Ensure to initialize lazy object in foreach

foreach() by-passes the get_properties() handler and did not always trigger
initialization.

Fix zend_get_property_info_for_slot() for lazy objects (#15855)

zend_get_property_info_for_slot(obj, slot) assumes that 'slot' belongs to 'obj', but that may not be the case for lazy proxies

Fix zend_get_property_info_for_slot() for lazy objects (#15855)

zend_get_property_info_for_slot(obj, slot) assumes that 'slot' belongs to 'obj', but that may not be the case for lazy proxies.

Fortunately, the property info is often already available in path when it is needed.

For other cases, I make zend_get_property_info_for_slot() aware of lazy objects, and add zend_get_property_info_for_slot_self() for cases where the 'slot' is known to belong to the object itself.

Fixes oss-fuzz #71446

show more ...

Interrupt while internal frame is on the stack (#14627)

* Check VM interrupt while internal frame is on top

* Use tab instead of spaces

* fix frame used in interrupt and re

Interrupt while internal frame is on the stack (#14627)

* Check VM interrupt while internal frame is on top

* Use tab instead of spaces

* fix frame used in interrupt and refactor

* remove unused failures for zend_jit_check_timeout

* Fix JIT support

Co-authored-by: Bob Weinand <bobwei9@hotmail.com>

* Fix the missing store to vm_interrupt

* Rename new functions

* Special case zend_interrupt_function in JIT code

* refactor to use ZEND_VM_SET_OPCODE_NO_INTERRUPT

* Split atomic exchange into load + store

It is difficult to determine performance of atomics sometimes. In this
case, the separate load+store is still correct, and a load does not
cause a modification, and might be faster for some platforms than an
exchange. A load+store is slower than an exchange, but we're fine
trading the penalty to the slow path and keeping the happy path faster.

---------

Co-authored-by: Bob Weinand <bobwei9@hotmail.com>

show more ...

Add type indicator to array/arg unpack error messages (GH-15448)

Lazy objects

RFC: https://wiki.php.net/rfc/lazy-objects

Closes GH-15019

[RFC] Convert exit (and die) from language constructs to functions (#13483)

RFC: https://wiki.php.net/rfc/exit-as-function

Change YIELD/YIELD_FROM to do not increment opline (#15328)

YIELD and YIELD_FROM increment opline before returning, but in most places
we need the opline to point to the YIELD and YIELD_

Change YIELD/YIELD_FROM to do not increment opline (#15328)

YIELD and YIELD_FROM increment opline before returning, but in most places
we need the opline to point to the YIELD and YIELD_FROM.

Here I change YIELD / YIELD_FROM to not increment opline. This simplifies the
code and fixes GH-15275 in a better way.

Closes GH-15328

show more ...

Remove IS_STATIC_VAR_UNINITIALIZED (#15227)

This flag was never necessary. We know a static variable is uninitialized (i.e.
the initializer has never been called) iff the zval in the sta

Remove IS_STATIC_VAR_UNINITIALIZED (#15227)

This flag was never necessary. We know a static variable is uninitialized (i.e.
the initializer has never been called) iff the zval in the static variable array
does not contain a reference.

Prompted by a related issue in ext-uopz reported by Christoph.

show more ...

Use zend_std_build_properties() to access zend_object.properties

The zend_object.properties HashTable needs to be built just in time by calling
rebuild_object_properties() on the object

Use zend_std_build_properties() to access zend_object.properties

The zend_object.properties HashTable needs to be built just in time by calling
rebuild_object_properties() on the object before accessing it. Normally this is
done automatically in zend_std_get_properties(), but we do it manually in a few
places.

In this change I introduce an inline variant of zend_std_build_properties(), and
refactor these places to use it instead of calling rebuild_object_properties()
manually.

rebuild_object_properties() renamed as rebuild_object_properties_internal(), to
enforce usage of zend_std_get_properties() or zend_std_build_properties_ex().

Closes GH-14996

show more ...

[RFC] Property hooks (#13455)

RFC: https://wiki.php.net/rfc/property-hooks

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>

RFC: Add `#[\Deprecated]` Attribute (#11293)

see https://wiki.php.net/rfc/deprecated_attribute

Co-authored-by: Tim Düsterhus <tim@tideways-gmbh.com>
Co-authored-by: Ilija Tovilo

RFC: Add `#[\Deprecated]` Attribute (#11293)

see https://wiki.php.net/rfc/deprecated_attribute

Co-authored-by: Tim Düsterhus <tim@tideways-gmbh.com>
Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>

show more ...

Optimize observers (#13649)

Inline the lookup whether a function is observed at all.
This strategy is also used for FRAMELESS calls. If the frameless call is observed, we instead allocat

Optimize observers (#13649)

Inline the lookup whether a function is observed at all.
This strategy is also used for FRAMELESS calls. If the frameless call is observed, we instead allocate a call frame and push the arguments, to call the the function afterwards.
Doing so is still a performance benefit as opposed to executing individual INIT_FCALL+SEND_VAL ops. Thus, even if the frameless call turns out to be observed, the call overhead is slightly lower than before.
If the internal function is not observed at all, the unavoidable overhead is fetching the FLF zend_function pointer and the run-time cache needs to be inspected.

As part of this work, it turned out to be most viable to put the result operand on the ZEND_OP_DATA instead of ZEND_FRAMELESS_ICALL_3, allowing seamless interoperability with the DO_ICALL opcode.
This is a bit unusual in comparison to all other ZEND_OP_DATA usages, but seems to not pose problems overall.

There is also a small issue resolved: trampolines would always use the ZEND_CALL_TRAMPOLINE_SPEC_OBSERVER function due to zend_observer_fcall_op_array_extension being set to -1 too late.

show more ...

refactor: change `zend_is_true` to return `bool` (#14301)

Previously this returned `int`. Many functions actually take advantage
of the fact this returns exactly 0 or 1. For instance,

refactor: change `zend_is_true` to return `bool` (#14301)

Previously this returned `int`. Many functions actually take advantage
of the fact this returns exactly 0 or 1. For instance,
`main/streams/xp_socket.c` does:

sockopts |= STREAM_SOCKOP_IPV6_V6ONLY_ENABLED * zend_is_true(tmpzval);

And `Zend/zend_compile.c` does:

child = &ast->child[2 - zend_is_true(zend_ast_get_zval(ast->child[0]))];

I changed a few places trivially from `int` to `bool`, but there are
still many places such as the object handlers which return `int` that
should eventually be `bool`.

show more ...

Separate internal and user function extension handles

This allows us to skip zend_init_internal_run_time_cache() when opcache is
enabled. This function can be quite expensive.

C

Separate internal and user function extension handles

This allows us to skip zend_init_internal_run_time_cache() when opcache is
enabled. This function can be quite expensive.

Closes GH-14252

show more ...

Make `ReflectionGenerator::getFunction()` legal after generator termination (#14167)

* Make `ReflectionGenerator::getFunction()` legal after generator termination

* Expose the gener

Make `ReflectionGenerator::getFunction()` legal after generator termination (#14167)

* Make `ReflectionGenerator::getFunction()` legal after generator termination

* Expose the generator function name via `Generator::__debugInfo()`

* Allow creating `ReflectionGenerator` after termination

* Reorder `struct _zend_generator` to avoid a hole

* Adjust `ext/reflection/tests/028.phpt`

This is legal now.

* Fix Generator Closure collection

* Add test to verify the Closure dies with the generator

* NEWS / UPGRADING

show more ...

Implement INIT_FCALL offset optimization

Closes GH-13634

Remove UNEXPECTED from typed prop checks

Closes GH-13143

Fix refactoring mistake

Odd, I rebuilt the project but somehow missed this.

Implement stackless internal function calls

Co-authored-by: Dmitry Stogov <dmitry@zend.com>

Closes GH-12461

Fix GH-13142: Undefined variable name is shortened when contains \0

Uses the new %S formatter and introduces the necessary changes and
helpers.

Add runtime type inference verification

Co-authored-by: Dmitry Stogov <dmitry@zend.com>

Closes GH-12930

Fixed GH-12596: Segmentation fault on AArch64 release build with opcache.jit=1112 (#12813)

Fix leak of call->extra_named_params on internal __call

Fixes GH-12835
Closes GH-12836

Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768)

* fix segfault in `ZEND_BIND_STATIC`

In case a `ZEND_BIND_STATIC` is being executed, while

Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768)

* fix segfault in `ZEND_BIND_STATIC`

In case a `ZEND_BIND_STATIC` is being executed, while the current chunk is full,
the `zend_array_dup()` call will trigger a OOM in ZendMM which will crash, as
the opline might be a dangling pointer.

* add missing test

* `assert()`ing seems easier than trying to make the compiler to not optimize

* moved from function call to INI setting, so we can use this in other places as well

* make `assert()` work no NDEBUG builds

* document magic number

* fix segfault in `ZEND_FUNC_GET_ARGS`

In case a `ZEND_FUNC_GET_ARGS` is being executed, while the current chunk is
full, the `zend_new_array()` call will trigger a OOM in ZendMM which will crash,
as the opline might be a dangling pointer.

---------

Co-authored-by: Florian Engelhardt <florian@engelhardt.tc>

show more ...

Fix use-after-free of name in var-var with malicious error handler

Fixes oss-fuzz #54325
Closes GH-12732