Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
Fix serialization of RC1 objects appearing in object graph twice

Fix serialization of RC1 objects appearing in object graph twice

Previously, if an object had RC1 it would never be recorded in
php_serialize_data.ht because it was assumed that it could

Fix serialization of RC1 objects appearing in object graph twice

Previously, if an object had RC1 it would never be recorded in
php_serialize_data.ht because it was assumed that it could not be encountered
again. This assumption is incorrect though as the object itself may be saved
inside an array with RCn. This results in a new instance of the object, instead
of a second reference to the same object.

This is solved by tracking these objects in php_serialize_data.ht. To retain
performance, track if the current object resides in a potentially nested RCn
array. If not, and if the object is RC1 itself it may be omitted from
php_serialize_data.ht.

Additionally, we may treat the array root itself as RC1 because it may not
appear in the object graph again without recursion. Recursive arrays are still
somewhat broken even with this change, as the tracking of the array only happens
when the reference is encountered, thus resulting in a -> a' -> a' for a self
recursive array a -> a. Recursive arrays have limited support in serialize
anyway, so we ignore this case for now.

Co-authored-by: Dmitry Stogov <dmitry@zend.com>
Co-authored-by: Martin Hoch <martin@littlerobot.de>

Closes GH-11349
Closes GH-11305

show more ...

Make var_export/debug_zval_dump check for infinite recursion on the *object* (#9448)

Switch the recursion check from the result of `get_properties_for`
(the returned hash table of proper

Make var_export/debug_zval_dump check for infinite recursion on the *object* (#9448)

Switch the recursion check from the result of `get_properties_for`
(the returned hash table of properties) to just checking for
infinite recursion on the object.

- In order for a native datastructure to correctly implement
`*get_properties_for` for var_export's cycle detection,
it would need to return the exact same array every time prior to this PR.

Prior to this commit, the requirements for cycle detection
would prevent SplFixedArray or similar classes from returning a
temporary array that:

1. Wouldn't be affected by unexpected mutations from error handlers
2. Could be garbage collected instead.

show more ...

Reduce memory allocated by var_export, json_encode, serialize, and other (#8902)

smart_str uses an over-allocated string to optimize for append operations. Functions that use smart_str tend

Reduce memory allocated by var_export, json_encode, serialize, and other (#8902)

smart_str uses an over-allocated string to optimize for append operations. Functions that use smart_str tend to return the over-allocated string directly. This results in unnecessary memory usage, especially for small strings.

The overhead can be up to 231 bytes for strings smaller than that, and 4095 for other strings. This can be avoided for strings smaller than `4096 - zend_string header size - 1` by reallocating the string.

This change introduces `smart_str_trim_to_size()`, and calls it in `smart_str_extract()`. Functions that use `smart_str` are updated to use `smart_str_extract()`.

Fixes GH-8896

show more ...

Fix GH-8232 - always reference classes in `var_export()` via their FQCN

Closes GH-8233

This fix corrects a behavior of `var_export()` that was mostly "hidden" until PHP 8.1 introduc

Fix GH-8232 - always reference classes in `var_export()` via their FQCN

Closes GH-8233

This fix corrects a behavior of `var_export()` that was mostly "hidden" until PHP 8.1 introduced:

* properties with object initializers
* constants containing object references
* default values of class properties containing `enum`s

Since `var_export(..., true)` is mostly used in conjunction with code generation,
and we cannot make assumptions about the generated code being placed in the root
namespace, we must always provide the FQCN of a class in exported code.

For example:

```php
<?php

namespace MyNamespace { class Foo {} }

namespace { echo "<?php\n\nnamespace Example;\n\n" . var_export(new \MyNamespace\Foo(), true) . ';'; }
```

produces:

```php
<?php

namespace Example;

MyNamespace\Foo::__set_state(array(
));
```

This code snippet is invalid, because `Example\MyNamespace\Foo::__set_state()` (which
does not exist) is called.

With this patch applied, the code looks like following (valid):

```php
<?php

namespace Example;

\MyNamespace\Foo::__set_state(array(
));
```

Ref: https://github.com/php/php-src/issues/8232
Ref: https://github.com/Ocramius/ProxyManager/issues/754
Ref: https://externals.io/message/117466

show more ...

Added: [zend_]memory_reset_peak_usage() (#8151)

Fix infiniry recursion during serialize() of "tricky" object

Fixes oss-fuzz #44954

Use zend_long for resource ID

Currently, resource IDs are limited to 32-bits. As resource IDs
are not reused, this means that resource ID overflow for
long-running processes is very

Use zend_long for resource ID

Currently, resource IDs are limited to 32-bits. As resource IDs
are not reused, this means that resource ID overflow for
long-running processes is very possible.

This patch switches resource IDs to use zend_long instead, which
means that on 64-bit systems, 64-bit resource IDs will be used.
This makes resource ID overflow practically impossible.

The tradeoff is an 8 byte increase in zend_resource size.

Closes GH-7436.

show more ...

Add additional double to string APIs

zend_double_to_str() converts a double to string in the way that
(string) would (using %.*H using precision).

smart_str_append_double() prov

Add additional double to string APIs

zend_double_to_str() converts a double to string in the way that
(string) would (using %.*H using precision).

smart_str_append_double() provides some more fine control over
the precision, and whether a zero fraction should be appeneded
for whole numbers.

A caveat here is that raw calls to zend_gcvt and going through
s*printf has slightly different behavior for the degenarate
precision=0 case. zend_gcvt will add a dummy E+0 in that case,
while s*printf convert this to precision=1 and will not. I'm
going with the s*printf behavior here, which is more common,
but does result in a minor change to the precision.phpt test.

show more ...

Move php_gcvt to zend_gcvt

Also move PHP_DOUBLE_MAX_LENGTH to ZEND_DOUBLE_MAX_LENGTH.

Remove leading underscore for _zend_hash_find_known_hash (#7260)

Convert zend_hash_find_ex(..., 1) to zend_hash_find_known_hash(...)
Convert zend_hash_find_ex(..., 0) to zend_hash_find(.

Remove leading underscore for _zend_hash_find_known_hash (#7260)

Convert zend_hash_find_ex(..., 1) to zend_hash_find_known_hash(...)
Convert zend_hash_find_ex(..., 0) to zend_hash_find(...)

Also add serializable changes to UPGRADING.INTERNALS summary

show more ...

Add ZEND_ACC_NOT_SERIALIZABLE flag

This prevents serialization and unserialization of a class and its
children in a way that does not depend on the zend_class_serialize_deny
and zend

Add ZEND_ACC_NOT_SERIALIZABLE flag

This prevents serialization and unserialization of a class and its
children in a way that does not depend on the zend_class_serialize_deny
and zend_class_unserialize_deny handlers that will be going away
in PHP 9 together with the Serializable interface.

In stubs, `@not-serializable` can be used to set this flag.

This patch only uses the new flag for a handful of Zend classes,
converting the remainder is left for later.

Closes GH-7249.
Fixes bug #81111.

show more ...

Fix false positive recursion warning for var_export of enums (#7201)

Fix bug #81163 __sleep allowed to return non-array

Use smart_str_extend() instead of smart_str_alloc()

These usages were re-implementing the exact functionality of
smart_str_extend().

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Implement enums

RFC: https://wiki.php.net/rfc/enumerations

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>

Closes GH-6489.

Explicitly print reference wrappers in debug_zval_dump()

Closes GH-6750.

Optimize serializing class names

Because of the memcpy, compilers can't infer that ZSTR_LEN (i.e. class_name->len)
did not change, so they copy it out of memory into a register for the l

Optimize serializing class names

Because of the memcpy, compilers can't infer that ZSTR_LEN (i.e. class_name->len)
did not change, so they copy it out of memory into a register for the last two
accesses.
php_var_serialize_string already does something similar.

Closes GH-6734

show more ...

Optimized object serialization without rebulding properties HashTable

Incomplete class may have only single "MAGIC_MEMBER"

serialize() optimization

Speed up __sleep() and __wakeup() calls

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...

Print "interned" instead of fake refcount in debug_zval_dump()

debug_zval_dump() currently prints refcount 1 for interned strings
and arrays, which does not really reflect the truth. The

Print "interned" instead of fake refcount in debug_zval_dump()

debug_zval_dump() currently prints refcount 1 for interned strings
and arrays, which does not really reflect the truth. These values
are not refcounted, so the refcount is misleading. Instead print
an "interned" tag.

Closes GH-6598.

show more ...