1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1998-2017 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@zend.com> |
16 | Zeev Suraski <zeev@zend.com> |
17 | Stanislav Malyshev <stas@zend.com> |
18 | Dmitry Stogov <dmitry@zend.com> |
19 +----------------------------------------------------------------------+
20 */
21
22 /* pass 3:
23 * - optimize $i = $i+expr to $i+=expr
24 * - optimize series of JMPs
25 * - change $i++ to ++$i where possible
26 */
27
28 #include "php.h"
29 #include "Optimizer/zend_optimizer.h"
30 #include "Optimizer/zend_optimizer_internal.h"
31 #include "zend_API.h"
32 #include "zend_constants.h"
33 #include "zend_execute.h"
34 #include "zend_vm.h"
35
36 /* compares opcodes with allowing oc1 be _EX of oc2 */
37 #define SAME_OPCODE_EX(oc1, oc2) ((oc1 == oc2) || (oc1 == ZEND_JMPZ_EX && oc2 == ZEND_JMPZ) || (oc1 == ZEND_JMPNZ_EX && oc2 == ZEND_JMPNZ))
38
39 /* we use "jmp_hitlist" to avoid infinity loops during jmp optimization */
40 #define CHECK_JMP(target, label) \
41 for (i=0; i<jmp_hitlist_count; i++) { \
42 if (jmp_hitlist[i] == ZEND_OP1(&op_array->opcodes[target]).opline_num) { \
43 goto label; \
44 } \
45 } \
46 jmp_hitlist[jmp_hitlist_count++] = ZEND_OP1(&op_array->opcodes[target]).opline_num;
47
48 #define CHECK_JMP2(target, label) \
49 for (i=0; i<jmp_hitlist_count; i++) { \
50 if (jmp_hitlist[i] == ZEND_OP2(&op_array->opcodes[target]).opline_num) { \
51 goto label; \
52 } \
53 } \
54 jmp_hitlist[jmp_hitlist_count++] = ZEND_OP2(&op_array->opcodes[target]).opline_num;
55
zend_optimizer_pass3(zend_op_array * op_array)56 void zend_optimizer_pass3(zend_op_array *op_array)
57 {
58 zend_op *opline;
59 zend_op *end = op_array->opcodes + op_array->last;
60 uint32_t *jmp_hitlist;
61 int jmp_hitlist_count;
62 int i;
63 uint32_t opline_num = 0;
64 ALLOCA_FLAG(use_heap);
65
66 jmp_hitlist = (uint32_t *)DO_ALLOCA(sizeof(uint32_t)*op_array->last);
67 opline = op_array->opcodes;
68
69 while (opline < end) {
70 jmp_hitlist_count = 0;
71
72 switch (opline->opcode) {
73 case ZEND_ADD:
74 case ZEND_SUB:
75 case ZEND_MUL:
76 case ZEND_DIV:
77 case ZEND_MOD:
78 case ZEND_POW:
79 case ZEND_CONCAT:
80 case ZEND_SL:
81 case ZEND_SR:
82 case ZEND_BW_OR:
83 case ZEND_BW_AND:
84 case ZEND_BW_XOR:
85 {
86 zend_op *next_opline = opline + 1;
87
88 while (next_opline < end && next_opline->opcode == ZEND_NOP) {
89 ++next_opline;
90 }
91
92 if (next_opline >= end || next_opline->opcode != ZEND_ASSIGN) {
93 break;
94 }
95
96 if ((ZEND_OP2_TYPE(opline) == IS_VAR || ZEND_OP2_TYPE(opline) == IS_CV)
97 && ZEND_OP2(opline).var == ZEND_OP1(next_opline).var &&
98 (opline->opcode == ZEND_ADD ||
99 opline->opcode == ZEND_MUL ||
100 opline->opcode == ZEND_BW_OR ||
101 opline->opcode == ZEND_BW_AND ||
102 opline->opcode == ZEND_BW_XOR)) {
103 /* change $i=expr+$i to $i=$i+expr so that the next
104 * optimization works on it
105 */
106 zend_uchar tmp_type = opline->op1_type;
107 znode_op tmp = opline->op1;
108
109 if (opline->opcode != ZEND_ADD
110 || (ZEND_OP1_TYPE(opline) == IS_CONST
111 && Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_ARRAY)) {
112 /* protection from array add: $a = array + $a is not commutative! */
113 COPY_NODE(opline->op1, opline->op2);
114 COPY_NODE(opline->op2, tmp);
115 }
116 }
117 if ((ZEND_OP1_TYPE(opline) == IS_VAR || ZEND_OP1_TYPE(opline) == IS_CV)
118 && ZEND_OP1(opline).var == ZEND_OP1(next_opline).var
119 && ZEND_OP1_TYPE(opline) == ZEND_OP1_TYPE(next_opline)) {
120 switch (opline->opcode) {
121 case ZEND_ADD:
122 opline->opcode = ZEND_ASSIGN_ADD;
123 break;
124 case ZEND_SUB:
125 opline->opcode = ZEND_ASSIGN_SUB;
126 break;
127 case ZEND_MUL:
128 opline->opcode = ZEND_ASSIGN_MUL;
129 break;
130 case ZEND_DIV:
131 opline->opcode = ZEND_ASSIGN_DIV;
132 break;
133 case ZEND_MOD:
134 opline->opcode = ZEND_ASSIGN_MOD;
135 break;
136 case ZEND_POW:
137 opline->opcode = ZEND_ASSIGN_POW;
138 break;
139 case ZEND_CONCAT:
140 opline->opcode = ZEND_ASSIGN_CONCAT;
141 break;
142 case ZEND_SL:
143 opline->opcode = ZEND_ASSIGN_SL;
144 break;
145 case ZEND_SR:
146 opline->opcode = ZEND_ASSIGN_SR;
147 break;
148 case ZEND_BW_OR:
149 opline->opcode = ZEND_ASSIGN_BW_OR;
150 break;
151 case ZEND_BW_AND:
152 opline->opcode = ZEND_ASSIGN_BW_AND;
153 break;
154 case ZEND_BW_XOR:
155 opline->opcode = ZEND_ASSIGN_BW_XOR;
156 break;
157 }
158 COPY_NODE(opline->result, next_opline->result);
159 MAKE_NOP(next_opline);
160 opline++;
161 opline_num++;
162 }
163 }
164 break;
165
166 case ZEND_JMP:
167 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
168 break;
169 }
170
171 /* convert L: JMP L+1 to NOP */
172 if (ZEND_OP1(opline).opline_num == opline_num + 1) {
173 MAKE_NOP(opline);
174 goto done_jmp_optimization;
175 }
176
177 /* convert JMP L1 ... L1: JMP L2 to JMP L2 .. L1: JMP L2 */
178 while (ZEND_OP1(opline).opline_num < op_array->last
179 && op_array->opcodes[ZEND_OP1(opline).opline_num].opcode == ZEND_JMP) {
180 int target = ZEND_OP1(opline).opline_num;
181 CHECK_JMP(target, done_jmp_optimization);
182 ZEND_OP1(opline).opline_num = ZEND_OP1(&op_array->opcodes[target]).opline_num;
183 }
184 break;
185
186 case ZEND_JMP_SET:
187 case ZEND_COALESCE:
188 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
189 break;
190 }
191
192 while (ZEND_OP2(opline).opline_num < op_array->last) {
193 int target = ZEND_OP2(opline).opline_num;
194 if (op_array->opcodes[target].opcode == ZEND_JMP) {
195 ZEND_OP2(opline).opline_num = ZEND_OP1(&op_array->opcodes[target]).opline_num;
196 } else {
197 break;
198 }
199 }
200 break;
201 case ZEND_JMPZ:
202 case ZEND_JMPNZ:
203 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
204 break;
205 }
206
207 while (ZEND_OP2(opline).opline_num < op_array->last) {
208 int target = ZEND_OP2(opline).opline_num;
209
210 if (op_array->opcodes[target].opcode == ZEND_JMP) {
211 /* plain JMP */
212 /* JMPZ(X,L1), L1: JMP(L2) => JMPZ(X,L2), L1: JMP(L2) */
213 CHECK_JMP(target, done_jmp_optimization);
214 ZEND_OP2(opline).opline_num = ZEND_OP1(&op_array->opcodes[target]).opline_num;
215 } else if (op_array->opcodes[target].opcode == opline->opcode &&
216 SAME_VAR(opline->op1, op_array->opcodes[target].op1)) {
217 /* same opcode and same var as this opcode */
218 /* JMPZ(X,L1), L1: JMPZ(X,L2) => JMPZ(X,L2), L1: JMPZ(X,L2) */
219 CHECK_JMP2(target, done_jmp_optimization);
220 ZEND_OP2(opline).opline_num = ZEND_OP2(&op_array->opcodes[target]).opline_num;
221 } else if (op_array->opcodes[target].opcode == opline->opcode + 3 &&
222 SAME_VAR(opline->op1, op_array->opcodes[target].op1)) {
223 /* convert JMPZ(X,L1), L1: T JMPZ_EX(X,L2) to
224 T = JMPZ_EX(X, L2) */
225 ZEND_OP2(opline).opline_num = ZEND_OP2(&op_array->opcodes[target]).opline_num;opline->opcode += 3;
226 COPY_NODE(opline->result, op_array->opcodes[target].result);
227 break;
228 } else if (op_array->opcodes[target].opcode == INV_COND(opline->opcode) &&
229 SAME_VAR(opline->op1, op_array->opcodes[target].op1)) {
230 /* convert JMPZ(X,L1), L1: JMPNZ(X,L2) to
231 JMPZ(X,L1+1) */
232 ZEND_OP2(opline).opline_num = target + 1;
233 break;
234 } else if (op_array->opcodes[target].opcode == INV_COND_EX(opline->opcode) &&
235 SAME_VAR(opline->op1, op_array->opcodes[target].op1)) {
236 /* convert JMPZ(X,L1), L1: T = JMPNZ_EX(X,L2) to
237 T = JMPZ_EX(X,L1+1) */
238 ZEND_OP2(opline).opline_num = target + 1;
239 opline->opcode += 3;
240 COPY_NODE(opline->result, op_array->opcodes[target].result);
241 break;
242 } else {
243 break;
244 }
245 }
246 break;
247
248 case ZEND_JMPZ_EX:
249 case ZEND_JMPNZ_EX: {
250 zend_uchar T_type = opline->result_type;
251 znode_op T = opline->result;
252
253 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
254 break;
255 }
256
257 /* convert L: T = JMPZ_EX X,L+1 to T = BOOL(X) */
258 /* convert L: T = JMPZ_EX T,L+1 to NOP */
259 if (ZEND_OP2(opline).opline_num == opline_num + 1) {
260 if (ZEND_OP1(opline).var == ZEND_RESULT(opline).var) {
261 MAKE_NOP(opline);
262 } else {
263 opline->opcode = ZEND_BOOL;
264 SET_UNUSED(opline->op2);
265 }
266 goto done_jmp_optimization;
267 }
268
269 while (ZEND_OP2(opline).opline_num < op_array->last) {
270 int target = ZEND_OP2(opline).opline_num;
271 if (SAME_OPCODE_EX(opline->opcode, op_array->opcodes[target].opcode) &&
272 SAME_VAR(op_array->opcodes[target].op1, T)) {
273 /* Check for JMPZ_EX to JMPZ[_EX] with the same condition, either with _EX or not */
274 if (op_array->opcodes[target].opcode == opline->opcode) {
275 /* change T only if we have _EX opcode there */
276 COPY_NODE(T, op_array->opcodes[target].result);
277 }
278 CHECK_JMP2(target, continue_jmp_ex_optimization);
279 ZEND_OP2(opline).opline_num = ZEND_OP2(&op_array->opcodes[target]).opline_num;
280 } else if (op_array->opcodes[target].opcode == ZEND_JMPZNZ &&
281 SAME_VAR(op_array->opcodes[target].op1, T)) {
282 /* Check for JMPZNZ with same cond variable */
283 int new_target;
284 CHECK_JMP2(target, continue_jmp_ex_optimization);
285 if (opline->opcode == ZEND_JMPZ_EX) {
286 new_target = ZEND_OP2(&op_array->opcodes[target]).opline_num;
287 } else {
288 /* JMPNZ_EX */
289 new_target = op_array->opcodes[target].extended_value;
290 }
291 ZEND_OP2(opline).opline_num = new_target;
292 } else if ((op_array->opcodes[target].opcode == INV_EX_COND_EX(opline->opcode) ||
293 op_array->opcodes[target].opcode == INV_EX_COND(opline->opcode)) &&
294 SAME_VAR(opline->op1, op_array->opcodes[target].op1)) {
295 /* convert JMPZ_EX(X,L1), L1: JMPNZ_EX(X,L2) to
296 JMPZ_EX(X,L1+1) */
297 ZEND_OP2(opline).opline_num = target + 1;
298 break;
299 } else {
300 break;
301 }
302 } /* while */
303 continue_jmp_ex_optimization:
304 break;
305 #if 0
306 /* If Ti = JMPZ_EX(X, L) and Ti is not used, convert to JMPZ(X, L) */
307 {
308 zend_op *op;
309 for(op = opline+1; op<end; op++) {
310 if(ZEND_RESULT_TYPE(op) == IS_TMP_VAR &&
311 ZEND_RESULT(op).var == ZEND_RESULT(opline).var) {
312 break; /* can pass to part 2 */
313 }
314
315 if(op->opcode == ZEND_JMP ||
316 op->opcode == ZEND_JMPZ ||
317 op->opcode == ZEND_JMPZ_EX ||
318 op->opcode == ZEND_JMPNZ ||
319 op->opcode == ZEND_JMPNZ_EX ||
320 op->opcode == ZEND_JMPZNZ ||
321 op->opcode == ZEND_CASE ||
322 op->opcode == ZEND_RETURN ||
323 op->opcode == ZEND_RETURN_BY_REF ||
324 op->opcode == ZEND_FAST_RET ||
325 op->opcode == ZEND_FE_FETCH_R ||
326 op->opcode == ZEND_FE_FETCH_RW ||
327 op->opcode == ZEND_EXIT) {
328 break;
329 }
330
331 if(ZEND_OP1_TYPE(op) == IS_TMP_VAR &&
332 ZEND_OP1(op).var == ZEND_RESULT(opline).var) {
333 goto done_jmp_optimization;
334 }
335
336 if(ZEND_OP2_TYPE(op) == IS_TMP_VAR &&
337 ZEND_OP2(op).var == ZEND_RESULT(opline).var) {
338 goto done_jmp_optimization;
339 }
340 } /* for */
341
342 for(op = &op_array->opcodes[ZEND_OP2(opline).opline_num]; op<end; op++) {
343
344 if(ZEND_RESULT_TYPE(op) == IS_TMP_VAR &&
345 ZEND_RESULT(op).var == ZEND_RESULT(opline).var) {
346 break; /* can pass to optimization */
347 }
348
349 if(op->opcode == ZEND_JMP ||
350 op->opcode == ZEND_JMPZ ||
351 op->opcode == ZEND_JMPZ_EX ||
352 op->opcode == ZEND_JMPNZ ||
353 op->opcode == ZEND_JMPNZ_EX ||
354 op->opcode == ZEND_JMPZNZ ||
355 op->opcode == ZEND_CASE ||
356 op->opcode == ZEND_RETURN ||
357 op->opcode == ZEND_RETURN_BY_REF ||
358 op->opcode == ZEND_FAST_RET ||
359 op->opcode == ZEND_FE_FETCH_R ||
360 op->opcode == ZEND_FE_FETCH_RW ||
361 op->opcode == ZEND_EXIT) {
362 break;
363 }
364
365 if(ZEND_OP1_TYPE(op) == IS_TMP_VAR &&
366 ZEND_OP1(op).var == ZEND_RESULT(opline).var) {
367 goto done_jmp_optimization;
368 }
369
370 if(ZEND_OP2_TYPE(op) == IS_TMP_VAR &&
371 ZEND_OP2(op).var == ZEND_RESULT(opline).var) {
372 goto done_jmp_optimization;
373 }
374 }
375
376 opline->opcode = opline->opcode-3; /* JMP_EX -> JMP */
377 SET_UNUSED(opline->result);
378 break;
379 }
380 #endif
381 }
382 break;
383
384 case ZEND_JMPZNZ:
385 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
386 break;
387 }
388
389 /* JMPZNZ(X,L1,L2), L1: JMP(L3) => JMPZNZ(X,L3,L2), L1: JMP(L3) */
390 while (ZEND_OP2(opline).opline_num < op_array->last
391 && op_array->opcodes[ZEND_OP2(opline).opline_num].opcode == ZEND_JMP) {
392 int target = ZEND_OP2(opline).opline_num;
393 CHECK_JMP(target, continue_jmpznz_optimization);
394 ZEND_OP2(opline).opline_num = ZEND_OP1(&op_array->opcodes[target]).opline_num;
395 }
396 continue_jmpznz_optimization:
397 /* JMPZNZ(X,L1,L2), L2: JMP(L3) => JMPZNZ(X,L1,L3), L2: JMP(L3) */
398 while (opline->extended_value < op_array->last
399 && op_array->opcodes[opline->extended_value].opcode == ZEND_JMP) {
400 int target = opline->extended_value;
401 CHECK_JMP(target, done_jmp_optimization);
402 opline->extended_value = ZEND_OP1(&op_array->opcodes[target]).opline_num;
403 }
404 break;
405
406 case ZEND_POST_INC:
407 case ZEND_POST_DEC: {
408 /* POST_INC, FREE => PRE_INC */
409 zend_op *next_op = opline + 1;
410
411 if (next_op >= end) {
412 break;
413 }
414 if (next_op->opcode == ZEND_FREE &&
415 ZEND_OP1(next_op).var == ZEND_RESULT(opline).var) {
416 MAKE_NOP(next_op);
417 switch (opline->opcode) {
418 case ZEND_POST_INC:
419 opline->opcode = ZEND_PRE_INC;
420 break;
421 case ZEND_POST_DEC:
422 opline->opcode = ZEND_PRE_DEC;
423 break;
424 }
425 ZEND_RESULT_TYPE(opline) = IS_VAR | EXT_TYPE_UNUSED;
426 }
427 }
428 break;
429 }
430 done_jmp_optimization:
431 opline++;
432 opline_num++;
433 }
434 FREE_ALLOCA(jmp_hitlist);
435 }
436
