL_CLASS);
-			if (!EG(current_execute_data)) {
+			if (ce->type == ZEND_INTERNAL_CLASS &&
+					ce->info.internal.module->type == MODULE_PERSISTENT) {
 				ZEND_MAP_PTR_NEW(ce->static_members_table);
 			} else {
-				/* internal class loaded by dl() */
-				ZEND_MAP_PTR_INIT(ce->static_members_table, &ce->default_static_members_table);
+				ZEND_MAP_PTR_INIT(ce->static_members_table,
+					zend_arena_alloc(&CG(arena), sizeof(zval **)));
+				ZEND_MAP_PTR_SET(ce->static_members_table, NULL);
 			}
 		}
 	} else {

Zend/zend_compile.c

@@ -1873,12 +1873,10 @@ ZEND_API void zend_initialize_class_data(zend_class_entry *ce, bool nullify_hand
 	zend_hash_init(&ce->constants_table, 8, NULL, NULL, persistent_hashes);
 	zend_hash_init(&ce->function_table, 8, NULL, ZEND_FUNCTION_DTOR, persistent_hashes);
 
-	if (ce->type == ZEND_INTERNAL_CLASS) {
-		ZEND_MAP_PTR_INIT(ce->static_members_table, NULL);
-	} else {
-		ZEND_MAP_PTR_INIT(ce->static_members_table, &ce->default_static_members_table);
+	if (ce->type == ZEND_USER_CLASS) {
 		ce->info.user.doc_comment = NULL;
 	}
+	ZEND_MAP_PTR_INIT(ce->static_members_table, NULL);
 	ZEND_MAP_PTR_INIT(ce->mutable_data, NULL);
 
 	ce->default_properties_count = 0;

Zend/zend_inheritance.c

@@ -1517,63 +1517,29 @@ ZEND_API void zend_do_inheritance_ex(zend_class_entry *ce, zend_class_entry *par
 			dst = end + parent_ce->default_static_members_count;
 			ce->default_static_members_table = end;
 		}
-		if (UNEXPECTED(parent_ce->type != ce->type)) {
-			/* User class extends internal */
-			if (CE_STATIC_MEMBERS(parent_ce) == NULL) {
-				zend_class_init_statics(parent_ce);
-			}
-			if (UNEXPECTED(zend_update_class_constants(parent_ce) != SUCCESS)) {
-				ZEND_UNREACHABLE();
+		src = parent_ce->default_static_members_table + parent_ce->default_static_members_count;
+		do {
+			dst--;
+			src--;
+			if (Z_TYPE_P(src) == IS_INDIRECT) {
+				ZVAL_INDIRECT(dst, Z_INDIRECT_P(src));
+			} else {
+				ZVAL_INDIRECT(dst, src);
 			}
-			src = CE_STATIC_MEMBERS(parent_ce) + parent_ce->default_static_members_count;
-			do {
-				dst--;
-				src--;
-				if (Z_TYPE_P(src) == IS_INDIRECT) {
-					ZVAL_INDIRECT(dst, Z_INDIRECT_P(src));
-				} else {
-					ZVAL_INDIRECT(dst, src);
-				}
-			} while (dst != end);
-		} else if (ce->type == ZEND_USER_CLASS) {
-			if (CE_STATIC_MEMBERS(parent_ce) == NULL) {
-				ZEND_ASSERT(parent_ce->ce_flags & (ZEND_ACC_IMMUTABLE|ZEND_ACC_PRELOADED));
-				zend_class_init_statics(parent_ce);
+			if (Z_TYPE_P(Z_INDIRECT_P(dst)) == IS_CONSTANT_AST) {
+				ce->ce_flags &= ~ZEND_ACC_CONSTANTS_UPDATED;
+				ce->ce_flags |= ZEND_ACC_HAS_AST_STATICS;
 			}
-			src = CE_STATIC_MEMBERS(parent_ce) + parent_ce->default_static_members_count;
-			do {
-				dst--;
-				src--;
-				if (Z_TYPE_P(src) == IS_INDIRECT) {
-					ZVAL_INDIRECT(dst, Z_INDIRECT_P(src));
-				} else {
-					ZVAL_INDIRECT(dst, src);
-				}
-				if (Z_TYPE_P(Z_INDIRECT_P(dst)) == IS_CONSTANT_AST) {
-					ce->ce_flags &= ~ZEND_ACC_CONSTANTS_UPDATED;
-					ce->ce_flags |= ZEND_ACC_HAS_AST_STATICS;
-				}
-			} while (dst != end);
-		} else {
-			src = parent_ce->default_static_members_table + parent_ce->default_static_members_count;
-			do {
-				dst--;
-				src--;
-				if (Z_TYPE_P(src) == IS_INDIRECT) {
-					ZVAL_INDIRECT(dst, Z_INDIRECT_P(src));
-				} else {
-					ZVAL_INDIRECT(dst, src);
-				}
-			} while (dst != end);
-		}
+		} while (dst != end);
 		ce->default_static_members_count += parent_ce->default_static_members_count;
 		if (!ZEND_MAP_PTR(ce->static_members_table)) {
-			ZEND_ASSERT(ce->type == ZEND_INTERNAL_CLASS);
-			if (!EG(current_execute_data)) {
+			if (ce->type == ZEND_INTERNAL_CLASS &&
+					ce->info.internal.module->type == MODULE_PERSISTENT) {
 				ZEND_MAP_PTR_NEW(ce->static_members_table);
 			} else {
-				/* internal class loaded by dl() */
-				ZEND_MAP_PTR_INIT(ce->static_members_table, &ce->default_static_members_table);
+				ZEND_MAP_PTR_INIT(ce->static_members_table,
+					zend_arena_alloc(&CG(arena), sizeof(zval *)));
+				ZEND_MAP_PTR_SET(ce->static_members_table, NULL);
 			}
 		}
 	}
@@ -2715,7 +2681,8 @@ static zend_class_entry *zend_lazy_class_load(zend_class_entry *pce)
 			ZVAL_COPY_VALUE(dst, src);
 		}
 	}
-	ZEND_MAP_PTR_INIT(ce->static_members_table, &ce->default_static_members_table);
+	ZEND_MAP_PTR_INIT(ce->static_members_table, zend_arena_alloc(&CG(arena), sizeof(zval *)));
+	ZEND_MAP_PTR_SET(ce->static_members_table, NULL);
 
 	/* properties_info */
 	if (!(HT_FLAGS(&ce->properties_info) & HASH_FLAG_UNINITIALIZED)) {

Zend/zend_object_handlers.c

@@ -1480,7 +1480,11 @@ ZEND_API zval *zend_std_get_static_property_with_info(zend_class_entry *ce, zend
 	}
 
 	if (UNEXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0)) {
-		goto undeclared_property;
+undeclared_property:
+		if (type != BP_VAR_IS) {
+			zend_throw_error(NULL, "Access to undeclared static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
+		}
+		return NULL;
 	}
 
 	if (UNEXPECTED(!(ce->ce_flags & ZEND_ACC_CONSTANTS_UPDATED))) {
@@ -1489,17 +1493,9 @@ ZEND_API zval *zend_std_get_static_property_with_info(zend_class_entry *ce, zend
 		}
 	}
 
-	/* check if static properties were destroyed */
+	/* Ensure static properties are initialized. */
 	if (UNEXPECTED(CE_STATIC_MEMBERS(ce) == NULL)) {
-		if (ce->type == ZEND_INTERNAL_CLASS || (ce->ce_flags & (ZEND_ACC_IMMUTABLE|ZEND_ACC_PRELOADED))) {
-			zend_class_init_statics(ce);
-		} else {
-undeclared_property:
-			if (type != BP_VAR_IS) {
-				zend_throw_error(NULL, "Access to undeclared static property %s::$%s", ZSTR_VAL(ce->name), ZSTR_VAL(property_name));
-			}
-			return NULL;
-		}
+		zend_class_init_statics(ce);
 	}
 
 	ret = CE_STATIC_MEMBERS(ce) + property_info->offset;

Zend/zend_opcode.c

@@ -170,42 +170,21 @@ ZEND_API void zend_cleanup_internal_class_data(zend_class_entry *ce)
 		zval *static_members = CE_STATIC_MEMBERS(ce);
 		zval *p = static_members;
 		zval *end = p + ce->default_static_members_count;
-		if (UNEXPECTED(ZEND_MAP_PTR(ce->static_members_table) == &ce->default_static_members_table)) {
-			/* Special case: If this is a static property on a dl'ed internal class, then the
-			 * static property table and the default property table are the same. In this case we
-			 * destroy the values here, but leave behind valid UNDEF zvals and don't free the
-			 * table itself. */
-			while (p != end) {
-				if (UNEXPECTED(Z_ISREF_P(p))) {
-					zend_property_info *prop_info;
-					ZEND_REF_FOREACH_TYPE_SOURCES(Z_REF_P(p), prop_info) {
-						if (prop_info->ce == ce && p - static_members == prop_info->offset) {
-							ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(p), prop_info);
-							break; /* stop iteration here, the array might be realloc()'ed */
-						}
-					} ZEND_REF_FOREACH_TYPE_SOURCES_END();
-				}
-				i_zval_ptr_dtor(p);
-				ZVAL_UNDEF(p);
-				p++;
-			}
-		} else {
-			ZEND_MAP_PTR_SET(ce->static_members_table, NULL);
-			while (p != end) {
-				if (UNEXPECTED(Z_ISREF_P(p))) {
-					zend_property_info *prop_info;
-					ZEND_REF_FOREACH_TYPE_SOURCES(Z_REF_P(p), prop_info) {
-						if (prop_info->ce == ce && p - static_members == prop_info->offset) {
-							ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(p), prop_info);
-							break; /* stop iteration here, the array might be realloc()'ed */
-						}
-					} ZEND_REF_FOREACH_TYPE_SOURCES_END();
-				}
-				i_zval_ptr_dtor(p);
-				p++;
+		ZEND_MAP_PTR_SET(ce->static_members_table, NULL);
+		while (p != end) {
+			if (UNEXPECTED(Z_ISREF_P(p))) {
+				zend_property_info *prop_info;
+				ZEND_REF_FOREACH_TYPE_SOURCES(Z_REF_P(p), prop_info) {
+					if (prop_info->ce == ce && p - static_members == prop_info->offset) {
+						ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(p), prop_info);
+						break; /* stop iteration here, the array might be realloc()'ed */
+					}
+				} ZEND_REF_FOREACH_TYPE_SOURCES_END();
 			}
-			efree(static_members);
+			i_zval_ptr_dtor(p);
+			p++;
 		}
+		efree(static_members);
 	}
 }
 
@@ -298,13 +277,13 @@ ZEND_API void destroy_zend_class(zval *zv)
 	zend_class_entry *ce = Z_PTR_P(zv);
 	zend_function *fn;
 
+	if (ce->default_static_members_count) {
+		zend_cleanup_internal_class_data(ce);
+	}
+
 	if (ce->ce_flags & (ZEND_ACC_IMMUTABLE|ZEND_ACC_PRELOADED|ZEND_ACC_FILE_CACHED)) {
 		zend_op_array *op_array;
 
-		if (ce->default_static_members_count) {
-			zend_cleanup_internal_class_data(ce);
-		}
-
 		if (!(ce->ce_flags & ZEND_ACC_FILE_CACHED)) {
 			if (ZEND_MAP_PTR(ce->mutable_data) && ZEND_MAP_PTR_GET_IMM(ce->mutable_data)) {
 				zend_cleanup_mutable_class_data(ce);
@@ -390,15 +369,7 @@ ZEND_API void destroy_zend_class(zval *zv)
 				zval *end = p + ce->default_static_members_count;
 
 				while (p != end) {
-					if (UNEXPECTED(Z_ISREF_P(p))) {
-						zend_property_info *prop_info;
-						ZEND_REF_FOREACH_TYPE_SOURCES(Z_REF_P(p), prop_info) {
-							if (prop_info->ce == ce && p - ce->default_static_members_table == prop_info->offset) {
-								ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(p), prop_info);
-								break; /* stop iteration here, the array might be realloc()'ed */
-							}
-						} ZEND_REF_FOREACH_TYPE_SOURCES_END();
-					}
+					ZEND_ASSERT(!Z_ISREF_P(p));
 					i_zval_ptr_dtor(p);
 					p++;
 				}
@@ -458,9 +429,6 @@ ZEND_API void destroy_zend_class(zval *zv)
 					p++;
 				}
 				free(ce->default_static_members_table);
-				if (ZEND_MAP_PTR(ce->static_members_table) != &ce->default_static_members_table) {
-					zend_cleanup_internal_class_data(ce);
-				}
 			}
 
 			ZEND_HASH_FOREACH_PTR(&ce->properties_info, prop_info) {

ext/opcache/zend_file_cache.c

@@ -1653,17 +1653,19 @@ static void zend_file_cache_unserialize_class(zval                    *zv,
 	if (!(script->corrupted)) {
 		ce->ce_flags |= ZEND_ACC_IMMUTABLE;
 		ce->ce_flags &= ~ZEND_ACC_FILE_CACHED;
-		if (ce->ce_flags & ZEND_ACC_IMMUTABLE && ce->default_static_members_table) {
+		ZEND_MAP_PTR_NEW(ce->mutable_data);
+		if (ce->default_static_members_count) {
 			ZEND_MAP_PTR_NEW(ce->static_members_table);
-		} else {
-			ZEND_MAP_PTR_INIT(ce->static_members_table, &ce->default_static_members_table);
 		}
-		ZEND_MAP_PTR_NEW(ce->mutable_data);
 	} else {
 		ce->ce_flags &= ~ZEND_ACC_IMMUTABLE;
 		ce->ce_flags |= ZEND_ACC_FILE_CACHED;
-		ZEND_MAP_PTR_INIT(ce->static_members_table, &ce->default_static_members_table);
 		ZEND_MAP_PTR_INIT(ce->mutable_data, NULL);
+		if (ce->default_static_members_count) {
+			ZEND_MAP_PTR_INIT(ce->static_members_table,
+				zend_arena_alloc(&CG(arena), sizeof(zval *)));
+			ZEND_MAP_PTR_SET(ce->static_members_table, NULL);
+		}
 	}
 }
 

ext/opcache/zend_persist.c

@@ -926,11 +926,7 @@ zend_class_entry *zend_persist_class_entry(zend_class_entry *orig_ce)
 				} else {
 					ZEND_MAP_PTR_INIT(ce->static_members_table, NULL);
 				}
-			} else {
-				ZEND_MAP_PTR_INIT(ce->static_members_table, &ce->default_static_members_table);
 			}
-		} else {
-			ZEND_MAP_PTR_INIT(ce->static_members_table, &ce->default_static_members_table);
 		}
 
 		zend_hash_persist(&ce->constants_table);

ext/reflection/tests/bug80821.phpt

@@ -0,0 +1,18 @@
+--TEST--
+Bug #80821: ReflectionProperty::getDefaultValue() returns current value for statics
+--FILE--
+<?php
+
+class Statics {
+	public static $staticVar = 1;
+}
+
+Statics::$staticVar = 2;
+
+$reflect = new \ReflectionClass(Statics::class);
+$prop = $reflect->getProperty("staticVar");
+var_dump($prop->getDefaultValue());
+
+?>
+--EXPECT--
+int(1)