Also having a test added to the zend_test extension would be helpful.

The issue I'm having right now is that the valgrind configuration used by run-tests.php does not report this leak, it is only reported when --leak-check=full is set... 😒

Any particular reson why this flag is not enabled?

I've been digging into this, as I don't think the two different functions are needed. I can trigger the double use after free even without opcache using ASAN, and I think that is an issue due for some reason the type list is not allocated on an arena when it should.

In other news, I think I found a bug of using DNF types in a trait property and binding it to a class... so thank you for finding that out indirectly :')

I've been digging into this, as I don't think the two different functions are needed. I can trigger the double use after free even without opcache using ASAN, and I think that is an issue due for some reason the type list is not allocated on an arena when it should.

So, what you mean is that the changeset in 9a1c9f0 is correct, but the failing test is actually a bug in the engine, that you can reproduce even with the changes in 90ca716?

In this case, should I close this PR in favour of #11961 ?

I've been digging into this, as I don't think the two different functions are needed. I can trigger the double use after free even without opcache using ASAN, and I think that is an issue due for some reason the type list is not allocated on an arena when it should.

So, what you mean is that the changeset in 9a1c9f0 is correct, but the failing test is actually a bug in the engine, that you can reproduce even with the changes in 90ca716?

In this case, should I close this PR in favour of #11961 ?

So, I think there was some other issue as to how I was getting the leak, but now it is just with opcache. And yes basically there is a bug somewhere in the engine/opcache which changes how the inner intersection type list is allocated, and this causes only an issue for property types, that are the only ones that do not store their types in a persistent manner for userland types. However, it should be arena allocated if it is a userland type.

I am wondering if this is some issue caused by delayed early binding as this is like a "second" pass of the early binding reading: https://www.npopov.com/2021/10/20/Early-binding-in-PHP.html as this happens, seemingly, only when some of the class dependencies cannot be loaded.

The proper fix was 02a80c5