1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Stanislav Malyshev <stas@zend.com> |
18 | Dmitry Stogov <dmitry@php.net> |
19 +----------------------------------------------------------------------+
20 */
21
22 #include "php.h"
23 #include "Optimizer/zend_optimizer.h"
24 #include "Optimizer/zend_optimizer_internal.h"
25 #include "zend_API.h"
26 #include "zend_constants.h"
27 #include "zend_execute.h"
28 #include "zend_vm.h"
29 #include "zend_bitset.h"
30 #include "zend_cfg.h"
31 #include "zend_dump.h"
32
33 /* Checks if a constant (like "true") may be replaced by its value */
zend_optimizer_get_persistent_constant(zend_string * name,zval * result,int copy)34 int zend_optimizer_get_persistent_constant(zend_string *name, zval *result, int copy)
35 {
36 zend_constant *c = zend_hash_find_ptr(EG(zend_constants), name);
37 if (c) {
38 if ((ZEND_CONSTANT_FLAGS(c) & CONST_PERSISTENT)
39 && !(ZEND_CONSTANT_FLAGS(c) & CONST_DEPRECATED)
40 && (!(ZEND_CONSTANT_FLAGS(c) & CONST_NO_FILE_CACHE)
41 || !(CG(compiler_options) & ZEND_COMPILE_WITH_FILE_CACHE))) {
42 ZVAL_COPY_VALUE(result, &c->value);
43 if (copy) {
44 Z_TRY_ADDREF_P(result);
45 }
46 return 1;
47 } else {
48 return 0;
49 }
50 }
51
52 /* Special constants null/true/false can always be substituted. */
53 c = zend_get_special_const(ZSTR_VAL(name), ZSTR_LEN(name));
54 if (c) {
55 ZVAL_COPY_VALUE(result, &c->value);
56 return 1;
57 }
58 return 0;
59 }
60
61 /* Data dependencies macros */
62
63 #define VAR_SOURCE(op) Tsource[VAR_NUM(op.var)]
64 #define SET_VAR_SOURCE(opline) Tsource[VAR_NUM(opline->result.var)] = opline
65
strip_leading_nops(zend_op_array * op_array,zend_basic_block * b)66 static void strip_leading_nops(zend_op_array *op_array, zend_basic_block *b)
67 {
68 zend_op *opcodes = op_array->opcodes;
69
70 do {
71 b->start++;
72 b->len--;
73 } while (b->len > 0 && opcodes[b->start].opcode == ZEND_NOP);
74 }
75
strip_nops(zend_op_array * op_array,zend_basic_block * b)76 static void strip_nops(zend_op_array *op_array, zend_basic_block *b)
77 {
78 uint32_t i, j;
79
80 if (b->len == 0) {
81 return;
82 }
83
84 if (op_array->opcodes[b->start].opcode == ZEND_NOP) {
85 strip_leading_nops(op_array, b);
86 }
87
88 if (b->len == 0) {
89 return;
90 }
91
92 /* strip the inside NOPs */
93 i = j = b->start + 1;
94 while (i < b->start + b->len) {
95 if (op_array->opcodes[i].opcode != ZEND_NOP) {
96 if (i != j) {
97 op_array->opcodes[j] = op_array->opcodes[i];
98 }
99 j++;
100 }
101 i++;
102 }
103 b->len = j - b->start;
104 while (j < i) {
105 MAKE_NOP(op_array->opcodes + j);
106 j++;
107 }
108 }
109
get_const_switch_target(zend_cfg * cfg,zend_op_array * op_array,zend_basic_block * block,zend_op * opline,zval * val)110 static int get_const_switch_target(zend_cfg *cfg, zend_op_array *op_array, zend_basic_block *block, zend_op *opline, zval *val) {
111 HashTable *jumptable = Z_ARRVAL(ZEND_OP2_LITERAL(opline));
112 zval *zv;
113 if ((opline->opcode == ZEND_SWITCH_LONG && Z_TYPE_P(val) != IS_LONG)
114 || (opline->opcode == ZEND_SWITCH_STRING && Z_TYPE_P(val) != IS_STRING)) {
115 /* fallback to next block */
116 return block->successors[block->successors_count - 1];
117 }
118 if (opline->opcode == ZEND_MATCH && Z_TYPE_P(val) != IS_LONG && Z_TYPE_P(val) != IS_STRING) {
119 /* always jump to the default arm */
120 return block->successors[block->successors_count - 1];
121 }
122 if (Z_TYPE_P(val) == IS_LONG) {
123 zv = zend_hash_index_find(jumptable, Z_LVAL_P(val));
124 } else {
125 ZEND_ASSERT(Z_TYPE_P(val) == IS_STRING);
126 zv = zend_hash_find(jumptable, Z_STR_P(val));
127 }
128 if (!zv) {
129 /* default */
130 return block->successors[block->successors_count - (opline->opcode == ZEND_MATCH ? 1 : 2)];
131 }
132 return cfg->map[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv))];
133 }
134
zend_optimize_block(zend_basic_block * block,zend_op_array * op_array,zend_bitset used_ext,zend_cfg * cfg,zend_op ** Tsource,uint32_t * opt_count)135 static void zend_optimize_block(zend_basic_block *block, zend_op_array *op_array, zend_bitset used_ext, zend_cfg *cfg, zend_op **Tsource, uint32_t *opt_count)
136 {
137 zend_op *opline, *src;
138 zend_op *end, *last_op = NULL;
139
140 if (block->len == 0) {
141 return;
142 }
143
144 if (op_array->opcodes[block->start].opcode == ZEND_NOP) {
145 /* remove leading NOPs */
146 strip_leading_nops(op_array, block);
147 }
148
149 opline = op_array->opcodes + block->start;
150 end = opline + block->len;
151 while (opline < end) {
152 /* Constant Propagation: strip X = QM_ASSIGN(const) */
153 if (opline->op1_type == IS_TMP_VAR &&
154 opline->opcode != ZEND_FREE) {
155 src = VAR_SOURCE(opline->op1);
156 if (src &&
157 src->opcode == ZEND_QM_ASSIGN &&
158 src->op1_type == IS_CONST
159 ) {
160 znode_op op1 = opline->op1;
161 if (opline->opcode == ZEND_VERIFY_RETURN_TYPE) {
162 COPY_NODE(opline->result, opline->op1);
163 COPY_NODE(opline->op1, src->op1);
164 VAR_SOURCE(op1) = NULL;
165 MAKE_NOP(src);
166 ++(*opt_count);
167 } else {
168 zval c;
169 ZVAL_COPY(&c, &ZEND_OP1_LITERAL(src));
170 if (zend_optimizer_update_op1_const(op_array, opline, &c)) {
171 VAR_SOURCE(op1) = NULL;
172 literal_dtor(&ZEND_OP1_LITERAL(src));
173 MAKE_NOP(src);
174 ++(*opt_count);
175 } else {
176 zval_ptr_dtor_nogc(&c);
177 }
178 }
179 }
180 }
181
182 /* Constant Propagation: strip X = QM_ASSIGN(const) */
183 if (opline->op2_type == IS_TMP_VAR) {
184 src = VAR_SOURCE(opline->op2);
185 if (src &&
186 src->opcode == ZEND_QM_ASSIGN &&
187 src->op1_type == IS_CONST) {
188
189 znode_op op2 = opline->op2;
190 zval c;
191
192 ZVAL_COPY(&c, &ZEND_OP1_LITERAL(src));
193 if (zend_optimizer_update_op2_const(op_array, opline, &c)) {
194 VAR_SOURCE(op2) = NULL;
195 literal_dtor(&ZEND_OP1_LITERAL(src));
196 MAKE_NOP(src);
197 ++(*opt_count);
198 } else {
199 zval_ptr_dtor_nogc(&c);
200 }
201 }
202 }
203
204 switch (opline->opcode) {
205 case ZEND_ECHO:
206 if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
207 src = VAR_SOURCE(opline->op1);
208 if (src &&
209 src->opcode == ZEND_CAST &&
210 src->extended_value == IS_STRING) {
211 /* T = CAST(X, String), ECHO(T) => NOP, ECHO(X) */
212 VAR_SOURCE(opline->op1) = NULL;
213 COPY_NODE(opline->op1, src->op1);
214 MAKE_NOP(src);
215 ++(*opt_count);
216 }
217 } else if (opline->op1_type == IS_CONST &&
218 Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_DOUBLE) {
219 if (last_op == opline - 1) {
220 /* compress consecutive ECHO's.
221 * Float to string conversion may be affected by current
222 * locale setting.
223 */
224 int l, old_len;
225
226 if (Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_STRING) {
227 convert_to_string(&ZEND_OP1_LITERAL(opline));
228 }
229 if (Z_TYPE(ZEND_OP1_LITERAL(last_op)) != IS_STRING) {
230 convert_to_string(&ZEND_OP1_LITERAL(last_op));
231 }
232 old_len = Z_STRLEN(ZEND_OP1_LITERAL(last_op));
233 l = old_len + Z_STRLEN(ZEND_OP1_LITERAL(opline));
234 if (!Z_REFCOUNTED(ZEND_OP1_LITERAL(last_op))) {
235 zend_string *tmp = zend_string_alloc(l, 0);
236 memcpy(ZSTR_VAL(tmp), Z_STRVAL(ZEND_OP1_LITERAL(last_op)), old_len);
237 Z_STR(ZEND_OP1_LITERAL(last_op)) = tmp;
238 } else {
239 Z_STR(ZEND_OP1_LITERAL(last_op)) = zend_string_extend(Z_STR(ZEND_OP1_LITERAL(last_op)), l, 0);
240 }
241 Z_TYPE_INFO(ZEND_OP1_LITERAL(last_op)) = IS_STRING_EX;
242 memcpy(Z_STRVAL(ZEND_OP1_LITERAL(last_op)) + old_len, Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)));
243 Z_STRVAL(ZEND_OP1_LITERAL(last_op))[l] = '\0';
244 zval_ptr_dtor_nogc(&ZEND_OP1_LITERAL(opline));
245 ZVAL_STR(&ZEND_OP1_LITERAL(opline), zend_new_interned_string(Z_STR(ZEND_OP1_LITERAL(last_op))));
246 ZVAL_NULL(&ZEND_OP1_LITERAL(last_op));
247 MAKE_NOP(last_op);
248 ++(*opt_count);
249 }
250 last_op = opline;
251 }
252 break;
253
254 case ZEND_FREE:
255 if (opline->op1_type == IS_TMP_VAR) {
256 src = VAR_SOURCE(opline->op1);
257 if (src) {
258 switch (src->opcode) {
259 case ZEND_BOOL:
260 case ZEND_BOOL_NOT:
261 /* T = BOOL(X), FREE(T) => T = BOOL(X) */
262 /* The remaining BOOL is removed by a separate optimization */
263 VAR_SOURCE(opline->op1) = NULL;
264 MAKE_NOP(opline);
265 ++(*opt_count);
266 break;
267 case ZEND_ASSIGN:
268 case ZEND_ASSIGN_DIM:
269 case ZEND_ASSIGN_OBJ:
270 case ZEND_ASSIGN_STATIC_PROP:
271 case ZEND_ASSIGN_OP:
272 case ZEND_ASSIGN_DIM_OP:
273 case ZEND_ASSIGN_OBJ_OP:
274 case ZEND_ASSIGN_STATIC_PROP_OP:
275 case ZEND_PRE_INC:
276 case ZEND_PRE_DEC:
277 case ZEND_PRE_INC_OBJ:
278 case ZEND_PRE_DEC_OBJ:
279 case ZEND_PRE_INC_STATIC_PROP:
280 case ZEND_PRE_DEC_STATIC_PROP:
281 src->result_type = IS_UNUSED;
282 VAR_SOURCE(opline->op1) = NULL;
283 MAKE_NOP(opline);
284 ++(*opt_count);
285 break;
286 default:
287 break;
288 }
289 }
290 } else if (opline->op1_type == IS_VAR) {
291 src = VAR_SOURCE(opline->op1);
292 /* V = OP, FREE(V) => OP. NOP */
293 if (src &&
294 src->opcode != ZEND_FETCH_R &&
295 src->opcode != ZEND_FETCH_STATIC_PROP_R &&
296 src->opcode != ZEND_FETCH_DIM_R &&
297 src->opcode != ZEND_FETCH_OBJ_R &&
298 src->opcode != ZEND_NEW &&
299 src->opcode != ZEND_FETCH_THIS) {
300 src->result_type = IS_UNUSED;
301 MAKE_NOP(opline);
302 ++(*opt_count);
303 if (src->opcode == ZEND_QM_ASSIGN) {
304 if (src->op1_type & (IS_VAR|IS_TMP_VAR)) {
305 src->opcode = ZEND_FREE;
306 } else {
307 MAKE_NOP(src);
308 }
309 }
310 }
311 }
312 break;
313
314 #if 0
315 /* pre-evaluate functions:
316 constant(x)
317 function_exists(x)
318 extension_loaded(x)
319 BAD: interacts badly with Accelerator
320 */
321 if((opline->op1_type & IS_VAR) &&
322 VAR_SOURCE(opline->op1) && VAR_SOURCE(opline->op1)->opcode == ZEND_DO_CF_FCALL &&
323 VAR_SOURCE(opline->op1)->extended_value == 1) {
324 zend_op *fcall = VAR_SOURCE(opline->op1);
325 zend_op *sv = fcall-1;
326 if(sv >= block->start_opline && sv->opcode == ZEND_SEND_VAL &&
327 sv->op1_type == IS_CONST && Z_TYPE(OPLINE_OP1_LITERAL(sv)) == IS_STRING &&
328 Z_LVAL(OPLINE_OP2_LITERAL(sv)) == 1
329 ) {
330 zval *arg = &OPLINE_OP1_LITERAL(sv);
331 char *fname = FUNCTION_CACHE->funcs[Z_LVAL(ZEND_OP1_LITERAL(fcall))].function_name;
332 int flen = FUNCTION_CACHE->funcs[Z_LVAL(ZEND_OP1_LITERAL(fcall))].name_len;
333 if((flen == sizeof("function_exists")-1 && zend_binary_strcasecmp(fname, flen, "function_exists", sizeof("function_exists")-1) == 0) ||
334 (flen == sizeof("is_callable")-1 && zend_binary_strcasecmp(fname, flen, "is_callable", sizeof("is_callable")-1) == 0)
335 ) {
336 zend_function *function;
337 if((function = zend_hash_find_ptr(EG(function_table), Z_STR_P(arg))) != NULL) {
338 literal_dtor(arg);
339 MAKE_NOP(sv);
340 MAKE_NOP(fcall);
341 LITERAL_BOOL(opline->op1, 1);
342 opline->op1_type = IS_CONST;
343 }
344 } else if(flen == sizeof("constant")-1 && zend_binary_strcasecmp(fname, flen, "constant", sizeof("constant")-1) == 0) {
345 zval c;
346 if(zend_optimizer_get_persistent_constant(Z_STR_P(arg), &c, 1 ELS_CC) != 0) {
347 literal_dtor(arg);
348 MAKE_NOP(sv);
349 MAKE_NOP(fcall);
350 ZEND_OP1_LITERAL(opline) = zend_optimizer_add_literal(op_array, &c);
351 /* no copy ctor - get already copied it */
352 opline->op1_type = IS_CONST;
353 }
354 } else if(flen == sizeof("extension_loaded")-1 && zend_binary_strcasecmp(fname, flen, "extension_loaded", sizeof("extension_loaded")-1) == 0) {
355 if(zend_hash_exists(&module_registry, Z_STR_P(arg))) {
356 literal_dtor(arg);
357 MAKE_NOP(sv);
358 MAKE_NOP(fcall);
359 LITERAL_BOOL(opline->op1, 1);
360 opline->op1_type = IS_CONST;
361 }
362 }
363 }
364 }
365 #endif
366
367 case ZEND_FETCH_LIST_R:
368 case ZEND_FETCH_LIST_W:
369 if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
370 /* LIST variable will be deleted later by FREE */
371 Tsource[VAR_NUM(opline->op1.var)] = NULL;
372 }
373 break;
374
375 case ZEND_SWITCH_LONG:
376 case ZEND_SWITCH_STRING:
377 case ZEND_MATCH:
378 if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
379 /* SWITCH variable will be deleted later by FREE, so we can't optimize it */
380 Tsource[VAR_NUM(opline->op1.var)] = NULL;
381 break;
382 }
383 if (opline->op1_type == IS_CONST) {
384 int target = get_const_switch_target(cfg, op_array, block, opline, &ZEND_OP1_LITERAL(opline));
385 literal_dtor(&ZEND_OP1_LITERAL(opline));
386 literal_dtor(&ZEND_OP2_LITERAL(opline));
387 opline->opcode = ZEND_JMP;
388 opline->op1_type = IS_UNUSED;
389 opline->op2_type = IS_UNUSED;
390 block->successors_count = 1;
391 block->successors[0] = target;
392 }
393 break;
394
395 case ZEND_CASE:
396 case ZEND_CASE_STRICT:
397 case ZEND_COPY_TMP:
398 if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
399 /* Variable will be deleted later by FREE, so we can't optimize it */
400 Tsource[VAR_NUM(opline->op1.var)] = NULL;
401 break;
402 }
403 /* break missing intentionally */
404
405 case ZEND_IS_EQUAL:
406 case ZEND_IS_NOT_EQUAL:
407 if (opline->op1_type == IS_CONST &&
408 opline->op2_type == IS_CONST) {
409 goto optimize_constant_binary_op;
410 }
411 /* IS_EQ(TRUE, X) => BOOL(X)
412 * IS_EQ(FALSE, X) => BOOL_NOT(X)
413 * IS_NOT_EQ(TRUE, X) => BOOL_NOT(X)
414 * IS_NOT_EQ(FALSE, X) => BOOL(X)
415 * CASE(TRUE, X) => BOOL(X)
416 * CASE(FALSE, X) => BOOL_NOT(X)
417 */
418 if (opline->op1_type == IS_CONST &&
419 (Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_FALSE ||
420 Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_TRUE)) {
421 /* Optimization of comparison with "null" is not safe,
422 * because ("0" == null) is not equal to !("0")
423 */
424 opline->opcode =
425 ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP1_LITERAL(opline))) == IS_TRUE)) ?
426 ZEND_BOOL : ZEND_BOOL_NOT;
427 COPY_NODE(opline->op1, opline->op2);
428 SET_UNUSED(opline->op2);
429 ++(*opt_count);
430 goto optimize_bool;
431 } else if (opline->op2_type == IS_CONST &&
432 (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_FALSE ||
433 Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_TRUE)) {
434 /* Optimization of comparison with "null" is not safe,
435 * because ("0" == null) is not equal to !("0")
436 */
437 opline->opcode =
438 ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP2_LITERAL(opline))) == IS_TRUE)) ?
439 ZEND_BOOL : ZEND_BOOL_NOT;
440 SET_UNUSED(opline->op2);
441 ++(*opt_count);
442 goto optimize_bool;
443 }
444 break;
445
446 case ZEND_BOOL:
447 case ZEND_BOOL_NOT:
448 optimize_bool:
449 if (opline->op1_type == IS_CONST) {
450 goto optimize_const_unary_op;
451 }
452 if (opline->op1_type == IS_TMP_VAR &&
453 !zend_bitset_in(used_ext, VAR_NUM(opline->op1.var))) {
454 src = VAR_SOURCE(opline->op1);
455 if (src) {
456 switch (src->opcode) {
457 case ZEND_BOOL_NOT:
458 /* T = BOOL_NOT(X) + BOOL(T) -> NOP, BOOL_NOT(X) */
459 VAR_SOURCE(opline->op1) = NULL;
460 COPY_NODE(opline->op1, src->op1);
461 opline->opcode = (opline->opcode == ZEND_BOOL) ? ZEND_BOOL_NOT : ZEND_BOOL;
462 MAKE_NOP(src);
463 ++(*opt_count);
464 goto optimize_bool;
465 case ZEND_BOOL:
466 /* T = BOOL(X) + BOOL(T) -> NOP, BOOL(X) */
467 VAR_SOURCE(opline->op1) = NULL;
468 COPY_NODE(opline->op1, src->op1);
469 MAKE_NOP(src);
470 ++(*opt_count);
471 goto optimize_bool;
472 case ZEND_IS_EQUAL:
473 if (opline->opcode == ZEND_BOOL_NOT) {
474 src->opcode = ZEND_IS_NOT_EQUAL;
475 }
476 COPY_NODE(src->result, opline->result);
477 SET_VAR_SOURCE(src);
478 MAKE_NOP(opline);
479 ++(*opt_count);
480 break;
481 case ZEND_IS_NOT_EQUAL:
482 if (opline->opcode == ZEND_BOOL_NOT) {
483 src->opcode = ZEND_IS_EQUAL;
484 }
485 COPY_NODE(src->result, opline->result);
486 SET_VAR_SOURCE(src);
487 MAKE_NOP(opline);
488 ++(*opt_count);
489 break;
490 case ZEND_IS_IDENTICAL:
491 if (opline->opcode == ZEND_BOOL_NOT) {
492 src->opcode = ZEND_IS_NOT_IDENTICAL;
493 }
494 COPY_NODE(src->result, opline->result);
495 SET_VAR_SOURCE(src);
496 MAKE_NOP(opline);
497 ++(*opt_count);
498 break;
499 case ZEND_IS_NOT_IDENTICAL:
500 if (opline->opcode == ZEND_BOOL_NOT) {
501 src->opcode = ZEND_IS_IDENTICAL;
502 }
503 COPY_NODE(src->result, opline->result);
504 SET_VAR_SOURCE(src);
505 MAKE_NOP(opline);
506 ++(*opt_count);
507 break;
508 case ZEND_IS_SMALLER:
509 if (opline->opcode == ZEND_BOOL_NOT) {
510 zend_uchar tmp_type;
511 uint32_t tmp;
512
513 src->opcode = ZEND_IS_SMALLER_OR_EQUAL;
514 tmp_type = src->op1_type;
515 src->op1_type = src->op2_type;
516 src->op2_type = tmp_type;
517 tmp = src->op1.num;
518 src->op1.num = src->op2.num;
519 src->op2.num = tmp;
520 }
521 COPY_NODE(src->result, opline->result);
522 SET_VAR_SOURCE(src);
523 MAKE_NOP(opline);
524 ++(*opt_count);
525 break;
526 case ZEND_IS_SMALLER_OR_EQUAL:
527 if (opline->opcode == ZEND_BOOL_NOT) {
528 zend_uchar tmp_type;
529 uint32_t tmp;
530
531 src->opcode = ZEND_IS_SMALLER;
532 tmp_type = src->op1_type;
533 src->op1_type = src->op2_type;
534 src->op2_type = tmp_type;
535 tmp = src->op1.num;
536 src->op1.num = src->op2.num;
537 src->op2.num = tmp;
538 }
539 COPY_NODE(src->result, opline->result);
540 SET_VAR_SOURCE(src);
541 MAKE_NOP(opline);
542 ++(*opt_count);
543 break;
544 case ZEND_ISSET_ISEMPTY_CV:
545 case ZEND_ISSET_ISEMPTY_VAR:
546 case ZEND_ISSET_ISEMPTY_DIM_OBJ:
547 case ZEND_ISSET_ISEMPTY_PROP_OBJ:
548 case ZEND_ISSET_ISEMPTY_STATIC_PROP:
549 case ZEND_INSTANCEOF:
550 case ZEND_TYPE_CHECK:
551 case ZEND_DEFINED:
552 case ZEND_IN_ARRAY:
553 case ZEND_ARRAY_KEY_EXISTS:
554 if (opline->opcode == ZEND_BOOL_NOT) {
555 break;
556 }
557 COPY_NODE(src->result, opline->result);
558 SET_VAR_SOURCE(src);
559 MAKE_NOP(opline);
560 ++(*opt_count);
561 break;
562 }
563 }
564 }
565 break;
566
567 case ZEND_JMPZ:
568 case ZEND_JMPNZ:
569 while (1) {
570 if (opline->op1_type == IS_CONST) {
571 ++(*opt_count);
572 block->successors_count = 1;
573 if (zend_is_true(&ZEND_OP1_LITERAL(opline)) ==
574 (opline->opcode == ZEND_JMPZ)) {
575
576 MAKE_NOP(opline);
577 block->successors[0] = block->successors[1];
578 block->len--;
579 cfg->blocks[block->successors[0]].flags |= ZEND_BB_FOLLOW;
580 break;
581 } else {
582 zend_basic_block *next = cfg->blocks + block->successors[1];
583
584 next->flags &= ~ZEND_BB_FOLLOW;
585 if (!(next->flags & (ZEND_BB_TARGET|ZEND_BB_PROTECTED))) {
586 next->flags &= ~ZEND_BB_REACHABLE;
587 }
588 opline->opcode = ZEND_JMP;
589 COPY_NODE(opline->op1, opline->op2);
590 break;
591 }
592 } else if (opline->op1_type == IS_TMP_VAR &&
593 !zend_bitset_in(used_ext, VAR_NUM(opline->op1.var))) {
594 src = VAR_SOURCE(opline->op1);
595 if (src) {
596 if (src->opcode == ZEND_BOOL_NOT) {
597 VAR_SOURCE(opline->op1) = NULL;
598 COPY_NODE(opline->op1, src->op1);
599 /* T = BOOL_NOT(X) + JMPZ(T) -> NOP, JMPNZ(X) */
600 opline->opcode = INV_COND(opline->opcode);
601 MAKE_NOP(src);
602 ++(*opt_count);
603 continue;
604 } else if (src->opcode == ZEND_BOOL ||
605 src->opcode == ZEND_QM_ASSIGN) {
606 VAR_SOURCE(opline->op1) = NULL;
607 COPY_NODE(opline->op1, src->op1);
608 MAKE_NOP(src);
609 ++(*opt_count);
610 continue;
611 }
612 }
613 }
614 break;
615 }
616 break;
617
618 case ZEND_JMPZNZ:
619 while (1) {
620 if (opline->op1_type == IS_CONST) {
621 ++(*opt_count);
622 if (zend_is_true(&ZEND_OP1_LITERAL(opline))) {
623 zend_op *target_opline = ZEND_OFFSET_TO_OPLINE(opline, opline->extended_value);
624 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target_opline);
625 block->successors[0] = block->successors[1];
626 } else {
627 zend_op *target_opline = ZEND_OP2_JMP_ADDR(opline);
628 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target_opline);
629 }
630 block->successors_count = 1;
631 opline->op1_type = IS_UNUSED;
632 opline->extended_value = 0;
633 opline->opcode = ZEND_JMP;
634 break;
635 } else if (opline->op1_type == IS_TMP_VAR &&
636 !zend_bitset_in(used_ext, VAR_NUM(opline->op1.var))) {
637 src = VAR_SOURCE(opline->op1);
638 if (src) {
639 if (src->opcode == ZEND_BOOL_NOT) {
640 /* T = BOOL_NOT(X) + JMPZNZ(T,L1,L2) -> NOP, JMPZNZ(X,L2,L1) */
641 uint32_t tmp;
642
643 VAR_SOURCE(opline->op1) = NULL;
644 COPY_NODE(opline->op1, src->op1);
645 tmp = block->successors[0];
646 block->successors[0] = block->successors[1];
647 block->successors[1] = tmp;
648 MAKE_NOP(src);
649 ++(*opt_count);
650 continue;
651 } else if (src->opcode == ZEND_BOOL ||
652 src->opcode == ZEND_QM_ASSIGN) {
653 VAR_SOURCE(opline->op1) = NULL;
654 COPY_NODE(opline->op1, src->op1);
655 MAKE_NOP(src);
656 ++(*opt_count);
657 continue;
658 }
659 }
660 }
661 break;
662 }
663 break;
664
665 case ZEND_JMPZ_EX:
666 case ZEND_JMPNZ_EX:
667 while (1) {
668 if (opline->op1_type == IS_CONST) {
669 if (zend_is_true(&ZEND_OP1_LITERAL(opline)) ==
670 (opline->opcode == ZEND_JMPZ_EX)) {
671
672 ++(*opt_count);
673 opline->opcode = ZEND_QM_ASSIGN;
674 zval_ptr_dtor_nogc(&ZEND_OP1_LITERAL(opline));
675 ZVAL_BOOL(&ZEND_OP1_LITERAL(opline), opline->opcode == ZEND_JMPZ_EX);
676 opline->op2.num = 0;
677 block->successors_count = 1;
678 block->successors[0] = block->successors[1];
679 cfg->blocks[block->successors[0]].flags |= ZEND_BB_FOLLOW;
680 break;
681 }
682 } else if (opline->op1_type == IS_TMP_VAR &&
683 (!zend_bitset_in(used_ext, VAR_NUM(opline->op1.var)) ||
684 opline->result.var == opline->op1.var)) {
685 src = VAR_SOURCE(opline->op1);
686 if (src) {
687 if (src->opcode == ZEND_BOOL ||
688 src->opcode == ZEND_QM_ASSIGN) {
689 VAR_SOURCE(opline->op1) = NULL;
690 COPY_NODE(opline->op1, src->op1);
691 MAKE_NOP(src);
692 ++(*opt_count);
693 continue;
694 }
695 }
696 }
697 break;
698 }
699 break;
700
701 case ZEND_CONCAT:
702 case ZEND_FAST_CONCAT:
703 if (opline->op1_type == IS_CONST &&
704 opline->op2_type == IS_CONST) {
705 goto optimize_constant_binary_op;
706 }
707
708 if (opline->op2_type == IS_CONST &&
709 opline->op1_type == IS_TMP_VAR) {
710
711 src = VAR_SOURCE(opline->op1);
712 if (src &&
713 (src->opcode == ZEND_CONCAT ||
714 src->opcode == ZEND_FAST_CONCAT) &&
715 src->op2_type == IS_CONST) {
716 /* compress consecutive CONCATs */
717 int l, old_len;
718
719 if (Z_TYPE(ZEND_OP2_LITERAL(opline)) != IS_STRING) {
720 convert_to_string(&ZEND_OP2_LITERAL(opline));
721 }
722 if (Z_TYPE(ZEND_OP2_LITERAL(src)) != IS_STRING) {
723 convert_to_string(&ZEND_OP2_LITERAL(src));
724 }
725
726 VAR_SOURCE(opline->op1) = NULL;
727 COPY_NODE(opline->op1, src->op1);
728 old_len = Z_STRLEN(ZEND_OP2_LITERAL(src));
729 l = old_len + Z_STRLEN(ZEND_OP2_LITERAL(opline));
730 if (!Z_REFCOUNTED(ZEND_OP2_LITERAL(src))) {
731 zend_string *tmp = zend_string_alloc(l, 0);
732 memcpy(ZSTR_VAL(tmp), Z_STRVAL(ZEND_OP2_LITERAL(src)), old_len);
733 Z_STR(ZEND_OP2_LITERAL(src)) = tmp;
734 } else {
735 Z_STR(ZEND_OP2_LITERAL(src)) = zend_string_extend(Z_STR(ZEND_OP2_LITERAL(src)), l, 0);
736 }
737 Z_TYPE_INFO(ZEND_OP2_LITERAL(src)) = IS_STRING_EX;
738 memcpy(Z_STRVAL(ZEND_OP2_LITERAL(src)) + old_len, Z_STRVAL(ZEND_OP2_LITERAL(opline)), Z_STRLEN(ZEND_OP2_LITERAL(opline)));
739 Z_STRVAL(ZEND_OP2_LITERAL(src))[l] = '\0';
740 zval_ptr_dtor_str(&ZEND_OP2_LITERAL(opline));
741 ZVAL_STR(&ZEND_OP2_LITERAL(opline), zend_new_interned_string(Z_STR(ZEND_OP2_LITERAL(src))));
742 ZVAL_NULL(&ZEND_OP2_LITERAL(src));
743 MAKE_NOP(src);
744 ++(*opt_count);
745 }
746 }
747
748 if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
749 src = VAR_SOURCE(opline->op1);
750 if (src &&
751 src->opcode == ZEND_CAST &&
752 src->extended_value == IS_STRING &&
753 src->op1_type != IS_CONST) {
754 /* convert T1 = CAST(STRING, X), T2 = CONCAT(T1, Y) to T2 = CONCAT(X,Y) */
755 VAR_SOURCE(opline->op1) = NULL;
756 COPY_NODE(opline->op1, src->op1);
757 MAKE_NOP(src);
758 ++(*opt_count);
759 }
760 }
761 if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
762 src = VAR_SOURCE(opline->op2);
763 if (src &&
764 src->opcode == ZEND_CAST &&
765 src->extended_value == IS_STRING &&
766 src->op1_type != IS_CONST) {
767 /* convert T1 = CAST(STRING, X), T2 = CONCAT(Y, T1) to T2 = CONCAT(Y,X) */
768 zend_op *src = VAR_SOURCE(opline->op2);
769 VAR_SOURCE(opline->op2) = NULL;
770 COPY_NODE(opline->op2, src->op1);
771 MAKE_NOP(src);
772 ++(*opt_count);
773 }
774 }
775 if (opline->op1_type == IS_CONST &&
776 Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_STRING &&
777 Z_STRLEN(ZEND_OP1_LITERAL(opline)) == 0) {
778 /* convert CONCAT('', X) => CAST(STRING, X) */
779 literal_dtor(&ZEND_OP1_LITERAL(opline));
780 opline->opcode = ZEND_CAST;
781 opline->extended_value = IS_STRING;
782 COPY_NODE(opline->op1, opline->op2);
783 opline->op2_type = IS_UNUSED;
784 opline->op2.var = 0;
785 ++(*opt_count);
786 } else if (opline->op2_type == IS_CONST &&
787 Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_STRING &&
788 Z_STRLEN(ZEND_OP2_LITERAL(opline)) == 0) {
789 /* convert CONCAT(X, '') => CAST(STRING, X) */
790 literal_dtor(&ZEND_OP2_LITERAL(opline));
791 opline->opcode = ZEND_CAST;
792 opline->extended_value = IS_STRING;
793 opline->op2_type = IS_UNUSED;
794 opline->op2.var = 0;
795 ++(*opt_count);
796 } else if (opline->opcode == ZEND_CONCAT &&
797 (opline->op1_type == IS_CONST ||
798 (opline->op1_type == IS_TMP_VAR &&
799 VAR_SOURCE(opline->op1) &&
800 (VAR_SOURCE(opline->op1)->opcode == ZEND_FAST_CONCAT ||
801 VAR_SOURCE(opline->op1)->opcode == ZEND_ROPE_END ||
802 VAR_SOURCE(opline->op1)->opcode == ZEND_FETCH_CONSTANT ||
803 VAR_SOURCE(opline->op1)->opcode == ZEND_FETCH_CLASS_CONSTANT))) &&
804 (opline->op2_type == IS_CONST ||
805 (opline->op2_type == IS_TMP_VAR &&
806 VAR_SOURCE(opline->op2) &&
807 (VAR_SOURCE(opline->op2)->opcode == ZEND_FAST_CONCAT ||
808 VAR_SOURCE(opline->op2)->opcode == ZEND_ROPE_END ||
809 VAR_SOURCE(opline->op2)->opcode == ZEND_FETCH_CONSTANT ||
810 VAR_SOURCE(opline->op2)->opcode == ZEND_FETCH_CLASS_CONSTANT)))) {
811 opline->opcode = ZEND_FAST_CONCAT;
812 ++(*opt_count);
813 }
814 break;
815
816 case ZEND_ADD:
817 case ZEND_SUB:
818 case ZEND_MUL:
819 case ZEND_DIV:
820 case ZEND_MOD:
821 case ZEND_SL:
822 case ZEND_SR:
823 case ZEND_IS_SMALLER:
824 case ZEND_IS_SMALLER_OR_EQUAL:
825 case ZEND_IS_IDENTICAL:
826 case ZEND_IS_NOT_IDENTICAL:
827 case ZEND_BOOL_XOR:
828 case ZEND_BW_OR:
829 case ZEND_BW_AND:
830 case ZEND_BW_XOR:
831 if (opline->op1_type == IS_CONST &&
832 opline->op2_type == IS_CONST) {
833 /* evaluate constant expressions */
834 zval result;
835
836 optimize_constant_binary_op:
837 if (zend_optimizer_eval_binary_op(&result, opline->opcode, &ZEND_OP1_LITERAL(opline), &ZEND_OP2_LITERAL(opline)) == SUCCESS) {
838 literal_dtor(&ZEND_OP1_LITERAL(opline));
839 literal_dtor(&ZEND_OP2_LITERAL(opline));
840 opline->opcode = ZEND_QM_ASSIGN;
841 SET_UNUSED(opline->op2);
842 zend_optimizer_update_op1_const(op_array, opline, &result);
843 ++(*opt_count);
844 }
845 }
846 break;
847
848 case ZEND_BW_NOT:
849 if (opline->op1_type == IS_CONST) {
850 /* evaluate constant unary ops */
851 zval result;
852
853 optimize_const_unary_op:
854 if (zend_optimizer_eval_unary_op(&result, opline->opcode, &ZEND_OP1_LITERAL(opline)) == SUCCESS) {
855 literal_dtor(&ZEND_OP1_LITERAL(opline));
856 opline->opcode = ZEND_QM_ASSIGN;
857 zend_optimizer_update_op1_const(op_array, opline, &result);
858 ++(*opt_count);
859 }
860 }
861 break;
862
863 case ZEND_CAST:
864 if (opline->op1_type == IS_CONST) {
865 /* cast of constant operand */
866 zval result;
867
868 if (zend_optimizer_eval_cast(&result, opline->extended_value, &ZEND_OP1_LITERAL(opline)) == SUCCESS) {
869 literal_dtor(&ZEND_OP1_LITERAL(opline));
870 opline->opcode = ZEND_QM_ASSIGN;
871 opline->extended_value = 0;
872 zend_optimizer_update_op1_const(op_array, opline, &result);
873 ++(*opt_count);
874 }
875 }
876 break;
877
878 case ZEND_STRLEN:
879 if (opline->op1_type == IS_CONST) {
880 zval result;
881
882 if (zend_optimizer_eval_strlen(&result, &ZEND_OP1_LITERAL(opline)) == SUCCESS) {
883 literal_dtor(&ZEND_OP1_LITERAL(opline));
884 opline->opcode = ZEND_QM_ASSIGN;
885 zend_optimizer_update_op1_const(op_array, opline, &result);
886 ++(*opt_count);
887 }
888 }
889 break;
890
891 case ZEND_RETURN:
892 case ZEND_EXIT:
893 if (opline->op1_type == IS_TMP_VAR) {
894 src = VAR_SOURCE(opline->op1);
895 if (src && src->opcode == ZEND_QM_ASSIGN) {
896 zend_op *op = src + 1;
897 zend_bool optimize = 1;
898
899 while (op < opline) {
900 if ((op->op1_type == opline->op1_type
901 && op->op1.var == opline->op1.var)
902 || (op->op2_type == opline->op1_type
903 && op->op2.var == opline->op1.var)) {
904 optimize = 0;
905 break;
906 }
907 op++;
908 }
909
910 if (optimize) {
911 /* T = QM_ASSIGN(X), RETURN(T) to NOP, RETURN(X) */
912 VAR_SOURCE(opline->op1) = NULL;
913 COPY_NODE(opline->op1, src->op1);
914 MAKE_NOP(src);
915 ++(*opt_count);
916 }
917 }
918 }
919 break;
920
921 case ZEND_QM_ASSIGN:
922 if (opline->op1_type == opline->result_type &&
923 opline->op1.var == opline->result.var) {
924 /* strip T = QM_ASSIGN(T) */
925 MAKE_NOP(opline);
926 ++(*opt_count);
927 } else if (opline->op1_type == IS_TMP_VAR &&
928 opline->result_type == IS_TMP_VAR &&
929 !zend_bitset_in(used_ext, VAR_NUM(opline->op1.var))) {
930 /* T1 = ..., T2 = QM_ASSIGN(T1) to T2 = ..., NOP */
931 src = VAR_SOURCE(opline->op1);
932 if (src &&
933 src->opcode != ZEND_COPY_TMP &&
934 src->opcode != ZEND_ADD_ARRAY_ELEMENT &&
935 src->opcode != ZEND_ADD_ARRAY_UNPACK &&
936 (src->opcode != ZEND_DECLARE_LAMBDA_FUNCTION ||
937 src == opline -1)) {
938 src->result.var = opline->result.var;
939 VAR_SOURCE(opline->op1) = NULL;
940 VAR_SOURCE(opline->result) = src;
941 MAKE_NOP(opline);
942 ++(*opt_count);
943 }
944 }
945 break;
946 }
947
948 /* get variable source */
949 if (opline->result_type & (IS_VAR|IS_TMP_VAR)) {
950 SET_VAR_SOURCE(opline);
951 }
952 opline++;
953 }
954 }
955
956 /* Rebuild plain (optimized) op_array from CFG */
assemble_code_blocks(zend_cfg * cfg,zend_op_array * op_array,zend_optimizer_ctx * ctx)957 static void assemble_code_blocks(zend_cfg *cfg, zend_op_array *op_array, zend_optimizer_ctx *ctx)
958 {
959 zend_basic_block *blocks = cfg->blocks;
960 zend_basic_block *end = blocks + cfg->blocks_count;
961 zend_basic_block *b;
962 zend_op *new_opcodes;
963 zend_op *opline;
964 uint32_t len = 0;
965 int n;
966
967 for (b = blocks; b < end; b++) {
968 if (b->len == 0) {
969 continue;
970 }
971 if (b->flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
972 if (b->flags & ZEND_BB_UNREACHABLE_FREE) {
973 /* Only keep the FREE for the loop var */
974 ZEND_ASSERT(op_array->opcodes[b->start].opcode == ZEND_FREE
975 || op_array->opcodes[b->start].opcode == ZEND_FE_FREE);
976 len += b->len = 1;
977 continue;
978 }
979
980 opline = op_array->opcodes + b->start + b->len - 1;
981 if (opline->opcode == ZEND_JMP) {
982 zend_basic_block *next = b + 1;
983
984 while (next < end && !(next->flags & ZEND_BB_REACHABLE)) {
985 next++;
986 }
987 if (next < end && next == blocks + b->successors[0]) {
988 /* JMP to the next block - strip it */
989 MAKE_NOP(opline);
990 b->len--;
991 }
992 } else if (b->len == 1 && opline->opcode == ZEND_NOP) {
993 /* skip empty block */
994 b->len--;
995 }
996 len += b->len;
997 } else {
998 /* this block will not be used, delete all constants there */
999 zend_op *op = op_array->opcodes + b->start;
1000 zend_op *end = op + b->len;
1001 for (; op < end; op++) {
1002 if (op->op1_type == IS_CONST) {
1003 literal_dtor(&ZEND_OP1_LITERAL(op));
1004 }
1005 if (op->op2_type == IS_CONST) {
1006 literal_dtor(&ZEND_OP2_LITERAL(op));
1007 }
1008 }
1009 }
1010 }
1011
1012 new_opcodes = emalloc(len * sizeof(zend_op));
1013 opline = new_opcodes;
1014
1015 /* Copy code of reachable blocks into a single buffer */
1016 for (b = blocks; b < end; b++) {
1017 if (b->flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
1018 memcpy(opline, op_array->opcodes + b->start, b->len * sizeof(zend_op));
1019 b->start = opline - new_opcodes;
1020 opline += b->len;
1021 }
1022 }
1023
1024 /* adjust jump targets */
1025 efree(op_array->opcodes);
1026 op_array->opcodes = new_opcodes;
1027 op_array->last = len;
1028
1029 for (b = blocks; b < end; b++) {
1030 if (!(b->flags & ZEND_BB_REACHABLE) || b->len == 0) {
1031 continue;
1032 }
1033 opline = op_array->opcodes + b->start + b->len - 1;
1034 switch (opline->opcode) {
1035 case ZEND_FAST_CALL:
1036 case ZEND_JMP:
1037 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, new_opcodes + blocks[b->successors[0]].start);
1038 break;
1039 case ZEND_JMPZNZ:
1040 opline->extended_value = ZEND_OPLINE_TO_OFFSET(opline, new_opcodes + blocks[b->successors[1]].start);
1041 /* break missing intentionally */
1042 case ZEND_JMPZ:
1043 case ZEND_JMPNZ:
1044 case ZEND_JMPZ_EX:
1045 case ZEND_JMPNZ_EX:
1046 case ZEND_FE_RESET_R:
1047 case ZEND_FE_RESET_RW:
1048 case ZEND_JMP_SET:
1049 case ZEND_COALESCE:
1050 case ZEND_ASSERT_CHECK:
1051 case ZEND_JMP_NULL:
1052 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, new_opcodes + blocks[b->successors[0]].start);
1053 break;
1054 case ZEND_CATCH:
1055 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
1056 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, new_opcodes + blocks[b->successors[0]].start);
1057 }
1058 break;
1059 case ZEND_FE_FETCH_R:
1060 case ZEND_FE_FETCH_RW:
1061 opline->extended_value = ZEND_OPLINE_TO_OFFSET(opline, new_opcodes + blocks[b->successors[0]].start);
1062 break;
1063 case ZEND_SWITCH_LONG:
1064 case ZEND_SWITCH_STRING:
1065 case ZEND_MATCH:
1066 {
1067 HashTable *jumptable = Z_ARRVAL(ZEND_OP2_LITERAL(opline));
1068 zval *zv;
1069 uint32_t s = 0;
1070 ZEND_ASSERT(b->successors_count == (opline->opcode == ZEND_MATCH ? 1 : 2) + zend_hash_num_elements(jumptable));
1071
1072 ZEND_HASH_FOREACH_VAL(jumptable, zv) {
1073 Z_LVAL_P(zv) = ZEND_OPLINE_TO_OFFSET(opline, new_opcodes + blocks[b->successors[s++]].start);
1074 } ZEND_HASH_FOREACH_END();
1075 opline->extended_value = ZEND_OPLINE_TO_OFFSET(opline, new_opcodes + blocks[b->successors[s++]].start);
1076 break;
1077 }
1078 }
1079 }
1080
1081 /* adjust exception jump targets & remove unused try_catch_array entries */
1082 if (op_array->last_try_catch) {
1083 int i, j;
1084 uint32_t *map;
1085 ALLOCA_FLAG(use_heap);
1086
1087 map = (uint32_t *)do_alloca(sizeof(uint32_t) * op_array->last_try_catch, use_heap);
1088 for (i = 0, j = 0; i< op_array->last_try_catch; i++) {
1089 if (blocks[cfg->map[op_array->try_catch_array[i].try_op]].flags & ZEND_BB_REACHABLE) {
1090 map[i] = j;
1091 op_array->try_catch_array[j].try_op = blocks[cfg->map[op_array->try_catch_array[i].try_op]].start;
1092 if (op_array->try_catch_array[i].catch_op) {
1093 op_array->try_catch_array[j].catch_op = blocks[cfg->map[op_array->try_catch_array[i].catch_op]].start;
1094 } else {
1095 op_array->try_catch_array[j].catch_op = 0;
1096 }
1097 if (op_array->try_catch_array[i].finally_op) {
1098 op_array->try_catch_array[j].finally_op = blocks[cfg->map[op_array->try_catch_array[i].finally_op]].start;
1099 } else {
1100 op_array->try_catch_array[j].finally_op = 0;
1101 }
1102 if (!op_array->try_catch_array[i].finally_end) {
1103 op_array->try_catch_array[j].finally_end = 0;
1104 } else {
1105 op_array->try_catch_array[j].finally_end = blocks[cfg->map[op_array->try_catch_array[i].finally_end]].start;
1106 }
1107 j++;
1108 }
1109 }
1110 if (i != j) {
1111 op_array->last_try_catch = j;
1112 if (j == 0) {
1113 efree(op_array->try_catch_array);
1114 op_array->try_catch_array = NULL;
1115 }
1116
1117 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
1118 zend_op *opline = new_opcodes;
1119 zend_op *end = opline + len;
1120 while (opline < end) {
1121 if (opline->opcode == ZEND_FAST_RET &&
1122 opline->op2.num != (uint32_t)-1 &&
1123 opline->op2.num < (uint32_t)j) {
1124 opline->op2.num = map[opline->op2.num];
1125 }
1126 opline++;
1127 }
1128 }
1129 }
1130 free_alloca(map, use_heap);
1131 }
1132
1133 /* adjust early binding list */
1134 if (op_array->fn_flags & ZEND_ACC_EARLY_BINDING) {
1135 ZEND_ASSERT(op_array == &ctx->script->main_op_array);
1136 ctx->script->first_early_binding_opline =
1137 zend_build_delayed_early_binding_list(op_array);
1138 }
1139
1140 /* rebuild map (just for printing) */
1141 memset(cfg->map, -1, sizeof(int) * op_array->last);
1142 for (n = 0; n < cfg->blocks_count; n++) {
1143 if (cfg->blocks[n].flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
1144 cfg->map[cfg->blocks[n].start] = n;
1145 }
1146 }
1147 }
1148
get_target_block(const zend_cfg * cfg,zend_basic_block * block,int n,uint32_t * opt_count)1149 static zend_always_inline zend_basic_block *get_target_block(const zend_cfg *cfg, zend_basic_block *block, int n, uint32_t *opt_count)
1150 {
1151 int b;
1152 zend_basic_block *target_block = cfg->blocks + block->successors[n];
1153
1154 if (target_block->len == 0 && !(target_block->flags & ZEND_BB_PROTECTED)) {
1155 do {
1156 b = target_block->successors[0];
1157 target_block = cfg->blocks + b;
1158 } while (target_block->len == 0 && !(target_block->flags & ZEND_BB_PROTECTED));
1159 block->successors[n] = b;
1160 ++(*opt_count);
1161 }
1162 return target_block;
1163 }
1164
get_follow_block(const zend_cfg * cfg,zend_basic_block * block,int n,uint32_t * opt_count)1165 static zend_always_inline zend_basic_block *get_follow_block(const zend_cfg *cfg, zend_basic_block *block, int n, uint32_t *opt_count)
1166 {
1167 int b;
1168 zend_basic_block *target_block = cfg->blocks + block->successors[n];
1169
1170 if (target_block->len == 0 && !(target_block->flags & ZEND_BB_PROTECTED)) {
1171 do {
1172 b = target_block->successors[0];
1173 target_block = cfg->blocks + b;
1174 } while (target_block->len == 0 && !(target_block->flags & ZEND_BB_PROTECTED));
1175 block->successors[n] = b;
1176 ++(*opt_count);
1177 }
1178 return target_block;
1179 }
1180
get_next_block(const zend_cfg * cfg,zend_basic_block * block)1181 static zend_always_inline zend_basic_block *get_next_block(const zend_cfg *cfg, zend_basic_block *block)
1182 {
1183 zend_basic_block *next_block = block + 1;
1184 zend_basic_block *end = cfg->blocks + cfg->blocks_count;
1185
1186 while (1) {
1187 if (next_block == end) {
1188 return NULL;
1189 } else if (next_block->flags & ZEND_BB_REACHABLE) {
1190 break;
1191 }
1192 next_block++;
1193 }
1194 while (next_block->len == 0 && !(next_block->flags & ZEND_BB_PROTECTED)) {
1195 next_block = cfg->blocks + next_block->successors[0];
1196 }
1197 return next_block;
1198 }
1199
1200
1201 /* we use "jmp_hitlist" to avoid infinity loops during jmp optimization */
in_hitlist(int target,int * jmp_hitlist,int jmp_hitlist_count)1202 static zend_always_inline int in_hitlist(int target, int *jmp_hitlist, int jmp_hitlist_count)
1203 {
1204 int i;
1205
1206 for (i = 0; i < jmp_hitlist_count; i++) {
1207 if (jmp_hitlist[i] == target) {
1208 return 1;
1209 }
1210 }
1211 return 0;
1212 }
1213
1214 #define CHECK_LOOP(target) \
1215 if (EXPECTED(!in_hitlist(target, jmp_hitlist, jmp_hitlist_count))) { \
1216 jmp_hitlist[jmp_hitlist_count++] = target; \
1217 } else { \
1218 break; \
1219 }
1220
zend_jmp_optimization(zend_basic_block * block,zend_op_array * op_array,const zend_cfg * cfg,int * jmp_hitlist,uint32_t * opt_count)1221 static void zend_jmp_optimization(zend_basic_block *block, zend_op_array *op_array, const zend_cfg *cfg, int *jmp_hitlist, uint32_t *opt_count)
1222 {
1223 /* last_op is the last opcode of the current block */
1224 zend_basic_block *target_block, *follow_block, *next_block;
1225 zend_op *last_op, *target;
1226 int next, jmp_hitlist_count;
1227
1228 if (block->len == 0) {
1229 return;
1230 }
1231
1232 last_op = op_array->opcodes + block->start + block->len - 1;
1233 switch (last_op->opcode) {
1234 case ZEND_JMP:
1235 jmp_hitlist_count = 0;
1236
1237 target_block = get_target_block(cfg, block, 0, opt_count);
1238 while (target_block->len == 1) {
1239 target = op_array->opcodes + target_block->start;
1240 if (target->opcode == ZEND_JMP) {
1241 /* JMP L, L: JMP L1 -> JMP L1 */
1242 next = target_block->successors[0];
1243 } else {
1244 break;
1245 }
1246 CHECK_LOOP(next);
1247 block->successors[0] = next;
1248 ++(*opt_count);
1249 target_block = get_target_block(cfg, block, 0, opt_count);
1250 }
1251
1252 next_block = get_next_block(cfg, block);
1253 if (target_block == next_block) {
1254 /* JMP(next) -> NOP */
1255 MAKE_NOP(last_op);
1256 ++(*opt_count);
1257 block->len--;
1258 } else if (target_block->len == 1) {
1259 target = op_array->opcodes + target_block->start;
1260 if (target->opcode == ZEND_JMPZNZ) {
1261 /* JMP L, L: JMPZNZ L1,L2 -> JMPZNZ L1,L2 */
1262 *last_op = *target;
1263 if (last_op->op1_type == IS_CONST) {
1264 zval zv;
1265 ZVAL_COPY(&zv, &ZEND_OP1_LITERAL(last_op));
1266 last_op->op1.constant = zend_optimizer_add_literal(op_array, &zv);
1267 }
1268 block->successors_count = 2;
1269 block->successors[0] = target_block->successors[0];
1270 block->successors[1] = target_block->successors[1];
1271 ++(*opt_count);
1272 goto optimize_jmpznz;
1273 } else if ((target->opcode == ZEND_RETURN ||
1274 target->opcode == ZEND_RETURN_BY_REF ||
1275 target->opcode == ZEND_GENERATOR_RETURN ||
1276 target->opcode == ZEND_EXIT) &&
1277 !(op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK)) {
1278 /* JMP L, L: RETURN to immediate RETURN */
1279 *last_op = *target;
1280 if (last_op->op1_type == IS_CONST) {
1281 zval zv;
1282 ZVAL_COPY(&zv, &ZEND_OP1_LITERAL(last_op));
1283 last_op->op1.constant = zend_optimizer_add_literal(op_array, &zv);
1284 }
1285 block->successors_count = 0;
1286 ++(*opt_count);
1287 }
1288 }
1289 break;
1290
1291 case ZEND_JMP_SET:
1292 case ZEND_COALESCE:
1293 case ZEND_JMP_NULL:
1294 jmp_hitlist_count = 0;
1295
1296 target_block = get_target_block(cfg, block, 0, opt_count);
1297 while (target_block->len == 1) {
1298 target = op_array->opcodes + target_block->start;
1299
1300 if (target->opcode == ZEND_JMP) {
1301 /* JMP_SET(X, L), L: JMP(L2) -> JMP_SET(X, L2) */
1302 next = target_block->successors[0];
1303 CHECK_LOOP(next);
1304 block->successors[0] = next;
1305 ++(*opt_count);
1306 } else {
1307 break;
1308 }
1309 target_block = get_target_block(cfg, block, 0, opt_count);
1310 }
1311 break;
1312
1313 case ZEND_JMPZ:
1314 case ZEND_JMPNZ:
1315 jmp_hitlist_count = 0;
1316
1317 target_block = get_target_block(cfg, block, 0, opt_count);
1318 while (target_block->len == 1) {
1319 target = op_array->opcodes + target_block->start;
1320
1321 if (target->opcode == ZEND_JMP) {
1322 /* JMPZ(X, L), L: JMP(L2) -> JMPZ(X, L2) */
1323 next = target_block->successors[0];
1324 } else if (target->opcode == last_op->opcode &&
1325 SAME_VAR(target->op1, last_op->op1)) {
1326 /* JMPZ(X, L), L: JMPZ(X, L2) -> JMPZ(X, L2) */
1327 next = target_block->successors[0];
1328 } else if (target->opcode == INV_COND(last_op->opcode) &&
1329 SAME_VAR(target->op1, last_op->op1)) {
1330 /* JMPZ(X, L), L: JMPNZ(X, L2) -> JMPZ(X, L+1) */
1331 next = target_block->successors[1];
1332 } else if (target->opcode == ZEND_JMPZNZ &&
1333 SAME_VAR(target->op1, last_op->op1)) {
1334 /* JMPZ(X, L), L: JMPZNZ(X, L2, L3) -> JMPZ(X, L2) */
1335 next = target_block->successors[last_op->opcode == ZEND_JMPNZ];
1336 } else {
1337 break;
1338 }
1339 CHECK_LOOP(next);
1340 block->successors[0] = next;
1341 ++(*opt_count);
1342 target_block = get_target_block(cfg, block, 0, opt_count);
1343 }
1344
1345 follow_block = get_follow_block(cfg, block, 1, opt_count);
1346 if (target_block == follow_block) {
1347 /* L: JMP[N]Z(X, L+1) -> NOP or FREE(X) */
1348 if (last_op->op1_type == IS_CV) {
1349 last_op->opcode = ZEND_CHECK_VAR;
1350 last_op->op2.num = 0;
1351 } else if (last_op->op1_type & (IS_VAR|IS_TMP_VAR)) {
1352 last_op->opcode = ZEND_FREE;
1353 last_op->op2.num = 0;
1354 } else {
1355 MAKE_NOP(last_op);
1356 block->len--;
1357 }
1358 block->successors_count = 1;
1359 ++(*opt_count);
1360 } else if (follow_block->len == 1) {
1361 target = op_array->opcodes + follow_block->start;
1362 if (target->opcode == ZEND_JMP) {
1363 if (block->successors[0] == follow_block->successors[0]) {
1364 /* JMPZ(X,L1), JMP(L1) -> NOP, JMP(L1) */
1365 if (last_op->op1_type == IS_CV) {
1366 last_op->opcode = ZEND_CHECK_VAR;
1367 last_op->op2.num = 0;
1368 } else if (last_op->op1_type & (IS_VAR|IS_TMP_VAR)) {
1369 last_op->opcode = ZEND_FREE;
1370 last_op->op2.num = 0;
1371 } else {
1372 MAKE_NOP(last_op);
1373 block->len--;
1374 }
1375 block->successors[0] = follow_block - cfg->blocks;
1376 block->successors_count = 1;
1377 ++(*opt_count);
1378 break;
1379 } else if (!(follow_block->flags & (ZEND_BB_TARGET | ZEND_BB_PROTECTED))) {
1380 next_block = get_next_block(cfg, follow_block);
1381
1382 if (target_block == next_block) {
1383 /* JMPZ(X,L1) JMP(L2) L1: -> JMPNZ(X,L2) NOP*/
1384
1385 last_op->opcode = INV_COND(last_op->opcode);
1386
1387 block->successors[0] = follow_block->successors[0];
1388 block->successors[1] = next_block - cfg->blocks;
1389
1390 follow_block->flags &= ~ZEND_BB_REACHABLE;
1391 MAKE_NOP(target);
1392 follow_block->len = 0;
1393
1394 next_block->flags |= ZEND_BB_FOLLOW;
1395
1396 break;
1397 }
1398 }
1399
1400 /* JMPZ(X,L1), JMP(L2) -> JMPZNZ(X,L1,L2) */
1401 if (last_op->opcode == ZEND_JMPZ) {
1402 block->successors[1] = follow_block->successors[0];
1403 } else {
1404 block->successors[1] = block->successors[0];
1405 block->successors[0] = follow_block->successors[0];
1406 }
1407 last_op->opcode = ZEND_JMPZNZ;
1408 ++(*opt_count);
1409 }
1410 }
1411 break;
1412
1413 case ZEND_JMPNZ_EX:
1414 case ZEND_JMPZ_EX:
1415 jmp_hitlist_count = 0;
1416
1417 target_block = get_target_block(cfg, block, 0, opt_count);
1418 while (target_block->len == 1) {
1419 target = op_array->opcodes + target_block->start;
1420
1421 if (target->opcode == ZEND_JMP) {
1422 /* T = JMPZ_EX(X, L), L: JMP(L2) -> T = JMPZ(X, L2) */
1423 next = target_block->successors[0];
1424 } else if (target->opcode == last_op->opcode-3 &&
1425 (SAME_VAR(target->op1, last_op->result) ||
1426 SAME_VAR(target->op1, last_op->op1))) {
1427 /* T = JMPZ_EX(X, L1), L1: JMPZ({X|T}, L2) -> T = JMPZ_EX(X, L2) */
1428 next = target_block->successors[0];
1429 } else if (target->opcode == last_op->opcode &&
1430 target->result.var == last_op->result.var &&
1431 (SAME_VAR(target->op1, last_op->result) ||
1432 SAME_VAR(target->op1, last_op->op1))) {
1433 /* T = JMPZ_EX(X, L1), L1: T = JMPZ_EX({X|T}, L2) -> T = JMPZ_EX(X, L2) */
1434 next = target_block->successors[0];
1435 } else if (target->opcode == ZEND_JMPZNZ &&
1436 (SAME_VAR(target->op1, last_op->result) ||
1437 SAME_VAR(target->op1, last_op->op1))) {
1438 /* T = JMPZ_EX(X, L), L: JMPZNZ({X|T}, L2, L3) -> T = JMPZ_EX(X, L2) */
1439 next = target_block->successors[last_op->opcode == ZEND_JMPNZ_EX];
1440 } else if (target->opcode == INV_EX_COND(last_op->opcode) &&
1441 (SAME_VAR(target->op1, last_op->result) ||
1442 SAME_VAR(target->op1, last_op->op1))) {
1443 /* T = JMPZ_EX(X, L1), L1: JMPNZ({X|T1}, L2) -> T = JMPZ_EX(X, L1+1) */
1444 next = target_block->successors[1];
1445 } else if (target->opcode == INV_EX_COND_EX(last_op->opcode) &&
1446 target->result.var == last_op->result.var &&
1447 (SAME_VAR(target->op1, last_op->result) ||
1448 SAME_VAR(target->op1, last_op->op1))) {
1449 /* T = JMPZ_EX(X, L1), L1: T = JMPNZ_EX({X|T}, L2) -> T = JMPZ_EX(X, L1+1) */
1450 next = target_block->successors[1];
1451 } else if (target->opcode == ZEND_BOOL &&
1452 (SAME_VAR(target->op1, last_op->result) ||
1453 SAME_VAR(target->op1, last_op->op1))) {
1454 /* convert Y = JMPZ_EX(X,L1), L1: Z = BOOL(Y) to
1455 Z = JMPZ_EX(X,L1+1) */
1456
1457 /* NOTE: This optimization pattern is not safe, but works, */
1458 /* because result of JMPZ_EX instruction */
1459 /* is not used on the following path and */
1460 /* should be used once on the branch path. */
1461 /* */
1462 /* The pattern works well only if jums processed in */
1463 /* direct order, otherwise it breaks JMPZ_EX */
1464 /* sequences too early. */
1465 last_op->result.var = target->result.var;
1466 next = target_block->successors[0];
1467 } else {
1468 break;
1469 }
1470 CHECK_LOOP(next);
1471 block->successors[0] = next;
1472 ++(*opt_count);
1473 target_block = get_target_block(cfg, block, 0, opt_count);
1474 }
1475
1476 follow_block = get_follow_block(cfg, block, 1, opt_count);
1477 if (target_block == follow_block) {
1478 /* L: T = JMP[N]Z_EX(X, L+1) -> T = BOOL(X) */
1479 last_op->opcode = ZEND_BOOL;
1480 last_op->op2.num = 0;
1481 block->successors_count = 1;
1482 ++(*opt_count);
1483 break;
1484 }
1485 break;
1486
1487 case ZEND_JMPZNZ: {
1488 optimize_jmpznz:
1489 jmp_hitlist_count = 0;
1490 target_block = get_target_block(cfg, block, 0, opt_count);
1491 while (target_block->len == 1) {
1492 target = op_array->opcodes + target_block->start;
1493
1494 if (target->opcode == ZEND_JMP) {
1495 /* JMPZNZ(X, L1, L2), L1: JMP(L3) -> JMPZNZ(X, L3, L2) */
1496 next = target_block->successors[0];
1497 } else if ((target->opcode == ZEND_JMPZ || target->opcode == ZEND_JMPZNZ) &&
1498 SAME_VAR(target->op1, last_op->op1)) {
1499 /* JMPZNZ(X, L1, L2), L1: JMPZ(X, L3) -> JMPZNZ(X, L3, L2) */
1500 next = target_block->successors[0];
1501 } else if (target->opcode == ZEND_JMPNZ &&
1502 SAME_VAR(target->op1, last_op->op1)) {
1503 /* JMPZNZ(X, L1, L2), L1: X = JMPNZ(X, L3) -> JMPZNZ(X, L1+1, L2) */
1504 next = target_block->successors[1];
1505 } else {
1506 break;
1507 }
1508 CHECK_LOOP(next);
1509 block->successors[0] = next;
1510 ++(*opt_count);
1511 target_block = get_target_block(cfg, block, 0, opt_count);
1512 }
1513
1514 jmp_hitlist_count = 0;
1515 follow_block = get_target_block(cfg, block, 1, opt_count);
1516 while (follow_block->len == 1) {
1517 target = op_array->opcodes + follow_block->start;
1518
1519 if (target->opcode == ZEND_JMP) {
1520 /* JMPZNZ(X, L1, L2), L2: JMP(L3) -> JMPZNZ(X, L1, L3) */
1521 next = follow_block->successors[0];
1522 } else if (target->opcode == ZEND_JMPNZ &&
1523 SAME_VAR(target->op1, last_op->op1)) {
1524 /* JMPZNZ(X, L1, L2), L2: X = JMPNZ(X, L3) -> JMPZNZ(X, L1, L3) */
1525 next = follow_block->successors[0];
1526 } else if ((target->opcode == ZEND_JMPZ || target->opcode == ZEND_JMPZNZ) &&
1527 SAME_VAR(target->op1, last_op->op1)) {
1528 /* JMPZNZ(X, L1, L2), L2: JMPZ(X, L3) -> JMPZNZ(X, L1, L2+1) */
1529 next = follow_block->successors[1];
1530 } else {
1531 break;
1532 }
1533 CHECK_LOOP(next);
1534 block->successors[1] = next;
1535 ++(*opt_count);
1536 follow_block = get_target_block(cfg, block, 1, opt_count);
1537 }
1538
1539 next_block = get_next_block(cfg, block);
1540 if (target_block == follow_block &&
1541 !(last_op->op1_type & (IS_VAR|IS_TMP_VAR))) {
1542 /* JMPZNZ(?,L,L) -> JMP(L) */
1543 last_op->opcode = ZEND_JMP;
1544 SET_UNUSED(last_op->op1);
1545 SET_UNUSED(last_op->op2);
1546 last_op->extended_value = 0;
1547 block->successors_count = 1;
1548 ++(*opt_count);
1549 } else if (target_block == next_block) {
1550 /* jumping to next on Z - can follow to it and jump only on NZ */
1551 /* JMPZNZ(X,L1,L2) L1: -> JMPNZ(X,L2) */
1552 int tmp = block->successors[0];
1553 last_op->opcode = ZEND_JMPNZ;
1554 block->successors[0] = block->successors[1];
1555 block->successors[1] = tmp;
1556 ++(*opt_count);
1557 } else if (follow_block == next_block) {
1558 /* jumping to next on NZ - can follow to it and jump only on Z */
1559 /* JMPZNZ(X,L1,L2) L2: -> JMPZ(X,L1) */
1560 last_op->opcode = ZEND_JMPZ;
1561 ++(*opt_count);
1562 }
1563 break;
1564 }
1565 }
1566 }
1567
1568 /* Global data dependencies */
1569
1570 /* Find a set of variables which are used outside of the block where they are
1571 * defined. We won't apply some optimization patterns for such variables. */
zend_t_usage(zend_cfg * cfg,zend_op_array * op_array,zend_bitset used_ext,zend_optimizer_ctx * ctx)1572 static void zend_t_usage(zend_cfg *cfg, zend_op_array *op_array, zend_bitset used_ext, zend_optimizer_ctx *ctx)
1573 {
1574 int n;
1575 zend_basic_block *block, *next_block;
1576 uint32_t var_num;
1577 uint32_t bitset_len;
1578 zend_bitset usage;
1579 zend_bitset defined_here;
1580 void *checkpoint;
1581 zend_op *opline, *end;
1582
1583
1584 if (op_array->T == 0) {
1585 /* shortcut - if no Ts, nothing to do */
1586 return;
1587 }
1588
1589 checkpoint = zend_arena_checkpoint(ctx->arena);
1590 bitset_len = zend_bitset_len(op_array->last_var + op_array->T);
1591 defined_here = zend_arena_alloc(&ctx->arena, bitset_len * ZEND_BITSET_ELM_SIZE);
1592
1593 zend_bitset_clear(defined_here, bitset_len);
1594 for (n = 1; n < cfg->blocks_count; n++) {
1595 block = cfg->blocks + n;
1596
1597 if (!(block->flags & ZEND_BB_REACHABLE)) {
1598 continue;
1599 }
1600
1601 opline = op_array->opcodes + block->start;
1602 end = opline + block->len;
1603 if (!(block->flags & ZEND_BB_FOLLOW) ||
1604 (block->flags & ZEND_BB_TARGET)) {
1605 /* Skip continuation of "extended" BB */
1606 zend_bitset_clear(defined_here, bitset_len);
1607 }
1608
1609 while (opline<end) {
1610 if (opline->op1_type & (IS_VAR|IS_TMP_VAR)) {
1611 var_num = VAR_NUM(opline->op1.var);
1612 if (!zend_bitset_in(defined_here, var_num)) {
1613 zend_bitset_incl(used_ext, var_num);
1614 }
1615 }
1616 if (opline->op2_type == IS_VAR) {
1617 var_num = VAR_NUM(opline->op2.var);
1618 if (opline->opcode == ZEND_FE_FETCH_R ||
1619 opline->opcode == ZEND_FE_FETCH_RW) {
1620 /* these opcode use the op2 as result */
1621 zend_bitset_incl(defined_here, var_num);
1622 } else if (!zend_bitset_in(defined_here, var_num)) {
1623 zend_bitset_incl(used_ext, var_num);
1624 }
1625 } else if (opline->op2_type == IS_TMP_VAR) {
1626 var_num = VAR_NUM(opline->op2.var);
1627 if (!zend_bitset_in(defined_here, var_num)) {
1628 zend_bitset_incl(used_ext, var_num);
1629 }
1630 }
1631
1632 if (opline->result_type == IS_VAR) {
1633 var_num = VAR_NUM(opline->result.var);
1634 zend_bitset_incl(defined_here, var_num);
1635 } else if (opline->result_type == IS_TMP_VAR) {
1636 var_num = VAR_NUM(opline->result.var);
1637 switch (opline->opcode) {
1638 case ZEND_ADD_ARRAY_ELEMENT:
1639 case ZEND_ADD_ARRAY_UNPACK:
1640 case ZEND_ROPE_ADD:
1641 /* these opcodes use the result as argument */
1642 if (!zend_bitset_in(defined_here, var_num)) {
1643 zend_bitset_incl(used_ext, var_num);
1644 }
1645 break;
1646 default :
1647 zend_bitset_incl(defined_here, var_num);
1648 }
1649 }
1650 opline++;
1651 }
1652 }
1653
1654 if (ctx->debug_level & ZEND_DUMP_BLOCK_PASS_VARS) {
1655 int printed = 0;
1656 uint32_t i;
1657
1658 for (i = op_array->last_var; i< op_array->T; i++) {
1659 if (zend_bitset_in(used_ext, i)) {
1660 if (!printed) {
1661 fprintf(stderr, "NON-LOCAL-VARS: %d", i);
1662 printed = 1;
1663 } else {
1664 fprintf(stderr, ", %d", i);
1665 }
1666 }
1667 }
1668 if (printed) {
1669 fprintf(stderr, "\n");
1670 }
1671 }
1672
1673 usage = defined_here;
1674 next_block = NULL;
1675 for (n = cfg->blocks_count; n > 0;) {
1676 block = cfg->blocks + (--n);
1677
1678 if (!(block->flags & ZEND_BB_REACHABLE) || block->len == 0) {
1679 continue;
1680 }
1681
1682 end = op_array->opcodes + block->start;
1683 opline = end + block->len - 1;
1684 if (!next_block ||
1685 !(next_block->flags & ZEND_BB_FOLLOW) ||
1686 (next_block->flags & ZEND_BB_TARGET)) {
1687 /* Skip continuation of "extended" BB */
1688 zend_bitset_copy(usage, used_ext, bitset_len);
1689 } else if (block->successors_count > 1) {
1690 zend_bitset_union(usage, used_ext, bitset_len);
1691 }
1692 next_block = block;
1693
1694 while (opline >= end) {
1695 /* usage checks */
1696 if (opline->result_type & (IS_VAR|IS_TMP_VAR)) {
1697 if (!zend_bitset_in(usage, VAR_NUM(opline->result.var))) {
1698 switch (opline->opcode) {
1699 case ZEND_ASSIGN_OP:
1700 case ZEND_ASSIGN_DIM_OP:
1701 case ZEND_ASSIGN_OBJ_OP:
1702 case ZEND_ASSIGN_STATIC_PROP_OP:
1703 case ZEND_PRE_INC:
1704 case ZEND_PRE_DEC:
1705 case ZEND_ASSIGN:
1706 case ZEND_ASSIGN_REF:
1707 case ZEND_DO_FCALL:
1708 case ZEND_DO_ICALL:
1709 case ZEND_DO_UCALL:
1710 case ZEND_DO_FCALL_BY_NAME:
1711 opline->result_type = IS_UNUSED;
1712 break;
1713 case ZEND_POST_INC:
1714 case ZEND_POST_DEC:
1715 case ZEND_POST_INC_OBJ:
1716 case ZEND_POST_DEC_OBJ:
1717 case ZEND_POST_INC_STATIC_PROP:
1718 case ZEND_POST_DEC_STATIC_PROP:
1719 opline->opcode -= 2;
1720 opline->result_type = IS_UNUSED;
1721 break;
1722 case ZEND_QM_ASSIGN:
1723 case ZEND_BOOL:
1724 case ZEND_BOOL_NOT:
1725 if (opline->op1_type == IS_CV) {
1726 opline->opcode = ZEND_CHECK_VAR;
1727 SET_UNUSED(opline->result);
1728 } else if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
1729 opline->opcode = ZEND_FREE;
1730 SET_UNUSED(opline->result);
1731 } else {
1732 if (opline->op1_type == IS_CONST) {
1733 literal_dtor(&ZEND_OP1_LITERAL(opline));
1734 }
1735 MAKE_NOP(opline);
1736 }
1737 break;
1738 case ZEND_JMPZ_EX:
1739 case ZEND_JMPNZ_EX:
1740 opline->opcode -= 3;
1741 SET_UNUSED(opline->result);
1742 break;
1743 case ZEND_ADD_ARRAY_ELEMENT:
1744 case ZEND_ADD_ARRAY_UNPACK:
1745 case ZEND_ROPE_ADD:
1746 zend_bitset_incl(usage, VAR_NUM(opline->result.var));
1747 break;
1748 }
1749 } else {
1750 switch (opline->opcode) {
1751 case ZEND_ADD_ARRAY_ELEMENT:
1752 case ZEND_ADD_ARRAY_UNPACK:
1753 case ZEND_ROPE_ADD:
1754 break;
1755 default:
1756 zend_bitset_excl(usage, VAR_NUM(opline->result.var));
1757 break;
1758 }
1759 }
1760 }
1761
1762 if (opline->op2_type == IS_VAR) {
1763 switch (opline->opcode) {
1764 case ZEND_FE_FETCH_R:
1765 case ZEND_FE_FETCH_RW:
1766 zend_bitset_excl(usage, VAR_NUM(opline->op2.var));
1767 break;
1768 default:
1769 zend_bitset_incl(usage, VAR_NUM(opline->op2.var));
1770 break;
1771 }
1772 } else if (opline->op2_type == IS_TMP_VAR) {
1773 zend_bitset_incl(usage, VAR_NUM(opline->op2.var));
1774 }
1775
1776 if (opline->op1_type & (IS_VAR|IS_TMP_VAR)) {
1777 zend_bitset_incl(usage, VAR_NUM(opline->op1.var));
1778 }
1779
1780 opline--;
1781 }
1782 }
1783
1784 zend_arena_release(&ctx->arena, checkpoint);
1785 }
1786
zend_merge_blocks(zend_op_array * op_array,zend_cfg * cfg,uint32_t * opt_count)1787 static void zend_merge_blocks(zend_op_array *op_array, zend_cfg *cfg, uint32_t *opt_count)
1788 {
1789 int i;
1790 zend_basic_block *b, *bb;
1791 zend_basic_block *prev = NULL;
1792
1793 for (i = 0; i < cfg->blocks_count; i++) {
1794 b = cfg->blocks + i;
1795 if (b->flags & ZEND_BB_REACHABLE) {
1796 if ((b->flags & ZEND_BB_FOLLOW) &&
1797 !(b->flags & (ZEND_BB_TARGET | ZEND_BB_PROTECTED)) &&
1798 prev && prev->successors_count == 1 && prev->successors[0] == i)
1799 {
1800 zend_op *last_op = op_array->opcodes + prev->start + prev->len - 1;
1801 if (prev->len != 0 && last_op->opcode == ZEND_JMP) {
1802 MAKE_NOP(last_op);
1803 }
1804
1805 for (bb = prev + 1; bb != b; bb++) {
1806 zend_op *op = op_array->opcodes + bb->start;
1807 zend_op *end = op + bb->len;
1808 while (op < end) {
1809 if (op->op1_type == IS_CONST) {
1810 literal_dtor(&ZEND_OP1_LITERAL(op));
1811 }
1812 if (op->op2_type == IS_CONST) {
1813 literal_dtor(&ZEND_OP2_LITERAL(op));
1814 }
1815 MAKE_NOP(op);
1816 op++;
1817 }
1818 /* make block empty */
1819 bb->len = 0;
1820 }
1821
1822 /* re-link */
1823 prev->flags |= (b->flags & ZEND_BB_EXIT);
1824 prev->len = b->start + b->len - prev->start;
1825 prev->successors_count = b->successors_count;
1826 if (b->successors != b->successors_storage) {
1827 prev->successors = b->successors;
1828 b->successors = b->successors_storage;
1829 } else {
1830 memcpy(prev->successors, b->successors, b->successors_count * sizeof(int));
1831 }
1832
1833 /* unlink & make block empty and unreachable */
1834 b->flags = 0;
1835 b->len = 0;
1836 b->successors_count = 0;
1837 ++(*opt_count);
1838 } else {
1839 prev = b;
1840 }
1841 }
1842 }
1843 }
1844
1845 #define PASSES 3
1846
zend_optimize_cfg(zend_op_array * op_array,zend_optimizer_ctx * ctx)1847 void zend_optimize_cfg(zend_op_array *op_array, zend_optimizer_ctx *ctx)
1848 {
1849 zend_cfg cfg;
1850 zend_basic_block *blocks, *end, *b;
1851 int pass;
1852 uint32_t bitset_len;
1853 zend_bitset usage;
1854 void *checkpoint;
1855 zend_op **Tsource;
1856 uint32_t opt_count;
1857 int *jmp_hitlist;
1858
1859 /* Build CFG */
1860 checkpoint = zend_arena_checkpoint(ctx->arena);
1861 if (zend_build_cfg(&ctx->arena, op_array, 0, &cfg) != SUCCESS) {
1862 zend_arena_release(&ctx->arena, checkpoint);
1863 return;
1864 }
1865
1866 if (cfg.blocks_count * (op_array->last_var + op_array->T) > 64 * 1024 * 1024) {
1867 zend_arena_release(&ctx->arena, checkpoint);
1868 return;
1869 }
1870
1871 if (ctx->debug_level & ZEND_DUMP_BEFORE_BLOCK_PASS) {
1872 zend_dump_op_array(op_array, ZEND_DUMP_CFG, "before block pass", &cfg);
1873 }
1874
1875 bitset_len = zend_bitset_len(op_array->last_var + op_array->T);
1876 Tsource = zend_arena_calloc(&ctx->arena, op_array->last_var + op_array->T, sizeof(zend_op *));
1877 usage = zend_arena_alloc(&ctx->arena, bitset_len * ZEND_BITSET_ELM_SIZE);
1878 jmp_hitlist = zend_arena_alloc(&ctx->arena, cfg.blocks_count * sizeof(int));
1879
1880 blocks = cfg.blocks;
1881 end = blocks + cfg.blocks_count;
1882 for (pass = 0; pass < PASSES; pass++) {
1883 opt_count = 0;
1884
1885 /* Compute data dependencies */
1886 zend_bitset_clear(usage, bitset_len);
1887 zend_t_usage(&cfg, op_array, usage, ctx);
1888
1889 /* optimize each basic block separately */
1890 for (b = blocks; b < end; b++) {
1891 if (!(b->flags & ZEND_BB_REACHABLE)) {
1892 continue;
1893 }
1894 /* we track data dependencies only inside a single basic block */
1895 if (!(b->flags & ZEND_BB_FOLLOW) ||
1896 (b->flags & ZEND_BB_TARGET)) {
1897 /* Skip continuation of "extended" BB */
1898 memset(Tsource, 0, (op_array->last_var + op_array->T) * sizeof(zend_op *));
1899 }
1900 zend_optimize_block(b, op_array, usage, &cfg, Tsource, &opt_count);
1901 }
1902
1903 /* Eliminate NOPs */
1904 for (b = blocks; b < end; b++) {
1905 if (b->flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
1906 strip_nops(op_array, b);
1907 }
1908 }
1909
1910 opt_count = 0;
1911
1912 /* Jump optimization for each block */
1913 for (b = blocks; b < end; b++) {
1914 if (b->flags & ZEND_BB_REACHABLE) {
1915 zend_jmp_optimization(b, op_array, &cfg, jmp_hitlist, &opt_count);
1916 }
1917 }
1918
1919 /* Eliminate unreachable basic blocks */
1920 zend_cfg_remark_reachable_blocks(op_array, &cfg);
1921
1922 /* Merge Blocks */
1923 zend_merge_blocks(op_array, &cfg, &opt_count);
1924
1925 if (opt_count == 0) {
1926 break;
1927 }
1928 }
1929
1930 assemble_code_blocks(&cfg, op_array, ctx);
1931
1932 if (ctx->debug_level & ZEND_DUMP_AFTER_BLOCK_PASS) {
1933 zend_dump_op_array(op_array, ZEND_DUMP_CFG | ZEND_DUMP_HIDE_UNREACHABLE, "after block pass", &cfg);
1934 }
1935
1936 /* Destroy CFG */
1937 zend_arena_release(&ctx->arena, checkpoint);
1938 }
1939
