1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1998-2018 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@zend.com> |
16 | Zeev Suraski <zeev@zend.com> |
17 | Stanislav Malyshev <stas@zend.com> |
18 | Dmitry Stogov <dmitry@zend.com> |
19 +----------------------------------------------------------------------+
20 */
21
22 /* pass 3:
23 * - optimize $i = $i+expr to $i+=expr
24 * - optimize series of JMPs
25 * - change $i++ to ++$i where possible
26 */
27
28 #include "php.h"
29 #include "Optimizer/zend_optimizer.h"
30 #include "Optimizer/zend_optimizer_internal.h"
31 #include "zend_API.h"
32 #include "zend_constants.h"
33 #include "zend_execute.h"
34 #include "zend_vm.h"
35
36 /* we use "jmp_hitlist" to avoid infinity loops during jmp optimization */
37 #define CHECK_JMP(target, label) \
38 for (i=0; i<jmp_hitlist_count; i++) { \
39 if (jmp_hitlist[i] == ZEND_OP1_JMP_ADDR(target)) { \
40 goto label; \
41 } \
42 } \
43 jmp_hitlist[jmp_hitlist_count++] = ZEND_OP1_JMP_ADDR(target);
44
45 #define CHECK_JMP2(target, label) \
46 for (i=0; i<jmp_hitlist_count; i++) { \
47 if (jmp_hitlist[i] == ZEND_OP2_JMP_ADDR(target)) { \
48 goto label; \
49 } \
50 } \
51 jmp_hitlist[jmp_hitlist_count++] = ZEND_OP2_JMP_ADDR(target);
52
zend_optimizer_pass3(zend_op_array * op_array)53 void zend_optimizer_pass3(zend_op_array *op_array)
54 {
55 zend_op *opline;
56 zend_op *end = op_array->opcodes + op_array->last;
57 zend_op **jmp_hitlist;
58 int jmp_hitlist_count;
59 int i;
60 uint32_t opline_num = 0;
61 ALLOCA_FLAG(use_heap);
62
63 jmp_hitlist = (zend_op**)do_alloca(sizeof(zend_op*)*op_array->last, use_heap);
64 opline = op_array->opcodes;
65
66 while (opline < end) {
67 jmp_hitlist_count = 0;
68
69 switch (opline->opcode) {
70 case ZEND_ADD:
71 case ZEND_SUB:
72 case ZEND_MUL:
73 case ZEND_DIV:
74 case ZEND_MOD:
75 case ZEND_POW:
76 case ZEND_CONCAT:
77 case ZEND_SL:
78 case ZEND_SR:
79 case ZEND_BW_OR:
80 case ZEND_BW_AND:
81 case ZEND_BW_XOR:
82 {
83 zend_op *next_opline = opline + 1;
84
85 while (next_opline < end && next_opline->opcode == ZEND_NOP) {
86 ++next_opline;
87 }
88
89 if (next_opline >= end || next_opline->opcode != ZEND_ASSIGN) {
90 break;
91 }
92
93 if ((opline->op2_type & (IS_VAR | IS_CV))
94 && opline->op2.var == next_opline->op1.var &&
95 (opline->opcode == ZEND_ADD ||
96 opline->opcode == ZEND_BW_OR ||
97 opline->opcode == ZEND_BW_AND ||
98 opline->opcode == ZEND_BW_XOR)) {
99 /* change $i=expr+$i to $i=$i+expr so that the next
100 * optimization works on it
101 */
102 zend_uchar tmp_type = opline->op1_type;
103 znode_op tmp = opline->op1;
104
105 if (opline->opcode != ZEND_ADD
106 || (opline->op1_type == IS_CONST
107 && Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_ARRAY)) {
108 /* protection from array add: $a = array + $a is not commutative! */
109 COPY_NODE(opline->op1, opline->op2);
110 COPY_NODE(opline->op2, tmp);
111 }
112 }
113 if ((opline->op1_type & (IS_VAR | IS_CV))
114 && opline->op1.var == next_opline->op1.var
115 && opline->op1_type == next_opline->op1_type) {
116 switch (opline->opcode) {
117 case ZEND_ADD:
118 opline->opcode = ZEND_ASSIGN_ADD;
119 break;
120 case ZEND_SUB:
121 opline->opcode = ZEND_ASSIGN_SUB;
122 break;
123 case ZEND_MUL:
124 opline->opcode = ZEND_ASSIGN_MUL;
125 break;
126 case ZEND_DIV:
127 opline->opcode = ZEND_ASSIGN_DIV;
128 break;
129 case ZEND_MOD:
130 opline->opcode = ZEND_ASSIGN_MOD;
131 break;
132 case ZEND_POW:
133 opline->opcode = ZEND_ASSIGN_POW;
134 break;
135 case ZEND_CONCAT:
136 opline->opcode = ZEND_ASSIGN_CONCAT;
137 break;
138 case ZEND_SL:
139 opline->opcode = ZEND_ASSIGN_SL;
140 break;
141 case ZEND_SR:
142 opline->opcode = ZEND_ASSIGN_SR;
143 break;
144 case ZEND_BW_OR:
145 opline->opcode = ZEND_ASSIGN_BW_OR;
146 break;
147 case ZEND_BW_AND:
148 opline->opcode = ZEND_ASSIGN_BW_AND;
149 break;
150 case ZEND_BW_XOR:
151 opline->opcode = ZEND_ASSIGN_BW_XOR;
152 break;
153 }
154 COPY_NODE(opline->result, next_opline->result);
155 MAKE_NOP(next_opline);
156 opline++;
157 opline_num++;
158 }
159 }
160 break;
161
162 case ZEND_JMP:
163 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
164 break;
165 }
166
167 /* convert L: JMP L+1 to NOP */
168 if (ZEND_OP1_JMP_ADDR(opline) == opline + 1) {
169 MAKE_NOP(opline);
170 goto done_jmp_optimization;
171 }
172
173 /* convert JMP L1 ... L1: JMP L2 to JMP L2 .. L1: JMP L2 */
174 while (ZEND_OP1_JMP_ADDR(opline) < end
175 && ZEND_OP1_JMP_ADDR(opline)->opcode == ZEND_JMP) {
176 zend_op *target = ZEND_OP1_JMP_ADDR(opline);
177 CHECK_JMP(target, done_jmp_optimization);
178 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, ZEND_OP1_JMP_ADDR(target));
179 }
180 break;
181
182 case ZEND_JMP_SET:
183 case ZEND_COALESCE:
184 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
185 break;
186 }
187
188 while (ZEND_OP2_JMP_ADDR(opline) < end) {
189 zend_op *target = ZEND_OP2_JMP_ADDR(opline);
190 if (target->opcode == ZEND_JMP) {
191 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP1_JMP_ADDR(target));
192 } else {
193 break;
194 }
195 }
196 break;
197 case ZEND_JMPZ:
198 case ZEND_JMPNZ:
199 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
200 break;
201 }
202
203 while (ZEND_OP2_JMP_ADDR(opline) < end) {
204 zend_op *target = ZEND_OP2_JMP_ADDR(opline);
205
206 if (target->opcode == ZEND_JMP) {
207 /* plain JMP */
208 /* JMPZ(X,L1), L1: JMP(L2) => JMPZ(X,L2), L1: JMP(L2) */
209 CHECK_JMP(target, done_jmp_optimization);
210 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP1_JMP_ADDR(target));
211 } else if (target->opcode == opline->opcode &&
212 SAME_VAR(opline->op1, target->op1)) {
213 /* same opcode and same var as this opcode */
214 /* JMPZ(X,L1), L1: JMPZ(X,L2) => JMPZ(X,L2), L1: JMPZ(X,L2) */
215 CHECK_JMP2(target, done_jmp_optimization);
216 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP2_JMP_ADDR(target));
217 } else if (target->opcode == opline->opcode + 3 &&
218 SAME_VAR(opline->op1, target->op1)) {
219 /* convert JMPZ(X,L1), L1: T JMPZ_EX(X,L2) to
220 T = JMPZ_EX(X, L2) */
221 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP2_JMP_ADDR(target));
222 opline->opcode += 3;
223 COPY_NODE(opline->result, target->result);
224 break;
225 } else if (target->opcode == INV_COND(opline->opcode) &&
226 SAME_VAR(opline->op1, target->op1)) {
227 /* convert JMPZ(X,L1), L1: JMPNZ(X,L2) to
228 JMPZ(X,L1+1) */
229 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target + 1);
230 break;
231 } else if (target->opcode == INV_COND_EX(opline->opcode) &&
232 SAME_VAR(opline->op1, target->op1)) {
233 /* convert JMPZ(X,L1), L1: T = JMPNZ_EX(X,L2) to
234 T = JMPZ_EX(X,L1+1) */
235 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target + 1);
236 opline->opcode += 3;
237 COPY_NODE(opline->result, target->result);
238 break;
239 } else {
240 break;
241 }
242 }
243 break;
244
245 case ZEND_JMPZ_EX:
246 case ZEND_JMPNZ_EX: {
247 zend_uchar T_type = opline->result_type;
248 znode_op T = opline->result;
249
250 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
251 break;
252 }
253
254 /* convert L: T = JMPZ_EX X,L+1 to T = BOOL(X) */
255 /* convert L: T = JMPZ_EX T,L+1 to NOP */
256 if (ZEND_OP2_JMP_ADDR(opline) == opline + 1) {
257 if (opline->op1.var == opline->result.var) {
258 MAKE_NOP(opline);
259 } else {
260 opline->opcode = ZEND_BOOL;
261 SET_UNUSED(opline->op2);
262 }
263 goto done_jmp_optimization;
264 }
265
266 while (ZEND_OP2_JMP_ADDR(opline) < end) {
267 zend_op *target = ZEND_OP2_JMP_ADDR(opline);
268
269 if (target->opcode == opline->opcode-3 &&
270 SAME_VAR(target->op1, T)) {
271 /* convert T=JMPZ_EX(X,L1), L1: JMPZ(T,L2) to
272 JMPZ_EX(X,L2) */
273 CHECK_JMP2(target, continue_jmp_ex_optimization);
274 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP2_JMP_ADDR(target));
275 } else if (target->opcode == opline->opcode &&
276 SAME_VAR(target->op1, T) &&
277 SAME_VAR(target->result, T)) {
278 /* convert T=JMPZ_EX(X,L1), L1: T=JMPZ_EX(T,L2) to
279 JMPZ_EX(X,L2) */
280 CHECK_JMP2(target, continue_jmp_ex_optimization);
281 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP2_JMP_ADDR(target));
282 } else if (target->opcode == ZEND_JMPZNZ &&
283 SAME_VAR(target->op1, T)) {
284 /* Check for JMPZNZ with same cond variable */
285 zend_op *new_target;
286
287 CHECK_JMP2(target, continue_jmp_ex_optimization);
288 if (opline->opcode == ZEND_JMPZ_EX) {
289 new_target = ZEND_OP2_JMP_ADDR(target);
290 } else {
291 /* JMPNZ_EX */
292 new_target = ZEND_OFFSET_TO_OPLINE(target, target->extended_value);
293 }
294 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, new_target);
295 } else if ((target->opcode == INV_EX_COND_EX(opline->opcode) ||
296 target->opcode == INV_EX_COND(opline->opcode)) &&
297 SAME_VAR(opline->op1, target->op1)) {
298 /* convert JMPZ_EX(X,L1), L1: JMPNZ_EX(X,L2) to
299 JMPZ_EX(X,L1+1) */
300 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target + 1);
301 break;
302 } else if (target->opcode == INV_EX_COND(opline->opcode) &&
303 SAME_VAR(target->op1, T)) {
304 /* convert T=JMPZ_EX(X,L1), L1: JMPNZ(T,L2) to
305 JMPZ_EX(X,L1+1) */
306 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target + 1);
307 break;
308 } else if (target->opcode == INV_EX_COND_EX(opline->opcode) &&
309 SAME_VAR(target->op1, T) &&
310 SAME_VAR(target->result, T)) {
311 /* convert T=JMPZ_EX(X,L1), L1: T=JMPNZ_EX(T,L2) to
312 JMPZ_EX(X,L1+1) */
313 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target + 1);
314 break;
315 } else if (target->opcode == ZEND_BOOL &&
316 SAME_VAR(opline->result, target->op1)) {
317 /* convert Y = JMPZ_EX(X,L1), L1: Z = BOOL(Y) to
318 Z = JMPZ_EX(X,L1+1) */
319 opline->result.var = target->result.var;
320 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target + 1);
321 break;
322 } else {
323 break;
324 }
325 } /* while */
326 continue_jmp_ex_optimization:
327 break;
328 #if 0
329 /* If Ti = JMPZ_EX(X, L) and Ti is not used, convert to JMPZ(X, L) */
330 {
331 zend_op *op;
332 for(op = opline+1; op<end; op++) {
333 if(op->result_type == IS_TMP_VAR &&
334 op->result.var == opline->result.var) {
335 break; /* can pass to part 2 */
336 }
337
338 if(op->opcode == ZEND_JMP ||
339 op->opcode == ZEND_JMPZ ||
340 op->opcode == ZEND_JMPZ_EX ||
341 op->opcode == ZEND_JMPNZ ||
342 op->opcode == ZEND_JMPNZ_EX ||
343 op->opcode == ZEND_JMPZNZ ||
344 op->opcode == ZEND_CASE ||
345 op->opcode == ZEND_RETURN ||
346 op->opcode == ZEND_RETURN_BY_REF ||
347 op->opcode == ZEND_FAST_RET ||
348 op->opcode == ZEND_FE_FETCH_R ||
349 op->opcode == ZEND_FE_FETCH_RW ||
350 op->opcode == ZEND_EXIT) {
351 break;
352 }
353
354 if(op->op1_type == IS_TMP_VAR &&
355 op->op1.var == opline->result.var) {
356 goto done_jmp_optimization;
357 }
358
359 if(op->op2_type == IS_TMP_VAR &&
360 op->op2.var == opline->result.var) {
361 goto done_jmp_optimization;
362 }
363 } /* for */
364
365 for(op = &op_array->opcodes[opline->op2.opline_num]; op<end; op++) {
366
367 if(op->result_type == IS_TMP_VAR &&
368 op->result.var == opline->result.var) {
369 break; /* can pass to optimization */
370 }
371
372 if(op->opcode == ZEND_JMP ||
373 op->opcode == ZEND_JMPZ ||
374 op->opcode == ZEND_JMPZ_EX ||
375 op->opcode == ZEND_JMPNZ ||
376 op->opcode == ZEND_JMPNZ_EX ||
377 op->opcode == ZEND_JMPZNZ ||
378 op->opcode == ZEND_CASE ||
379 op->opcode == ZEND_RETURN ||
380 op->opcode == ZEND_RETURN_BY_REF ||
381 op->opcode == ZEND_FAST_RET ||
382 op->opcode == ZEND_FE_FETCH_R ||
383 op->opcode == ZEND_FE_FETCH_RW ||
384 op->opcode == ZEND_EXIT) {
385 break;
386 }
387
388 if(op->op1_type == IS_TMP_VAR &&
389 op->op1.var == opline->result.var) {
390 goto done_jmp_optimization;
391 }
392
393 if(op->op2_type == IS_TMP_VAR &&
394 op->op2.var == opline->result.var) {
395 goto done_jmp_optimization;
396 }
397 }
398
399 opline->opcode = opline->opcode-3; /* JMP_EX -> JMP */
400 SET_UNUSED(opline->result);
401 break;
402 }
403 #endif
404 }
405 break;
406
407 case ZEND_JMPZNZ:
408 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
409 break;
410 }
411
412 /* JMPZNZ(X,L1,L2), L1: JMP(L3) => JMPZNZ(X,L3,L2), L1: JMP(L3) */
413 while (ZEND_OP2_JMP_ADDR(opline) < end
414 && ZEND_OP2_JMP_ADDR(opline)->opcode == ZEND_JMP) {
415 zend_op *target = ZEND_OP2_JMP_ADDR(opline);
416 CHECK_JMP(target, continue_jmpznz_optimization);
417 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP1_JMP_ADDR(target));
418 }
419 continue_jmpznz_optimization:
420 /* JMPZNZ(X,L1,L2), L2: JMP(L3) => JMPZNZ(X,L1,L3), L2: JMP(L3) */
421 while (ZEND_OFFSET_TO_OPLINE(opline, opline->extended_value) < end
422 && ZEND_OFFSET_TO_OPLINE(opline, opline->extended_value)->opcode == ZEND_JMP) {
423 zend_op *target = ZEND_OFFSET_TO_OPLINE(opline, opline->extended_value);
424 CHECK_JMP(target, done_jmp_optimization);
425 opline->extended_value = ZEND_OPLINE_TO_OFFSET(opline, ZEND_OP1_JMP_ADDR(target));
426 }
427 break;
428
429 case ZEND_POST_INC:
430 case ZEND_POST_DEC: {
431 /* POST_INC, FREE => PRE_INC */
432 zend_op *next_op = opline + 1;
433
434 if (next_op >= end) {
435 break;
436 }
437 if (next_op->opcode == ZEND_FREE &&
438 next_op->op1.var == opline->result.var) {
439 MAKE_NOP(next_op);
440 opline->opcode -= 2;
441 opline->result_type = IS_UNUSED;
442 }
443 }
444 break;
445 }
446 done_jmp_optimization:
447 opline++;
448 opline_num++;
449 }
450 free_alloca(jmp_hitlist, use_heap);
451 }
452
