1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache, Escape Analysis |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1998-2018 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Dmitry Stogov <dmitry@php.net> |
16 +----------------------------------------------------------------------+
17 */
18
19 #include "php.h"
20 #include "Optimizer/zend_optimizer.h"
21 #include "Optimizer/zend_optimizer_internal.h"
22 #include "zend_bitset.h"
23 #include "zend_cfg.h"
24 #include "zend_ssa.h"
25 #include "zend_inference.h"
26 #include "zend_dump.h"
27
28 /*
29 * T. Kotzmann and H. Mossenbock. Escape analysis in the context of dynamic
30 * compilation and deoptimization. In Proceedings of the International
31 * Conference on Virtual Execution Environments, pages 111-120, Chicago,
32 * June 2005
33 */
34
union_find_init(int * parent,int * size,int count)35 static zend_always_inline void union_find_init(int *parent, int *size, int count) /* {{{ */
36 {
37 int i;
38
39 for (i = 0; i < count; i++) {
40 parent[i] = i;
41 size[i] = 1;
42 }
43 }
44 /* }}} */
45
union_find_root(int * parent,int i)46 static zend_always_inline int union_find_root(int *parent, int i) /* {{{ */
47 {
48 int p = parent[i];
49
50 while (i != p) {
51 p = parent[p];
52 parent[i] = p;
53 i = p;
54 p = parent[i];
55 }
56 return i;
57 }
58 /* }}} */
59
union_find_unite(int * parent,int * size,int i,int j)60 static zend_always_inline void union_find_unite(int *parent, int *size, int i, int j) /* {{{ */
61 {
62 int r1 = union_find_root(parent, i);
63 int r2 = union_find_root(parent, j);
64
65 if (r1 != r2) {
66 if (size[r1] < size[r2]) {
67 parent[r1] = r2;
68 size[r2] += size[r1];
69 } else {
70 parent[r2] = r1;
71 size[r1] += size[r2];
72 }
73 }
74 }
75 /* }}} */
76
zend_build_equi_escape_sets(int * parent,zend_op_array * op_array,zend_ssa * ssa)77 static int zend_build_equi_escape_sets(int *parent, zend_op_array *op_array, zend_ssa *ssa) /* {{{ */
78 {
79 zend_ssa_var *ssa_vars = ssa->vars;
80 int ssa_vars_count = ssa->vars_count;
81 zend_ssa_phi *p;
82 int i, j;
83 int *size;
84 ALLOCA_FLAG(use_heap)
85
86 size = do_alloca(sizeof(int) * ssa_vars_count, use_heap);
87 if (!size) {
88 return FAILURE;
89 }
90 union_find_init(parent, size, ssa_vars_count);
91
92 for (i = 0; i < ssa_vars_count; i++) {
93 if (ssa_vars[i].definition_phi) {
94 p = ssa_vars[i].definition_phi;
95 if (p->pi >= 0) {
96 union_find_unite(parent, size, i, p->sources[0]);
97 } else {
98 for (j = 0; j < ssa->cfg.blocks[p->block].predecessors_count; j++) {
99 union_find_unite(parent, size, i, p->sources[j]);
100 }
101 }
102 } else if (ssa_vars[i].definition >= 0) {
103 int def = ssa_vars[i].definition;
104 zend_ssa_op *op = ssa->ops + def;
105 zend_op *opline = op_array->opcodes + def;
106
107 if (op->op1_def >= 0) {
108 if (op->op1_use >= 0) {
109 if (opline->opcode != ZEND_ASSIGN) {
110 union_find_unite(parent, size, op->op1_def, op->op1_use);
111 }
112 }
113 if (opline->opcode == ZEND_ASSIGN && op->op2_use >= 0) {
114 union_find_unite(parent, size, op->op1_def, op->op2_use);
115 }
116 }
117 if (op->op2_def >= 0) {
118 if (op->op2_use >= 0) {
119 union_find_unite(parent, size, op->op2_def, op->op2_use);
120 }
121 }
122 if (op->result_def >= 0) {
123 if (op->result_use >= 0) {
124 if (opline->opcode != ZEND_QM_ASSIGN) {
125 union_find_unite(parent, size, op->result_def, op->result_use);
126 }
127 }
128 if (opline->opcode == ZEND_QM_ASSIGN && op->op1_use >= 0) {
129 union_find_unite(parent, size, op->result_def, op->op1_use);
130 }
131 if (opline->opcode == ZEND_ASSIGN && op->op2_use >= 0) {
132 union_find_unite(parent, size, op->result_def, op->op2_use);
133 }
134 if (opline->opcode == ZEND_ASSIGN && op->op1_def >= 0) {
135 union_find_unite(parent, size, op->result_def, op->op1_def);
136 }
137 }
138 }
139 }
140
141 for (i = 0; i < ssa_vars_count; i++) {
142 parent[i] = union_find_root(parent, i);
143 }
144
145 free_alloca(size, use_heap);
146
147 return SUCCESS;
148 }
149 /* }}} */
150
get_class_entry(const zend_script * script,zend_string * lcname)151 static inline zend_class_entry *get_class_entry(const zend_script *script, zend_string *lcname) /* {{{ */
152 {
153 zend_class_entry *ce = script ? zend_hash_find_ptr(&script->class_table, lcname) : NULL;
154 if (ce) {
155 return ce;
156 }
157
158 ce = zend_hash_find_ptr(CG(class_table), lcname);
159 if (ce && ce->type == ZEND_INTERNAL_CLASS) {
160 return ce;
161 }
162
163 return NULL;
164 }
165 /* }}} */
166
is_allocation_def(zend_op_array * op_array,zend_ssa * ssa,int def,int var,const zend_script * script)167 static int is_allocation_def(zend_op_array *op_array, zend_ssa *ssa, int def, int var, const zend_script *script) /* {{{ */
168 {
169 zend_ssa_op *op = ssa->ops + def;
170 zend_op *opline = op_array->opcodes + def;
171
172 if (op->result_def == var) {
173 switch (opline->opcode) {
174 case ZEND_INIT_ARRAY:
175 return 1;
176 case ZEND_NEW:
177 /* objects with destructors should escape */
178 if (opline->op1_type == IS_CONST) {
179 zend_class_entry *ce = get_class_entry(script, Z_STR_P(CRT_CONSTANT_EX(op_array, opline, opline->op1, ssa->rt_constants)+1));
180 uint32_t forbidden_flags = ZEND_ACC_INHERITED
181 /* These flags will always cause an exception */
182 | ZEND_ACC_IMPLICIT_ABSTRACT_CLASS | ZEND_ACC_EXPLICIT_ABSTRACT_CLASS
183 | ZEND_ACC_INTERFACE | ZEND_ACC_TRAIT;
184 if (ce && !ce->create_object && !ce->constructor &&
185 !ce->destructor && !ce->__get && !ce->__set &&
186 !(ce->ce_flags & forbidden_flags) &&
187 (ce->ce_flags & ZEND_ACC_CONSTANTS_UPDATED)) {
188 return 1;
189 }
190 }
191 break;
192 case ZEND_QM_ASSIGN:
193 if (opline->op1_type == IS_CONST
194 && Z_TYPE_P(CRT_CONSTANT_EX(op_array, opline, opline->op1, ssa->rt_constants)) == IS_ARRAY) {
195 return 1;
196 }
197 if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_ARRAY)) {
198 return 1;
199 }
200 break;
201 case ZEND_ASSIGN:
202 if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_ARRAY)) {
203 return 1;
204 }
205 break;
206 }
207 } else if (op->op1_def == var) {
208 switch (opline->opcode) {
209 case ZEND_ASSIGN:
210 if (opline->op2_type == IS_CONST
211 && Z_TYPE_P(CRT_CONSTANT_EX(op_array, opline, opline->op2, ssa->rt_constants)) == IS_ARRAY) {
212 return 1;
213 }
214 if (opline->op2_type == IS_CV && (OP2_INFO() & MAY_BE_ARRAY)) {
215 return 1;
216 }
217 break;
218 case ZEND_ASSIGN_DIM:
219 case ZEND_ASSIGN_OBJ:
220 if (OP1_INFO() & (MAY_BE_UNDEF | MAY_BE_NULL | MAY_BE_FALSE)) {
221 /* implicit object/array allocation */
222 return 1;
223 }
224 break;
225 }
226 }
227
228 return 0;
229 }
230 /* }}} */
231
is_local_def(zend_op_array * op_array,zend_ssa * ssa,int def,int var,const zend_script * script)232 static int is_local_def(zend_op_array *op_array, zend_ssa *ssa, int def, int var, const zend_script *script) /* {{{ */
233 {
234 zend_ssa_op *op = ssa->ops + def;
235 zend_op *opline = op_array->opcodes + def;
236
237 if (op->result_def == var) {
238 switch (opline->opcode) {
239 case ZEND_INIT_ARRAY:
240 case ZEND_ADD_ARRAY_ELEMENT:
241 case ZEND_QM_ASSIGN:
242 case ZEND_ASSIGN:
243 return 1;
244 case ZEND_NEW:
245 /* objects with destructors should escape */
246 if (opline->op1_type == IS_CONST) {
247 zend_class_entry *ce = get_class_entry(script, Z_STR_P(CRT_CONSTANT_EX(op_array, opline, opline->op1, ssa->rt_constants)+1));
248 if (ce && !ce->create_object && !ce->constructor &&
249 !ce->destructor && !ce->__get && !ce->__set &&
250 !(ce->ce_flags & ZEND_ACC_INHERITED)) {
251 return 1;
252 }
253 }
254 break;
255 }
256 } else if (op->op1_def == var) {
257 switch (opline->opcode) {
258 case ZEND_ASSIGN:
259 return 1;
260 case ZEND_ASSIGN_DIM:
261 case ZEND_ASSIGN_OBJ:
262 return 1;
263 case ZEND_ASSIGN_ADD:
264 case ZEND_ASSIGN_SUB:
265 case ZEND_ASSIGN_MUL:
266 case ZEND_ASSIGN_DIV:
267 case ZEND_ASSIGN_MOD:
268 case ZEND_ASSIGN_SL:
269 case ZEND_ASSIGN_SR:
270 case ZEND_ASSIGN_CONCAT:
271 case ZEND_ASSIGN_BW_OR:
272 case ZEND_ASSIGN_BW_AND:
273 case ZEND_ASSIGN_BW_XOR:
274 case ZEND_ASSIGN_POW:
275 return (opline->extended_value != 0);
276 case ZEND_PRE_INC_OBJ:
277 case ZEND_PRE_DEC_OBJ:
278 case ZEND_POST_INC_OBJ:
279 case ZEND_POST_DEC_OBJ:
280 return 1;
281 }
282 }
283
284 return 0;
285 }
286 /* }}} */
287
is_escape_use(zend_op_array * op_array,zend_ssa * ssa,int use,int var)288 static int is_escape_use(zend_op_array *op_array, zend_ssa *ssa, int use, int var) /* {{{ */
289 {
290 zend_ssa_op *op = ssa->ops + use;
291 zend_op *opline = op_array->opcodes + use;
292
293 if (op->op1_use == var) {
294 switch (opline->opcode) {
295 case ZEND_ASSIGN:
296 /* no_val */
297 break;
298 case ZEND_QM_ASSIGN:
299 if (opline->op1_type == IS_CV) {
300 if (OP1_INFO() & MAY_BE_OBJECT) {
301 /* object aliasing */
302 return 1;
303 }
304 }
305 break;
306 case ZEND_ISSET_ISEMPTY_DIM_OBJ:
307 case ZEND_ISSET_ISEMPTY_PROP_OBJ:
308 case ZEND_FETCH_DIM_R:
309 case ZEND_FETCH_OBJ_R:
310 case ZEND_FETCH_DIM_IS:
311 case ZEND_FETCH_OBJ_IS:
312 break;
313 case ZEND_ASSIGN_ADD:
314 case ZEND_ASSIGN_SUB:
315 case ZEND_ASSIGN_MUL:
316 case ZEND_ASSIGN_DIV:
317 case ZEND_ASSIGN_MOD:
318 case ZEND_ASSIGN_SL:
319 case ZEND_ASSIGN_SR:
320 case ZEND_ASSIGN_CONCAT:
321 case ZEND_ASSIGN_BW_OR:
322 case ZEND_ASSIGN_BW_AND:
323 case ZEND_ASSIGN_BW_XOR:
324 case ZEND_ASSIGN_POW:
325 if (!opline->extended_value) {
326 return 1;
327 }
328 /* break missing intentionally */
329 case ZEND_ASSIGN_DIM:
330 case ZEND_ASSIGN_OBJ:
331 break;
332 case ZEND_PRE_INC_OBJ:
333 case ZEND_PRE_DEC_OBJ:
334 case ZEND_POST_INC_OBJ:
335 case ZEND_POST_DEC_OBJ:
336 break;
337 case ZEND_INIT_ARRAY:
338 case ZEND_ADD_ARRAY_ELEMENT:
339 if (opline->extended_value & ZEND_ARRAY_ELEMENT_REF) {
340 return 1;
341 }
342 if (OP1_INFO() & MAY_BE_OBJECT) {
343 /* object aliasing */
344 return 1;
345 }
346 /* reference dependencies processed separately */
347 break;
348 case ZEND_OP_DATA:
349 if ((opline-1)->opcode != ZEND_ASSIGN_DIM
350 && (opline-1)->opcode != ZEND_ASSIGN_OBJ) {
351 return 1;
352 }
353 if (OP1_INFO() & MAY_BE_OBJECT) {
354 /* object aliasing */
355 return 1;
356 }
357 opline--;
358 op--;
359 if (opline->op1_type != IS_CV
360 || (OP1_INFO() & MAY_BE_REF)
361 || (op->op1_def >= 0 && ssa->vars[op->op1_def].alias)) {
362 /* asignment into escaping structure */
363 return 1;
364 }
365 /* reference dependencies processed separately */
366 break;
367 default:
368 return 1;
369 }
370 }
371
372 if (op->op2_use == var) {
373 switch (opline->opcode) {
374 case ZEND_ASSIGN:
375 if (opline->op1_type != IS_CV
376 || (OP1_INFO() & MAY_BE_REF)
377 || (op->op1_def >= 0 && ssa->vars[op->op1_def].alias)) {
378 /* asignment into escaping variable */
379 return 1;
380 }
381 if (opline->op2_type == IS_CV || opline->result_type != IS_UNUSED) {
382 if (OP2_INFO() & MAY_BE_OBJECT) {
383 /* object aliasing */
384 return 1;
385 }
386 }
387 break;
388 default:
389 return 1;
390 }
391 }
392
393 if (op->result_use == var) {
394 switch (opline->opcode) {
395 case ZEND_ASSIGN:
396 case ZEND_QM_ASSIGN:
397 case ZEND_INIT_ARRAY:
398 case ZEND_ADD_ARRAY_ELEMENT:
399 break;
400 default:
401 return 1;
402 }
403 }
404
405 return 0;
406 }
407 /* }}} */
408
zend_ssa_escape_analysis(const zend_script * script,zend_op_array * op_array,zend_ssa * ssa)409 int zend_ssa_escape_analysis(const zend_script *script, zend_op_array *op_array, zend_ssa *ssa) /* {{{ */
410 {
411 zend_ssa_var *ssa_vars = ssa->vars;
412 int ssa_vars_count = ssa->vars_count;
413 int i, root, use;
414 int *ees;
415 zend_bool has_allocations;
416 int num_non_escaped;
417 ALLOCA_FLAG(use_heap)
418
419 if (!ssa_vars) {
420 return SUCCESS;
421 }
422
423 has_allocations = 0;
424 for (i = op_array->last_var; i < ssa_vars_count; i++) {
425 if (ssa_vars[i].definition >= 0
426 && (ssa->var_info[i].type & (MAY_BE_ARRAY|MAY_BE_OBJECT))
427 && is_allocation_def(op_array, ssa, ssa_vars[i].definition, i, script)) {
428 has_allocations = 1;
429 break;
430 }
431 }
432 if (!has_allocations) {
433 return SUCCESS;
434 }
435
436
437 /* 1. Build EES (Equi-Esape Sets) */
438 ees = do_alloca(sizeof(int) * ssa_vars_count, use_heap);
439 if (!ees) {
440 return FAILURE;
441 }
442
443 if (zend_build_equi_escape_sets(ees, op_array, ssa) != SUCCESS) {
444 return FAILURE;
445 }
446
447 /* 2. Identify Allocations */
448 num_non_escaped = 0;
449 for (i = op_array->last_var; i < ssa_vars_count; i++) {
450 root = ees[i];
451 if (ssa_vars[root].escape_state > ESCAPE_STATE_NO_ESCAPE) {
452 /* already escape. skip */
453 } else if (ssa_vars[i].alias && (ssa->var_info[i].type & MAY_BE_REF)) {
454 if (ssa_vars[root].escape_state == ESCAPE_STATE_NO_ESCAPE) {
455 num_non_escaped--;
456 }
457 ssa_vars[root].escape_state = ESCAPE_STATE_GLOBAL_ESCAPE;
458 } else if (ssa_vars[i].definition >= 0
459 && (ssa->var_info[i].type & (MAY_BE_ARRAY|MAY_BE_OBJECT))) {
460 if (!is_local_def(op_array, ssa, ssa_vars[i].definition, i, script)) {
461 if (ssa_vars[root].escape_state == ESCAPE_STATE_NO_ESCAPE) {
462 num_non_escaped--;
463 }
464 ssa_vars[root].escape_state = ESCAPE_STATE_GLOBAL_ESCAPE;
465 } else if (ssa_vars[root].escape_state == ESCAPE_STATE_UNKNOWN
466 && is_allocation_def(op_array, ssa, ssa_vars[i].definition, i, script)) {
467 ssa_vars[root].escape_state = ESCAPE_STATE_NO_ESCAPE;
468 num_non_escaped++;
469 }
470 }
471 }
472
473 /* 3. Mark escaped EES */
474 if (num_non_escaped) {
475 for (i = 0; i < ssa_vars_count; i++) {
476 if (ssa_vars[i].use_chain >= 0) {
477 root = ees[i];
478 if (ssa_vars[root].escape_state == ESCAPE_STATE_NO_ESCAPE) {
479 FOREACH_USE(ssa_vars + i, use) {
480 if (is_escape_use(op_array, ssa, use, i)) {
481 ssa_vars[root].escape_state = ESCAPE_STATE_GLOBAL_ESCAPE;
482 num_non_escaped--;
483 if (num_non_escaped == 0) {
484 i = ssa_vars_count;
485 }
486 break;
487 }
488 } FOREACH_USE_END();
489 }
490 }
491 }
492 }
493
494 /* 4. Process referential dependencies */
495 if (num_non_escaped) {
496 zend_bool changed;
497
498 do {
499 changed = 0;
500 for (i = 0; i < ssa_vars_count; i++) {
501 if (ssa_vars[i].use_chain >= 0) {
502 root = ees[i];
503 if (ssa_vars[root].escape_state == ESCAPE_STATE_NO_ESCAPE) {
504 FOREACH_USE(ssa_vars + i, use) {
505 zend_ssa_op *op = ssa->ops + use;
506 zend_op *opline = op_array->opcodes + use;
507 int enclosing_root;
508
509 if (opline->opcode == ZEND_OP_DATA &&
510 ((opline-1)->opcode == ZEND_ASSIGN_DIM ||
511 (opline-1)->opcode == ZEND_ASSIGN_OBJ) &&
512 op->op1_use == i &&
513 (op-1)->op1_use >= 0) {
514 enclosing_root = ees[(op-1)->op1_use];
515 } else if ((opline->opcode == ZEND_INIT_ARRAY ||
516 opline->opcode == ZEND_ADD_ARRAY_ELEMENT) &&
517 op->op1_use == i &&
518 op->result_def >= 0) {
519 enclosing_root = ees[op->result_def];
520 } else {
521 continue;
522 }
523
524 if (ssa_vars[enclosing_root].escape_state == ESCAPE_STATE_UNKNOWN ||
525 ssa_vars[enclosing_root].escape_state > ssa_vars[root].escape_state) {
526 if (ssa_vars[enclosing_root].escape_state == ESCAPE_STATE_UNKNOWN) {
527 ssa_vars[root].escape_state = ESCAPE_STATE_GLOBAL_ESCAPE;
528 } else {
529 ssa_vars[root].escape_state = ssa_vars[enclosing_root].escape_state;
530 }
531 if (ssa_vars[root].escape_state == ESCAPE_STATE_GLOBAL_ESCAPE) {
532 num_non_escaped--;
533 if (num_non_escaped == 0) {
534 i = ssa_vars_count;
535 changed = 0;
536 } else {
537 changed = 1;
538 }
539 break;
540 } else {
541 changed = 1;
542 }
543 }
544 } FOREACH_USE_END();
545 }
546 }
547 }
548 } while (changed);
549 }
550
551 /* 5. Propagate values of escape sets to variables */
552 for (i = 0; i < ssa_vars_count; i++) {
553 root = ees[i];
554 if (i != root) {
555 ssa_vars[i].escape_state = ssa_vars[root].escape_state;
556 }
557 }
558
559 free_alloca(ees, use_heap);
560
561 return SUCCESS;
562 }
563 /* }}} */
564
565 /*
566 * Local variables:
567 * tab-width: 4
568 * c-basic-offset: 4
569 * indent-tabs-mode: t
570 * End:
571 */
572
