1 /*
2 +----------------------------------------------------------------------+
3 | Zend Engine |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1998-2013 Zend Technologies Ltd. (http://www.zend.com) |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 2.00 of the Zend license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.zend.com/license/2_00.txt. |
11 | If you did not receive a copy of the Zend license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@zend.com so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@zend.com> |
16 | Zeev Suraski <zeev@zend.com> |
17 | Dmitry Stogov <dmitry@zend.com> |
18 +----------------------------------------------------------------------+
19 */
20
21 /* $Id$ */
22
23 /* If you change this file, please regenerate the zend_vm_execute.h and
24 * zend_vm_opcodes.h files by running:
25 * php zend_vm_gen.php
26 */
27
28 ZEND_VM_HANDLER(1, ZEND_ADD, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
29 {
30 zend_op *opline = EX(opline);
31 zend_free_op free_op1, free_op2;
32
33 add_function(&EX_T(opline->result.u.var).tmp_var,
34 GET_OP1_ZVAL_PTR(BP_VAR_R),
35 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
36 FREE_OP1();
37 FREE_OP2();
38 ZEND_VM_NEXT_OPCODE();
39 }
40
41 ZEND_VM_HANDLER(2, ZEND_SUB, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
42 {
43 zend_op *opline = EX(opline);
44 zend_free_op free_op1, free_op2;
45
46 sub_function(&EX_T(opline->result.u.var).tmp_var,
47 GET_OP1_ZVAL_PTR(BP_VAR_R),
48 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
49 FREE_OP1();
50 FREE_OP2();
51 ZEND_VM_NEXT_OPCODE();
52 }
53
54 ZEND_VM_HANDLER(3, ZEND_MUL, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
55 {
56 zend_op *opline = EX(opline);
57 zend_free_op free_op1, free_op2;
58
59 mul_function(&EX_T(opline->result.u.var).tmp_var,
60 GET_OP1_ZVAL_PTR(BP_VAR_R),
61 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
62 FREE_OP1();
63 FREE_OP2();
64 ZEND_VM_NEXT_OPCODE();
65 }
66
67 ZEND_VM_HANDLER(4, ZEND_DIV, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
68 {
69 zend_op *opline = EX(opline);
70 zend_free_op free_op1, free_op2;
71
72 div_function(&EX_T(opline->result.u.var).tmp_var,
73 GET_OP1_ZVAL_PTR(BP_VAR_R),
74 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
75 FREE_OP1();
76 FREE_OP2();
77 ZEND_VM_NEXT_OPCODE();
78 }
79
80 ZEND_VM_HANDLER(5, ZEND_MOD, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
81 {
82 zend_op *opline = EX(opline);
83 zend_free_op free_op1, free_op2;
84
85 mod_function(&EX_T(opline->result.u.var).tmp_var,
86 GET_OP1_ZVAL_PTR(BP_VAR_R),
87 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
88 FREE_OP1();
89 FREE_OP2();
90 ZEND_VM_NEXT_OPCODE();
91 }
92
93 ZEND_VM_HANDLER(6, ZEND_SL, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
94 {
95 zend_op *opline = EX(opline);
96 zend_free_op free_op1, free_op2;
97
98 shift_left_function(&EX_T(opline->result.u.var).tmp_var,
99 GET_OP1_ZVAL_PTR(BP_VAR_R),
100 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
101 FREE_OP1();
102 FREE_OP2();
103 ZEND_VM_NEXT_OPCODE();
104 }
105
106 ZEND_VM_HANDLER(7, ZEND_SR, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
107 {
108 zend_op *opline = EX(opline);
109 zend_free_op free_op1, free_op2;
110
111 shift_right_function(&EX_T(opline->result.u.var).tmp_var,
112 GET_OP1_ZVAL_PTR(BP_VAR_R),
113 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
114 FREE_OP1();
115 FREE_OP2();
116 ZEND_VM_NEXT_OPCODE();
117 }
118
119 ZEND_VM_HANDLER(8, ZEND_CONCAT, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
120 {
121 zend_op *opline = EX(opline);
122 zend_free_op free_op1, free_op2;
123
124 concat_function(&EX_T(opline->result.u.var).tmp_var,
125 GET_OP1_ZVAL_PTR(BP_VAR_R),
126 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
127 FREE_OP1();
128 FREE_OP2();
129 ZEND_VM_NEXT_OPCODE();
130 }
131
132 ZEND_VM_HANDLER(15, ZEND_IS_IDENTICAL, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
133 {
134 zend_op *opline = EX(opline);
135 zend_free_op free_op1, free_op2;
136
137 is_identical_function(&EX_T(opline->result.u.var).tmp_var,
138 GET_OP1_ZVAL_PTR(BP_VAR_R),
139 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
140 FREE_OP1();
141 FREE_OP2();
142 ZEND_VM_NEXT_OPCODE();
143 }
144
145 ZEND_VM_HANDLER(16, ZEND_IS_NOT_IDENTICAL, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
146 {
147 zend_op *opline = EX(opline);
148 zend_free_op free_op1, free_op2;
149 zval *result = &EX_T(opline->result.u.var).tmp_var;
150
151 is_identical_function(result,
152 GET_OP1_ZVAL_PTR(BP_VAR_R),
153 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
154 Z_LVAL_P(result) = !Z_LVAL_P(result);
155 FREE_OP1();
156 FREE_OP2();
157 ZEND_VM_NEXT_OPCODE();
158 }
159
160 ZEND_VM_HANDLER(17, ZEND_IS_EQUAL, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
161 {
162 zend_op *opline = EX(opline);
163 zend_free_op free_op1, free_op2;
164 zval *result = &EX_T(opline->result.u.var).tmp_var;
165
166 compare_function(result,
167 GET_OP1_ZVAL_PTR(BP_VAR_R),
168 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
169 ZVAL_BOOL(result, (Z_LVAL_P(result) == 0));
170 FREE_OP1();
171 FREE_OP2();
172 ZEND_VM_NEXT_OPCODE();
173 }
174
175 ZEND_VM_HANDLER(18, ZEND_IS_NOT_EQUAL, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
176 {
177 zend_op *opline = EX(opline);
178 zend_free_op free_op1, free_op2;
179 zval *result = &EX_T(opline->result.u.var).tmp_var;
180
181 compare_function(result,
182 GET_OP1_ZVAL_PTR(BP_VAR_R),
183 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
184 ZVAL_BOOL(result, (Z_LVAL_P(result) != 0));
185 FREE_OP1();
186 FREE_OP2();
187 ZEND_VM_NEXT_OPCODE();
188 }
189
190 ZEND_VM_HANDLER(19, ZEND_IS_SMALLER, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
191 {
192 zend_op *opline = EX(opline);
193 zend_free_op free_op1, free_op2;
194 zval *result = &EX_T(opline->result.u.var).tmp_var;
195
196 compare_function(result,
197 GET_OP1_ZVAL_PTR(BP_VAR_R),
198 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
199 ZVAL_BOOL(result, (Z_LVAL_P(result) < 0));
200 FREE_OP1();
201 FREE_OP2();
202 ZEND_VM_NEXT_OPCODE();
203 }
204
205 ZEND_VM_HANDLER(20, ZEND_IS_SMALLER_OR_EQUAL, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
206 {
207 zend_op *opline = EX(opline);
208 zend_free_op free_op1, free_op2;
209 zval *result = &EX_T(opline->result.u.var).tmp_var;
210
211 compare_function(result,
212 GET_OP1_ZVAL_PTR(BP_VAR_R),
213 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
214 ZVAL_BOOL(result, (Z_LVAL_P(result) <= 0));
215 FREE_OP1();
216 FREE_OP2();
217 ZEND_VM_NEXT_OPCODE();
218 }
219
220 ZEND_VM_HANDLER(9, ZEND_BW_OR, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
221 {
222 zend_op *opline = EX(opline);
223 zend_free_op free_op1, free_op2;
224
225 bitwise_or_function(&EX_T(opline->result.u.var).tmp_var,
226 GET_OP1_ZVAL_PTR(BP_VAR_R),
227 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
228 FREE_OP1();
229 FREE_OP2();
230 ZEND_VM_NEXT_OPCODE();
231 }
232
233 ZEND_VM_HANDLER(10, ZEND_BW_AND, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
234 {
235 zend_op *opline = EX(opline);
236 zend_free_op free_op1, free_op2;
237
238 bitwise_and_function(&EX_T(opline->result.u.var).tmp_var,
239 GET_OP1_ZVAL_PTR(BP_VAR_R),
240 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
241 FREE_OP1();
242 FREE_OP2();
243 ZEND_VM_NEXT_OPCODE();
244 }
245
246 ZEND_VM_HANDLER(11, ZEND_BW_XOR, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
247 {
248 zend_op *opline = EX(opline);
249 zend_free_op free_op1, free_op2;
250
251 bitwise_xor_function(&EX_T(opline->result.u.var).tmp_var,
252 GET_OP1_ZVAL_PTR(BP_VAR_R),
253 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
254 FREE_OP1();
255 FREE_OP2();
256 ZEND_VM_NEXT_OPCODE();
257 }
258
259 ZEND_VM_HANDLER(14, ZEND_BOOL_XOR, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
260 {
261 zend_op *opline = EX(opline);
262 zend_free_op free_op1, free_op2;
263
264 boolean_xor_function(&EX_T(opline->result.u.var).tmp_var,
265 GET_OP1_ZVAL_PTR(BP_VAR_R),
266 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
267 FREE_OP1();
268 FREE_OP2();
269 ZEND_VM_NEXT_OPCODE();
270 }
271
272 ZEND_VM_HANDLER(12, ZEND_BW_NOT, CONST|TMP|VAR|CV, ANY)
273 {
274 zend_op *opline = EX(opline);
275 zend_free_op free_op1;
276
277 bitwise_not_function(&EX_T(opline->result.u.var).tmp_var,
278 GET_OP1_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
279 FREE_OP1();
280 ZEND_VM_NEXT_OPCODE();
281 }
282
283 ZEND_VM_HANDLER(13, ZEND_BOOL_NOT, CONST|TMP|VAR|CV, ANY)
284 {
285 zend_op *opline = EX(opline);
286 zend_free_op free_op1;
287
288 boolean_not_function(&EX_T(opline->result.u.var).tmp_var,
289 GET_OP1_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
290 FREE_OP1();
291 ZEND_VM_NEXT_OPCODE();
292 }
293
294 ZEND_VM_HELPER_EX(zend_binary_assign_op_obj_helper, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV, int (*binary_op)(zval *result, zval *op1, zval *op2 TSRMLS_DC))
295 {
296 zend_op *opline = EX(opline);
297 zend_op *op_data = opline+1;
298 zend_free_op free_op1, free_op2, free_op_data1;
299 zval **object_ptr = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_W);
300 zval *object;
301 zval *property = GET_OP2_ZVAL_PTR(BP_VAR_R);
302 zval *value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R);
303 znode *result = &opline->result;
304 int have_get_ptr = 0;
305
306 if (OP1_TYPE == IS_VAR && !object_ptr) {
307 zend_error_noreturn(E_ERROR, "Cannot use string offset as an object");
308 }
309
310 EX_T(result->u.var).var.ptr_ptr = NULL;
311 make_real_object(object_ptr TSRMLS_CC);
312 object = *object_ptr;
313
314 if (Z_TYPE_P(object) != IS_OBJECT) {
315 zend_error(E_WARNING, "Attempt to assign property of non-object");
316 FREE_OP2();
317 FREE_OP(free_op_data1);
318
319 if (!RETURN_VALUE_UNUSED(result)) {
320 EX_T(result->u.var).var.ptr = EG(uninitialized_zval_ptr);
321 EX_T(result->u.var).var.ptr_ptr = NULL;
322 PZVAL_LOCK(EG(uninitialized_zval_ptr));
323 }
324 } else {
325 /* here we are sure we are dealing with an object */
326 if (IS_OP2_TMP_FREE()) {
327 MAKE_REAL_ZVAL_PTR(property);
328 }
329
330 /* here property is a string */
331 if (opline->extended_value == ZEND_ASSIGN_OBJ
332 && Z_OBJ_HT_P(object)->get_property_ptr_ptr) {
333 zval **zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property TSRMLS_CC);
334 if (zptr != NULL) { /* NULL means no success in getting PTR */
335 SEPARATE_ZVAL_IF_NOT_REF(zptr);
336
337 have_get_ptr = 1;
338 binary_op(*zptr, *zptr, value TSRMLS_CC);
339 if (!RETURN_VALUE_UNUSED(result)) {
340 EX_T(result->u.var).var.ptr = *zptr;
341 EX_T(result->u.var).var.ptr_ptr = NULL;
342 PZVAL_LOCK(*zptr);
343 }
344 }
345 }
346
347 if (!have_get_ptr) {
348 zval *z = NULL;
349
350 if (opline->extended_value == ZEND_ASSIGN_OBJ) {
351 if (Z_OBJ_HT_P(object)->read_property) {
352 z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R TSRMLS_CC);
353 }
354 } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ {
355 if (Z_OBJ_HT_P(object)->read_dimension) {
356 z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R TSRMLS_CC);
357 }
358 }
359 if (z) {
360 if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) {
361 zval *value = Z_OBJ_HT_P(z)->get(z TSRMLS_CC);
362
363 if (Z_REFCOUNT_P(z) == 0) {
364 GC_REMOVE_ZVAL_FROM_BUFFER(z);
365 zval_dtor(z);
366 FREE_ZVAL(z);
367 }
368 z = value;
369 }
370 Z_ADDREF_P(z);
371 SEPARATE_ZVAL_IF_NOT_REF(&z);
372 binary_op(z, z, value TSRMLS_CC);
373 if (opline->extended_value == ZEND_ASSIGN_OBJ) {
374 Z_OBJ_HT_P(object)->write_property(object, property, z TSRMLS_CC);
375 } else /* if (opline->extended_value == ZEND_ASSIGN_DIM) */ {
376 Z_OBJ_HT_P(object)->write_dimension(object, property, z TSRMLS_CC);
377 }
378 if (!RETURN_VALUE_UNUSED(result)) {
379 EX_T(result->u.var).var.ptr = z;
380 EX_T(result->u.var).var.ptr_ptr = NULL;
381 PZVAL_LOCK(z);
382 }
383 zval_ptr_dtor(&z);
384 } else {
385 zend_error(E_WARNING, "Attempt to assign property of non-object");
386 if (!RETURN_VALUE_UNUSED(result)) {
387 EX_T(result->u.var).var.ptr = EG(uninitialized_zval_ptr);
388 EX_T(result->u.var).var.ptr_ptr = NULL;
389 PZVAL_LOCK(EG(uninitialized_zval_ptr));
390 }
391 }
392 }
393
394 if (IS_OP2_TMP_FREE()) {
395 zval_ptr_dtor(&property);
396 } else {
397 FREE_OP2();
398 }
399 FREE_OP(free_op_data1);
400 }
401
402 FREE_OP1_VAR_PTR();
403 /* assign_obj has two opcodes! */
404 ZEND_VM_INC_OPCODE();
405 ZEND_VM_NEXT_OPCODE();
406 }
407
408 ZEND_VM_HELPER_EX(zend_binary_assign_op_helper, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV, int (*binary_op)(zval *result, zval *op1, zval *op2 TSRMLS_DC))
409 {
410 zend_op *opline = EX(opline);
411 zend_free_op free_op1, free_op2, free_op_data2, free_op_data1;
412 zval **var_ptr;
413 zval *value;
414
415 switch (opline->extended_value) {
416 case ZEND_ASSIGN_OBJ:
417 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_obj_helper, binary_op, binary_op);
418 break;
419 case ZEND_ASSIGN_DIM: {
420 zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_RW);
421
422 if (OP1_TYPE == IS_VAR && !container) {
423 zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
424 } else if (Z_TYPE_PP(container) == IS_OBJECT) {
425 if (OP1_TYPE == IS_VAR && !OP1_FREE) {
426 Z_ADDREF_PP(container); /* undo the effect of get_obj_zval_ptr_ptr() */
427 }
428 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_obj_helper, binary_op, binary_op);
429 } else {
430 zend_op *op_data = opline+1;
431 zval *dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
432
433 zend_fetch_dimension_address(&EX_T(op_data->op2.u.var), container, dim, IS_OP2_TMP_FREE(), BP_VAR_RW TSRMLS_CC);
434 value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R);
435 var_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC);
436 ZEND_VM_INC_OPCODE();
437 }
438 }
439 break;
440 default:
441 value = GET_OP2_ZVAL_PTR(BP_VAR_R);
442 var_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_RW);
443 /* do nothing */
444 break;
445 }
446
447 if (!var_ptr) {
448 zend_error_noreturn(E_ERROR, "Cannot use assign-op operators with overloaded objects nor string offsets");
449 }
450
451 if (*var_ptr == EG(error_zval_ptr)) {
452 if (!RETURN_VALUE_UNUSED(&opline->result)) {
453 AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr));
454 PZVAL_LOCK(EG(uninitialized_zval_ptr));
455 }
456 FREE_OP2();
457 FREE_OP1_VAR_PTR();
458 ZEND_VM_NEXT_OPCODE();
459 }
460
461 SEPARATE_ZVAL_IF_NOT_REF(var_ptr);
462
463 if(Z_TYPE_PP(var_ptr) == IS_OBJECT && Z_OBJ_HANDLER_PP(var_ptr, get)
464 && Z_OBJ_HANDLER_PP(var_ptr, set)) {
465 /* proxy object */
466 zval *objval = Z_OBJ_HANDLER_PP(var_ptr, get)(*var_ptr TSRMLS_CC);
467 Z_ADDREF_P(objval);
468 binary_op(objval, objval, value TSRMLS_CC);
469 Z_OBJ_HANDLER_PP(var_ptr, set)(var_ptr, objval TSRMLS_CC);
470 zval_ptr_dtor(&objval);
471 } else {
472 binary_op(*var_ptr, *var_ptr, value TSRMLS_CC);
473 }
474
475 if (!RETURN_VALUE_UNUSED(&opline->result)) {
476 AI_SET_PTR(EX_T(opline->result.u.var).var, *var_ptr);
477 PZVAL_LOCK(*var_ptr);
478 }
479 FREE_OP2();
480
481 if (opline->extended_value == ZEND_ASSIGN_DIM) {
482 FREE_OP(free_op_data1);
483 FREE_OP_VAR_PTR(free_op_data2);
484 }
485 FREE_OP1_VAR_PTR();
486 ZEND_VM_NEXT_OPCODE();
487 }
488
489 ZEND_VM_HANDLER(23, ZEND_ASSIGN_ADD, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
490 {
491 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, add_function);
492 }
493
494 ZEND_VM_HANDLER(24, ZEND_ASSIGN_SUB, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
495 {
496 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, sub_function);
497 }
498
499 ZEND_VM_HANDLER(25, ZEND_ASSIGN_MUL, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
500 {
501 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, mul_function);
502 }
503
504 ZEND_VM_HANDLER(26, ZEND_ASSIGN_DIV, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
505 {
506 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, div_function);
507 }
508
509 ZEND_VM_HANDLER(27, ZEND_ASSIGN_MOD, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
510 {
511 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, mod_function);
512 }
513
514 ZEND_VM_HANDLER(28, ZEND_ASSIGN_SL, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
515 {
516 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, shift_left_function);
517 }
518
519 ZEND_VM_HANDLER(29, ZEND_ASSIGN_SR, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
520 {
521 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, shift_right_function);
522 }
523
524 ZEND_VM_HANDLER(30, ZEND_ASSIGN_CONCAT, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
525 {
526 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, concat_function);
527 }
528
529 ZEND_VM_HANDLER(31, ZEND_ASSIGN_BW_OR, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
530 {
531 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, bitwise_or_function);
532 }
533
534 ZEND_VM_HANDLER(32, ZEND_ASSIGN_BW_AND, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
535 {
536 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, bitwise_and_function);
537 }
538
539 ZEND_VM_HANDLER(33, ZEND_ASSIGN_BW_XOR, VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
540 {
541 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_binary_assign_op_helper, binary_op, bitwise_xor_function);
542 }
543
544 ZEND_VM_HELPER_EX(zend_pre_incdec_property_helper, VAR|UNUSED|CV, CONST|TMP|VAR|CV, incdec_t incdec_op)
545 {
546 zend_op *opline = EX(opline);
547 zend_free_op free_op1, free_op2;
548 zval **object_ptr = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_W);
549 zval *object;
550 zval *property = GET_OP2_ZVAL_PTR(BP_VAR_R);
551 zval **retval = &EX_T(opline->result.u.var).var.ptr;
552 int have_get_ptr = 0;
553
554 if (OP1_TYPE == IS_VAR && !object_ptr) {
555 zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets");
556 }
557
558 make_real_object(object_ptr TSRMLS_CC); /* this should modify object only if it's empty */
559 object = *object_ptr;
560
561 if (Z_TYPE_P(object) != IS_OBJECT) {
562 zend_error(E_WARNING, "Attempt to increment/decrement property of non-object");
563 FREE_OP2();
564 if (!RETURN_VALUE_UNUSED(&opline->result)) {
565 *retval = EG(uninitialized_zval_ptr);
566 PZVAL_LOCK(*retval);
567 }
568 FREE_OP1_VAR_PTR();
569 ZEND_VM_NEXT_OPCODE();
570 }
571
572 /* here we are sure we are dealing with an object */
573
574 if (IS_OP2_TMP_FREE()) {
575 MAKE_REAL_ZVAL_PTR(property);
576 }
577
578 if (Z_OBJ_HT_P(object)->get_property_ptr_ptr) {
579 zval **zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property TSRMLS_CC);
580 if (zptr != NULL) { /* NULL means no success in getting PTR */
581 SEPARATE_ZVAL_IF_NOT_REF(zptr);
582
583 have_get_ptr = 1;
584 incdec_op(*zptr);
585 if (!RETURN_VALUE_UNUSED(&opline->result)) {
586 *retval = *zptr;
587 PZVAL_LOCK(*retval);
588 }
589 }
590 }
591
592 if (!have_get_ptr) {
593 if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) {
594 zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R TSRMLS_CC);
595
596 if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) {
597 zval *value = Z_OBJ_HT_P(z)->get(z TSRMLS_CC);
598
599 if (Z_REFCOUNT_P(z) == 0) {
600 GC_REMOVE_ZVAL_FROM_BUFFER(z);
601 zval_dtor(z);
602 FREE_ZVAL(z);
603 }
604 z = value;
605 }
606 Z_ADDREF_P(z);
607 SEPARATE_ZVAL_IF_NOT_REF(&z);
608 incdec_op(z);
609 *retval = z;
610 Z_OBJ_HT_P(object)->write_property(object, property, z TSRMLS_CC);
611 SELECTIVE_PZVAL_LOCK(*retval, &opline->result);
612 zval_ptr_dtor(&z);
613 } else {
614 zend_error(E_WARNING, "Attempt to increment/decrement property of non-object");
615 if (!RETURN_VALUE_UNUSED(&opline->result)) {
616 *retval = EG(uninitialized_zval_ptr);
617 PZVAL_LOCK(*retval);
618 }
619 }
620 }
621
622 if (IS_OP2_TMP_FREE()) {
623 zval_ptr_dtor(&property);
624 } else {
625 FREE_OP2();
626 }
627 FREE_OP1_VAR_PTR();
628 ZEND_VM_NEXT_OPCODE();
629 }
630
631 ZEND_VM_HANDLER(132, ZEND_PRE_INC_OBJ, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
632 {
633 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_pre_incdec_property_helper, incdec_op, increment_function);
634 }
635
636 ZEND_VM_HANDLER(133, ZEND_PRE_DEC_OBJ, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
637 {
638 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_pre_incdec_property_helper, incdec_op, decrement_function);
639 }
640
641 ZEND_VM_HELPER_EX(zend_post_incdec_property_helper, VAR|UNUSED|CV, CONST|TMP|VAR|CV, incdec_t incdec_op)
642 {
643 zend_op *opline = EX(opline);
644 zend_free_op free_op1, free_op2;
645 zval **object_ptr = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_W);
646 zval *object;
647 zval *property = GET_OP2_ZVAL_PTR(BP_VAR_R);
648 zval *retval = &EX_T(opline->result.u.var).tmp_var;
649 int have_get_ptr = 0;
650
651 if (OP1_TYPE == IS_VAR && !object_ptr) {
652 zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets");
653 }
654
655 make_real_object(object_ptr TSRMLS_CC); /* this should modify object only if it's empty */
656 object = *object_ptr;
657
658 if (Z_TYPE_P(object) != IS_OBJECT) {
659 zend_error(E_WARNING, "Attempt to increment/decrement property of non-object");
660 FREE_OP2();
661 *retval = *EG(uninitialized_zval_ptr);
662 FREE_OP1_VAR_PTR();
663 ZEND_VM_NEXT_OPCODE();
664 }
665
666 /* here we are sure we are dealing with an object */
667
668 if (IS_OP2_TMP_FREE()) {
669 MAKE_REAL_ZVAL_PTR(property);
670 }
671
672 if (Z_OBJ_HT_P(object)->get_property_ptr_ptr) {
673 zval **zptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property TSRMLS_CC);
674 if (zptr != NULL) { /* NULL means no success in getting PTR */
675 have_get_ptr = 1;
676 SEPARATE_ZVAL_IF_NOT_REF(zptr);
677
678 *retval = **zptr;
679 zendi_zval_copy_ctor(*retval);
680
681 incdec_op(*zptr);
682
683 }
684 }
685
686 if (!have_get_ptr) {
687 if (Z_OBJ_HT_P(object)->read_property && Z_OBJ_HT_P(object)->write_property) {
688 zval *z = Z_OBJ_HT_P(object)->read_property(object, property, BP_VAR_R TSRMLS_CC);
689 zval *z_copy;
690
691 if (Z_TYPE_P(z) == IS_OBJECT && Z_OBJ_HT_P(z)->get) {
692 zval *value = Z_OBJ_HT_P(z)->get(z TSRMLS_CC);
693
694 if (Z_REFCOUNT_P(z) == 0) {
695 GC_REMOVE_ZVAL_FROM_BUFFER(z);
696 zval_dtor(z);
697 FREE_ZVAL(z);
698 }
699 z = value;
700 }
701 *retval = *z;
702 zendi_zval_copy_ctor(*retval);
703 ALLOC_ZVAL(z_copy);
704 *z_copy = *z;
705 zendi_zval_copy_ctor(*z_copy);
706 INIT_PZVAL(z_copy);
707 incdec_op(z_copy);
708 Z_ADDREF_P(z);
709 Z_OBJ_HT_P(object)->write_property(object, property, z_copy TSRMLS_CC);
710 zval_ptr_dtor(&z_copy);
711 zval_ptr_dtor(&z);
712 } else {
713 zend_error(E_WARNING, "Attempt to increment/decrement property of non-object");
714 *retval = *EG(uninitialized_zval_ptr);
715 }
716 }
717
718 if (IS_OP2_TMP_FREE()) {
719 zval_ptr_dtor(&property);
720 } else {
721 FREE_OP2();
722 }
723 FREE_OP1_VAR_PTR();
724 ZEND_VM_NEXT_OPCODE();
725 }
726
727 ZEND_VM_HANDLER(134, ZEND_POST_INC_OBJ, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
728 {
729 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_post_incdec_property_helper, incdec_op, increment_function);
730 }
731
732 ZEND_VM_HANDLER(135, ZEND_POST_DEC_OBJ, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
733 {
734 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_post_incdec_property_helper, incdec_op, decrement_function);
735 }
736
737 ZEND_VM_HANDLER(34, ZEND_PRE_INC, VAR|CV, ANY)
738 {
739 zend_op *opline = EX(opline);
740 zend_free_op free_op1;
741 zval **var_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_RW);
742
743 if (OP1_TYPE == IS_VAR && !var_ptr) {
744 zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets");
745 }
746 if (OP1_TYPE == IS_VAR && *var_ptr == EG(error_zval_ptr)) {
747 if (!RETURN_VALUE_UNUSED(&opline->result)) {
748 AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr));
749 PZVAL_LOCK(EG(uninitialized_zval_ptr));
750 }
751 FREE_OP1_VAR_PTR();
752 ZEND_VM_NEXT_OPCODE();
753 }
754
755 SEPARATE_ZVAL_IF_NOT_REF(var_ptr);
756
757 if(Z_TYPE_PP(var_ptr) == IS_OBJECT && Z_OBJ_HANDLER_PP(var_ptr, get)
758 && Z_OBJ_HANDLER_PP(var_ptr, set)) {
759 /* proxy object */
760 zval *val = Z_OBJ_HANDLER_PP(var_ptr, get)(*var_ptr TSRMLS_CC);
761 Z_ADDREF_P(val);
762 increment_function(val);
763 Z_OBJ_HANDLER_PP(var_ptr, set)(var_ptr, val TSRMLS_CC);
764 zval_ptr_dtor(&val);
765 } else {
766 increment_function(*var_ptr);
767 }
768
769 if (!RETURN_VALUE_UNUSED(&opline->result)) {
770 AI_SET_PTR(EX_T(opline->result.u.var).var, *var_ptr);
771 PZVAL_LOCK(*var_ptr);
772 }
773
774 FREE_OP1_VAR_PTR();
775 ZEND_VM_NEXT_OPCODE();
776 }
777
778 ZEND_VM_HANDLER(35, ZEND_PRE_DEC, VAR|CV, ANY)
779 {
780 zend_op *opline = EX(opline);
781 zend_free_op free_op1;
782 zval **var_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_RW);
783
784 if (OP1_TYPE == IS_VAR && !var_ptr) {
785 zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets");
786 }
787 if (OP1_TYPE == IS_VAR && *var_ptr == EG(error_zval_ptr)) {
788 if (!RETURN_VALUE_UNUSED(&opline->result)) {
789 AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr));
790 PZVAL_LOCK(EG(uninitialized_zval_ptr));
791 }
792 FREE_OP1_VAR_PTR();
793 ZEND_VM_NEXT_OPCODE();
794 }
795
796 SEPARATE_ZVAL_IF_NOT_REF(var_ptr);
797
798 if(Z_TYPE_PP(var_ptr) == IS_OBJECT && Z_OBJ_HANDLER_PP(var_ptr, get)
799 && Z_OBJ_HANDLER_PP(var_ptr, set)) {
800 /* proxy object */
801 zval *val = Z_OBJ_HANDLER_PP(var_ptr, get)(*var_ptr TSRMLS_CC);
802 Z_ADDREF_P(val);
803 decrement_function(val);
804 Z_OBJ_HANDLER_PP(var_ptr, set)(var_ptr, val TSRMLS_CC);
805 zval_ptr_dtor(&val);
806 } else {
807 decrement_function(*var_ptr);
808 }
809
810 if (!RETURN_VALUE_UNUSED(&opline->result)) {
811 AI_SET_PTR(EX_T(opline->result.u.var).var, *var_ptr);
812 PZVAL_LOCK(*var_ptr);
813 }
814
815 FREE_OP1_VAR_PTR();
816 ZEND_VM_NEXT_OPCODE();
817 }
818
819 ZEND_VM_HANDLER(36, ZEND_POST_INC, VAR|CV, ANY)
820 {
821 zend_op *opline = EX(opline);
822 zend_free_op free_op1;
823 zval **var_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_RW);
824
825 if (OP1_TYPE == IS_VAR && !var_ptr) {
826 zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets");
827 }
828 if (OP1_TYPE == IS_VAR && *var_ptr == EG(error_zval_ptr)) {
829 if (!RETURN_VALUE_UNUSED(&opline->result)) {
830 EX_T(opline->result.u.var).tmp_var = *EG(uninitialized_zval_ptr);
831 }
832 FREE_OP1_VAR_PTR();
833 ZEND_VM_NEXT_OPCODE();
834 }
835
836 EX_T(opline->result.u.var).tmp_var = **var_ptr;
837 zendi_zval_copy_ctor(EX_T(opline->result.u.var).tmp_var);
838
839 SEPARATE_ZVAL_IF_NOT_REF(var_ptr);
840
841 if(Z_TYPE_PP(var_ptr) == IS_OBJECT && Z_OBJ_HANDLER_PP(var_ptr, get)
842 && Z_OBJ_HANDLER_PP(var_ptr, set)) {
843 /* proxy object */
844 zval *val = Z_OBJ_HANDLER_PP(var_ptr, get)(*var_ptr TSRMLS_CC);
845 Z_ADDREF_P(val);
846 increment_function(val);
847 Z_OBJ_HANDLER_PP(var_ptr, set)(var_ptr, val TSRMLS_CC);
848 zval_ptr_dtor(&val);
849 } else {
850 increment_function(*var_ptr);
851 }
852
853 FREE_OP1_VAR_PTR();
854 ZEND_VM_NEXT_OPCODE();
855 }
856
857 ZEND_VM_HANDLER(37, ZEND_POST_DEC, VAR|CV, ANY)
858 {
859 zend_op *opline = EX(opline);
860 zend_free_op free_op1;
861 zval **var_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_RW);
862
863 if (OP1_TYPE == IS_VAR && !var_ptr) {
864 zend_error_noreturn(E_ERROR, "Cannot increment/decrement overloaded objects nor string offsets");
865 }
866 if (OP1_TYPE == IS_VAR && *var_ptr == EG(error_zval_ptr)) {
867 if (!RETURN_VALUE_UNUSED(&opline->result)) {
868 EX_T(opline->result.u.var).tmp_var = *EG(uninitialized_zval_ptr);
869 }
870 FREE_OP1_VAR_PTR();
871 ZEND_VM_NEXT_OPCODE();
872 }
873
874 EX_T(opline->result.u.var).tmp_var = **var_ptr;
875 zendi_zval_copy_ctor(EX_T(opline->result.u.var).tmp_var);
876
877 SEPARATE_ZVAL_IF_NOT_REF(var_ptr);
878
879 if(Z_TYPE_PP(var_ptr) == IS_OBJECT && Z_OBJ_HANDLER_PP(var_ptr, get)
880 && Z_OBJ_HANDLER_PP(var_ptr, set)) {
881 /* proxy object */
882 zval *val = Z_OBJ_HANDLER_PP(var_ptr, get)(*var_ptr TSRMLS_CC);
883 Z_ADDREF_P(val);
884 decrement_function(val);
885 Z_OBJ_HANDLER_PP(var_ptr, set)(var_ptr, val TSRMLS_CC);
886 zval_ptr_dtor(&val);
887 } else {
888 decrement_function(*var_ptr);
889 }
890
891 FREE_OP1_VAR_PTR();
892 ZEND_VM_NEXT_OPCODE();
893 }
894
895 ZEND_VM_HANDLER(40, ZEND_ECHO, CONST|TMP|VAR|CV, ANY)
896 {
897 zend_op *opline = EX(opline);
898 zend_free_op free_op1;
899 zval *z = GET_OP1_ZVAL_PTR(BP_VAR_R);
900
901 if (OP1_TYPE == IS_TMP_VAR && Z_TYPE_P(z) == IS_OBJECT) {
902 INIT_PZVAL(z);
903 }
904 zend_print_variable(z);
905
906 FREE_OP1();
907 ZEND_VM_NEXT_OPCODE();
908 }
909
910 ZEND_VM_HANDLER(41, ZEND_PRINT, CONST|TMP|VAR|CV, ANY)
911 {
912 zend_op *opline = EX(opline);
913
914 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = 1;
915 Z_TYPE(EX_T(opline->result.u.var).tmp_var) = IS_LONG;
916
917 ZEND_VM_DISPATCH_TO_HANDLER(ZEND_ECHO);
918 }
919
920 ZEND_VM_HELPER_EX(zend_fetch_var_address_helper, CONST|TMP|VAR|CV, ANY, int type)
921 {
922 zend_op *opline = EX(opline);
923 zend_free_op free_op1;
924 zval *varname = GET_OP1_ZVAL_PTR(BP_VAR_R);
925 zval **retval;
926 zval tmp_varname;
927 HashTable *target_symbol_table;
928
929 if (OP1_TYPE != IS_CONST && Z_TYPE_P(varname) != IS_STRING) {
930 tmp_varname = *varname;
931 zval_copy_ctor(&tmp_varname);
932 convert_to_string(&tmp_varname);
933 varname = &tmp_varname;
934 }
935
936 if (opline->op2.u.EA.type == ZEND_FETCH_STATIC_MEMBER) {
937 retval = zend_std_get_static_property(EX_T(opline->op2.u.var).class_entry, Z_STRVAL_P(varname), Z_STRLEN_P(varname), 0 TSRMLS_CC);
938 FREE_OP1();
939 } else {
940 target_symbol_table = zend_get_target_symbol_table(opline, EX(Ts), type, varname TSRMLS_CC);
941 /*
942 if (!target_symbol_table) {
943 ZEND_VM_NEXT_OPCODE();
944 }
945 */
946 if (zend_hash_find(target_symbol_table, varname->value.str.val, varname->value.str.len+1, (void **) &retval) == FAILURE) {
947 switch (type) {
948 case BP_VAR_R:
949 case BP_VAR_UNSET:
950 zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname));
951 /* break missing intentionally */
952 case BP_VAR_IS:
953 retval = &EG(uninitialized_zval_ptr);
954 break;
955 case BP_VAR_RW:
956 zend_error(E_NOTICE,"Undefined variable: %s", Z_STRVAL_P(varname));
957 /* break missing intentionally */
958 case BP_VAR_W: {
959 zval *new_zval = &EG(uninitialized_zval);
960
961 Z_ADDREF_P(new_zval);
962 zend_hash_update(target_symbol_table, varname->value.str.val, varname->value.str.len+1, &new_zval, sizeof(zval *), (void **) &retval);
963 }
964 break;
965 EMPTY_SWITCH_DEFAULT_CASE()
966 }
967 }
968 switch (opline->op2.u.EA.type) {
969 case ZEND_FETCH_GLOBAL:
970 if (OP1_TYPE != IS_TMP_VAR) {
971 FREE_OP1();
972 }
973 break;
974 case ZEND_FETCH_LOCAL:
975 FREE_OP1();
976 break;
977 case ZEND_FETCH_STATIC:
978 zval_update_constant(retval, (void*) 1 TSRMLS_CC);
979 break;
980 case ZEND_FETCH_GLOBAL_LOCK:
981 if (OP1_TYPE == IS_VAR && !free_op1.var) {
982 PZVAL_LOCK(*EX_T(opline->op1.u.var).var.ptr_ptr);
983 }
984 break;
985 }
986 }
987
988
989 if (OP1_TYPE != IS_CONST && varname == &tmp_varname) {
990 zval_dtor(varname);
991 }
992 if (!RETURN_VALUE_UNUSED(&opline->result)) {
993 if (opline->extended_value & ZEND_FETCH_MAKE_REF) {
994 SEPARATE_ZVAL_TO_MAKE_IS_REF(retval);
995 }
996 PZVAL_LOCK(*retval);
997 switch (type) {
998 case BP_VAR_R:
999 case BP_VAR_IS:
1000 AI_SET_PTR(EX_T(opline->result.u.var).var, *retval);
1001 break;
1002 case BP_VAR_UNSET: {
1003 zend_free_op free_res;
1004
1005 EX_T(opline->result.u.var).var.ptr_ptr = retval;
1006 PZVAL_UNLOCK(*EX_T(opline->result.u.var).var.ptr_ptr, &free_res);
1007 if (EX_T(opline->result.u.var).var.ptr_ptr != &EG(uninitialized_zval_ptr)) {
1008 SEPARATE_ZVAL_IF_NOT_REF(EX_T(opline->result.u.var).var.ptr_ptr);
1009 }
1010 PZVAL_LOCK(*EX_T(opline->result.u.var).var.ptr_ptr);
1011 FREE_OP_VAR_PTR(free_res);
1012 break;
1013 default:
1014 EX_T(opline->result.u.var).var.ptr_ptr = retval;
1015 break;
1016 }
1017 }
1018 }
1019 ZEND_VM_NEXT_OPCODE();
1020 }
1021
1022 ZEND_VM_HANDLER(80, ZEND_FETCH_R, CONST|TMP|VAR|CV, ANY)
1023 {
1024 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_fetch_var_address_helper, type, BP_VAR_R);
1025 }
1026
1027 ZEND_VM_HANDLER(83, ZEND_FETCH_W, CONST|TMP|VAR|CV, ANY)
1028 {
1029 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_fetch_var_address_helper, type, BP_VAR_W);
1030 }
1031
1032 ZEND_VM_HANDLER(86, ZEND_FETCH_RW, CONST|TMP|VAR|CV, ANY)
1033 {
1034 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_fetch_var_address_helper, type, BP_VAR_RW);
1035 }
1036
1037 ZEND_VM_HANDLER(92, ZEND_FETCH_FUNC_ARG, CONST|TMP|VAR|CV, ANY)
1038 {
1039 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_fetch_var_address_helper, type,
1040 ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), EX(opline)->extended_value)?BP_VAR_W:BP_VAR_R);
1041 }
1042
1043 ZEND_VM_HANDLER(95, ZEND_FETCH_UNSET, CONST|TMP|VAR|CV, ANY)
1044 {
1045 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_fetch_var_address_helper, type, BP_VAR_UNSET);
1046 }
1047
1048 ZEND_VM_HANDLER(89, ZEND_FETCH_IS, CONST|TMP|VAR|CV, ANY)
1049 {
1050 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_fetch_var_address_helper, type, BP_VAR_IS);
1051 }
1052
1053 ZEND_VM_HANDLER(81, ZEND_FETCH_DIM_R, VAR|CV, CONST|TMP|VAR|CV)
1054 {
1055 zend_op *opline = EX(opline);
1056 zend_free_op free_op1, free_op2;
1057 zval *dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
1058 zval **container;
1059
1060 if (opline->extended_value == ZEND_FETCH_ADD_LOCK &&
1061 OP1_TYPE != IS_CV &&
1062 EX_T(opline->op1.u.var).var.ptr_ptr) {
1063 PZVAL_LOCK(*EX_T(opline->op1.u.var).var.ptr_ptr);
1064 }
1065 container = GET_OP1_ZVAL_PTR_PTR(BP_VAR_R);
1066 if (OP1_TYPE == IS_VAR && !container) {
1067 zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
1068 }
1069 zend_fetch_dimension_address_read(RETURN_VALUE_UNUSED(&opline->result)?NULL:&EX_T(opline->result.u.var), container, dim, IS_OP2_TMP_FREE(), BP_VAR_R TSRMLS_CC);
1070 FREE_OP2();
1071 FREE_OP1_VAR_PTR();
1072 ZEND_VM_NEXT_OPCODE();
1073 }
1074
1075 ZEND_VM_HANDLER(84, ZEND_FETCH_DIM_W, VAR|CV, CONST|TMP|VAR|UNUSED|CV)
1076 {
1077 zend_op *opline = EX(opline);
1078 zend_free_op free_op1, free_op2;
1079 zval *dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
1080 zval **container = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W);
1081
1082 if (OP1_TYPE == IS_VAR && !container) {
1083 zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
1084 }
1085 zend_fetch_dimension_address(&EX_T(opline->result.u.var), container, dim, IS_OP2_TMP_FREE(), BP_VAR_W TSRMLS_CC);
1086 FREE_OP2();
1087 if (OP1_TYPE == IS_VAR && OP1_FREE &&
1088 READY_TO_DESTROY(free_op1.var)) {
1089 AI_USE_PTR(EX_T(opline->result.u.var).var);
1090 if (!PZVAL_IS_REF(*EX_T(opline->result.u.var).var.ptr_ptr) &&
1091 Z_REFCOUNT_PP(EX_T(opline->result.u.var).var.ptr_ptr) > 2) {
1092 SEPARATE_ZVAL(EX_T(opline->result.u.var).var.ptr_ptr);
1093 }
1094 }
1095 FREE_OP1_VAR_PTR();
1096
1097 /* We are going to assign the result by reference */
1098 if (opline->extended_value && EX_T(opline->result.u.var).var.ptr_ptr) {
1099 Z_DELREF_PP(EX_T(opline->result.u.var).var.ptr_ptr);
1100 SEPARATE_ZVAL_TO_MAKE_IS_REF(EX_T(opline->result.u.var).var.ptr_ptr);
1101 Z_ADDREF_PP(EX_T(opline->result.u.var).var.ptr_ptr);
1102 }
1103
1104 ZEND_VM_NEXT_OPCODE();
1105 }
1106
1107 ZEND_VM_HANDLER(87, ZEND_FETCH_DIM_RW, VAR|CV, CONST|TMP|VAR|UNUSED|CV)
1108 {
1109 zend_op *opline = EX(opline);
1110 zend_free_op free_op1, free_op2;
1111 zval *dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
1112 zval **container = GET_OP1_ZVAL_PTR_PTR(BP_VAR_RW);
1113
1114 if (OP1_TYPE == IS_VAR && !container) {
1115 zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
1116 }
1117 zend_fetch_dimension_address(&EX_T(opline->result.u.var), container, dim, IS_OP2_TMP_FREE(), BP_VAR_RW TSRMLS_CC);
1118 FREE_OP2();
1119 if (OP1_TYPE == IS_VAR && OP1_FREE &&
1120 READY_TO_DESTROY(free_op1.var)) {
1121 AI_USE_PTR(EX_T(opline->result.u.var).var);
1122 if (!PZVAL_IS_REF(*EX_T(opline->result.u.var).var.ptr_ptr) &&
1123 Z_REFCOUNT_PP(EX_T(opline->result.u.var).var.ptr_ptr) > 2) {
1124 SEPARATE_ZVAL(EX_T(opline->result.u.var).var.ptr_ptr);
1125 }
1126 }
1127 FREE_OP1_VAR_PTR();
1128 ZEND_VM_NEXT_OPCODE();
1129 }
1130
1131 ZEND_VM_HANDLER(90, ZEND_FETCH_DIM_IS, VAR|CV, CONST|TMP|VAR|CV)
1132 {
1133 zend_op *opline = EX(opline);
1134 zend_free_op free_op1, free_op2;
1135 zval *dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
1136 zval **container = GET_OP1_ZVAL_PTR_PTR(BP_VAR_IS);
1137
1138 if (OP1_TYPE == IS_VAR && !container) {
1139 zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
1140 }
1141 zend_fetch_dimension_address_read(&EX_T(opline->result.u.var), container, dim, IS_OP2_TMP_FREE(), BP_VAR_IS TSRMLS_CC);
1142 FREE_OP2();
1143 FREE_OP1_VAR_PTR();
1144 ZEND_VM_NEXT_OPCODE();
1145 }
1146
1147 ZEND_VM_HANDLER(93, ZEND_FETCH_DIM_FUNC_ARG, VAR|CV, CONST|TMP|VAR|UNUSED|CV)
1148 {
1149 zend_op *opline = EX(opline);
1150 zend_free_op free_op1, free_op2;
1151 zval *dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
1152 zval **container;
1153
1154 if (ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->extended_value)) {
1155 container = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W);
1156 if (OP1_TYPE == IS_VAR && !container) {
1157 zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
1158 }
1159 zend_fetch_dimension_address(&EX_T(opline->result.u.var), container, dim, IS_OP2_TMP_FREE(), BP_VAR_W TSRMLS_CC);
1160 if (OP1_TYPE == IS_VAR && OP1_FREE &&
1161 READY_TO_DESTROY(free_op1.var)) {
1162 AI_USE_PTR(EX_T(opline->result.u.var).var);
1163 if (!PZVAL_IS_REF(*EX_T(opline->result.u.var).var.ptr_ptr) &&
1164 Z_REFCOUNT_PP(EX_T(opline->result.u.var).var.ptr_ptr) > 2) {
1165 SEPARATE_ZVAL(EX_T(opline->result.u.var).var.ptr_ptr);
1166 }
1167 }
1168 } else {
1169 if (OP2_TYPE == IS_UNUSED) {
1170 zend_error_noreturn(E_ERROR, "Cannot use [] for reading");
1171 }
1172 container = GET_OP1_ZVAL_PTR_PTR(BP_VAR_R);
1173 if (OP1_TYPE == IS_VAR && !container) {
1174 zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
1175 }
1176 zend_fetch_dimension_address_read(&EX_T(opline->result.u.var), container, dim, IS_OP2_TMP_FREE(), BP_VAR_R TSRMLS_CC);
1177 }
1178 FREE_OP2();
1179 FREE_OP1_VAR_PTR();
1180 ZEND_VM_NEXT_OPCODE();
1181 }
1182
1183 ZEND_VM_HANDLER(96, ZEND_FETCH_DIM_UNSET, VAR|CV, CONST|TMP|VAR|CV)
1184 {
1185 zend_op *opline = EX(opline);
1186 zend_free_op free_op1, free_op2;
1187 zval **container = GET_OP1_ZVAL_PTR_PTR(BP_VAR_UNSET);
1188 zval *dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
1189
1190 /* Not needed in DIM_UNSET
1191 if (opline->extended_value == ZEND_FETCH_ADD_LOCK) {
1192 PZVAL_LOCK(*EX_T(opline->op1.u.var).var.ptr_ptr);
1193 }
1194 */
1195 if (OP1_TYPE == IS_CV) {
1196 if (container != &EG(uninitialized_zval_ptr)) {
1197 SEPARATE_ZVAL_IF_NOT_REF(container);
1198 }
1199 }
1200 if (OP1_TYPE == IS_VAR && !container) {
1201 zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
1202 }
1203 zend_fetch_dimension_address(&EX_T(opline->result.u.var), container, dim, IS_OP2_TMP_FREE(), BP_VAR_UNSET TSRMLS_CC);
1204 FREE_OP2();
1205 if (OP1_TYPE == IS_VAR && OP1_FREE &&
1206 READY_TO_DESTROY(free_op1.var)) {
1207 AI_USE_PTR(EX_T(opline->result.u.var).var);
1208 if (!PZVAL_IS_REF(*EX_T(opline->result.u.var).var.ptr_ptr) &&
1209 Z_REFCOUNT_PP(EX_T(opline->result.u.var).var.ptr_ptr) > 2) {
1210 SEPARATE_ZVAL(EX_T(opline->result.u.var).var.ptr_ptr);
1211 }
1212 }
1213 FREE_OP1_VAR_PTR();
1214 if (EX_T(opline->result.u.var).var.ptr_ptr == NULL) {
1215 zend_error_noreturn(E_ERROR, "Cannot unset string offsets");
1216 } else {
1217 zend_free_op free_res;
1218
1219 PZVAL_UNLOCK(*EX_T(opline->result.u.var).var.ptr_ptr, &free_res);
1220 if (EX_T(opline->result.u.var).var.ptr_ptr != &EG(uninitialized_zval_ptr)) {
1221 SEPARATE_ZVAL_IF_NOT_REF(EX_T(opline->result.u.var).var.ptr_ptr);
1222 }
1223 PZVAL_LOCK(*EX_T(opline->result.u.var).var.ptr_ptr);
1224 FREE_OP_VAR_PTR(free_res);
1225 }
1226 ZEND_VM_NEXT_OPCODE();
1227 }
1228
1229 ZEND_VM_HELPER_EX(zend_fetch_property_address_read_helper, VAR|UNUSED|CV, CONST|TMP|VAR|CV, int type)
1230 {
1231 zend_op *opline = EX(opline);
1232 zend_free_op free_op1;
1233 zval *container = GET_OP1_OBJ_ZVAL_PTR(type);
1234 zend_free_op free_op2;
1235 zval *offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
1236
1237 if (Z_TYPE_P(container) != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) {
1238 if (type != BP_VAR_IS) {
1239 zend_error(E_NOTICE, "Trying to get property of non-object");
1240 }
1241 if (!RETURN_VALUE_UNUSED(&opline->result)) {
1242 AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr));
1243 PZVAL_LOCK(EG(uninitialized_zval_ptr));
1244 }
1245 FREE_OP2();
1246 } else {
1247 zval *retval;
1248
1249 if (IS_OP2_TMP_FREE()) {
1250 MAKE_REAL_ZVAL_PTR(offset);
1251 }
1252
1253 /* here we are sure we are dealing with an object */
1254 retval = Z_OBJ_HT_P(container)->read_property(container, offset, type TSRMLS_CC);
1255
1256 if (RETURN_VALUE_UNUSED(&opline->result)) {
1257 if (Z_REFCOUNT_P(retval) == 0) {
1258 GC_REMOVE_ZVAL_FROM_BUFFER(retval);
1259 zval_dtor(retval);
1260 FREE_ZVAL(retval);
1261 }
1262 } else {
1263 AI_SET_PTR(EX_T(opline->result.u.var).var, retval);
1264 PZVAL_LOCK(retval);
1265 }
1266
1267 if (IS_OP2_TMP_FREE()) {
1268 zval_ptr_dtor(&offset);
1269 } else {
1270 FREE_OP2();
1271 }
1272 }
1273
1274 FREE_OP1();
1275 ZEND_VM_NEXT_OPCODE();
1276 }
1277
1278 ZEND_VM_HANDLER(82, ZEND_FETCH_OBJ_R, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
1279 {
1280 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_fetch_property_address_read_helper, type, BP_VAR_R);
1281 }
1282
1283 ZEND_VM_HANDLER(85, ZEND_FETCH_OBJ_W, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
1284 {
1285 zend_op *opline = EX(opline);
1286 zend_free_op free_op1, free_op2;
1287 zval *property = GET_OP2_ZVAL_PTR(BP_VAR_R);
1288 zval **container;
1289
1290 if (OP1_TYPE == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) {
1291 PZVAL_LOCK(*EX_T(opline->op1.u.var).var.ptr_ptr);
1292 EX_T(opline->op1.u.var).var.ptr = *EX_T(opline->op1.u.var).var.ptr_ptr;
1293 }
1294
1295 if (IS_OP2_TMP_FREE()) {
1296 MAKE_REAL_ZVAL_PTR(property);
1297 }
1298 container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_W);
1299 if (OP1_TYPE == IS_VAR && !container) {
1300 zend_error_noreturn(E_ERROR, "Cannot use string offset as an object");
1301 }
1302 zend_fetch_property_address(&EX_T(opline->result.u.var), container, property, BP_VAR_W TSRMLS_CC);
1303 if (IS_OP2_TMP_FREE()) {
1304 zval_ptr_dtor(&property);
1305 } else {
1306 FREE_OP2();
1307 }
1308 if (OP1_TYPE == IS_VAR && OP1_FREE &&
1309 READY_TO_DESTROY(free_op1.var)) {
1310 AI_USE_PTR(EX_T(opline->result.u.var).var);
1311 if (!PZVAL_IS_REF(*EX_T(opline->result.u.var).var.ptr_ptr) &&
1312 Z_REFCOUNT_PP(EX_T(opline->result.u.var).var.ptr_ptr) > 2) {
1313 SEPARATE_ZVAL(EX_T(opline->result.u.var).var.ptr_ptr);
1314 }
1315 }
1316 FREE_OP1_VAR_PTR();
1317
1318 /* We are going to assign the result by reference */
1319 if (opline->extended_value & ZEND_FETCH_MAKE_REF) {
1320 Z_DELREF_PP(EX_T(opline->result.u.var).var.ptr_ptr);
1321 SEPARATE_ZVAL_TO_MAKE_IS_REF(EX_T(opline->result.u.var).var.ptr_ptr);
1322 Z_ADDREF_PP(EX_T(opline->result.u.var).var.ptr_ptr);
1323 }
1324
1325 ZEND_VM_NEXT_OPCODE();
1326 }
1327
1328 ZEND_VM_HANDLER(88, ZEND_FETCH_OBJ_RW, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
1329 {
1330 zend_op *opline = EX(opline);
1331 zend_free_op free_op1, free_op2;
1332 zval *property = GET_OP2_ZVAL_PTR(BP_VAR_R);
1333 zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_RW);
1334
1335 if (IS_OP2_TMP_FREE()) {
1336 MAKE_REAL_ZVAL_PTR(property);
1337 }
1338 if (OP1_TYPE == IS_VAR && !container) {
1339 zend_error_noreturn(E_ERROR, "Cannot use string offset as an object");
1340 }
1341 zend_fetch_property_address(&EX_T(opline->result.u.var), container, property, BP_VAR_RW TSRMLS_CC);
1342 if (IS_OP2_TMP_FREE()) {
1343 zval_ptr_dtor(&property);
1344 } else {
1345 FREE_OP2();
1346 }
1347 if (OP1_TYPE == IS_VAR && OP1_FREE &&
1348 READY_TO_DESTROY(free_op1.var)) {
1349 AI_USE_PTR(EX_T(opline->result.u.var).var);
1350 if (!PZVAL_IS_REF(*EX_T(opline->result.u.var).var.ptr_ptr) &&
1351 Z_REFCOUNT_PP(EX_T(opline->result.u.var).var.ptr_ptr) > 2) {
1352 SEPARATE_ZVAL(EX_T(opline->result.u.var).var.ptr_ptr);
1353 }
1354 }
1355 FREE_OP1_VAR_PTR();
1356 ZEND_VM_NEXT_OPCODE();
1357 }
1358
1359 ZEND_VM_HANDLER(91, ZEND_FETCH_OBJ_IS, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
1360 {
1361 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_fetch_property_address_read_helper, type, BP_VAR_IS);
1362 }
1363
1364 ZEND_VM_HANDLER(94, ZEND_FETCH_OBJ_FUNC_ARG, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
1365 {
1366 zend_op *opline = EX(opline);
1367
1368 if (ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->extended_value)) {
1369 /* Behave like FETCH_OBJ_W */
1370 zend_free_op free_op1, free_op2;
1371 zval *property = GET_OP2_ZVAL_PTR(BP_VAR_R);
1372 zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_W);
1373
1374 if (IS_OP2_TMP_FREE()) {
1375 MAKE_REAL_ZVAL_PTR(property);
1376 }
1377 if (OP1_TYPE == IS_VAR && !container) {
1378 zend_error_noreturn(E_ERROR, "Cannot use string offset as an object");
1379 }
1380 zend_fetch_property_address(&EX_T(opline->result.u.var), container, property, BP_VAR_W TSRMLS_CC);
1381 if (IS_OP2_TMP_FREE()) {
1382 zval_ptr_dtor(&property);
1383 } else {
1384 FREE_OP2();
1385 }
1386 if (OP1_TYPE == IS_VAR && OP1_FREE &&
1387 READY_TO_DESTROY(free_op1.var)) {
1388 AI_USE_PTR(EX_T(opline->result.u.var).var);
1389 if (!PZVAL_IS_REF(*EX_T(opline->result.u.var).var.ptr_ptr) &&
1390 Z_REFCOUNT_PP(EX_T(opline->result.u.var).var.ptr_ptr) > 2) {
1391 SEPARATE_ZVAL(EX_T(opline->result.u.var).var.ptr_ptr);
1392 }
1393 }
1394 FREE_OP1_VAR_PTR();
1395 ZEND_VM_NEXT_OPCODE();
1396 } else {
1397 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_fetch_property_address_read_helper, type, BP_VAR_R);
1398 }
1399 }
1400
1401 ZEND_VM_HANDLER(97, ZEND_FETCH_OBJ_UNSET, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
1402 {
1403 zend_op *opline = EX(opline);
1404 zend_free_op free_op1, free_op2, free_res;
1405 zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_R);
1406 zval *property = GET_OP2_ZVAL_PTR(BP_VAR_R);
1407
1408 if (OP1_TYPE == IS_CV) {
1409 if (container != &EG(uninitialized_zval_ptr)) {
1410 SEPARATE_ZVAL_IF_NOT_REF(container);
1411 }
1412 }
1413 if (IS_OP2_TMP_FREE()) {
1414 MAKE_REAL_ZVAL_PTR(property);
1415 }
1416 if (OP1_TYPE == IS_VAR && !container) {
1417 zend_error_noreturn(E_ERROR, "Cannot use string offset as an object");
1418 }
1419 zend_fetch_property_address(&EX_T(opline->result.u.var), container, property, BP_VAR_UNSET TSRMLS_CC);
1420 if (IS_OP2_TMP_FREE()) {
1421 zval_ptr_dtor(&property);
1422 } else {
1423 FREE_OP2();
1424 }
1425 if (OP1_TYPE == IS_VAR && OP1_FREE &&
1426 READY_TO_DESTROY(free_op1.var)) {
1427 AI_USE_PTR(EX_T(opline->result.u.var).var);
1428 if (!PZVAL_IS_REF(*EX_T(opline->result.u.var).var.ptr_ptr) &&
1429 Z_REFCOUNT_PP(EX_T(opline->result.u.var).var.ptr_ptr) > 2) {
1430 SEPARATE_ZVAL(EX_T(opline->result.u.var).var.ptr_ptr);
1431 }
1432 }
1433 FREE_OP1_VAR_PTR();
1434
1435 PZVAL_UNLOCK(*EX_T(opline->result.u.var).var.ptr_ptr, &free_res);
1436 if (EX_T(opline->result.u.var).var.ptr_ptr != &EG(uninitialized_zval_ptr)) {
1437 SEPARATE_ZVAL_IF_NOT_REF(EX_T(opline->result.u.var).var.ptr_ptr);
1438 }
1439 PZVAL_LOCK(*EX_T(opline->result.u.var).var.ptr_ptr);
1440 FREE_OP_VAR_PTR(free_res);
1441 ZEND_VM_NEXT_OPCODE();
1442 }
1443
1444 ZEND_VM_HANDLER(98, ZEND_FETCH_DIM_TMP_VAR, CONST|TMP, CONST)
1445 {
1446 zend_op *opline = EX(opline);
1447 zend_free_op free_op1;
1448 zval *container = GET_OP1_ZVAL_PTR(BP_VAR_R);
1449
1450 if (Z_TYPE_P(container) != IS_ARRAY) {
1451 if (!RETURN_VALUE_UNUSED(&opline->result)) {
1452 AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr));
1453 PZVAL_LOCK(EG(uninitialized_zval_ptr));
1454 }
1455 } else {
1456 zend_free_op free_op2;
1457 zval *dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
1458
1459 AI_SET_PTR(EX_T(opline->result.u.var).var, *zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), dim, BP_VAR_R TSRMLS_CC));
1460 SELECTIVE_PZVAL_LOCK(EX_T(opline->result.u.var).var.ptr, &opline->result);
1461 FREE_OP2();
1462 }
1463 ZEND_VM_NEXT_OPCODE();
1464 }
1465
1466 ZEND_VM_HANDLER(136, ZEND_ASSIGN_OBJ, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
1467 {
1468 zend_op *opline = EX(opline);
1469 zend_op *op_data = opline+1;
1470 zend_free_op free_op1, free_op2;
1471 zval **object_ptr = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_W);
1472 zval *property_name = GET_OP2_ZVAL_PTR(BP_VAR_R);
1473
1474 if (IS_OP2_TMP_FREE()) {
1475 MAKE_REAL_ZVAL_PTR(property_name);
1476 }
1477 if (OP1_TYPE == IS_VAR && !object_ptr) {
1478 zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
1479 }
1480 zend_assign_to_object(&opline->result, object_ptr, property_name, &op_data->op1, EX(Ts), ZEND_ASSIGN_OBJ TSRMLS_CC);
1481 if (IS_OP2_TMP_FREE()) {
1482 zval_ptr_dtor(&property_name);
1483 } else {
1484 FREE_OP2();
1485 }
1486 FREE_OP1_VAR_PTR();
1487 /* assign_obj has two opcodes! */
1488 ZEND_VM_INC_OPCODE();
1489 ZEND_VM_NEXT_OPCODE();
1490 }
1491
1492 ZEND_VM_HANDLER(147, ZEND_ASSIGN_DIM, VAR|CV, CONST|TMP|VAR|UNUSED|CV)
1493 {
1494 zend_op *opline = EX(opline);
1495 zend_op *op_data = opline+1;
1496 zend_free_op free_op1;
1497 zval **object_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W);
1498
1499 if (OP1_TYPE == IS_VAR && !object_ptr) {
1500 zend_error_noreturn(E_ERROR, "Cannot use string offset as an array");
1501 }
1502 if (Z_TYPE_PP(object_ptr) == IS_OBJECT) {
1503 zend_free_op free_op2;
1504 zval *property_name = GET_OP2_ZVAL_PTR(BP_VAR_R);
1505
1506 if (IS_OP2_TMP_FREE()) {
1507 MAKE_REAL_ZVAL_PTR(property_name);
1508 }
1509 zend_assign_to_object(&opline->result, object_ptr, property_name, &op_data->op1, EX(Ts), ZEND_ASSIGN_DIM TSRMLS_CC);
1510 if (IS_OP2_TMP_FREE()) {
1511 zval_ptr_dtor(&property_name);
1512 } else {
1513 FREE_OP2();
1514 }
1515 } else {
1516 zend_free_op free_op2, free_op_data1, free_op_data2;
1517 zval *value;
1518 zval *dim = GET_OP2_ZVAL_PTR(BP_VAR_R);
1519 zval **variable_ptr_ptr;
1520
1521 zend_fetch_dimension_address(&EX_T(op_data->op2.u.var), object_ptr, dim, IS_OP2_TMP_FREE(), BP_VAR_W TSRMLS_CC);
1522 FREE_OP2();
1523
1524 value = get_zval_ptr(&op_data->op1, EX(Ts), &free_op_data1, BP_VAR_R);
1525 variable_ptr_ptr = _get_zval_ptr_ptr_var(&op_data->op2, EX(Ts), &free_op_data2 TSRMLS_CC);
1526 if (!variable_ptr_ptr) {
1527 if (zend_assign_to_string_offset(&EX_T(op_data->op2.u.var), value, op_data->op1.op_type TSRMLS_CC)) {
1528 if (!RETURN_VALUE_UNUSED(&opline->result)) {
1529 EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
1530 ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
1531 INIT_PZVAL(EX_T(opline->result.u.var).var.ptr);
1532 ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(op_data->op2.u.var).str_offset.str)+EX_T(op_data->op2.u.var).str_offset.offset, 1, 1);
1533 }
1534 } else if (!RETURN_VALUE_UNUSED(&opline->result)) {
1535 AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr));
1536 PZVAL_LOCK(EG(uninitialized_zval_ptr));
1537 }
1538 } else {
1539 value = zend_assign_to_variable(variable_ptr_ptr, value, IS_TMP_FREE(free_op_data1) TSRMLS_CC);
1540 if (!RETURN_VALUE_UNUSED(&opline->result)) {
1541 AI_SET_PTR(EX_T(opline->result.u.var).var, value);
1542 PZVAL_LOCK(value);
1543 }
1544 }
1545 FREE_OP_VAR_PTR(free_op_data2);
1546 FREE_OP_IF_VAR(free_op_data1);
1547 }
1548 FREE_OP1_VAR_PTR();
1549 /* assign_dim has two opcodes! */
1550 ZEND_VM_INC_OPCODE();
1551 ZEND_VM_NEXT_OPCODE();
1552 }
1553
1554 ZEND_VM_HANDLER(38, ZEND_ASSIGN, VAR|CV, CONST|TMP|VAR|CV)
1555 {
1556 zend_op *opline = EX(opline);
1557 zend_free_op free_op1, free_op2;
1558 zval *value = GET_OP2_ZVAL_PTR(BP_VAR_R);
1559 zval **variable_ptr_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W);
1560
1561 if (OP1_TYPE == IS_VAR && !variable_ptr_ptr) {
1562 if (zend_assign_to_string_offset(&EX_T(opline->op1.u.var), value, OP2_TYPE TSRMLS_CC)) {
1563 if (!RETURN_VALUE_UNUSED(&opline->result)) {
1564 EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
1565 ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
1566 INIT_PZVAL(EX_T(opline->result.u.var).var.ptr);
1567 ZVAL_STRINGL(EX_T(opline->result.u.var).var.ptr, Z_STRVAL_P(EX_T(opline->op1.u.var).str_offset.str)+EX_T(opline->op1.u.var).str_offset.offset, 1, 1);
1568 }
1569 } else if (!RETURN_VALUE_UNUSED(&opline->result)) {
1570 AI_SET_PTR(EX_T(opline->result.u.var).var, EG(uninitialized_zval_ptr));
1571 PZVAL_LOCK(EG(uninitialized_zval_ptr));
1572 }
1573 } else {
1574 value = zend_assign_to_variable(variable_ptr_ptr, value, IS_OP2_TMP_FREE() TSRMLS_CC);
1575 if (!RETURN_VALUE_UNUSED(&opline->result)) {
1576 AI_SET_PTR(EX_T(opline->result.u.var).var, value);
1577 PZVAL_LOCK(value);
1578 }
1579 }
1580
1581 FREE_OP1_VAR_PTR();
1582
1583 /* zend_assign_to_variable() always takes care of op2, never free it! */
1584 FREE_OP2_IF_VAR();
1585
1586 ZEND_VM_NEXT_OPCODE();
1587 }
1588
1589 ZEND_VM_HANDLER(39, ZEND_ASSIGN_REF, VAR|CV, VAR|CV)
1590 {
1591 zend_op *opline = EX(opline);
1592 zend_free_op free_op1, free_op2;
1593 zval **variable_ptr_ptr;
1594 zval **value_ptr_ptr = GET_OP2_ZVAL_PTR_PTR(BP_VAR_W);
1595
1596 if (OP2_TYPE == IS_VAR &&
1597 value_ptr_ptr &&
1598 !Z_ISREF_PP(value_ptr_ptr) &&
1599 opline->extended_value == ZEND_RETURNS_FUNCTION &&
1600 !EX_T(opline->op2.u.var).var.fcall_returned_reference) {
1601 if (free_op2.var == NULL) {
1602 PZVAL_LOCK(*value_ptr_ptr); /* undo the effect of get_zval_ptr_ptr() */
1603 }
1604 zend_error(E_STRICT, "Only variables should be assigned by reference");
1605 if (UNEXPECTED(EG(exception) != NULL)) {
1606 FREE_OP2_VAR_PTR();
1607 ZEND_VM_NEXT_OPCODE();
1608 }
1609 ZEND_VM_DISPATCH_TO_HANDLER(ZEND_ASSIGN);
1610 } else if (OP2_TYPE == IS_VAR && opline->extended_value == ZEND_RETURNS_NEW) {
1611 PZVAL_LOCK(*value_ptr_ptr);
1612 }
1613 if (OP1_TYPE == IS_VAR && EX_T(opline->op1.u.var).var.ptr_ptr == &EX_T(opline->op1.u.var).var.ptr) {
1614 zend_error_noreturn(E_ERROR, "Cannot assign by reference to overloaded object");
1615 }
1616
1617 variable_ptr_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W);
1618 if ((OP2_TYPE == IS_VAR && !value_ptr_ptr) ||
1619 (OP1_TYPE == IS_VAR && !variable_ptr_ptr)) {
1620 zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets nor overloaded objects");
1621 }
1622 zend_assign_to_variable_reference(variable_ptr_ptr, value_ptr_ptr TSRMLS_CC);
1623
1624 if (OP2_TYPE == IS_VAR && opline->extended_value == ZEND_RETURNS_NEW) {
1625 Z_DELREF_PP(variable_ptr_ptr);
1626 }
1627
1628 if (!RETURN_VALUE_UNUSED(&opline->result)) {
1629 AI_SET_PTR(EX_T(opline->result.u.var).var, *variable_ptr_ptr);
1630 PZVAL_LOCK(*variable_ptr_ptr);
1631 }
1632
1633 FREE_OP1_VAR_PTR();
1634 FREE_OP2_VAR_PTR();
1635
1636 ZEND_VM_NEXT_OPCODE();
1637 }
1638
1639 ZEND_VM_HANDLER(42, ZEND_JMP, ANY, ANY)
1640 {
1641 #if DEBUG_ZEND>=2
1642 printf("Jumping to %d\n", EX(opline)->op1.u.opline_num);
1643 #endif
1644 ZEND_VM_SET_OPCODE(EX(opline)->op1.u.jmp_addr);
1645 ZEND_VM_CONTINUE(); /* CHECK_ME */
1646 }
1647
1648 ZEND_VM_HANDLER(43, ZEND_JMPZ, CONST|TMP|VAR|CV, ANY)
1649 {
1650 zend_op *opline = EX(opline);
1651 zend_free_op free_op1;
1652 zval *val = GET_OP1_ZVAL_PTR(BP_VAR_R);
1653 int ret;
1654
1655 if (OP1_TYPE == IS_TMP_VAR && Z_TYPE_P(val) == IS_BOOL) {
1656 ret = Z_LVAL_P(val);
1657 } else {
1658 ret = i_zend_is_true(val);
1659 FREE_OP1();
1660 if (UNEXPECTED(EG(exception) != NULL)) {
1661 ZEND_VM_CONTINUE();
1662 }
1663 }
1664 if (!ret) {
1665 #if DEBUG_ZEND>=2
1666 printf("Conditional jmp to %d\n", opline->op2.u.opline_num);
1667 #endif
1668 ZEND_VM_SET_OPCODE(opline->op2.u.jmp_addr);
1669 ZEND_VM_CONTINUE();
1670 }
1671
1672 ZEND_VM_NEXT_OPCODE();
1673 }
1674
1675 ZEND_VM_HANDLER(44, ZEND_JMPNZ, CONST|TMP|VAR|CV, ANY)
1676 {
1677 zend_op *opline = EX(opline);
1678 zend_free_op free_op1;
1679 zval *val = GET_OP1_ZVAL_PTR(BP_VAR_R);
1680 int ret;
1681
1682 if (OP1_TYPE == IS_TMP_VAR && Z_TYPE_P(val) == IS_BOOL) {
1683 ret = Z_LVAL_P(val);
1684 } else {
1685 ret = i_zend_is_true(val);
1686 FREE_OP1();
1687 if (UNEXPECTED(EG(exception) != NULL)) {
1688 ZEND_VM_CONTINUE();
1689 }
1690 }
1691 if (ret) {
1692 #if DEBUG_ZEND>=2
1693 printf("Conditional jmp to %d\n", opline->op2.u.opline_num);
1694 #endif
1695 ZEND_VM_SET_OPCODE(opline->op2.u.jmp_addr);
1696 ZEND_VM_CONTINUE();
1697 }
1698
1699 ZEND_VM_NEXT_OPCODE();
1700 }
1701
1702 ZEND_VM_HANDLER(45, ZEND_JMPZNZ, CONST|TMP|VAR|CV, ANY)
1703 {
1704 zend_op *opline = EX(opline);
1705 zend_free_op free_op1;
1706 zval *val = GET_OP1_ZVAL_PTR(BP_VAR_R);
1707 int retval;
1708
1709 if (OP1_TYPE == IS_TMP_VAR && Z_TYPE_P(val) == IS_BOOL) {
1710 retval = Z_LVAL_P(val);
1711 } else {
1712 retval = i_zend_is_true(val);
1713 FREE_OP1();
1714 if (UNEXPECTED(EG(exception) != NULL)) {
1715 ZEND_VM_CONTINUE();
1716 }
1717 }
1718 if (EXPECTED(retval != 0)) {
1719 #if DEBUG_ZEND>=2
1720 printf("Conditional jmp on true to %d\n", opline->extended_value);
1721 #endif
1722 ZEND_VM_SET_OPCODE(&EX(op_array)->opcodes[opline->extended_value]);
1723 ZEND_VM_CONTINUE(); /* CHECK_ME */
1724 } else {
1725 #if DEBUG_ZEND>=2
1726 printf("Conditional jmp on false to %d\n", opline->op2.u.opline_num);
1727 #endif
1728 ZEND_VM_SET_OPCODE(&EX(op_array)->opcodes[opline->op2.u.opline_num]);
1729 ZEND_VM_CONTINUE(); /* CHECK_ME */
1730 }
1731 }
1732
1733 ZEND_VM_HANDLER(46, ZEND_JMPZ_EX, CONST|TMP|VAR|CV, ANY)
1734 {
1735 zend_op *opline = EX(opline);
1736 zend_free_op free_op1;
1737 zval *val = GET_OP1_ZVAL_PTR(BP_VAR_R);
1738 int retval;
1739
1740 if (OP1_TYPE == IS_TMP_VAR && Z_TYPE_P(val) == IS_BOOL) {
1741 retval = Z_LVAL_P(val);
1742 } else {
1743 retval = i_zend_is_true(val);
1744 FREE_OP1();
1745 if (UNEXPECTED(EG(exception) != NULL)) {
1746 ZEND_VM_CONTINUE();
1747 }
1748 }
1749 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = retval;
1750 Z_TYPE(EX_T(opline->result.u.var).tmp_var) = IS_BOOL;
1751 if (!retval) {
1752 #if DEBUG_ZEND>=2
1753 printf("Conditional jmp to %d\n", opline->op2.u.opline_num);
1754 #endif
1755 ZEND_VM_SET_OPCODE(opline->op2.u.jmp_addr);
1756 ZEND_VM_CONTINUE();
1757 }
1758 ZEND_VM_NEXT_OPCODE();
1759 }
1760
1761 ZEND_VM_HANDLER(47, ZEND_JMPNZ_EX, CONST|TMP|VAR|CV, ANY)
1762 {
1763 zend_op *opline = EX(opline);
1764 zend_free_op free_op1;
1765 zval *val = GET_OP1_ZVAL_PTR(BP_VAR_R);
1766 int retval;
1767
1768 if (OP1_TYPE == IS_TMP_VAR && Z_TYPE_P(val) == IS_BOOL) {
1769 retval = Z_LVAL_P(val);
1770 } else {
1771 retval = i_zend_is_true(val);
1772 FREE_OP1();
1773 if (UNEXPECTED(EG(exception) != NULL)) {
1774 ZEND_VM_CONTINUE();
1775 }
1776 }
1777 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = retval;
1778 Z_TYPE(EX_T(opline->result.u.var).tmp_var) = IS_BOOL;
1779 if (retval) {
1780 #if DEBUG_ZEND>=2
1781 printf("Conditional jmp to %d\n", opline->op2.u.opline_num);
1782 #endif
1783 ZEND_VM_SET_OPCODE(opline->op2.u.jmp_addr);
1784 ZEND_VM_CONTINUE();
1785 }
1786 ZEND_VM_NEXT_OPCODE();
1787 }
1788
1789 ZEND_VM_HANDLER(70, ZEND_FREE, TMP, ANY)
1790 {
1791 zendi_zval_dtor(EX_T(EX(opline)->op1.u.var).tmp_var);
1792 ZEND_VM_NEXT_OPCODE();
1793 }
1794
1795 ZEND_VM_HANDLER(53, ZEND_INIT_STRING, ANY, ANY)
1796 {
1797 zval *tmp = &EX_T(EX(opline)->result.u.var).tmp_var;
1798
1799 tmp->value.str.val = emalloc(1);
1800 tmp->value.str.val[0] = 0;
1801 tmp->value.str.len = 0;
1802 Z_SET_REFCOUNT_P(tmp, 1);
1803 tmp->type = IS_STRING;
1804 Z_UNSET_ISREF_P(tmp);
1805 ZEND_VM_NEXT_OPCODE();
1806 }
1807
1808 ZEND_VM_HANDLER(54, ZEND_ADD_CHAR, TMP|UNUSED, CONST)
1809 {
1810 zend_op *opline = EX(opline);
1811 zval *str = &EX_T(opline->result.u.var).tmp_var;
1812
1813 if (OP1_TYPE == IS_UNUSED) {
1814 /* Initialize for erealloc in add_char_to_string */
1815 Z_STRVAL_P(str) = NULL;
1816 Z_STRLEN_P(str) = 0;
1817 Z_TYPE_P(str) = IS_STRING;
1818
1819 INIT_PZVAL(str);
1820 }
1821
1822 add_char_to_string(str, str, &opline->op2.u.constant);
1823
1824 /* FREE_OP is missing intentionally here - we're always working on the same temporary variable */
1825 ZEND_VM_NEXT_OPCODE();
1826 }
1827
1828 ZEND_VM_HANDLER(55, ZEND_ADD_STRING, TMP|UNUSED, CONST)
1829 {
1830 zend_op *opline = EX(opline);
1831 zval *str = &EX_T(opline->result.u.var).tmp_var;
1832
1833 if (OP1_TYPE == IS_UNUSED) {
1834 /* Initialize for erealloc in add_string_to_string */
1835 Z_STRVAL_P(str) = NULL;
1836 Z_STRLEN_P(str) = 0;
1837 Z_TYPE_P(str) = IS_STRING;
1838
1839 INIT_PZVAL(str);
1840 }
1841
1842 add_string_to_string(str, str, &opline->op2.u.constant);
1843
1844 /* FREE_OP is missing intentionally here - we're always working on the same temporary variable */
1845 ZEND_VM_NEXT_OPCODE();
1846 }
1847
1848 ZEND_VM_HANDLER(56, ZEND_ADD_VAR, TMP|UNUSED, TMP|VAR|CV)
1849 {
1850 zend_op *opline = EX(opline);
1851 zend_free_op free_op2;
1852 zval *str = &EX_T(opline->result.u.var).tmp_var;
1853 zval *var = GET_OP2_ZVAL_PTR(BP_VAR_R);
1854 zval var_copy;
1855 int use_copy = 0;
1856
1857 if (OP1_TYPE == IS_UNUSED) {
1858 /* Initialize for erealloc in add_string_to_string */
1859 Z_STRVAL_P(str) = NULL;
1860 Z_STRLEN_P(str) = 0;
1861 Z_TYPE_P(str) = IS_STRING;
1862
1863 INIT_PZVAL(str);
1864 }
1865
1866 if (Z_TYPE_P(var) != IS_STRING) {
1867 zend_make_printable_zval(var, &var_copy, &use_copy);
1868
1869 if (use_copy) {
1870 var = &var_copy;
1871 }
1872 }
1873 add_string_to_string(str, str, var);
1874
1875 if (use_copy) {
1876 zval_dtor(var);
1877 }
1878 /* original comment, possibly problematic:
1879 * FREE_OP is missing intentionally here - we're always working on the same temporary variable
1880 * (Zeev): I don't think it's problematic, we only use variables
1881 * which aren't affected by FREE_OP(Ts, )'s anyway, unless they're
1882 * string offsets or overloaded objects
1883 */
1884 FREE_OP2();
1885
1886 ZEND_VM_NEXT_OPCODE();
1887 }
1888
1889 ZEND_VM_HANDLER(109, ZEND_FETCH_CLASS, ANY, CONST|TMP|VAR|UNUSED|CV)
1890 {
1891 zend_op *opline = EX(opline);
1892
1893
1894 if (OP2_TYPE == IS_UNUSED) {
1895 EX_T(opline->result.u.var).class_entry = zend_fetch_class(NULL, 0, opline->extended_value TSRMLS_CC);
1896 ZEND_VM_NEXT_OPCODE();
1897 } else {
1898 zend_free_op free_op2;
1899 zval *class_name = GET_OP2_ZVAL_PTR(BP_VAR_R);
1900
1901 if (OP2_TYPE != IS_CONST && Z_TYPE_P(class_name) == IS_OBJECT) {
1902 EX_T(opline->result.u.var).class_entry = Z_OBJCE_P(class_name);
1903 } else if (Z_TYPE_P(class_name) == IS_STRING) {
1904 EX_T(opline->result.u.var).class_entry = zend_fetch_class(Z_STRVAL_P(class_name), Z_STRLEN_P(class_name), opline->extended_value TSRMLS_CC);
1905 } else {
1906 zend_error_noreturn(E_ERROR, "Class name must be a valid object or a string");
1907 }
1908
1909 FREE_OP2();
1910 ZEND_VM_NEXT_OPCODE();
1911 }
1912 }
1913
1914 ZEND_VM_HANDLER(112, ZEND_INIT_METHOD_CALL, TMP|VAR|UNUSED|CV, CONST|TMP|VAR|CV)
1915 {
1916 zend_op *opline = EX(opline);
1917 zval *function_name;
1918 char *function_name_strval;
1919 int function_name_strlen;
1920 zend_free_op free_op1, free_op2;
1921
1922 zend_ptr_stack_3_push(&EG(arg_types_stack), EX(fbc), EX(object), EX(called_scope));
1923
1924 function_name = GET_OP2_ZVAL_PTR(BP_VAR_R);
1925
1926 if (Z_TYPE_P(function_name)!=IS_STRING) {
1927 zend_error_noreturn(E_ERROR, "Method name must be a string");
1928 }
1929
1930 function_name_strval = Z_STRVAL_P(function_name);
1931 function_name_strlen = Z_STRLEN_P(function_name);
1932
1933 EX(object) = GET_OP1_OBJ_ZVAL_PTR(BP_VAR_R);
1934
1935 if (EX(object) && Z_TYPE_P(EX(object)) == IS_OBJECT) {
1936 if (Z_OBJ_HT_P(EX(object))->get_method == NULL) {
1937 zend_error_noreturn(E_ERROR, "Object does not support method calls");
1938 }
1939
1940 /* First, locate the function. */
1941 EX(fbc) = Z_OBJ_HT_P(EX(object))->get_method(&EX(object), function_name_strval, function_name_strlen TSRMLS_CC);
1942 if (!EX(fbc)) {
1943 zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", Z_OBJ_CLASS_NAME_P(EX(object)), function_name_strval);
1944 }
1945
1946 EX(called_scope) = Z_OBJCE_P(EX(object));
1947 } else {
1948 zend_error_noreturn(E_ERROR, "Call to a member function %s() on a non-object", function_name_strval);
1949 }
1950
1951 if ((EX(fbc)->common.fn_flags & ZEND_ACC_STATIC) != 0) {
1952 EX(object) = NULL;
1953 } else {
1954 if (!PZVAL_IS_REF(EX(object))) {
1955 Z_ADDREF_P(EX(object)); /* For $this pointer */
1956 } else {
1957 zval *this_ptr;
1958 ALLOC_ZVAL(this_ptr);
1959 INIT_PZVAL_COPY(this_ptr, EX(object));
1960 zval_copy_ctor(this_ptr);
1961 EX(object) = this_ptr;
1962 }
1963 }
1964
1965 FREE_OP2();
1966 FREE_OP1_IF_VAR();
1967
1968 ZEND_VM_NEXT_OPCODE();
1969 }
1970
1971 ZEND_VM_HANDLER(113, ZEND_INIT_STATIC_METHOD_CALL, CONST|VAR, CONST|TMP|VAR|UNUSED|CV)
1972 {
1973 zend_op *opline = EX(opline);
1974 zval *function_name;
1975 zend_class_entry *ce;
1976
1977 zend_ptr_stack_3_push(&EG(arg_types_stack), EX(fbc), EX(object), EX(called_scope));
1978
1979 if (OP1_TYPE == IS_CONST) {
1980 /* no function found. try a static method in class */
1981 ce = zend_fetch_class(Z_STRVAL(opline->op1.u.constant), Z_STRLEN(opline->op1.u.constant), opline->extended_value TSRMLS_CC);
1982 if (UNEXPECTED(EG(exception) != NULL)) {
1983 ZEND_VM_CONTINUE();
1984 }
1985 if (!ce) {
1986 zend_error_noreturn(E_ERROR, "Class '%s' not found", Z_STRVAL(opline->op1.u.constant));
1987 }
1988 EX(called_scope) = ce;
1989 } else {
1990 ce = EX_T(opline->op1.u.var).class_entry;
1991
1992 if (opline->op1.u.EA.type == ZEND_FETCH_CLASS_PARENT || opline->op1.u.EA.type == ZEND_FETCH_CLASS_SELF) {
1993 EX(called_scope) = EG(called_scope);
1994 } else {
1995 EX(called_scope) = ce;
1996 }
1997 }
1998 if(OP2_TYPE != IS_UNUSED) {
1999 char *function_name_strval = NULL;
2000 int function_name_strlen = 0;
2001 zend_free_op free_op2;
2002
2003 if (OP2_TYPE == IS_CONST) {
2004 function_name_strval = Z_STRVAL(opline->op2.u.constant);
2005 function_name_strlen = Z_STRLEN(opline->op2.u.constant);
2006 } else {
2007 function_name = GET_OP2_ZVAL_PTR(BP_VAR_R);
2008
2009 if (Z_TYPE_P(function_name) != IS_STRING) {
2010 zend_error_noreturn(E_ERROR, "Function name must be a string");
2011 } else {
2012 function_name_strval = Z_STRVAL_P(function_name);
2013 function_name_strlen = Z_STRLEN_P(function_name);
2014 }
2015 }
2016
2017 if (function_name_strval) {
2018 if (ce->get_static_method) {
2019 EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
2020 } else {
2021 EX(fbc) = zend_std_get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
2022 }
2023 if (!EX(fbc)) {
2024 zend_error_noreturn(E_ERROR, "Call to undefined method %s::%s()", ce->name, function_name_strval);
2025 }
2026 }
2027
2028 if (OP2_TYPE != IS_CONST) {
2029 FREE_OP2();
2030 }
2031 } else {
2032 if(!ce->constructor) {
2033 zend_error_noreturn(E_ERROR, "Cannot call constructor");
2034 }
2035 if (EG(This) && Z_OBJCE_P(EG(This)) != ce->constructor->common.scope && (ce->constructor->common.fn_flags & ZEND_ACC_PRIVATE)) {
2036 zend_error(E_COMPILE_ERROR, "Cannot call private %s::__construct()", ce->name);
2037 }
2038 EX(fbc) = ce->constructor;
2039 }
2040
2041 if (EX(fbc)->common.fn_flags & ZEND_ACC_STATIC) {
2042 EX(object) = NULL;
2043 } else {
2044 if (EG(This) &&
2045 Z_OBJ_HT_P(EG(This))->get_class_entry &&
2046 !instanceof_function(Z_OBJCE_P(EG(This)), ce TSRMLS_CC)) {
2047 /* We are calling method of the other (incompatible) class,
2048 but passing $this. This is done for compatibility with php-4. */
2049 int severity;
2050 char *verb;
2051 if (EX(fbc)->common.fn_flags & ZEND_ACC_ALLOW_STATIC) {
2052 severity = E_STRICT;
2053 verb = "should not";
2054 } else {
2055 /* An internal function assumes $this is present and won't check that. So PHP would crash by allowing the call. */
2056 severity = E_ERROR;
2057 verb = "cannot";
2058 }
2059 zend_error(severity, "Non-static method %s::%s() %s be called statically, assuming $this from incompatible context", EX(fbc)->common.scope->name, EX(fbc)->common.function_name, verb);
2060
2061 }
2062 if ((EX(object) = EG(This))) {
2063 Z_ADDREF_P(EX(object));
2064 EX(called_scope) = Z_OBJCE_P(EX(object));
2065 }
2066 }
2067
2068 ZEND_VM_NEXT_OPCODE();
2069 }
2070
2071 ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, CONST|TMP|VAR|CV)
2072 {
2073 zend_op *opline = EX(opline);
2074 zval *function_name;
2075 char *function_name_strval, *lcname;
2076 int function_name_strlen;
2077 zend_free_op free_op2;
2078
2079 zend_ptr_stack_3_push(&EG(arg_types_stack), EX(fbc), EX(object), EX(called_scope));
2080
2081 if (OP2_TYPE == IS_CONST) {
2082 if (zend_hash_quick_find(EG(function_table), Z_STRVAL(opline->op1.u.constant), Z_STRLEN(opline->op1.u.constant)+1, opline->extended_value, (void **) &EX(fbc)) == FAILURE) {
2083 zend_error_noreturn(E_ERROR, "Call to undefined function %s()", Z_STRVAL(opline->op2.u.constant));
2084 }
2085 } else {
2086 function_name = GET_OP2_ZVAL_PTR(BP_VAR_R);
2087
2088 if (OP2_TYPE != IS_CONST && OP2_TYPE != IS_TMP_VAR &&
2089 Z_TYPE_P(function_name) == IS_OBJECT &&
2090 Z_OBJ_HANDLER_P(function_name, get_closure) &&
2091 Z_OBJ_HANDLER_P(function_name, get_closure)(function_name, &EX(called_scope), &EX(fbc), &EX(object) TSRMLS_CC) == SUCCESS) {
2092 if (EX(object)) {
2093 Z_ADDREF_P(EX(object));
2094 }
2095 if (OP2_TYPE == IS_VAR && OP2_FREE &&
2096 EX(fbc)->common.fn_flags & ZEND_ACC_CLOSURE) {
2097 /* Delay closure destruction until its invocation */
2098 EX(fbc)->common.prototype = (zend_function*)function_name;
2099 } else {
2100 FREE_OP2();
2101 }
2102 ZEND_VM_NEXT_OPCODE();
2103 }
2104
2105 if (Z_TYPE_P(function_name) != IS_STRING) {
2106 zend_error_noreturn(E_ERROR, "Function name must be a string");
2107 }
2108 function_name_strval = Z_STRVAL_P(function_name);
2109 function_name_strlen = Z_STRLEN_P(function_name);
2110 if (function_name_strval[0] == '\\') {
2111
2112 function_name_strlen -= 1;
2113 lcname = zend_str_tolower_dup(function_name_strval + 1, function_name_strlen);
2114 } else {
2115 lcname = zend_str_tolower_dup(function_name_strval, function_name_strlen);
2116 }
2117 if (zend_hash_find(EG(function_table), lcname, function_name_strlen+1, (void **) &EX(fbc)) == FAILURE) {
2118 zend_error_noreturn(E_ERROR, "Call to undefined function %s()", function_name_strval);
2119 }
2120 efree(lcname);
2121 FREE_OP2();
2122 }
2123
2124 EX(object) = NULL;
2125 ZEND_VM_NEXT_OPCODE();
2126 }
2127
2128
2129 ZEND_VM_HANDLER(69, ZEND_INIT_NS_FCALL_BY_NAME, ANY, CONST)
2130 {
2131 zend_op *opline = EX(opline);
2132 zend_op *op_data = opline + 1;
2133
2134 ZEND_VM_INC_OPCODE();
2135 zend_ptr_stack_3_push(&EG(arg_types_stack), EX(fbc), EX(object), EX(called_scope));
2136
2137 if (zend_hash_quick_find(EG(function_table), Z_STRVAL(opline->op1.u.constant), Z_STRLEN(opline->op1.u.constant)+1, opline->extended_value, (void **) &EX(fbc))==FAILURE) {
2138 char *short_name = Z_STRVAL(opline->op1.u.constant)+Z_LVAL(op_data->op1.u.constant);
2139 if (zend_hash_quick_find(EG(function_table), short_name, Z_STRLEN(opline->op1.u.constant)-Z_LVAL(op_data->op1.u.constant)+1, op_data->extended_value, (void **) &EX(fbc))==FAILURE) {
2140 zend_error_noreturn(E_ERROR, "Call to undefined function %s()", Z_STRVAL(opline->op2.u.constant));
2141 }
2142 }
2143
2144 EX(object) = NULL;
2145 ZEND_VM_NEXT_OPCODE();
2146 }
2147
ZEND_VM_HELPER(zend_leave_helper,ANY,ANY)2148 ZEND_VM_HELPER(zend_leave_helper, ANY, ANY)
2149 {
2150 zend_bool nested;
2151 zend_op_array *op_array = EX(op_array);
2152
2153 EG(current_execute_data) = EX(prev_execute_data);
2154 EG(opline_ptr) = NULL;
2155 if (!EG(active_symbol_table)) {
2156 zval ***cv = EX(CVs);
2157 zval ***end = cv + EX(op_array)->last_var;
2158 while (cv != end) {
2159 if (*cv) {
2160 zval_ptr_dtor(*cv);
2161 }
2162 cv++;
2163 }
2164 }
2165
2166 if ((op_array->fn_flags & ZEND_ACC_CLOSURE) && op_array->prototype) {
2167 zval_ptr_dtor((zval**)&op_array->prototype);
2168 }
2169
2170 nested = EX(nested);
2171
2172 zend_vm_stack_free(execute_data TSRMLS_CC);
2173
2174 if (nested) {
2175 execute_data = EG(current_execute_data);
2176
2177 if (EX(call_opline)->opcode == ZEND_INCLUDE_OR_EVAL) {
2178
2179 EX(function_state).function = (zend_function *) EX(op_array);
2180 EX(function_state).arguments = NULL;
2181 EX(object) = EX(current_object);
2182
2183 if (RETURN_VALUE_USED(EX(call_opline))) {
2184 if (!EX_T(EX(call_opline)->result.u.var).var.ptr) { /* there was no return statement */
2185 ALLOC_ZVAL(EX_T(EX(call_opline)->result.u.var).var.ptr);
2186 INIT_PZVAL(EX_T(EX(call_opline)->result.u.var).var.ptr);
2187 Z_LVAL_P(EX_T(EX(call_opline)->result.u.var).var.ptr) = 1;
2188 Z_TYPE_P(EX_T(EX(call_opline)->result.u.var).var.ptr) = IS_BOOL;
2189 }
2190 }
2191
2192 EG(opline_ptr) = &EX(opline);
2193 EG(active_op_array) = EX(op_array);
2194 EG(return_value_ptr_ptr) = EX(original_return_value);
2195 destroy_op_array(op_array TSRMLS_CC);
2196 efree(op_array);
2197 if (EG(exception)) {
2198 zend_throw_exception_internal(NULL TSRMLS_CC);
2199 }
2200
2201 EX(opline)++;
2202 ZEND_VM_LEAVE();
2203 } else {
2204
2205 EG(opline_ptr) = &EX(opline);
2206 EG(active_op_array) = EX(op_array);
2207 EG(return_value_ptr_ptr) = EX(original_return_value);
2208 if (EG(active_symbol_table)) {
2209 if (EG(symtable_cache_ptr)>=EG(symtable_cache_limit)) {
2210 zend_hash_destroy(EG(active_symbol_table));
2211 FREE_HASHTABLE(EG(active_symbol_table));
2212 } else {
2213 /* clean before putting into the cache, since clean
2214 could call dtors, which could use cached hash */
2215 zend_hash_clean(EG(active_symbol_table));
2216 *(++EG(symtable_cache_ptr)) = EG(active_symbol_table);
2217 }
2218 }
2219 EG(active_symbol_table) = EX(symbol_table);
2220
2221 EX(function_state).function = (zend_function *) EX(op_array);
2222 EX(function_state).arguments = NULL;
2223
2224 if (EG(This)) {
2225 if (EG(exception) && IS_CTOR_CALL(EX(called_scope))) {
2226 if (IS_CTOR_USED(EX(called_scope))) {
2227 Z_DELREF_P(EG(This));
2228 }
2229 if (Z_REFCOUNT_P(EG(This)) == 1) {
2230 zend_object_store_ctor_failed(EG(This) TSRMLS_CC);
2231 }
2232 }
2233 zval_ptr_dtor(&EG(This));
2234 }
2235 EG(This) = EX(current_this);
2236 EG(scope) = EX(current_scope);
2237 EG(called_scope) = EX(current_called_scope);
2238
2239 EX(object) = EX(current_object);
2240 EX(called_scope) = DECODE_CTOR(EX(called_scope));
2241
2242 zend_vm_stack_clear_multiple(TSRMLS_C);
2243
2244 if (EG(exception)) {
2245 zend_throw_exception_internal(NULL TSRMLS_CC);
2246 if (RETURN_VALUE_USED(EX(call_opline)) && EX_T(EX(call_opline)->result.u.var).var.ptr) {
2247 zval_ptr_dtor(&EX_T(EX(call_opline)->result.u.var).var.ptr);
2248 }
2249 }
2250
2251 EX(opline)++;
2252 ZEND_VM_LEAVE();
2253 }
2254 }
2255 ZEND_VM_RETURN();
2256 }
2257
ZEND_VM_HELPER(zend_do_fcall_common_helper,ANY,ANY)2258 ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY)
2259 {
2260 zend_op *opline = EX(opline);
2261 zend_bool should_change_scope = 0;
2262
2263 if (EX(function_state).function->common.fn_flags & (ZEND_ACC_ABSTRACT|ZEND_ACC_DEPRECATED)) {
2264 if (EX(function_state).function->common.fn_flags & ZEND_ACC_ABSTRACT) {
2265 zend_error_noreturn(E_ERROR, "Cannot call abstract method %s::%s()", EX(function_state).function->common.scope->name, EX(function_state).function->common.function_name);
2266 ZEND_VM_NEXT_OPCODE(); /* Never reached */
2267 }
2268 if (EX(function_state).function->common.fn_flags & ZEND_ACC_DEPRECATED) {
2269 zend_error(E_DEPRECATED, "Function %s%s%s() is deprecated",
2270 EX(function_state).function->common.scope ? EX(function_state).function->common.scope->name : "",
2271 EX(function_state).function->common.scope ? "::" : "",
2272 EX(function_state).function->common.function_name);
2273 }
2274 }
2275 if (EX(function_state).function->common.scope &&
2276 !(EX(function_state).function->common.fn_flags & ZEND_ACC_STATIC) &&
2277 !EX(object)) {
2278
2279 if (EX(function_state).function->common.fn_flags & ZEND_ACC_ALLOW_STATIC) {
2280 /* FIXME: output identifiers properly */
2281 zend_error(E_STRICT, "Non-static method %s::%s() should not be called statically", EX(function_state).function->common.scope->name, EX(function_state).function->common.function_name);
2282 } else {
2283 /* FIXME: output identifiers properly */
2284 /* An internal function assumes $this is present and won't check that. So PHP would crash by allowing the call. */
2285 zend_error_noreturn(E_ERROR, "Non-static method %s::%s() cannot be called statically", EX(function_state).function->common.scope->name, EX(function_state).function->common.function_name);
2286 }
2287 }
2288
2289 if (EX(function_state).function->type == ZEND_USER_FUNCTION ||
2290 EX(function_state).function->common.scope) {
2291 should_change_scope = 1;
2292 EX(current_this) = EG(This);
2293 EX(current_scope) = EG(scope);
2294 EX(current_called_scope) = EG(called_scope);
2295 EG(This) = EX(object);
2296 EG(scope) = (EX(function_state).function->type == ZEND_USER_FUNCTION || !EX(object)) ? EX(function_state).function->common.scope : NULL;
2297 EG(called_scope) = EX(called_scope);
2298 }
2299
2300 zend_arg_types_stack_3_pop(&EG(arg_types_stack), &EX(called_scope), &EX(current_object), &EX(fbc));
2301 EX(function_state).arguments = zend_vm_stack_push_args(opline->extended_value TSRMLS_CC);
2302
2303 if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION) {
2304 if (EX(function_state).function->common.arg_info) {
2305 zend_uint i=0;
2306 zval **p = (zval**)EX(function_state).arguments;
2307 ulong arg_count = opline->extended_value;
2308
2309 while (arg_count>0) {
2310 zend_verify_arg_type(EX(function_state).function, ++i, *(p-arg_count), 0 TSRMLS_CC);
2311 arg_count--;
2312 }
2313 }
2314
2315 if (EXPECTED(EG(exception) == NULL)) {
2316 ALLOC_INIT_ZVAL(EX_T(opline->result.u.var).var.ptr);
2317 EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
2318 EX_T(opline->result.u.var).var.fcall_returned_reference = EX(function_state).function->common.return_reference;
2319
2320 if (!zend_execute_internal) {
2321 /* saves one function call if zend_execute_internal is not used */
2322 ((zend_internal_function *) EX(function_state).function)->handler(opline->extended_value, EX_T(opline->result.u.var).var.ptr, EX(function_state).function->common.return_reference?&EX_T(opline->result.u.var).var.ptr:NULL, EX(object), RETURN_VALUE_USED(opline) TSRMLS_CC);
2323 } else {
2324 zend_execute_internal(EXECUTE_DATA, RETURN_VALUE_USED(opline) TSRMLS_CC);
2325 }
2326
2327 if (!RETURN_VALUE_USED(opline)) {
2328 zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr);
2329 }
2330 } else if (RETURN_VALUE_USED(opline)) {
2331 EX_T(opline->result.u.var).var.ptr = NULL;
2332 }
2333 } else if (EX(function_state).function->type == ZEND_USER_FUNCTION) {
2334 EX(original_return_value) = EG(return_value_ptr_ptr);
2335 EG(active_symbol_table) = NULL;
2336 EG(active_op_array) = &EX(function_state).function->op_array;
2337 EG(return_value_ptr_ptr) = NULL;
2338 if (RETURN_VALUE_USED(opline)) {
2339 EG(return_value_ptr_ptr) = &EX_T(opline->result.u.var).var.ptr;
2340 EX_T(opline->result.u.var).var.ptr = NULL;
2341 EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
2342 EX_T(opline->result.u.var).var.fcall_returned_reference = EX(function_state).function->common.return_reference;
2343 }
2344
2345 if (zend_execute == execute && !EG(exception)) {
2346 EX(call_opline) = opline;
2347 ZEND_VM_ENTER();
2348 } else {
2349 zend_execute(EG(active_op_array) TSRMLS_CC);
2350 }
2351
2352 EG(opline_ptr) = &EX(opline);
2353 EG(active_op_array) = EX(op_array);
2354 EG(return_value_ptr_ptr) = EX(original_return_value);
2355 if (EG(active_symbol_table)) {
2356 if (EG(symtable_cache_ptr)>=EG(symtable_cache_limit)) {
2357 zend_hash_destroy(EG(active_symbol_table));
2358 FREE_HASHTABLE(EG(active_symbol_table));
2359 } else {
2360 /* clean before putting into the cache, since clean
2361 could call dtors, which could use cached hash */
2362 zend_hash_clean(EG(active_symbol_table));
2363 *(++EG(symtable_cache_ptr)) = EG(active_symbol_table);
2364 }
2365 }
2366 EG(active_symbol_table) = EX(symbol_table);
2367 } else { /* ZEND_OVERLOADED_FUNCTION */
2368 ALLOC_INIT_ZVAL(EX_T(opline->result.u.var).var.ptr);
2369
2370 /* Not sure what should be done here if it's a static method */
2371 if (EX(object)) {
2372 Z_OBJ_HT_P(EX(object))->call_method(EX(function_state).function->common.function_name, opline->extended_value, EX_T(opline->result.u.var).var.ptr, &EX_T(opline->result.u.var).var.ptr, EX(object), RETURN_VALUE_USED(opline) TSRMLS_CC);
2373 } else {
2374 zend_error_noreturn(E_ERROR, "Cannot call overloaded function for non-object");
2375 }
2376
2377 if (EX(function_state).function->type == ZEND_OVERLOADED_FUNCTION_TEMPORARY) {
2378 efree(EX(function_state).function->common.function_name);
2379 }
2380 efree(EX(function_state).function);
2381
2382 if (!RETURN_VALUE_USED(opline)) {
2383 zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr);
2384 } else {
2385 Z_UNSET_ISREF_P(EX_T(opline->result.u.var).var.ptr);
2386 Z_SET_REFCOUNT_P(EX_T(opline->result.u.var).var.ptr, 1);
2387 EX_T(opline->result.u.var).var.fcall_returned_reference = 0;
2388 EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
2389 }
2390 }
2391
2392 EX(function_state).function = (zend_function *) EX(op_array);
2393 EX(function_state).arguments = NULL;
2394
2395 if (should_change_scope) {
2396 if (EG(This)) {
2397 if (EG(exception) && IS_CTOR_CALL(EX(called_scope))) {
2398 if (IS_CTOR_USED(EX(called_scope))) {
2399 Z_DELREF_P(EG(This));
2400 }
2401 if (Z_REFCOUNT_P(EG(This)) == 1) {
2402 zend_object_store_ctor_failed(EG(This) TSRMLS_CC);
2403 }
2404 }
2405 zval_ptr_dtor(&EG(This));
2406 }
2407 EG(This) = EX(current_this);
2408 EG(scope) = EX(current_scope);
2409 EG(called_scope) = EX(current_called_scope);
2410 }
2411
2412 EX(object) = EX(current_object);
2413 EX(called_scope) = DECODE_CTOR(EX(called_scope));
2414
2415 zend_vm_stack_clear_multiple(TSRMLS_C);
2416
2417 if (EG(exception)) {
2418 zend_throw_exception_internal(NULL TSRMLS_CC);
2419 if (RETURN_VALUE_USED(opline) && EX_T(opline->result.u.var).var.ptr) {
2420 zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr);
2421 }
2422 }
2423
2424 ZEND_VM_NEXT_OPCODE();
2425 }
2426
2427 ZEND_VM_HANDLER(61, ZEND_DO_FCALL_BY_NAME, ANY, ANY)
2428 {
2429 EX(function_state).function = EX(fbc);
2430 ZEND_VM_DISPATCH_TO_HELPER(zend_do_fcall_common_helper);
2431 }
2432
2433 ZEND_VM_HANDLER(60, ZEND_DO_FCALL, CONST, ANY)
2434 {
2435 zend_op *opline = EX(opline);
2436 zend_free_op free_op1;
2437 zval *fname = GET_OP1_ZVAL_PTR(BP_VAR_R);
2438
2439 zend_ptr_stack_3_push(&EG(arg_types_stack), EX(fbc), EX(object), EX(called_scope));
2440
2441 if (zend_hash_quick_find(EG(function_table), fname->value.str.val, fname->value.str.len+1, Z_LVAL(opline->op2.u.constant), (void **) &EX(function_state).function)==FAILURE) {
2442 zend_error_noreturn(E_ERROR, "Call to undefined function %s()", fname->value.str.val);
2443 }
2444 EX(object) = NULL;
2445
2446 FREE_OP1();
2447
2448 ZEND_VM_DISPATCH_TO_HELPER(zend_do_fcall_common_helper);
2449 }
2450
2451 ZEND_VM_HANDLER(62, ZEND_RETURN, CONST|TMP|VAR|CV, ANY)
2452 {
2453 zend_op *opline = EX(opline);
2454 zval *retval_ptr;
2455 zval **retval_ptr_ptr;
2456 zend_free_op free_op1;
2457
2458 if (EG(active_op_array)->return_reference == ZEND_RETURN_REF) {
2459
2460 if (OP1_TYPE == IS_CONST || OP1_TYPE == IS_TMP_VAR) {
2461 /* Not supposed to happen, but we'll allow it */
2462 zend_error(E_NOTICE, "Only variable references should be returned by reference");
2463 ZEND_VM_C_GOTO(return_by_value);
2464 }
2465
2466 retval_ptr_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W);
2467
2468 if (OP1_TYPE == IS_VAR && !retval_ptr_ptr) {
2469 zend_error_noreturn(E_ERROR, "Cannot return string offsets by reference");
2470 }
2471
2472 if (OP1_TYPE == IS_VAR && !Z_ISREF_PP(retval_ptr_ptr)) {
2473 if (opline->extended_value == ZEND_RETURNS_FUNCTION &&
2474 EX_T(opline->op1.u.var).var.fcall_returned_reference) {
2475 } else if (EX_T(opline->op1.u.var).var.ptr_ptr == &EX_T(opline->op1.u.var).var.ptr) {
2476 if (OP1_TYPE == IS_VAR && !OP1_FREE) {
2477 PZVAL_LOCK(*retval_ptr_ptr); /* undo the effect of get_zval_ptr_ptr() */
2478 }
2479 zend_error(E_NOTICE, "Only variable references should be returned by reference");
2480 ZEND_VM_C_GOTO(return_by_value);
2481 }
2482 }
2483
2484 if (EG(return_value_ptr_ptr)) {
2485 SEPARATE_ZVAL_TO_MAKE_IS_REF(retval_ptr_ptr);
2486 Z_ADDREF_PP(retval_ptr_ptr);
2487
2488 (*EG(return_value_ptr_ptr)) = (*retval_ptr_ptr);
2489 }
2490 } else {
2491 ZEND_VM_C_LABEL(return_by_value):
2492
2493 retval_ptr = GET_OP1_ZVAL_PTR(BP_VAR_R);
2494
2495 if (!EG(return_value_ptr_ptr)) {
2496 if (OP1_TYPE == IS_TMP_VAR) {
2497 FREE_OP1();
2498 }
2499 } else if (!IS_OP1_TMP_FREE()) { /* Not a temp var */
2500 if (OP1_TYPE == IS_CONST ||
2501 EG(active_op_array)->return_reference == ZEND_RETURN_REF ||
2502 (PZVAL_IS_REF(retval_ptr) && Z_REFCOUNT_P(retval_ptr) > 0)) {
2503 zval *ret;
2504
2505 ALLOC_ZVAL(ret);
2506 INIT_PZVAL_COPY(ret, retval_ptr);
2507 zval_copy_ctor(ret);
2508 *EG(return_value_ptr_ptr) = ret;
2509 } else if ((OP1_TYPE == IS_CV || OP1_TYPE == IS_VAR) &&
2510 retval_ptr == &EG(uninitialized_zval)) {
2511 zval *ret;
2512
2513 ALLOC_INIT_ZVAL(ret);
2514 *EG(return_value_ptr_ptr) = ret;
2515 } else {
2516 *EG(return_value_ptr_ptr) = retval_ptr;
2517 Z_ADDREF_P(retval_ptr);
2518 }
2519 } else {
2520 zval *ret;
2521
2522 ALLOC_ZVAL(ret);
2523 INIT_PZVAL_COPY(ret, retval_ptr);
2524 *EG(return_value_ptr_ptr) = ret;
2525 }
2526 }
2527 FREE_OP1_IF_VAR();
2528 ZEND_VM_DISPATCH_TO_HELPER(zend_leave_helper);
2529 }
2530
2531 ZEND_VM_HANDLER(108, ZEND_THROW, CONST|TMP|VAR|CV, ANY)
2532 {
2533 zend_op *opline = EX(opline);
2534 zval *value;
2535 zval *exception;
2536 zend_free_op free_op1;
2537
2538 value = GET_OP1_ZVAL_PTR(BP_VAR_R);
2539
2540 if (OP1_TYPE == IS_CONST || Z_TYPE_P(value) != IS_OBJECT) {
2541 zend_error_noreturn(E_ERROR, "Can only throw objects");
2542 }
2543 zend_exception_save(TSRMLS_C);
2544 /* Not sure if a complete copy is what we want here */
2545 ALLOC_ZVAL(exception);
2546 INIT_PZVAL_COPY(exception, value);
2547 if (!IS_OP1_TMP_FREE()) {
2548 zval_copy_ctor(exception);
2549 }
2550
2551 zend_throw_exception_object(exception TSRMLS_CC);
2552 zend_exception_restore(TSRMLS_C);
2553 FREE_OP1_IF_VAR();
2554 ZEND_VM_NEXT_OPCODE();
2555 }
2556
2557 ZEND_VM_HANDLER(107, ZEND_CATCH, ANY, CV)
2558 {
2559 zend_op *opline = EX(opline);
2560 zend_class_entry *ce;
2561
2562 /* Check whether an exception has been thrown, if not, jump over code */
2563 zend_exception_restore(TSRMLS_C);
2564 if (EG(exception) == NULL) {
2565 ZEND_VM_SET_OPCODE(&EX(op_array)->opcodes[opline->extended_value]);
2566 ZEND_VM_CONTINUE(); /* CHECK_ME */
2567 }
2568 ce = Z_OBJCE_P(EG(exception));
2569 if (ce != EX_T(opline->op1.u.var).class_entry) {
2570 if (!instanceof_function(ce, EX_T(opline->op1.u.var).class_entry TSRMLS_CC)) {
2571 if (opline->op1.u.EA.type) {
2572 zend_throw_exception_internal(NULL TSRMLS_CC);
2573 ZEND_VM_NEXT_OPCODE();
2574 }
2575 ZEND_VM_SET_OPCODE(&EX(op_array)->opcodes[opline->extended_value]);
2576 ZEND_VM_CONTINUE(); /* CHECK_ME */
2577 }
2578 }
2579
2580 if (!EG(active_symbol_table)) {
2581 if (EX(CVs)[opline->op2.u.var]) {
2582 zval_ptr_dtor(EX(CVs)[opline->op2.u.var]);
2583 }
2584 EX(CVs)[opline->op2.u.var] = (zval**)EX(CVs) + (EX(op_array)->last_var + opline->op2.u.var);
2585 *EX(CVs)[opline->op2.u.var] = EG(exception);
2586 } else {
2587 zend_compiled_variable *cv = &CV_DEF_OF(opline->op2.u.var);
2588 zend_hash_quick_update(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value,
2589 &EG(exception), sizeof(zval *), (void**)&EX(CVs)[opline->op2.u.var]);
2590 }
2591 EG(exception) = NULL;
2592 ZEND_VM_NEXT_OPCODE();
2593 }
2594
2595 ZEND_VM_HANDLER(65, ZEND_SEND_VAL, CONST|TMP|VAR|CV, ANY)
2596 {
2597 zend_op *opline = EX(opline);
2598 if (opline->extended_value==ZEND_DO_FCALL_BY_NAME
2599 && ARG_MUST_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
2600 zend_error_noreturn(E_ERROR, "Cannot pass parameter %d by reference", opline->op2.u.opline_num);
2601 }
2602 {
2603 zval *valptr;
2604 zval *value;
2605 zend_free_op free_op1;
2606
2607 value = GET_OP1_ZVAL_PTR(BP_VAR_R);
2608
2609 ALLOC_ZVAL(valptr);
2610 INIT_PZVAL_COPY(valptr, value);
2611 if (!IS_OP1_TMP_FREE()) {
2612 zval_copy_ctor(valptr);
2613 }
2614 zend_vm_stack_push(valptr TSRMLS_CC);
2615 FREE_OP1_IF_VAR();
2616 }
2617 ZEND_VM_NEXT_OPCODE();
2618 }
2619
2620 ZEND_VM_HELPER(zend_send_by_var_helper, VAR|CV, ANY)
2621 {
2622 zend_op *opline = EX(opline);
2623 zval *varptr;
2624 zend_free_op free_op1;
2625 varptr = GET_OP1_ZVAL_PTR(BP_VAR_R);
2626
2627 if (varptr == &EG(uninitialized_zval)) {
2628 ALLOC_ZVAL(varptr);
2629 INIT_ZVAL(*varptr);
2630 Z_SET_REFCOUNT_P(varptr, 0);
2631 } else if (PZVAL_IS_REF(varptr)) {
2632 zval *original_var = varptr;
2633
2634 ALLOC_ZVAL(varptr);
2635 *varptr = *original_var;
2636 Z_UNSET_ISREF_P(varptr);
2637 Z_SET_REFCOUNT_P(varptr, 0);
2638 zval_copy_ctor(varptr);
2639 }
2640 Z_ADDREF_P(varptr);
2641 zend_vm_stack_push(varptr TSRMLS_CC);
2642 FREE_OP1(); /* for string offsets */
2643
2644 ZEND_VM_NEXT_OPCODE();
2645 }
2646
2647 ZEND_VM_HANDLER(106, ZEND_SEND_VAR_NO_REF, VAR|CV, ANY)
2648 {
2649 zend_op *opline = EX(opline);
2650 zend_free_op free_op1;
2651 zval *varptr;
2652
2653 if (opline->extended_value & ZEND_ARG_COMPILE_TIME_BOUND) { /* Had function_ptr at compile_time */
2654 if (!(opline->extended_value & ZEND_ARG_SEND_BY_REF)) {
2655 ZEND_VM_DISPATCH_TO_HELPER(zend_send_by_var_helper);
2656 }
2657 } else if (!ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
2658 ZEND_VM_DISPATCH_TO_HELPER(zend_send_by_var_helper);
2659 }
2660
2661 if (OP1_TYPE == IS_VAR &&
2662 (opline->extended_value & ZEND_ARG_SEND_FUNCTION) &&
2663 EX_T(opline->op1.u.var).var.fcall_returned_reference &&
2664 EX_T(opline->op1.u.var).var.ptr) {
2665 varptr = EX_T(opline->op1.u.var).var.ptr;
2666 PZVAL_UNLOCK_EX(varptr, &free_op1, 0);
2667 } else {
2668 varptr = GET_OP1_ZVAL_PTR(BP_VAR_R);
2669 }
2670 if ((!(opline->extended_value & ZEND_ARG_SEND_FUNCTION) ||
2671 EX_T(opline->op1.u.var).var.fcall_returned_reference) &&
2672 varptr != &EG(uninitialized_zval) &&
2673 (PZVAL_IS_REF(varptr) ||
2674 (Z_REFCOUNT_P(varptr) == 1 && (OP1_TYPE == IS_CV || free_op1.var)))) {
2675 Z_SET_ISREF_P(varptr);
2676 Z_ADDREF_P(varptr);
2677 zend_vm_stack_push(varptr TSRMLS_CC);
2678 } else {
2679 zval *valptr;
2680
2681 if ((opline->extended_value & ZEND_ARG_COMPILE_TIME_BOUND) ?
2682 !(opline->extended_value & ZEND_ARG_SEND_SILENT) :
2683 !ARG_MAY_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
2684 zend_error(E_STRICT, "Only variables should be passed by reference");
2685 }
2686 ALLOC_ZVAL(valptr);
2687 INIT_PZVAL_COPY(valptr, varptr);
2688 if (!IS_OP1_TMP_FREE()) {
2689 zval_copy_ctor(valptr);
2690 }
2691 zend_vm_stack_push(valptr TSRMLS_CC);
2692 }
2693 FREE_OP1_IF_VAR();
2694 ZEND_VM_NEXT_OPCODE();
2695 }
2696
2697 ZEND_VM_HANDLER(67, ZEND_SEND_REF, VAR|CV, ANY)
2698 {
2699 zend_op *opline = EX(opline);
2700 zend_free_op free_op1;
2701 zval **varptr_ptr;
2702 zval *varptr;
2703 varptr_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_W);
2704
2705 if (OP1_TYPE == IS_VAR && !varptr_ptr) {
2706 zend_error_noreturn(E_ERROR, "Only variables can be passed by reference");
2707 }
2708
2709 if (OP1_TYPE == IS_VAR && *varptr_ptr == EG(error_zval_ptr)) {
2710 ALLOC_INIT_ZVAL(varptr);
2711 zend_vm_stack_push(varptr TSRMLS_CC);
2712 ZEND_VM_NEXT_OPCODE();
2713 }
2714
2715 if (opline->extended_value == ZEND_DO_FCALL_BY_NAME &&
2716 EX(function_state).function->type == ZEND_INTERNAL_FUNCTION &&
2717 !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
2718 ZEND_VM_DISPATCH_TO_HELPER(zend_send_by_var_helper);
2719 }
2720
2721 SEPARATE_ZVAL_TO_MAKE_IS_REF(varptr_ptr);
2722 varptr = *varptr_ptr;
2723 Z_ADDREF_P(varptr);
2724 zend_vm_stack_push(varptr TSRMLS_CC);
2725
2726 FREE_OP1_VAR_PTR();
2727 ZEND_VM_NEXT_OPCODE();
2728 }
2729
2730 ZEND_VM_HANDLER(66, ZEND_SEND_VAR, VAR|CV, ANY)
2731 {
2732 zend_op *opline = EX(opline);
2733
2734 if ((opline->extended_value == ZEND_DO_FCALL_BY_NAME)
2735 && ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
2736 ZEND_VM_DISPATCH_TO_HANDLER(ZEND_SEND_REF);
2737 }
2738 ZEND_VM_DISPATCH_TO_HELPER(zend_send_by_var_helper);
2739 }
2740
2741 ZEND_VM_HANDLER(63, ZEND_RECV, ANY, ANY)
2742 {
2743 zend_op *opline = EX(opline);
2744 zend_uint arg_num = Z_LVAL(opline->op1.u.constant);
2745 zval **param = zend_vm_stack_get_arg(arg_num TSRMLS_CC);
2746
2747 if (param == NULL) {
2748 char *space;
2749 char *class_name = get_active_class_name(&space TSRMLS_CC);
2750 zend_execute_data *ptr = EX(prev_execute_data);
2751
2752 if (zend_verify_arg_type((zend_function *) EG(active_op_array), arg_num, NULL, opline->extended_value TSRMLS_CC)) {
2753 if(ptr && ptr->op_array) {
2754 zend_error(E_WARNING, "Missing argument %ld for %s%s%s(), called in %s on line %d and defined", opline->op1.u.constant.value.lval, class_name, space, get_active_function_name(TSRMLS_C), ptr->op_array->filename, ptr->opline->lineno);
2755 } else {
2756 zend_error(E_WARNING, "Missing argument %ld for %s%s%s()", opline->op1.u.constant.value.lval, class_name, space, get_active_function_name(TSRMLS_C));
2757 }
2758 }
2759 if (opline->result.op_type == IS_VAR) {
2760 PZVAL_UNLOCK_FREE(*EX_T(opline->result.u.var).var.ptr_ptr);
2761 }
2762 } else {
2763 zend_free_op free_res;
2764 zval **var_ptr;
2765
2766 zend_verify_arg_type((zend_function *) EG(active_op_array), arg_num, *param, opline->extended_value TSRMLS_CC);
2767 var_ptr = get_zval_ptr_ptr(&opline->result, EX(Ts), &free_res, BP_VAR_W);
2768 Z_DELREF_PP(var_ptr);
2769 *var_ptr = *param;
2770 Z_ADDREF_PP(var_ptr);
2771 }
2772
2773 ZEND_VM_NEXT_OPCODE();
2774 }
2775
2776 ZEND_VM_HANDLER(64, ZEND_RECV_INIT, ANY, CONST)
2777 {
2778 zend_op *opline = EX(opline);
2779 zval *assignment_value;
2780 zend_uint arg_num = Z_LVAL(opline->op1.u.constant);
2781 zend_free_op free_res;
2782 zval **param = zend_vm_stack_get_arg(arg_num TSRMLS_CC);
2783 zval **var_ptr;
2784
2785 if (param == NULL) {
2786 ALLOC_ZVAL(assignment_value);
2787 *assignment_value = opline->op2.u.constant;
2788 if ((Z_TYPE(opline->op2.u.constant) & IS_CONSTANT_TYPE_MASK) == IS_CONSTANT || Z_TYPE(opline->op2.u.constant)==IS_CONSTANT_ARRAY) {
2789 Z_SET_REFCOUNT_P(assignment_value, 1);
2790 zval_update_constant(&assignment_value, 0 TSRMLS_CC);
2791 } else {
2792 zval_copy_ctor(assignment_value);
2793 }
2794 INIT_PZVAL(assignment_value);
2795 } else {
2796 assignment_value = *param;
2797 Z_ADDREF_P(assignment_value);
2798 }
2799
2800 zend_verify_arg_type((zend_function *) EG(active_op_array), arg_num, assignment_value, opline->extended_value TSRMLS_CC);
2801 var_ptr = get_zval_ptr_ptr(&opline->result, EX(Ts), &free_res, BP_VAR_W);
2802 Z_DELREF_PP(var_ptr);
2803 *var_ptr = assignment_value;
2804
2805 ZEND_VM_NEXT_OPCODE();
2806 }
2807
2808 ZEND_VM_HANDLER(52, ZEND_BOOL, CONST|TMP|VAR|CV, ANY)
2809 {
2810 zend_op *opline = EX(opline);
2811 zend_free_op free_op1;
2812
2813 /* PHP 3.0 returned "" for false and 1 for true, here we use 0 and 1 for now */
2814 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = i_zend_is_true(GET_OP1_ZVAL_PTR(BP_VAR_R));
2815 Z_TYPE(EX_T(opline->result.u.var).tmp_var) = IS_BOOL;
2816 FREE_OP1();
2817
2818 ZEND_VM_NEXT_OPCODE();
2819 }
2820
2821 ZEND_VM_HANDLER(50, ZEND_BRK, ANY, CONST|TMP|VAR|CV)
2822 {
2823 zend_op *opline = EX(opline);
2824 zend_free_op free_op2;
2825 zend_brk_cont_element *el;
2826
2827 el = zend_brk_cont(GET_OP2_ZVAL_PTR(BP_VAR_R), opline->op1.u.opline_num,
2828 EX(op_array), EX(Ts) TSRMLS_CC);
2829 FREE_OP2();
2830 ZEND_VM_JMP(EX(op_array)->opcodes + el->brk);
2831 }
2832
2833 ZEND_VM_HANDLER(51, ZEND_CONT, ANY, CONST|TMP|VAR|CV)
2834 {
2835 zend_op *opline = EX(opline);
2836 zend_free_op free_op2;
2837 zend_brk_cont_element *el;
2838
2839 el = zend_brk_cont(GET_OP2_ZVAL_PTR(BP_VAR_R), opline->op1.u.opline_num,
2840 EX(op_array), EX(Ts) TSRMLS_CC);
2841 FREE_OP2();
2842 ZEND_VM_JMP(EX(op_array)->opcodes + el->cont);
2843 }
2844
2845 ZEND_VM_HANDLER(100, ZEND_GOTO, ANY, CONST)
2846 {
2847 zend_op *brk_opline;
2848 zend_op *opline = EX(opline);
2849 zend_brk_cont_element *el;
2850
2851 el = zend_brk_cont(&opline->op2.u.constant, opline->extended_value,
2852 EX(op_array), EX(Ts) TSRMLS_CC);
2853
2854 brk_opline = EX(op_array)->opcodes + el->brk;
2855
2856 switch (brk_opline->opcode) {
2857 case ZEND_SWITCH_FREE:
2858 if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
2859 zend_switch_free(&EX_T(brk_opline->op1.u.var), brk_opline->extended_value TSRMLS_CC);
2860 }
2861 break;
2862 case ZEND_FREE:
2863 if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
2864 zendi_zval_dtor(EX_T(brk_opline->op1.u.var).tmp_var);
2865 }
2866 break;
2867 }
2868 ZEND_VM_JMP(opline->op1.u.jmp_addr);
2869 }
2870
2871 ZEND_VM_HANDLER(48, ZEND_CASE, CONST|TMP|VAR|CV, CONST|TMP|VAR|CV)
2872 {
2873 zend_op *opline = EX(opline);
2874 int switch_expr_is_overloaded=0;
2875 zend_free_op free_op1, free_op2;
2876
2877 if (OP1_TYPE==IS_VAR) {
2878 if (EX_T(opline->op1.u.var).var.ptr_ptr) {
2879 PZVAL_LOCK(EX_T(opline->op1.u.var).var.ptr);
2880 } else {
2881 switch_expr_is_overloaded = 1;
2882 Z_ADDREF_P(EX_T(opline->op1.u.var).str_offset.str);
2883 }
2884 }
2885 is_equal_function(&EX_T(opline->result.u.var).tmp_var,
2886 GET_OP1_ZVAL_PTR(BP_VAR_R),
2887 GET_OP2_ZVAL_PTR(BP_VAR_R) TSRMLS_CC);
2888
2889 FREE_OP2();
2890 if (switch_expr_is_overloaded) {
2891 /* We only free op1 if this is a string offset,
2892 * Since if it is a TMP_VAR, it'll be reused by
2893 * other CASE opcodes (whereas string offsets
2894 * are allocated at each get_zval_ptr())
2895 */
2896 FREE_OP1();
2897 EX_T(opline->op1.u.var).var.ptr_ptr = NULL;
2898 EX_T(opline->op1.u.var).var.ptr = NULL;
2899 }
2900 ZEND_VM_NEXT_OPCODE();
2901 }
2902
2903 ZEND_VM_HANDLER(49, ZEND_SWITCH_FREE, VAR, ANY)
2904 {
2905 zend_op *opline = EX(opline);
2906
2907 zend_switch_free(&EX_T(opline->op1.u.var), opline->extended_value TSRMLS_CC);
2908 ZEND_VM_NEXT_OPCODE();
2909 }
2910
2911 ZEND_VM_HANDLER(68, ZEND_NEW, ANY, ANY)
2912 {
2913 zend_op *opline = EX(opline);
2914 zval *object_zval;
2915 zend_function *constructor;
2916
2917 if (EX_T(opline->op1.u.var).class_entry->ce_flags & (ZEND_ACC_INTERFACE|ZEND_ACC_IMPLICIT_ABSTRACT_CLASS|ZEND_ACC_EXPLICIT_ABSTRACT_CLASS)) {
2918 char *class_type;
2919
2920 if (EX_T(opline->op1.u.var).class_entry->ce_flags & ZEND_ACC_INTERFACE) {
2921 class_type = "interface";
2922 } else {
2923 class_type = "abstract class";
2924 }
2925 zend_error_noreturn(E_ERROR, "Cannot instantiate %s %s", class_type, EX_T(opline->op1.u.var).class_entry->name);
2926 }
2927 ALLOC_ZVAL(object_zval);
2928 object_init_ex(object_zval, EX_T(opline->op1.u.var).class_entry);
2929 INIT_PZVAL(object_zval);
2930
2931 constructor = Z_OBJ_HT_P(object_zval)->get_constructor(object_zval TSRMLS_CC);
2932
2933 if (constructor == NULL) {
2934 if (RETURN_VALUE_USED(opline)) {
2935 AI_SET_PTR(EX_T(opline->result.u.var).var, object_zval);
2936 } else {
2937 zval_ptr_dtor(&object_zval);
2938 }
2939 ZEND_VM_JMP(EX(op_array)->opcodes + opline->op2.u.opline_num);
2940 } else {
2941 if (RETURN_VALUE_USED(opline)) {
2942 AI_SET_PTR(EX_T(opline->result.u.var).var, object_zval);
2943 PZVAL_LOCK(object_zval);
2944 }
2945
2946 zend_ptr_stack_3_push(&EG(arg_types_stack), EX(fbc), EX(object), ENCODE_CTOR(EX(called_scope), RETURN_VALUE_USED(opline)));
2947
2948 /* We are not handling overloaded classes right now */
2949 EX(object) = object_zval;
2950 EX(fbc) = constructor;
2951 EX(called_scope) = EX_T(opline->op1.u.var).class_entry;
2952
2953 ZEND_VM_NEXT_OPCODE();
2954 }
2955 }
2956
2957 ZEND_VM_HANDLER(110, ZEND_CLONE, CONST|TMP|VAR|UNUSED|CV, ANY)
2958 {
2959 zend_op *opline = EX(opline);
2960 zend_free_op free_op1;
2961 zval *obj = GET_OP1_OBJ_ZVAL_PTR(BP_VAR_R);
2962 zend_class_entry *ce;
2963 zend_function *clone;
2964 zend_object_clone_obj_t clone_call;
2965
2966 if (OP1_TYPE == IS_CONST ||
2967 (OP1_TYPE == IS_VAR && !obj) ||
2968 Z_TYPE_P(obj) != IS_OBJECT) {
2969 zend_error_noreturn(E_ERROR, "__clone method called on non-object");
2970 }
2971
2972 ce = Z_OBJCE_P(obj);
2973 clone = ce ? ce->clone : NULL;
2974 clone_call = Z_OBJ_HT_P(obj)->clone_obj;
2975 if (!clone_call) {
2976 if (ce) {
2977 zend_error_noreturn(E_ERROR, "Trying to clone an uncloneable object of class %s", ce->name);
2978 } else {
2979 zend_error_noreturn(E_ERROR, "Trying to clone an uncloneable object");
2980 }
2981 }
2982
2983 if (ce && clone) {
2984 if (clone->op_array.fn_flags & ZEND_ACC_PRIVATE) {
2985 /* Ensure that if we're calling a private function, we're allowed to do so.
2986 */
2987 if (ce != EG(scope)) {
2988 zend_error_noreturn(E_ERROR, "Call to private %s::__clone() from context '%s'", ce->name, EG(scope) ? EG(scope)->name : "");
2989 }
2990 } else if ((clone->common.fn_flags & ZEND_ACC_PROTECTED)) {
2991 /* Ensure that if we're calling a protected function, we're allowed to do so.
2992 */
2993 if (!zend_check_protected(clone->common.scope, EG(scope))) {
2994 zend_error_noreturn(E_ERROR, "Call to protected %s::__clone() from context '%s'", ce->name, EG(scope) ? EG(scope)->name : "");
2995 }
2996 }
2997 }
2998
2999 EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
3000 if (!EG(exception)) {
3001 ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
3002 Z_OBJVAL_P(EX_T(opline->result.u.var).var.ptr) = clone_call(obj TSRMLS_CC);
3003 Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_OBJECT;
3004 Z_SET_REFCOUNT_P(EX_T(opline->result.u.var).var.ptr, 1);
3005 Z_SET_ISREF_P(EX_T(opline->result.u.var).var.ptr);
3006 if (!RETURN_VALUE_USED(opline) || EG(exception)) {
3007 zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr);
3008 }
3009 }
3010 FREE_OP1_IF_VAR();
3011 ZEND_VM_NEXT_OPCODE();
3012 }
3013
3014 ZEND_VM_HANDLER(99, ZEND_FETCH_CONSTANT, VAR|CONST|UNUSED, CONST)
3015 {
3016 zend_op *opline = EX(opline);
3017
3018 if (OP1_TYPE == IS_UNUSED) {
3019 /* namespaced constant */
3020 if (!zend_get_constant_ex(Z_STRVAL(opline->op2.u.constant), Z_STRLEN(opline->op2.u.constant), &EX_T(opline->result.u.var).tmp_var, NULL, opline->extended_value TSRMLS_CC)) {
3021 if ((opline->extended_value & IS_CONSTANT_UNQUALIFIED) != 0) {
3022 char *actual = (char *)zend_memrchr(Z_STRVAL(opline->op2.u.constant), '\\', Z_STRLEN(opline->op2.u.constant));
3023 if(!actual) {
3024 actual = Z_STRVAL(opline->op2.u.constant);
3025 } else {
3026 actual++;
3027 }
3028 /* non-qualified constant - allow text substitution */
3029 zend_error(E_NOTICE, "Use of undefined constant %s - assumed '%s'", actual, actual);
3030 ZVAL_STRINGL(&EX_T(opline->result.u.var).tmp_var, actual, Z_STRLEN(opline->op2.u.constant)-(actual - Z_STRVAL(opline->op2.u.constant)), 1);
3031 } else {
3032 zend_error_noreturn(E_ERROR, "Undefined constant '%s'",
3033 Z_STRVAL(opline->op2.u.constant), Z_STRVAL(opline->op2.u.constant));
3034 }
3035 }
3036 ZEND_VM_NEXT_OPCODE();
3037 } else {
3038 /* class constant */
3039 zend_class_entry *ce;
3040 zval **value;
3041
3042 if (OP1_TYPE == IS_CONST) {
3043
3044 ce = zend_fetch_class(Z_STRVAL(opline->op1.u.constant), Z_STRLEN(opline->op1.u.constant), opline->extended_value TSRMLS_CC);
3045 if (UNEXPECTED(EG(exception) != NULL)) {
3046 ZEND_VM_CONTINUE();
3047 }
3048 if (!ce) {
3049 zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL(opline->op2.u.constant));
3050 }
3051 } else {
3052 ce = EX_T(opline->op1.u.var).class_entry;
3053 }
3054
3055 if (zend_hash_find(&ce->constants_table, Z_STRVAL(opline->op2.u.constant), Z_STRLEN(opline->op2.u.constant)+1, (void **) &value) == SUCCESS) {
3056 if (Z_TYPE_PP(value) == IS_CONSTANT_ARRAY ||
3057 (Z_TYPE_PP(value) & IS_CONSTANT_TYPE_MASK) == IS_CONSTANT) {
3058 zend_class_entry *old_scope = EG(scope);
3059
3060 EG(scope) = ce;
3061 zval_update_constant(value, (void *) 1 TSRMLS_CC);
3062 EG(scope) = old_scope;
3063 }
3064 EX_T(opline->result.u.var).tmp_var = **value;
3065 zval_copy_ctor(&EX_T(opline->result.u.var).tmp_var);
3066 } else {
3067 zend_error_noreturn(E_ERROR, "Undefined class constant '%s'", Z_STRVAL(opline->op2.u.constant));
3068 }
3069
3070 ZEND_VM_NEXT_OPCODE();
3071 }
3072 }
3073
3074 ZEND_VM_HANDLER(72, ZEND_ADD_ARRAY_ELEMENT, CONST|TMP|VAR|CV, CONST|TMP|VAR|UNUSED|CV)
3075 {
3076 zend_op *opline = EX(opline);
3077 zend_free_op free_op1, free_op2;
3078 zval *array_ptr = &EX_T(opline->result.u.var).tmp_var;
3079 zval *expr_ptr;
3080 zval *offset=GET_OP2_ZVAL_PTR(BP_VAR_R);
3081
3082 #if !defined(ZEND_VM_SPEC) || OP1_TYPE == IS_VAR || OP1_TYPE == IS_CV
3083 zval **expr_ptr_ptr = NULL;
3084
3085 if (opline->extended_value) {
3086 expr_ptr_ptr=GET_OP1_ZVAL_PTR_PTR(BP_VAR_W);
3087 expr_ptr = *expr_ptr_ptr;
3088 } else {
3089 expr_ptr=GET_OP1_ZVAL_PTR(BP_VAR_R);
3090 }
3091 #else
3092 expr_ptr=GET_OP1_ZVAL_PTR(BP_VAR_R);
3093 #endif
3094
3095 if (IS_OP1_TMP_FREE()) { /* temporary variable */
3096 zval *new_expr;
3097
3098 ALLOC_ZVAL(new_expr);
3099 INIT_PZVAL_COPY(new_expr, expr_ptr);
3100 expr_ptr = new_expr;
3101 } else {
3102 #if !defined(ZEND_VM_SPEC) || OP1_TYPE == IS_VAR || OP1_TYPE == IS_CV
3103 if (opline->extended_value) {
3104 SEPARATE_ZVAL_TO_MAKE_IS_REF(expr_ptr_ptr);
3105 expr_ptr = *expr_ptr_ptr;
3106 Z_ADDREF_P(expr_ptr);
3107 } else
3108 #endif
3109 if (OP1_TYPE == IS_CONST || PZVAL_IS_REF(expr_ptr)) {
3110 zval *new_expr;
3111
3112 ALLOC_ZVAL(new_expr);
3113 INIT_PZVAL_COPY(new_expr, expr_ptr);
3114 expr_ptr = new_expr;
3115 zendi_zval_copy_ctor(*expr_ptr);
3116 } else {
3117 Z_ADDREF_P(expr_ptr);
3118 }
3119 }
3120 if (offset) {
3121 switch (Z_TYPE_P(offset)) {
3122 case IS_DOUBLE:
3123 zend_hash_index_update(Z_ARRVAL_P(array_ptr), zend_dval_to_lval(Z_DVAL_P(offset)), &expr_ptr, sizeof(zval *), NULL);
3124 break;
3125 case IS_LONG:
3126 case IS_BOOL:
3127 zend_hash_index_update(Z_ARRVAL_P(array_ptr), Z_LVAL_P(offset), &expr_ptr, sizeof(zval *), NULL);
3128 break;
3129 case IS_STRING:
3130 zend_symtable_update(Z_ARRVAL_P(array_ptr), Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, &expr_ptr, sizeof(zval *), NULL);
3131 break;
3132 case IS_NULL:
3133 zend_hash_update(Z_ARRVAL_P(array_ptr), "", sizeof(""), &expr_ptr, sizeof(zval *), NULL);
3134 break;
3135 default:
3136 zend_error(E_WARNING, "Illegal offset type");
3137 zval_ptr_dtor(&expr_ptr);
3138 /* do nothing */
3139 break;
3140 }
3141 FREE_OP2();
3142 } else {
3143 zend_hash_next_index_insert(Z_ARRVAL_P(array_ptr), &expr_ptr, sizeof(zval *), NULL);
3144 }
3145 if (opline->extended_value) {
3146 FREE_OP1_VAR_PTR();
3147 } else {
3148 FREE_OP1_IF_VAR();
3149 }
3150 ZEND_VM_NEXT_OPCODE();
3151 }
3152
3153 ZEND_VM_HANDLER(71, ZEND_INIT_ARRAY, CONST|TMP|VAR|UNUSED|CV, CONST|TMP|VAR|UNUSED|CV)
3154 {
3155 zend_op *opline = EX(opline);
3156
3157 array_init(&EX_T(opline->result.u.var).tmp_var);
3158 if (OP1_TYPE == IS_UNUSED) {
3159 ZEND_VM_NEXT_OPCODE();
3160 #if !defined(ZEND_VM_SPEC) || OP1_TYPE != IS_UNUSED
3161 } else {
3162 ZEND_VM_DISPATCH_TO_HANDLER(ZEND_ADD_ARRAY_ELEMENT);
3163 #endif
3164 }
3165 }
3166
3167 ZEND_VM_HANDLER(21, ZEND_CAST, CONST|TMP|VAR|CV, ANY)
3168 {
3169 zend_op *opline = EX(opline);
3170 zend_free_op free_op1;
3171 zval *expr = GET_OP1_ZVAL_PTR(BP_VAR_R);
3172 zval *result = &EX_T(opline->result.u.var).tmp_var;
3173
3174 if (opline->extended_value != IS_STRING) {
3175 *result = *expr;
3176 if (!IS_OP1_TMP_FREE()) {
3177 zendi_zval_copy_ctor(*result);
3178 }
3179 }
3180 switch (opline->extended_value) {
3181 case IS_NULL:
3182 convert_to_null(result);
3183 break;
3184 case IS_BOOL:
3185 convert_to_boolean(result);
3186 break;
3187 case IS_LONG:
3188 convert_to_long(result);
3189 break;
3190 case IS_DOUBLE:
3191 convert_to_double(result);
3192 break;
3193 case IS_STRING: {
3194 zval var_copy;
3195 int use_copy;
3196
3197 zend_make_printable_zval(expr, &var_copy, &use_copy);
3198 if (use_copy) {
3199 *result = var_copy;
3200 if (IS_OP1_TMP_FREE()) {
3201 FREE_OP1();
3202 }
3203 } else {
3204 *result = *expr;
3205 if (!IS_OP1_TMP_FREE()) {
3206 zendi_zval_copy_ctor(*result);
3207 }
3208 }
3209 break;
3210 }
3211 case IS_ARRAY:
3212 convert_to_array(result);
3213 break;
3214 case IS_OBJECT:
3215 convert_to_object(result);
3216 break;
3217 }
3218 FREE_OP1_IF_VAR();
3219 ZEND_VM_NEXT_OPCODE();
3220 }
3221
3222 ZEND_VM_HANDLER(73, ZEND_INCLUDE_OR_EVAL, CONST|TMP|VAR|CV, ANY)
3223 {
3224 zend_op *opline = EX(opline);
3225 zend_op_array *new_op_array=NULL;
3226 int return_value_used;
3227 zend_free_op free_op1;
3228 zval *inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R);
3229 zval *tmp_inc_filename = NULL;
3230 zend_bool failure_retval=0;
3231
3232 if (inc_filename->type!=IS_STRING) {
3233 MAKE_STD_ZVAL(tmp_inc_filename);
3234 *tmp_inc_filename = *inc_filename;
3235 zval_copy_ctor(tmp_inc_filename);
3236 convert_to_string(tmp_inc_filename);
3237 inc_filename = tmp_inc_filename;
3238 }
3239
3240 return_value_used = RETURN_VALUE_USED(opline);
3241
3242 if (Z_LVAL(opline->op2.u.constant) != ZEND_EVAL && strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
3243 if (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE || Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE) {
3244 zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
3245 } else {
3246 zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
3247 }
3248 } else {
3249 switch (Z_LVAL(opline->op2.u.constant)) {
3250 case ZEND_INCLUDE_ONCE:
3251 case ZEND_REQUIRE_ONCE: {
3252 zend_file_handle file_handle;
3253 char *resolved_path;
3254
3255 resolved_path = zend_resolve_path(Z_STRVAL_P(inc_filename), Z_STRLEN_P(inc_filename) TSRMLS_CC);
3256 if (resolved_path) {
3257 failure_retval = zend_hash_exists(&EG(included_files), resolved_path, strlen(resolved_path)+1);
3258 } else {
3259 resolved_path = Z_STRVAL_P(inc_filename);
3260 }
3261
3262 if (failure_retval) {
3263 /* do nothing, file already included */
3264 } else if (SUCCESS == zend_stream_open(resolved_path, &file_handle TSRMLS_CC)) {
3265
3266 if (!file_handle.opened_path) {
3267 file_handle.opened_path = estrdup(resolved_path);
3268 }
3269
3270 if (zend_hash_add_empty_element(&EG(included_files), file_handle.opened_path, strlen(file_handle.opened_path)+1)==SUCCESS) {
3271 new_op_array = zend_compile_file(&file_handle, (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE?ZEND_INCLUDE:ZEND_REQUIRE) TSRMLS_CC);
3272 zend_destroy_file_handle(&file_handle TSRMLS_CC);
3273 } else {
3274 zend_file_handle_dtor(&file_handle TSRMLS_CC);
3275 failure_retval=1;
3276 }
3277 } else {
3278 if (Z_LVAL(opline->op2.u.constant)==ZEND_INCLUDE_ONCE) {
3279 zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
3280 } else {
3281 zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, Z_STRVAL_P(inc_filename) TSRMLS_CC);
3282 }
3283 }
3284 if (resolved_path != Z_STRVAL_P(inc_filename)) {
3285 efree(resolved_path);
3286 }
3287 }
3288 break;
3289 case ZEND_INCLUDE:
3290 case ZEND_REQUIRE:
3291 new_op_array = compile_filename(Z_LVAL(opline->op2.u.constant), inc_filename TSRMLS_CC);
3292 break;
3293 case ZEND_EVAL: {
3294 char *eval_desc = zend_make_compiled_string_description("eval()'d code" TSRMLS_CC);
3295
3296 new_op_array = zend_compile_string(inc_filename, eval_desc TSRMLS_CC);
3297 efree(eval_desc);
3298 }
3299 break;
3300 EMPTY_SWITCH_DEFAULT_CASE()
3301 }
3302 }
3303 if (tmp_inc_filename) {
3304 zval_ptr_dtor(&tmp_inc_filename);
3305 }
3306 FREE_OP1();
3307 EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
3308 if (new_op_array && !EG(exception)) {
3309 EX(original_return_value) = EG(return_value_ptr_ptr);
3310 EG(return_value_ptr_ptr) = return_value_used ? EX_T(opline->result.u.var).var.ptr_ptr : NULL;
3311 EG(active_op_array) = new_op_array;
3312 EX_T(opline->result.u.var).var.ptr = NULL;
3313
3314 EX(current_object) = EX(object);
3315
3316 EX(function_state).function = (zend_function *) new_op_array;
3317 EX(object) = NULL;
3318
3319 if (!EG(active_symbol_table)) {
3320 zend_rebuild_symbol_table(TSRMLS_C);
3321 }
3322
3323 if (zend_execute == execute) {
3324 EX(call_opline) = opline;
3325 ZEND_VM_ENTER();
3326 } else {
3327 zend_execute(new_op_array TSRMLS_CC);
3328 }
3329
3330 EX(function_state).function = (zend_function *) EX(op_array);
3331 EX(object) = EX(current_object);
3332
3333 if (return_value_used) {
3334 if (!EX_T(opline->result.u.var).var.ptr) { /* there was no return statement */
3335 ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
3336 INIT_PZVAL(EX_T(opline->result.u.var).var.ptr);
3337 Z_LVAL_P(EX_T(opline->result.u.var).var.ptr) = 1;
3338 Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_BOOL;
3339 }
3340 }
3341
3342 EG(opline_ptr) = &EX(opline);
3343 EG(active_op_array) = EX(op_array);
3344 EG(return_value_ptr_ptr) = EX(original_return_value);
3345 destroy_op_array(new_op_array TSRMLS_CC);
3346 efree(new_op_array);
3347 if (EG(exception)) {
3348 zend_throw_exception_internal(NULL TSRMLS_CC);
3349 }
3350 } else {
3351 if (return_value_used) {
3352 ALLOC_ZVAL(EX_T(opline->result.u.var).var.ptr);
3353 INIT_ZVAL(*EX_T(opline->result.u.var).var.ptr);
3354 Z_LVAL_P(EX_T(opline->result.u.var).var.ptr) = failure_retval;
3355 Z_TYPE_P(EX_T(opline->result.u.var).var.ptr) = IS_BOOL;
3356 }
3357 }
3358 ZEND_VM_NEXT_OPCODE();
3359 }
3360
3361 ZEND_VM_HANDLER(74, ZEND_UNSET_VAR, CONST|TMP|VAR|CV, ANY)
3362 {
3363 zend_op *opline = EX(opline);
3364 zval tmp, *varname;
3365 HashTable *target_symbol_table;
3366 zend_free_op free_op1;
3367
3368 if (OP1_TYPE == IS_CV && (opline->extended_value & ZEND_QUICK_SET)) {
3369 if (EG(active_symbol_table)) {
3370 zend_execute_data *ex = EX(prev_execute_data);
3371 zend_compiled_variable *cv = &CV_DEF_OF(opline->op1.u.var);
3372
3373 if (zend_hash_quick_del(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value) == SUCCESS) {
3374 while (ex && ex->symbol_table == EG(active_symbol_table)) {
3375 int i;
3376
3377 if (ex->op_array) {
3378 for (i = 0; i < ex->op_array->last_var; i++) {
3379 if (ex->op_array->vars[i].hash_value == cv->hash_value &&
3380 ex->op_array->vars[i].name_len == cv->name_len &&
3381 !memcmp(ex->op_array->vars[i].name, cv->name, cv->name_len)) {
3382 ex->CVs[i] = NULL;
3383 break;
3384 }
3385 }
3386 }
3387 ex = ex->prev_execute_data;
3388 }
3389 }
3390 EX(CVs)[opline->op1.u.var] = NULL;
3391 } else if (EX(CVs)[opline->op1.u.var]) {
3392 zval_ptr_dtor(EX(CVs)[opline->op1.u.var]);
3393 EX(CVs)[opline->op1.u.var] = NULL;
3394 }
3395 ZEND_VM_NEXT_OPCODE();
3396 }
3397
3398 varname = GET_OP1_ZVAL_PTR(BP_VAR_R);
3399
3400 if (Z_TYPE_P(varname) != IS_STRING) {
3401 tmp = *varname;
3402 zval_copy_ctor(&tmp);
3403 convert_to_string(&tmp);
3404 varname = &tmp;
3405 } else if (OP1_TYPE == IS_VAR || OP1_TYPE == IS_CV) {
3406 Z_ADDREF_P(varname);
3407 }
3408
3409 if (opline->op2.u.EA.type == ZEND_FETCH_STATIC_MEMBER) {
3410 zend_std_unset_static_property(EX_T(opline->op2.u.var).class_entry, Z_STRVAL_P(varname), Z_STRLEN_P(varname) TSRMLS_CC);
3411 } else {
3412 ulong hash_value = zend_inline_hash_func(varname->value.str.val, varname->value.str.len+1);
3413
3414 target_symbol_table = zend_get_target_symbol_table(opline, EX(Ts), BP_VAR_IS, varname TSRMLS_CC);
3415 if (zend_hash_quick_del(target_symbol_table, varname->value.str.val, varname->value.str.len+1, hash_value) == SUCCESS) {
3416 zend_execute_data *ex = EXECUTE_DATA;
3417
3418 do {
3419 int i;
3420
3421 if (ex->op_array) {
3422 for (i = 0; i < ex->op_array->last_var; i++) {
3423 if (ex->op_array->vars[i].hash_value == hash_value &&
3424 ex->op_array->vars[i].name_len == varname->value.str.len &&
3425 !memcmp(ex->op_array->vars[i].name, varname->value.str.val, varname->value.str.len)) {
3426 ex->CVs[i] = NULL;
3427 break;
3428 }
3429 }
3430 }
3431 ex = ex->prev_execute_data;
3432 } while (ex && ex->symbol_table == target_symbol_table);
3433 }
3434 }
3435
3436 if (varname == &tmp) {
3437 zval_dtor(&tmp);
3438 } else if (OP1_TYPE == IS_VAR || OP1_TYPE == IS_CV) {
3439 zval_ptr_dtor(&varname);
3440 }
3441 FREE_OP1();
3442 ZEND_VM_NEXT_OPCODE();
3443 }
3444
3445 ZEND_VM_HANDLER(75, ZEND_UNSET_DIM, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
3446 {
3447 zend_op *opline = EX(opline);
3448 zend_free_op free_op1, free_op2;
3449 zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_UNSET);
3450 zval *offset;
3451
3452 if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) {
3453 SEPARATE_ZVAL_IF_NOT_REF(container);
3454 }
3455 offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
3456
3457 if (OP1_TYPE != IS_VAR || container) {
3458 switch (Z_TYPE_PP(container)) {
3459 case IS_ARRAY: {
3460 HashTable *ht = Z_ARRVAL_PP(container);
3461
3462 switch (Z_TYPE_P(offset)) {
3463 case IS_DOUBLE:
3464 zend_hash_index_del(ht, zend_dval_to_lval(Z_DVAL_P(offset)));
3465 break;
3466 case IS_RESOURCE:
3467 case IS_BOOL:
3468 case IS_LONG:
3469 zend_hash_index_del(ht, Z_LVAL_P(offset));
3470 break;
3471 case IS_STRING:
3472 if (OP2_TYPE == IS_CV || OP2_TYPE == IS_VAR) {
3473 Z_ADDREF_P(offset);
3474 }
3475 if (zend_symtable_del(ht, offset->value.str.val, offset->value.str.len+1) == SUCCESS &&
3476 ht == &EG(symbol_table)) {
3477 zend_execute_data *ex;
3478 ulong hash_value = zend_inline_hash_func(offset->value.str.val, offset->value.str.len+1);
3479
3480 for (ex = EXECUTE_DATA; ex; ex = ex->prev_execute_data) {
3481 if (ex->op_array && ex->symbol_table == ht) {
3482 int i;
3483
3484 for (i = 0; i < ex->op_array->last_var; i++) {
3485 if (ex->op_array->vars[i].hash_value == hash_value &&
3486 ex->op_array->vars[i].name_len == offset->value.str.len &&
3487 !memcmp(ex->op_array->vars[i].name, offset->value.str.val, offset->value.str.len)) {
3488 ex->CVs[i] = NULL;
3489 break;
3490 }
3491 }
3492 }
3493 }
3494 }
3495 if (OP2_TYPE == IS_CV || OP2_TYPE == IS_VAR) {
3496 zval_ptr_dtor(&offset);
3497 }
3498 break;
3499 case IS_NULL:
3500 zend_hash_del(ht, "", sizeof(""));
3501 break;
3502 default:
3503 zend_error(E_WARNING, "Illegal offset type in unset");
3504 break;
3505 }
3506 FREE_OP2();
3507 break;
3508 }
3509 case IS_OBJECT:
3510 if (!Z_OBJ_HT_P(*container)->unset_dimension) {
3511 zend_error_noreturn(E_ERROR, "Cannot use object as array");
3512 }
3513 if (IS_OP2_TMP_FREE()) {
3514 MAKE_REAL_ZVAL_PTR(offset);
3515 }
3516 Z_OBJ_HT_P(*container)->unset_dimension(*container, offset TSRMLS_CC);
3517 if (IS_OP2_TMP_FREE()) {
3518 zval_ptr_dtor(&offset);
3519 } else {
3520 FREE_OP2();
3521 }
3522 break;
3523 case IS_STRING:
3524 zend_error_noreturn(E_ERROR, "Cannot unset string offsets");
3525 ZEND_VM_CONTINUE(); /* bailed out before */
3526 default:
3527 FREE_OP2();
3528 break;
3529 }
3530 } else {
3531 FREE_OP2();
3532 }
3533 FREE_OP1_VAR_PTR();
3534
3535 ZEND_VM_NEXT_OPCODE();
3536 }
3537
3538 ZEND_VM_HANDLER(76, ZEND_UNSET_OBJ, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
3539 {
3540 zend_op *opline = EX(opline);
3541 zend_free_op free_op1, free_op2;
3542 zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_UNSET);
3543 zval *offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
3544
3545 if (OP1_TYPE != IS_VAR || container) {
3546 if (OP1_TYPE == IS_CV && container != &EG(uninitialized_zval_ptr)) {
3547 SEPARATE_ZVAL_IF_NOT_REF(container);
3548 }
3549 if (Z_TYPE_PP(container) == IS_OBJECT) {
3550 if (IS_OP2_TMP_FREE()) {
3551 MAKE_REAL_ZVAL_PTR(offset);
3552 }
3553 if (Z_OBJ_HT_P(*container)->unset_property) {
3554 Z_OBJ_HT_P(*container)->unset_property(*container, offset TSRMLS_CC);
3555 } else {
3556 zend_error(E_NOTICE, "Trying to unset property of non-object");
3557 }
3558 if (IS_OP2_TMP_FREE()) {
3559 zval_ptr_dtor(&offset);
3560 } else {
3561 FREE_OP2();
3562 }
3563 } else {
3564 FREE_OP2();
3565 }
3566 } else {
3567 FREE_OP2();
3568 }
3569 FREE_OP1_VAR_PTR();
3570
3571 ZEND_VM_NEXT_OPCODE();
3572 }
3573
3574 ZEND_VM_HANDLER(77, ZEND_FE_RESET, CONST|TMP|VAR|CV, ANY)
3575 {
3576 zend_op *opline = EX(opline);
3577 zend_free_op free_op1;
3578 zval *array_ptr, **array_ptr_ptr;
3579 HashTable *fe_ht;
3580 zend_object_iterator *iter = NULL;
3581 zend_class_entry *ce = NULL;
3582 zend_bool is_empty = 0;
3583
3584 if (opline->extended_value & ZEND_FE_RESET_VARIABLE) {
3585 array_ptr_ptr = GET_OP1_ZVAL_PTR_PTR(BP_VAR_R);
3586 if (array_ptr_ptr == NULL || array_ptr_ptr == &EG(uninitialized_zval_ptr)) {
3587 ALLOC_INIT_ZVAL(array_ptr);
3588 } else if (Z_TYPE_PP(array_ptr_ptr) == IS_OBJECT) {
3589 if(Z_OBJ_HT_PP(array_ptr_ptr)->get_class_entry == NULL) {
3590 zend_error(E_WARNING, "foreach() cannot iterate over objects without PHP class");
3591 ZEND_VM_JMP(EX(op_array)->opcodes+opline->op2.u.opline_num);
3592 }
3593
3594 ce = Z_OBJCE_PP(array_ptr_ptr);
3595 if (!ce || ce->get_iterator == NULL) {
3596 SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
3597 Z_ADDREF_PP(array_ptr_ptr);
3598 }
3599 array_ptr = *array_ptr_ptr;
3600 } else {
3601 if (Z_TYPE_PP(array_ptr_ptr) == IS_ARRAY) {
3602 SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
3603 if (opline->extended_value & ZEND_FE_FETCH_BYREF) {
3604 Z_SET_ISREF_PP(array_ptr_ptr);
3605 }
3606 }
3607 array_ptr = *array_ptr_ptr;
3608 Z_ADDREF_P(array_ptr);
3609 }
3610 } else {
3611 array_ptr = GET_OP1_ZVAL_PTR(BP_VAR_R);
3612 if (IS_OP1_TMP_FREE()) { /* IS_TMP_VAR */
3613 zval *tmp;
3614
3615 ALLOC_ZVAL(tmp);
3616 INIT_PZVAL_COPY(tmp, array_ptr);
3617 array_ptr = tmp;
3618 if (Z_TYPE_P(array_ptr) == IS_OBJECT) {
3619 ce = Z_OBJCE_P(array_ptr);
3620 if (ce && ce->get_iterator) {
3621 Z_DELREF_P(array_ptr);
3622 }
3623 }
3624 } else if (Z_TYPE_P(array_ptr) == IS_OBJECT) {
3625 ce = Z_OBJCE_P(array_ptr);
3626 if (!ce || !ce->get_iterator) {
3627 Z_ADDREF_P(array_ptr);
3628 }
3629 } else if (OP1_TYPE == IS_CONST ||
3630 ((OP1_TYPE == IS_CV || OP1_TYPE == IS_VAR) &&
3631 !Z_ISREF_P(array_ptr) &&
3632 Z_REFCOUNT_P(array_ptr) > 1)) {
3633 zval *tmp;
3634
3635 ALLOC_ZVAL(tmp);
3636 INIT_PZVAL_COPY(tmp, array_ptr);
3637 zval_copy_ctor(tmp);
3638 array_ptr = tmp;
3639 } else {
3640 Z_ADDREF_P(array_ptr);
3641 }
3642 }
3643
3644 if (ce && ce->get_iterator) {
3645 iter = ce->get_iterator(ce, array_ptr, opline->extended_value & ZEND_FE_RESET_REFERENCE TSRMLS_CC);
3646
3647 if (iter && !EG(exception)) {
3648 array_ptr = zend_iterator_wrap(iter TSRMLS_CC);
3649 } else {
3650 if (opline->extended_value & ZEND_FE_RESET_VARIABLE) {
3651 FREE_OP1_VAR_PTR();
3652 } else {
3653 FREE_OP1_IF_VAR();
3654 }
3655 if (!EG(exception)) {
3656 zend_throw_exception_ex(NULL, 0 TSRMLS_CC, "Object of type %s did not create an Iterator", ce->name);
3657 }
3658 zend_throw_exception_internal(NULL TSRMLS_CC);
3659 ZEND_VM_NEXT_OPCODE();
3660 }
3661 }
3662
3663 AI_SET_PTR(EX_T(opline->result.u.var).var, array_ptr);
3664 PZVAL_LOCK(array_ptr);
3665
3666 if (iter) {
3667 iter->index = 0;
3668 if (iter->funcs->rewind) {
3669 iter->funcs->rewind(iter TSRMLS_CC);
3670 if (EG(exception)) {
3671 Z_DELREF_P(array_ptr);
3672 zval_ptr_dtor(&array_ptr);
3673 if (opline->extended_value & ZEND_FE_RESET_VARIABLE) {
3674 FREE_OP1_VAR_PTR();
3675 } else {
3676 FREE_OP1_IF_VAR();
3677 }
3678 ZEND_VM_NEXT_OPCODE();
3679 }
3680 }
3681 is_empty = iter->funcs->valid(iter TSRMLS_CC) != SUCCESS;
3682 if (EG(exception)) {
3683 Z_DELREF_P(array_ptr);
3684 zval_ptr_dtor(&array_ptr);
3685 if (opline->extended_value & ZEND_FE_RESET_VARIABLE) {
3686 FREE_OP1_VAR_PTR();
3687 } else {
3688 FREE_OP1_IF_VAR();
3689 }
3690 ZEND_VM_NEXT_OPCODE();
3691 }
3692 iter->index = -1; /* will be set to 0 before using next handler */
3693 } else if ((fe_ht = HASH_OF(array_ptr)) != NULL) {
3694 zend_hash_internal_pointer_reset(fe_ht);
3695 if (ce) {
3696 zend_object *zobj = zend_objects_get_address(array_ptr TSRMLS_CC);
3697 while (zend_hash_has_more_elements(fe_ht) == SUCCESS) {
3698 char *str_key;
3699 uint str_key_len;
3700 ulong int_key;
3701 zend_uchar key_type;
3702
3703 key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
3704 if (key_type != HASH_KEY_NON_EXISTANT &&
3705 (key_type == HASH_KEY_IS_LONG ||
3706 zend_check_property_access(zobj, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS)) {
3707 break;
3708 }
3709 zend_hash_move_forward(fe_ht);
3710 }
3711 }
3712 is_empty = zend_hash_has_more_elements(fe_ht) != SUCCESS;
3713 zend_hash_get_pointer(fe_ht, &EX_T(opline->result.u.var).fe.fe_pos);
3714 } else {
3715 zend_error(E_WARNING, "Invalid argument supplied for foreach()");
3716 is_empty = 1;
3717 }
3718
3719 if (opline->extended_value & ZEND_FE_RESET_VARIABLE) {
3720 FREE_OP1_VAR_PTR();
3721 } else {
3722 FREE_OP1_IF_VAR();
3723 }
3724 if (is_empty) {
3725 ZEND_VM_JMP(EX(op_array)->opcodes+opline->op2.u.opline_num);
3726 } else {
3727 ZEND_VM_NEXT_OPCODE();
3728 }
3729 }
3730
3731 ZEND_VM_HANDLER(78, ZEND_FE_FETCH, VAR, ANY)
3732 {
3733 zend_op *opline = EX(opline);
3734 zend_free_op free_op1;
3735 zval *array = EX_T(opline->op1.u.var).var.ptr;
3736 zval **value;
3737 char *str_key;
3738 uint str_key_len;
3739 ulong int_key;
3740 HashTable *fe_ht;
3741 zend_object_iterator *iter = NULL;
3742 int key_type = 0;
3743 zend_bool use_key = (zend_bool)(opline->extended_value & ZEND_FE_FETCH_WITH_KEY);
3744
3745 switch (zend_iterator_unwrap(array, &iter TSRMLS_CC)) {
3746 default:
3747 case ZEND_ITER_INVALID:
3748 zend_error(E_WARNING, "Invalid argument supplied for foreach()");
3749 ZEND_VM_JMP(EX(op_array)->opcodes+opline->op2.u.opline_num);
3750
3751 case ZEND_ITER_PLAIN_OBJECT: {
3752 char *class_name, *prop_name;
3753 zend_object *zobj = zend_objects_get_address(array TSRMLS_CC);
3754
3755 fe_ht = HASH_OF(array);
3756 zend_hash_set_pointer(fe_ht, &EX_T(opline->op1.u.var).fe.fe_pos);
3757 do {
3758 if (zend_hash_get_current_data(fe_ht, (void **) &value)==FAILURE) {
3759 /* reached end of iteration */
3760 ZEND_VM_JMP(EX(op_array)->opcodes+opline->op2.u.opline_num);
3761 }
3762 key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
3763
3764 zend_hash_move_forward(fe_ht);
3765 } while (key_type == HASH_KEY_NON_EXISTANT ||
3766 (key_type != HASH_KEY_IS_LONG &&
3767 zend_check_property_access(zobj, str_key, str_key_len-1 TSRMLS_CC) != SUCCESS));
3768 zend_hash_get_pointer(fe_ht, &EX_T(opline->op1.u.var).fe.fe_pos);
3769 if (use_key && key_type != HASH_KEY_IS_LONG) {
3770 zend_unmangle_property_name(str_key, str_key_len-1, &class_name, &prop_name);
3771 str_key_len = strlen(prop_name);
3772 str_key = estrndup(prop_name, str_key_len);
3773 str_key_len++;
3774 }
3775 break;
3776 }
3777
3778 case ZEND_ITER_PLAIN_ARRAY:
3779 fe_ht = HASH_OF(array);
3780 zend_hash_set_pointer(fe_ht, &EX_T(opline->op1.u.var).fe.fe_pos);
3781 if (zend_hash_get_current_data(fe_ht, (void **) &value)==FAILURE) {
3782 /* reached end of iteration */
3783 ZEND_VM_JMP(EX(op_array)->opcodes+opline->op2.u.opline_num);
3784 }
3785 if (use_key) {
3786 key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 1, NULL);
3787 }
3788 zend_hash_move_forward(fe_ht);
3789 zend_hash_get_pointer(fe_ht, &EX_T(opline->op1.u.var).fe.fe_pos);
3790 break;
3791
3792 case ZEND_ITER_OBJECT:
3793 /* !iter happens from exception */
3794 if (iter && ++iter->index > 0) {
3795 /* This could cause an endless loop if index becomes zero again.
3796 * In case that ever happens we need an additional flag. */
3797 iter->funcs->move_forward(iter TSRMLS_CC);
3798 if (EG(exception)) {
3799 Z_DELREF_P(array);
3800 zval_ptr_dtor(&array);
3801 ZEND_VM_NEXT_OPCODE();
3802 }
3803 }
3804 /* If index is zero we come from FE_RESET and checked valid() already. */
3805 if (!iter || (iter->index > 0 && iter->funcs->valid(iter TSRMLS_CC) == FAILURE)) {
3806 /* reached end of iteration */
3807 if (EG(exception)) {
3808 Z_DELREF_P(array);
3809 zval_ptr_dtor(&array);
3810 ZEND_VM_NEXT_OPCODE();
3811 }
3812 ZEND_VM_JMP(EX(op_array)->opcodes+opline->op2.u.opline_num);
3813 }
3814 iter->funcs->get_current_data(iter, &value TSRMLS_CC);
3815 if (EG(exception)) {
3816 Z_DELREF_P(array);
3817 zval_ptr_dtor(&array);
3818 ZEND_VM_NEXT_OPCODE();
3819 }
3820 if (!value) {
3821 /* failure in get_current_data */
3822 ZEND_VM_JMP(EX(op_array)->opcodes+opline->op2.u.opline_num);
3823 }
3824 if (use_key) {
3825 if (iter->funcs->get_current_key) {
3826 key_type = iter->funcs->get_current_key(iter, &str_key, &str_key_len, &int_key TSRMLS_CC);
3827 if (EG(exception)) {
3828 Z_DELREF_P(array);
3829 zval_ptr_dtor(&array);
3830 ZEND_VM_NEXT_OPCODE();
3831 }
3832 } else {
3833 key_type = HASH_KEY_IS_LONG;
3834 int_key = iter->index;
3835 }
3836 }
3837 break;
3838 }
3839
3840 if (opline->extended_value & ZEND_FE_FETCH_BYREF) {
3841 SEPARATE_ZVAL_IF_NOT_REF(value);
3842 Z_SET_ISREF_PP(value);
3843 EX_T(opline->result.u.var).var.ptr_ptr = value;
3844 Z_ADDREF_PP(value);
3845 } else {
3846 AI_SET_PTR(EX_T(opline->result.u.var).var, *value);
3847 PZVAL_LOCK(*value);
3848 }
3849
3850 if (use_key) {
3851 zend_op *op_data = opline+1;
3852 zval *key = &EX_T(op_data->result.u.var).tmp_var;
3853
3854 switch (key_type) {
3855 case HASH_KEY_IS_STRING:
3856 Z_STRVAL_P(key) = str_key;
3857 Z_STRLEN_P(key) = str_key_len-1;
3858 Z_TYPE_P(key) = IS_STRING;
3859 break;
3860 case HASH_KEY_IS_LONG:
3861 Z_LVAL_P(key) = int_key;
3862 Z_TYPE_P(key) = IS_LONG;
3863 break;
3864 default:
3865 case HASH_KEY_NON_EXISTANT:
3866 ZVAL_NULL(key);
3867 break;
3868 }
3869 }
3870
3871 ZEND_VM_INC_OPCODE();
3872 ZEND_VM_NEXT_OPCODE();
3873 }
3874
3875 ZEND_VM_HANDLER(114, ZEND_ISSET_ISEMPTY_VAR, CONST|TMP|VAR|CV, ANY)
3876 {
3877 zend_op *opline = EX(opline);
3878 zval **value;
3879 zend_bool isset = 1;
3880
3881 if (OP1_TYPE == IS_CV && (opline->extended_value & ZEND_QUICK_SET)) {
3882 if (EX(CVs)[opline->op1.u.var]) {
3883 value = EX(CVs)[opline->op1.u.var];
3884 } else if (EG(active_symbol_table)) {
3885 zend_compiled_variable *cv = &CV_DEF_OF(opline->op1.u.var);
3886
3887 if (zend_hash_quick_find(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value, (void **) &value) == FAILURE) {
3888 isset = 0;
3889 }
3890 } else {
3891 isset = 0;
3892 }
3893 } else {
3894 HashTable *target_symbol_table;
3895 zend_free_op free_op1;
3896 zval tmp, *varname = GET_OP1_ZVAL_PTR(BP_VAR_IS);
3897
3898 if (Z_TYPE_P(varname) != IS_STRING) {
3899 tmp = *varname;
3900 zval_copy_ctor(&tmp);
3901 convert_to_string(&tmp);
3902 varname = &tmp;
3903 }
3904
3905 if (opline->op2.u.EA.type == ZEND_FETCH_STATIC_MEMBER) {
3906 value = zend_std_get_static_property(EX_T(opline->op2.u.var).class_entry, Z_STRVAL_P(varname), Z_STRLEN_P(varname), 1 TSRMLS_CC);
3907 if (!value) {
3908 isset = 0;
3909 }
3910 } else {
3911 target_symbol_table = zend_get_target_symbol_table(opline, EX(Ts), BP_VAR_IS, varname TSRMLS_CC);
3912 if (zend_hash_find(target_symbol_table, varname->value.str.val, varname->value.str.len+1, (void **) &value) == FAILURE) {
3913 isset = 0;
3914 }
3915 }
3916
3917 if (varname == &tmp) {
3918 zval_dtor(&tmp);
3919 }
3920 FREE_OP1();
3921 }
3922
3923 Z_TYPE(EX_T(opline->result.u.var).tmp_var) = IS_BOOL;
3924
3925 switch (opline->extended_value & ZEND_ISSET_ISEMPTY_MASK) {
3926 case ZEND_ISSET:
3927 if (isset && Z_TYPE_PP(value) == IS_NULL) {
3928 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = 0;
3929 } else {
3930 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = isset;
3931 }
3932 break;
3933 case ZEND_ISEMPTY:
3934 if (!isset || !i_zend_is_true(*value)) {
3935 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = 1;
3936 } else {
3937 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = 0;
3938 }
3939 break;
3940 }
3941
3942 ZEND_VM_NEXT_OPCODE();
3943 }
3944
3945 ZEND_VM_HELPER_EX(zend_isset_isempty_dim_prop_obj_handler, VAR|UNUSED|CV, CONST|TMP|VAR|CV, int prop_dim)
3946 {
3947 zend_op *opline = EX(opline);
3948 zend_free_op free_op1;
3949 zval **container = GET_OP1_OBJ_ZVAL_PTR_PTR(BP_VAR_IS);
3950 zval **value = NULL;
3951 int result = 0;
3952
3953 if (OP1_TYPE != IS_VAR || container) {
3954 zend_free_op free_op2;
3955 zval *offset = GET_OP2_ZVAL_PTR(BP_VAR_R);
3956
3957 if (Z_TYPE_PP(container) == IS_ARRAY && !prop_dim) {
3958 HashTable *ht;
3959 int isset = 0;
3960
3961 ht = Z_ARRVAL_PP(container);
3962
3963 switch (Z_TYPE_P(offset)) {
3964 case IS_DOUBLE:
3965 if (zend_hash_index_find(ht, zend_dval_to_lval(Z_DVAL_P(offset)), (void **) &value) == SUCCESS) {
3966 isset = 1;
3967 }
3968 break;
3969 case IS_RESOURCE:
3970 case IS_BOOL:
3971 case IS_LONG:
3972 if (zend_hash_index_find(ht, Z_LVAL_P(offset), (void **) &value) == SUCCESS) {
3973 isset = 1;
3974 }
3975 break;
3976 case IS_STRING:
3977 if (zend_symtable_find(ht, offset->value.str.val, offset->value.str.len+1, (void **) &value) == SUCCESS) {
3978 isset = 1;
3979 }
3980 break;
3981 case IS_NULL:
3982 if (zend_hash_find(ht, "", sizeof(""), (void **) &value) == SUCCESS) {
3983 isset = 1;
3984 }
3985 break;
3986 default:
3987 zend_error(E_WARNING, "Illegal offset type in isset or empty");
3988
3989 break;
3990 }
3991
3992 switch (opline->extended_value) {
3993 case ZEND_ISSET:
3994 if (isset && Z_TYPE_PP(value) == IS_NULL) {
3995 result = 0;
3996 } else {
3997 result = isset;
3998 }
3999 break;
4000 case ZEND_ISEMPTY:
4001 if (!isset || !i_zend_is_true(*value)) {
4002 result = 0;
4003 } else {
4004 result = 1;
4005 }
4006 break;
4007 }
4008 FREE_OP2();
4009 } else if (Z_TYPE_PP(container) == IS_OBJECT) {
4010 if (IS_OP2_TMP_FREE()) {
4011 MAKE_REAL_ZVAL_PTR(offset);
4012 }
4013 if (prop_dim) {
4014 if (Z_OBJ_HT_P(*container)->has_property) {
4015 result = Z_OBJ_HT_P(*container)->has_property(*container, offset, (opline->extended_value == ZEND_ISEMPTY) TSRMLS_CC);
4016 } else {
4017 zend_error(E_NOTICE, "Trying to check property of non-object");
4018 result = 0;
4019 }
4020 } else {
4021 if (Z_OBJ_HT_P(*container)->has_dimension) {
4022 result = Z_OBJ_HT_P(*container)->has_dimension(*container, offset, (opline->extended_value == ZEND_ISEMPTY) TSRMLS_CC);
4023 } else {
4024 zend_error(E_NOTICE, "Trying to check element of non-array");
4025 result = 0;
4026 }
4027 }
4028 if (IS_OP2_TMP_FREE()) {
4029 zval_ptr_dtor(&offset);
4030 } else {
4031 FREE_OP2();
4032 }
4033 } else if ((*container)->type == IS_STRING && !prop_dim) { /* string offsets */
4034 zval tmp;
4035
4036 if (Z_TYPE_P(offset) != IS_LONG) {
4037 tmp = *offset;
4038 zval_copy_ctor(&tmp);
4039 convert_to_long(&tmp);
4040 offset = &tmp;
4041 }
4042 if (Z_TYPE_P(offset) == IS_LONG) {
4043 switch (opline->extended_value) {
4044 case ZEND_ISSET:
4045 if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container)) {
4046 result = 1;
4047 }
4048 break;
4049 case ZEND_ISEMPTY:
4050 if (offset->value.lval >= 0 && offset->value.lval < Z_STRLEN_PP(container) && Z_STRVAL_PP(container)[offset->value.lval] != '0') {
4051 result = 1;
4052 }
4053 break;
4054 }
4055 }
4056 FREE_OP2();
4057 } else {
4058 FREE_OP2();
4059 }
4060 }
4061
4062 Z_TYPE(EX_T(opline->result.u.var).tmp_var) = IS_BOOL;
4063
4064 switch (opline->extended_value) {
4065 case ZEND_ISSET:
4066 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = result;
4067 break;
4068 case ZEND_ISEMPTY:
4069 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = !result;
4070 break;
4071 }
4072
4073 FREE_OP1_VAR_PTR();
4074
4075 ZEND_VM_NEXT_OPCODE();
4076 }
4077
4078 ZEND_VM_HANDLER(115, ZEND_ISSET_ISEMPTY_DIM_OBJ, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
4079 {
4080 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_isset_isempty_dim_prop_obj_handler, prop_dim, 0);
4081 }
4082
4083 ZEND_VM_HANDLER(148, ZEND_ISSET_ISEMPTY_PROP_OBJ, VAR|UNUSED|CV, CONST|TMP|VAR|CV)
4084 {
4085 ZEND_VM_DISPATCH_TO_HELPER_EX(zend_isset_isempty_dim_prop_obj_handler, prop_dim, 1);
4086 }
4087
4088 ZEND_VM_HANDLER(79, ZEND_EXIT, CONST|TMP|VAR|UNUSED|CV, ANY)
4089 {
4090 #if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED)
4091 zend_op *opline = EX(opline);
4092 if (OP1_TYPE != IS_UNUSED) {
4093 zend_free_op free_op1;
4094 zval *ptr = GET_OP1_ZVAL_PTR(BP_VAR_R);
4095
4096 if (Z_TYPE_P(ptr) == IS_LONG) {
4097 EG(exit_status) = Z_LVAL_P(ptr);
4098 } else {
4099 zend_print_variable(ptr);
4100 }
4101 FREE_OP1();
4102 }
4103 #endif
4104 zend_bailout();
4105 ZEND_VM_NEXT_OPCODE();
4106 }
4107
4108 ZEND_VM_HANDLER(57, ZEND_BEGIN_SILENCE, ANY, ANY)
4109 {
4110 zend_op *opline = EX(opline);
4111
4112 Z_LVAL(EX_T(opline->result.u.var).tmp_var) = EG(error_reporting);
4113 Z_TYPE(EX_T(opline->result.u.var).tmp_var) = IS_LONG; /* shouldn't be necessary */
4114 if (EX(old_error_reporting) == NULL) {
4115 EX(old_error_reporting) = &EX_T(opline->result.u.var).tmp_var;
4116 }
4117
4118 if (EG(error_reporting)) {
4119 zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), "0", 1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1 TSRMLS_CC);
4120 }
4121 ZEND_VM_NEXT_OPCODE();
4122 }
4123
4124 ZEND_VM_HANDLER(142, ZEND_RAISE_ABSTRACT_ERROR, ANY, ANY)
4125 {
4126 zend_error_noreturn(E_ERROR, "Cannot call abstract method %s::%s()", EG(scope)->name, EX(op_array)->function_name);
4127 ZEND_VM_NEXT_OPCODE(); /* Never reached */
4128 }
4129
4130 ZEND_VM_HANDLER(58, ZEND_END_SILENCE, TMP, ANY)
4131 {
4132 zend_op *opline = EX(opline);
4133 zval restored_error_reporting;
4134
4135 if (!EG(error_reporting) && Z_LVAL(EX_T(opline->op1.u.var).tmp_var) != 0) {
4136 Z_TYPE(restored_error_reporting) = IS_LONG;
4137 Z_LVAL(restored_error_reporting) = Z_LVAL(EX_T(opline->op1.u.var).tmp_var);
4138 convert_to_string(&restored_error_reporting);
4139 zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1 TSRMLS_CC);
4140 zendi_zval_dtor(restored_error_reporting);
4141 }
4142 if (EX(old_error_reporting) == &EX_T(opline->op1.u.var).tmp_var) {
4143 EX(old_error_reporting) = NULL;
4144 }
4145 ZEND_VM_NEXT_OPCODE();
4146 }
4147
4148 ZEND_VM_HANDLER(152, ZEND_JMP_SET, CONST|TMP|VAR|CV, ANY)
4149 {
4150 zend_op *opline = EX(opline);
4151 zend_free_op free_op1;
4152 zval *value = GET_OP1_ZVAL_PTR(BP_VAR_R);
4153
4154 if (i_zend_is_true(value)) {
4155 EX_T(opline->result.u.var).tmp_var = *value;
4156 zendi_zval_copy_ctor(EX_T(opline->result.u.var).tmp_var);
4157 FREE_OP1();
4158 #if DEBUG_ZEND>=2
4159 printf("Conditional jmp to %d\n", opline->op2.u.opline_num);
4160 #endif
4161 ZEND_VM_JMP(opline->op2.u.jmp_addr);
4162 }
4163
4164 FREE_OP1();
4165 ZEND_VM_NEXT_OPCODE();
4166 }
4167
4168 ZEND_VM_HANDLER(22, ZEND_QM_ASSIGN, CONST|TMP|VAR|CV, ANY)
4169 {
4170 zend_op *opline = EX(opline);
4171 zend_free_op free_op1;
4172 zval *value = GET_OP1_ZVAL_PTR(BP_VAR_R);
4173
4174 EX_T(opline->result.u.var).tmp_var = *value;
4175 if (!IS_OP1_TMP_FREE()) {
4176 zval_copy_ctor(&EX_T(opline->result.u.var).tmp_var);
4177 }
4178 FREE_OP1_IF_VAR();
4179 ZEND_VM_NEXT_OPCODE();
4180 }
4181
4182 ZEND_VM_HANDLER(101, ZEND_EXT_STMT, ANY, ANY)
4183 {
4184 if (!EG(no_extensions)) {
4185 zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_statement_handler, EX(op_array) TSRMLS_CC);
4186 }
4187 ZEND_VM_NEXT_OPCODE();
4188 }
4189
4190 ZEND_VM_HANDLER(102, ZEND_EXT_FCALL_BEGIN, ANY, ANY)
4191 {
4192 if (!EG(no_extensions)) {
4193 zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_fcall_begin_handler, EX(op_array) TSRMLS_CC);
4194 }
4195 ZEND_VM_NEXT_OPCODE();
4196 }
4197
4198 ZEND_VM_HANDLER(103, ZEND_EXT_FCALL_END, ANY, ANY)
4199 {
4200 if (!EG(no_extensions)) {
4201 zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_fcall_end_handler, EX(op_array) TSRMLS_CC);
4202 }
4203 ZEND_VM_NEXT_OPCODE();
4204 }
4205
4206 ZEND_VM_HANDLER(139, ZEND_DECLARE_CLASS, ANY, ANY)
4207 {
4208 zend_op *opline = EX(opline);
4209
4210 EX_T(opline->result.u.var).class_entry = do_bind_class(opline, EG(class_table), 0 TSRMLS_CC);
4211 ZEND_VM_NEXT_OPCODE();
4212 }
4213
4214 ZEND_VM_HANDLER(140, ZEND_DECLARE_INHERITED_CLASS, ANY, ANY)
4215 {
4216 zend_op *opline = EX(opline);
4217
4218 EX_T(opline->result.u.var).class_entry = do_bind_inherited_class(opline, EG(class_table), EX_T(opline->extended_value).class_entry, 0 TSRMLS_CC);
4219 ZEND_VM_NEXT_OPCODE();
4220 }
4221
4222 ZEND_VM_HANDLER(145, ZEND_DECLARE_INHERITED_CLASS_DELAYED, ANY, ANY)
4223 {
4224 zend_op *opline = EX(opline);
4225 zend_class_entry **pce, **pce_orig;
4226
4227 if (zend_hash_find(EG(class_table), Z_STRVAL(opline->op2.u.constant), Z_STRLEN(opline->op2.u.constant)+1, (void**)&pce) == FAILURE ||
4228 (zend_hash_find(EG(class_table), Z_STRVAL(opline->op1.u.constant), Z_STRLEN(opline->op1.u.constant), (void**)&pce_orig) == SUCCESS &&
4229 *pce != *pce_orig)) {
4230 do_bind_inherited_class(opline, EG(class_table), EX_T(opline->extended_value).class_entry, 0 TSRMLS_CC);
4231 }
4232 ZEND_VM_NEXT_OPCODE();
4233 }
4234
4235 ZEND_VM_HANDLER(141, ZEND_DECLARE_FUNCTION, ANY, ANY)
4236 {
4237 do_bind_function(EX(opline), EG(function_table), 0);
4238 ZEND_VM_NEXT_OPCODE();
4239 }
4240
4241 ZEND_VM_HANDLER(105, ZEND_TICKS, CONST, ANY)
4242 {
4243 zend_op *opline = EX(opline);
4244
4245 if (++EG(ticks_count)>=Z_LVAL(opline->op1.u.constant)) {
4246 EG(ticks_count)=0;
4247 if (zend_ticks_function) {
4248 zend_ticks_function(Z_LVAL(opline->op1.u.constant));
4249 }
4250 }
4251 ZEND_VM_NEXT_OPCODE();
4252 }
4253
4254 ZEND_VM_HANDLER(138, ZEND_INSTANCEOF, TMP|VAR|CV, ANY)
4255 {
4256 zend_op *opline = EX(opline);
4257 zend_free_op free_op1;
4258 zval *expr = GET_OP1_ZVAL_PTR(BP_VAR_R);
4259 zend_bool result;
4260
4261 if (Z_TYPE_P(expr) == IS_OBJECT && Z_OBJ_HT_P(expr)->get_class_entry) {
4262 result = instanceof_function(Z_OBJCE_P(expr), EX_T(opline->op2.u.var).class_entry TSRMLS_CC);
4263 } else {
4264 result = 0;
4265 }
4266 ZVAL_BOOL(&EX_T(opline->result.u.var).tmp_var, result);
4267 FREE_OP1();
4268 ZEND_VM_NEXT_OPCODE();
4269 }
4270
4271 ZEND_VM_HANDLER(104, ZEND_EXT_NOP, ANY, ANY)
4272 {
4273 ZEND_VM_NEXT_OPCODE();
4274 }
4275
4276 ZEND_VM_HANDLER(0, ZEND_NOP, ANY, ANY)
4277 {
4278 ZEND_VM_NEXT_OPCODE();
4279 }
4280
4281 ZEND_VM_HANDLER(144, ZEND_ADD_INTERFACE, ANY, CONST)
4282 {
4283 zend_op *opline = EX(opline);
4284 zend_class_entry *ce = EX_T(opline->op1.u.var).class_entry;
4285 zend_class_entry *iface = zend_fetch_class(Z_STRVAL(opline->op2.u.constant), Z_STRLEN(opline->op2.u.constant), opline->extended_value TSRMLS_CC);
4286
4287 if (iface) {
4288 if (!(iface->ce_flags & ZEND_ACC_INTERFACE)) {
4289 zend_error_noreturn(E_ERROR, "%s cannot implement %s - it is not an interface", ce->name, iface->name);
4290 }
4291 zend_do_implement_interface(ce, iface TSRMLS_CC);
4292 }
4293
4294 ZEND_VM_NEXT_OPCODE();
4295 }
4296
4297 ZEND_VM_HANDLER(149, ZEND_HANDLE_EXCEPTION, ANY, ANY)
4298 {
4299 zend_uint op_num = EG(opline_before_exception)-EG(active_op_array)->opcodes;
4300 int i;
4301 zend_uint catch_op_num;
4302 int catched = 0;
4303 zval restored_error_reporting;
4304
4305 void **stack_frame = (void**)(((char*)EX(Ts)) +
4306 (ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable)) * EX(op_array)->T));
4307
4308 while (zend_vm_stack_top(TSRMLS_C) != stack_frame) {
4309 zval *stack_zval_p = zend_vm_stack_pop(TSRMLS_C);
4310 zval_ptr_dtor(&stack_zval_p);
4311 }
4312
4313 for (i=0; i<EG(active_op_array)->last_try_catch; i++) {
4314 if (EG(active_op_array)->try_catch_array[i].try_op > op_num) {
4315 /* further blocks will not be relevant... */
4316 break;
4317 }
4318 if (op_num >= EG(active_op_array)->try_catch_array[i].try_op
4319 && op_num < EG(active_op_array)->try_catch_array[i].catch_op) {
4320 catch_op_num = EX(op_array)->try_catch_array[i].catch_op;
4321 catched = 1;
4322 }
4323 }
4324
4325 while (EX(fbc)) {
4326 EX(called_scope) = (zend_class_entry*)zend_ptr_stack_pop(&EG(arg_types_stack));
4327 if (EX(object)) {
4328 if (IS_CTOR_CALL(EX(called_scope))) {
4329 if (IS_CTOR_USED(EX(called_scope))) {
4330 Z_DELREF_P(EX(object));
4331 }
4332 if (Z_REFCOUNT_P(EX(object)) == 1) {
4333 zend_object_store_ctor_failed(EX(object) TSRMLS_CC);
4334 }
4335 }
4336 zval_ptr_dtor(&EX(object));
4337 }
4338 EX(called_scope) = DECODE_CTOR(EX(called_scope));
4339 zend_arg_types_stack_2_pop(&EG(arg_types_stack), &EX(object), &EX(fbc));
4340 }
4341
4342 for (i=0; i<EX(op_array)->last_brk_cont; i++) {
4343 if (EX(op_array)->brk_cont_array[i].start < 0) {
4344 continue;
4345 } else if (EX(op_array)->brk_cont_array[i].start > op_num) {
4346 /* further blocks will not be relevant... */
4347 break;
4348 } else if (op_num < EX(op_array)->brk_cont_array[i].brk) {
4349 if (!catched ||
4350 catch_op_num >= EX(op_array)->brk_cont_array[i].brk) {
4351 zend_op *brk_opline = &EX(op_array)->opcodes[EX(op_array)->brk_cont_array[i].brk];
4352
4353 switch (brk_opline->opcode) {
4354 case ZEND_SWITCH_FREE:
4355 if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
4356 zend_switch_free(&EX_T(brk_opline->op1.u.var), brk_opline->extended_value TSRMLS_CC);
4357 }
4358 break;
4359 case ZEND_FREE:
4360 if (brk_opline->op1.u.EA.type != EXT_TYPE_FREE_ON_RETURN) {
4361 zendi_zval_dtor(EX_T(brk_opline->op1.u.var).tmp_var);
4362 }
4363 break;
4364 }
4365 }
4366 }
4367 }
4368
4369 /* restore previous error_reporting value */
4370 if (!EG(error_reporting) && EX(old_error_reporting) != NULL && Z_LVAL_P(EX(old_error_reporting)) != 0) {
4371 Z_TYPE(restored_error_reporting) = IS_LONG;
4372 Z_LVAL(restored_error_reporting) = Z_LVAL_P(EX(old_error_reporting));
4373 convert_to_string(&restored_error_reporting);
4374 zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1 TSRMLS_CC);
4375 zendi_zval_dtor(restored_error_reporting);
4376 }
4377 EX(old_error_reporting) = NULL;
4378
4379 if (!catched) {
4380 ZEND_VM_DISPATCH_TO_HELPER(zend_leave_helper);
4381 } else {
4382 ZEND_VM_SET_OPCODE(&EX(op_array)->opcodes[catch_op_num]);
4383 ZEND_VM_CONTINUE();
4384 }
4385 }
4386
4387 ZEND_VM_HANDLER(146, ZEND_VERIFY_ABSTRACT_CLASS, ANY, ANY)
4388 {
4389 zend_verify_abstract_class(EX_T(EX(opline)->op1.u.var).class_entry TSRMLS_CC);
4390 ZEND_VM_NEXT_OPCODE();
4391 }
4392
4393 ZEND_VM_HANDLER(150, ZEND_USER_OPCODE, ANY, ANY)
4394 {
4395 int ret = zend_user_opcode_handlers[EX(opline)->opcode](ZEND_OPCODE_HANDLER_ARGS_PASSTHRU_INTERNAL);
4396
4397 switch (ret) {
4398 case ZEND_USER_OPCODE_CONTINUE:
4399 ZEND_VM_CONTINUE();
4400 case ZEND_USER_OPCODE_RETURN:
4401 ZEND_VM_DISPATCH_TO_HELPER(zend_leave_helper);
4402 case ZEND_USER_OPCODE_ENTER:
4403 ZEND_VM_ENTER();
4404 case ZEND_USER_OPCODE_LEAVE:
4405 ZEND_VM_LEAVE();
4406 case ZEND_USER_OPCODE_DISPATCH:
4407 ZEND_VM_DISPATCH(EX(opline)->opcode, EX(opline));
4408 default:
4409 ZEND_VM_DISPATCH((zend_uchar)(ret & 0xff), EX(opline));
4410 }
4411 }
4412
4413 ZEND_VM_HANDLER(143, ZEND_DECLARE_CONST, CONST, CONST)
4414 {
4415 zend_op *opline = EX(opline);
4416 zend_free_op free_op1, free_op2;
4417 zval *name = GET_OP1_ZVAL_PTR(BP_VAR_R);
4418 zval *val = GET_OP2_ZVAL_PTR(BP_VAR_R);
4419 zend_constant c;
4420
4421 if ((Z_TYPE_P(val) & IS_CONSTANT_TYPE_MASK) == IS_CONSTANT || Z_TYPE_P(val) == IS_CONSTANT_ARRAY) {
4422 zval tmp = *val;
4423 zval *tmp_ptr = &tmp;
4424
4425 if (Z_TYPE_P(val) == IS_CONSTANT_ARRAY) {
4426 zval_copy_ctor(&tmp);
4427 }
4428 INIT_PZVAL(&tmp);
4429 zval_update_constant(&tmp_ptr, NULL TSRMLS_CC);
4430 c.value = *tmp_ptr;
4431 } else {
4432 c.value = *val;
4433 zval_copy_ctor(&c.value);
4434 }
4435 c.flags = CONST_CS; /* non persistent, case sensetive */
4436 c.name = zend_strndup(Z_STRVAL_P(name), Z_STRLEN_P(name));
4437 c.name_len = Z_STRLEN_P(name)+1;
4438 c.module_number = PHP_USER_CONSTANT;
4439
4440 if (zend_register_constant(&c TSRMLS_CC) == FAILURE) {
4441 }
4442
4443 FREE_OP1();
4444 FREE_OP2();
4445 ZEND_VM_NEXT_OPCODE();
4446 }
4447
4448 ZEND_VM_HANDLER(153, ZEND_DECLARE_LAMBDA_FUNCTION, CONST, CONST)
4449 {
4450 zend_op *opline = EX(opline);
4451 zend_function *op_array;
4452
4453 if (zend_hash_quick_find(EG(function_table), Z_STRVAL(opline->op1.u.constant), Z_STRLEN(opline->op1.u.constant), Z_LVAL(opline->op2.u.constant), (void *) &op_array) == FAILURE ||
4454 op_array->type != ZEND_USER_FUNCTION) {
4455 zend_error_noreturn(E_ERROR, "Base lambda function for closure not found");
4456 }
4457
4458 zend_create_closure(&EX_T(opline->result.u.var).tmp_var, op_array TSRMLS_CC);
4459
4460 ZEND_VM_NEXT_OPCODE();
4461 }
4462
4463 ZEND_VM_EXPORT_HELPER(zend_do_fcall, zend_do_fcall_common_helper)
4464