xref: /PHP-8.2/Zend/zend_compile.c (revision 02ee521e)
1 /*
2    +----------------------------------------------------------------------+
3    | Zend Engine                                                          |
4    +----------------------------------------------------------------------+
5    | Copyright (c) Zend Technologies Ltd. (http://www.zend.com)           |
6    +----------------------------------------------------------------------+
7    | This source file is subject to version 2.00 of the Zend license,     |
8    | that is bundled with this package in the file LICENSE, and is        |
9    | available through the world-wide-web at the following url:           |
10    | http://www.zend.com/license/2_00.txt.                                |
11    | If you did not receive a copy of the Zend license and are unable to  |
12    | obtain it through the world-wide-web, please send a note to          |
13    | license@zend.com so we can mail you a copy immediately.              |
14    +----------------------------------------------------------------------+
15    | Authors: Andi Gutmans <andi@php.net>                                 |
16    |          Zeev Suraski <zeev@php.net>                                 |
17    |          Nikita Popov <nikic@php.net>                                |
18    +----------------------------------------------------------------------+
19 */
20 
21 #include <zend_language_parser.h>
22 #include "zend.h"
23 #include "zend_attributes.h"
24 #include "zend_compile.h"
25 #include "zend_constants.h"
26 #include "zend_llist.h"
27 #include "zend_API.h"
28 #include "zend_exceptions.h"
29 #include "zend_interfaces.h"
30 #include "zend_virtual_cwd.h"
31 #include "zend_multibyte.h"
32 #include "zend_language_scanner.h"
33 #include "zend_inheritance.h"
34 #include "zend_vm.h"
35 #include "zend_enum.h"
36 #include "zend_observer.h"
37 
38 #define SET_NODE(target, src) do { \
39 		target ## _type = (src)->op_type; \
40 		if ((src)->op_type == IS_CONST) { \
41 			target.constant = zend_add_literal(&(src)->u.constant); \
42 		} else { \
43 			target = (src)->u.op; \
44 		} \
45 	} while (0)
46 
47 #define GET_NODE(target, src) do { \
48 		(target)->op_type = src ## _type; \
49 		if ((target)->op_type == IS_CONST) { \
50 			ZVAL_COPY_VALUE(&(target)->u.constant, CT_CONSTANT(src)); \
51 		} else { \
52 			(target)->u.op = src; \
53 		} \
54 	} while (0)
55 
56 #define FC(member) (CG(file_context).member)
57 
58 typedef struct _zend_loop_var {
59 	zend_uchar opcode;
60 	zend_uchar var_type;
61 	uint32_t   var_num;
62 	uint32_t   try_catch_offset;
63 } zend_loop_var;
64 
zend_alloc_cache_slots(unsigned count)65 static inline uint32_t zend_alloc_cache_slots(unsigned count) {
66 	if (count == 0) {
67 		/* Even if no cache slots are desired, the VM handler may still want to acquire
68 		 * CACHE_ADDR() unconditionally. Returning zero makes sure that the address
69 		 * calculation is still legal and ubsan does not complain. */
70 		return 0;
71 	}
72 
73 	zend_op_array *op_array = CG(active_op_array);
74 	uint32_t ret = op_array->cache_size;
75 	op_array->cache_size += count * sizeof(void*);
76 	return ret;
77 }
78 
zend_alloc_cache_slot(void)79 static inline uint32_t zend_alloc_cache_slot(void) {
80 	return zend_alloc_cache_slots(1);
81 }
82 
83 ZEND_API zend_op_array *(*zend_compile_file)(zend_file_handle *file_handle, int type);
84 ZEND_API zend_op_array *(*zend_compile_string)(zend_string *source_string, const char *filename, zend_compile_position position);
85 
86 #ifndef ZTS
87 ZEND_API zend_compiler_globals compiler_globals;
88 ZEND_API zend_executor_globals executor_globals;
89 #endif
90 
91 static zend_op *zend_emit_op(znode *result, zend_uchar opcode, znode *op1, znode *op2);
92 static bool zend_try_ct_eval_array(zval *result, zend_ast *ast);
93 static void zend_eval_const_expr(zend_ast **ast_ptr);
94 
95 static zend_op *zend_compile_var(znode *result, zend_ast *ast, uint32_t type, bool by_ref);
96 static zend_op *zend_delayed_compile_var(znode *result, zend_ast *ast, uint32_t type, bool by_ref);
97 static void zend_compile_expr(znode *result, zend_ast *ast);
98 static void zend_compile_stmt(zend_ast *ast);
99 static void zend_compile_assign(znode *result, zend_ast *ast);
100 
init_op(zend_op * op)101 static void init_op(zend_op *op)
102 {
103 	MAKE_NOP(op);
104 	op->extended_value = 0;
105 	op->lineno = CG(zend_lineno);
106 }
107 
get_next_op_number(void)108 static zend_always_inline uint32_t get_next_op_number(void)
109 {
110 	return CG(active_op_array)->last;
111 }
112 
get_next_op(void)113 static zend_op *get_next_op(void)
114 {
115 	zend_op_array *op_array = CG(active_op_array);
116 	uint32_t next_op_num = op_array->last++;
117 	zend_op *next_op;
118 
119 	if (UNEXPECTED(next_op_num >= CG(context).opcodes_size)) {
120 		CG(context).opcodes_size *= 4;
121 		op_array->opcodes = erealloc(op_array->opcodes, CG(context).opcodes_size * sizeof(zend_op));
122 	}
123 
124 	next_op = &(op_array->opcodes[next_op_num]);
125 
126 	init_op(next_op);
127 
128 	return next_op;
129 }
130 
get_next_brk_cont_element(void)131 static zend_brk_cont_element *get_next_brk_cont_element(void)
132 {
133 	CG(context).last_brk_cont++;
134 	CG(context).brk_cont_array = erealloc(CG(context).brk_cont_array, sizeof(zend_brk_cont_element) * CG(context).last_brk_cont);
135 	return &CG(context).brk_cont_array[CG(context).last_brk_cont-1];
136 }
137 
zend_build_runtime_definition_key(zend_string * name,uint32_t start_lineno)138 static zend_string *zend_build_runtime_definition_key(zend_string *name, uint32_t start_lineno) /* {{{ */
139 {
140 	zend_string *filename = CG(active_op_array)->filename;
141 	zend_string *result = zend_strpprintf(0, "%c%s%s:%" PRIu32 "$%" PRIx32,
142 		'\0', ZSTR_VAL(name), ZSTR_VAL(filename), start_lineno, CG(rtd_key_counter)++);
143 	return zend_new_interned_string(result);
144 }
145 /* }}} */
146 
zend_get_unqualified_name(const zend_string * name,const char ** result,size_t * result_len)147 static bool zend_get_unqualified_name(const zend_string *name, const char **result, size_t *result_len) /* {{{ */
148 {
149 	const char *ns_separator = zend_memrchr(ZSTR_VAL(name), '\\', ZSTR_LEN(name));
150 	if (ns_separator != NULL) {
151 		*result = ns_separator + 1;
152 		*result_len = ZSTR_VAL(name) + ZSTR_LEN(name) - *result;
153 		return 1;
154 	}
155 
156 	return 0;
157 }
158 /* }}} */
159 
160 struct reserved_class_name {
161 	const char *name;
162 	size_t len;
163 };
164 static const struct reserved_class_name reserved_class_names[] = {
165 	{ZEND_STRL("bool")},
166 	{ZEND_STRL("false")},
167 	{ZEND_STRL("float")},
168 	{ZEND_STRL("int")},
169 	{ZEND_STRL("null")},
170 	{ZEND_STRL("parent")},
171 	{ZEND_STRL("self")},
172 	{ZEND_STRL("static")},
173 	{ZEND_STRL("string")},
174 	{ZEND_STRL("true")},
175 	{ZEND_STRL("void")},
176 	{ZEND_STRL("never")},
177 	{ZEND_STRL("iterable")},
178 	{ZEND_STRL("object")},
179 	{ZEND_STRL("mixed")},
180 	{NULL, 0}
181 };
182 
zend_is_reserved_class_name(const zend_string * name)183 static bool zend_is_reserved_class_name(const zend_string *name) /* {{{ */
184 {
185 	const struct reserved_class_name *reserved = reserved_class_names;
186 
187 	const char *uqname = ZSTR_VAL(name);
188 	size_t uqname_len = ZSTR_LEN(name);
189 	zend_get_unqualified_name(name, &uqname, &uqname_len);
190 
191 	for (; reserved->name; ++reserved) {
192 		if (uqname_len == reserved->len
193 			&& zend_binary_strcasecmp(uqname, uqname_len, reserved->name, reserved->len) == 0
194 		) {
195 			return 1;
196 		}
197 	}
198 
199 	return 0;
200 }
201 /* }}} */
202 
zend_assert_valid_class_name(const zend_string * name)203 void zend_assert_valid_class_name(const zend_string *name) /* {{{ */
204 {
205 	if (zend_is_reserved_class_name(name)) {
206 		zend_error_noreturn(E_COMPILE_ERROR,
207 			"Cannot use '%s' as class name as it is reserved", ZSTR_VAL(name));
208 	}
209 }
210 /* }}} */
211 
212 typedef struct _builtin_type_info {
213 	const char* name;
214 	const size_t name_len;
215 	const zend_uchar type;
216 } builtin_type_info;
217 
218 static const builtin_type_info builtin_types[] = {
219 	{ZEND_STRL("null"), IS_NULL},
220 	{ZEND_STRL("true"), IS_TRUE},
221 	{ZEND_STRL("false"), IS_FALSE},
222 	{ZEND_STRL("int"), IS_LONG},
223 	{ZEND_STRL("float"), IS_DOUBLE},
224 	{ZEND_STRL("string"), IS_STRING},
225 	{ZEND_STRL("bool"), _IS_BOOL},
226 	{ZEND_STRL("void"), IS_VOID},
227 	{ZEND_STRL("never"), IS_NEVER},
228 	{ZEND_STRL("iterable"), IS_ITERABLE},
229 	{ZEND_STRL("object"), IS_OBJECT},
230 	{ZEND_STRL("mixed"), IS_MIXED},
231 	{NULL, 0, IS_UNDEF}
232 };
233 
234 typedef struct {
235 	const char *name;
236 	size_t name_len;
237 	const char *correct_name;
238 } confusable_type_info;
239 
240 static const confusable_type_info confusable_types[] = {
241 	{ZEND_STRL("boolean"), "bool"},
242 	{ZEND_STRL("integer"), "int"},
243 	{ZEND_STRL("double"), "float"},
244 	{ZEND_STRL("resource"), NULL},
245 	{NULL, 0, NULL},
246 };
247 
zend_lookup_builtin_type_by_name(const zend_string * name)248 static zend_always_inline zend_uchar zend_lookup_builtin_type_by_name(const zend_string *name) /* {{{ */
249 {
250 	const builtin_type_info *info = &builtin_types[0];
251 
252 	for (; info->name; ++info) {
253 		if (ZSTR_LEN(name) == info->name_len
254 			&& zend_binary_strcasecmp(ZSTR_VAL(name), ZSTR_LEN(name), info->name, info->name_len) == 0
255 		) {
256 			return info->type;
257 		}
258 	}
259 
260 	return 0;
261 }
262 /* }}} */
263 
zend_is_confusable_type(const zend_string * name,const char ** correct_name)264 static zend_always_inline bool zend_is_confusable_type(const zend_string *name, const char **correct_name) /* {{{ */
265 {
266 	const confusable_type_info *info = confusable_types;
267 
268 	/* Intentionally using case-sensitive comparison here, because "integer" is likely intended
269 	 * as a scalar type, while "Integer" is likely a class type. */
270 	for (; info->name; ++info) {
271 		if (zend_string_equals_cstr(name, info->name, info->name_len)) {
272 			*correct_name = info->correct_name;
273 			return 1;
274 		}
275 	}
276 
277 	return 0;
278 }
279 /* }}} */
280 
zend_is_not_imported(zend_string * name)281 static bool zend_is_not_imported(zend_string *name) {
282 	/* Assuming "name" is unqualified here. */
283 	return !FC(imports) || zend_hash_find_ptr_lc(FC(imports), name) == NULL;
284 }
285 
zend_oparray_context_begin(zend_oparray_context * prev_context)286 void zend_oparray_context_begin(zend_oparray_context *prev_context) /* {{{ */
287 {
288 	*prev_context = CG(context);
289 	CG(context).opcodes_size = INITIAL_OP_ARRAY_SIZE;
290 	CG(context).vars_size = 0;
291 	CG(context).literals_size = 0;
292 	CG(context).fast_call_var = -1;
293 	CG(context).try_catch_offset = -1;
294 	CG(context).current_brk_cont = -1;
295 	CG(context).last_brk_cont = 0;
296 	CG(context).brk_cont_array = NULL;
297 	CG(context).labels = NULL;
298 }
299 /* }}} */
300 
zend_oparray_context_end(zend_oparray_context * prev_context)301 void zend_oparray_context_end(zend_oparray_context *prev_context) /* {{{ */
302 {
303 	if (CG(context).brk_cont_array) {
304 		efree(CG(context).brk_cont_array);
305 		CG(context).brk_cont_array = NULL;
306 	}
307 	if (CG(context).labels) {
308 		zend_hash_destroy(CG(context).labels);
309 		FREE_HASHTABLE(CG(context).labels);
310 		CG(context).labels = NULL;
311 	}
312 	CG(context) = *prev_context;
313 }
314 /* }}} */
315 
zend_reset_import_tables(void)316 static void zend_reset_import_tables(void) /* {{{ */
317 {
318 	if (FC(imports)) {
319 		zend_hash_destroy(FC(imports));
320 		efree(FC(imports));
321 		FC(imports) = NULL;
322 	}
323 
324 	if (FC(imports_function)) {
325 		zend_hash_destroy(FC(imports_function));
326 		efree(FC(imports_function));
327 		FC(imports_function) = NULL;
328 	}
329 
330 	if (FC(imports_const)) {
331 		zend_hash_destroy(FC(imports_const));
332 		efree(FC(imports_const));
333 		FC(imports_const) = NULL;
334 	}
335 }
336 /* }}} */
337 
zend_end_namespace(void)338 static void zend_end_namespace(void) /* {{{ */ {
339 	FC(in_namespace) = 0;
340 	zend_reset_import_tables();
341 	if (FC(current_namespace)) {
342 		zend_string_release_ex(FC(current_namespace), 0);
343 		FC(current_namespace) = NULL;
344 	}
345 }
346 /* }}} */
347 
zend_file_context_begin(zend_file_context * prev_context)348 void zend_file_context_begin(zend_file_context *prev_context) /* {{{ */
349 {
350 	*prev_context = CG(file_context);
351 	FC(imports) = NULL;
352 	FC(imports_function) = NULL;
353 	FC(imports_const) = NULL;
354 	FC(current_namespace) = NULL;
355 	FC(in_namespace) = 0;
356 	FC(has_bracketed_namespaces) = 0;
357 	FC(declarables).ticks = 0;
358 	zend_hash_init(&FC(seen_symbols), 8, NULL, NULL, 0);
359 }
360 /* }}} */
361 
zend_file_context_end(zend_file_context * prev_context)362 void zend_file_context_end(zend_file_context *prev_context) /* {{{ */
363 {
364 	zend_end_namespace();
365 	zend_hash_destroy(&FC(seen_symbols));
366 	CG(file_context) = *prev_context;
367 }
368 /* }}} */
369 
zend_init_compiler_data_structures(void)370 void zend_init_compiler_data_structures(void) /* {{{ */
371 {
372 	zend_stack_init(&CG(loop_var_stack), sizeof(zend_loop_var));
373 	zend_stack_init(&CG(delayed_oplines_stack), sizeof(zend_op));
374 	zend_stack_init(&CG(short_circuiting_opnums), sizeof(uint32_t));
375 	CG(active_class_entry) = NULL;
376 	CG(in_compilation) = 0;
377 	CG(skip_shebang) = 0;
378 
379 	CG(encoding_declared) = 0;
380 	CG(memoized_exprs) = NULL;
381 	CG(memoize_mode) = 0;
382 }
383 /* }}} */
384 
zend_register_seen_symbol(zend_string * name,uint32_t kind)385 static void zend_register_seen_symbol(zend_string *name, uint32_t kind) {
386 	zval *zv = zend_hash_find(&FC(seen_symbols), name);
387 	if (zv) {
388 		Z_LVAL_P(zv) |= kind;
389 	} else {
390 		zval tmp;
391 		ZVAL_LONG(&tmp, kind);
392 		zend_hash_add_new(&FC(seen_symbols), name, &tmp);
393 	}
394 }
395 
zend_have_seen_symbol(zend_string * name,uint32_t kind)396 static bool zend_have_seen_symbol(zend_string *name, uint32_t kind) {
397 	zval *zv = zend_hash_find(&FC(seen_symbols), name);
398 	return zv && (Z_LVAL_P(zv) & kind) != 0;
399 }
400 
init_compiler(void)401 void init_compiler(void) /* {{{ */
402 {
403 	CG(arena) = zend_arena_create(64 * 1024);
404 	CG(active_op_array) = NULL;
405 	memset(&CG(context), 0, sizeof(CG(context)));
406 	zend_init_compiler_data_structures();
407 	zend_init_rsrc_list();
408 	zend_stream_init();
409 	CG(unclean_shutdown) = 0;
410 
411 	CG(delayed_variance_obligations) = NULL;
412 	CG(delayed_autoloads) = NULL;
413 	CG(unlinked_uses) = NULL;
414 	CG(current_linking_class) = NULL;
415 }
416 /* }}} */
417 
shutdown_compiler(void)418 void shutdown_compiler(void) /* {{{ */
419 {
420 	/* Reset filename before destroying the arena, as file cache may use arena allocated strings. */
421 	zend_restore_compiled_filename(NULL);
422 
423 	zend_stack_destroy(&CG(loop_var_stack));
424 	zend_stack_destroy(&CG(delayed_oplines_stack));
425 	zend_stack_destroy(&CG(short_circuiting_opnums));
426 
427 	if (CG(delayed_variance_obligations)) {
428 		zend_hash_destroy(CG(delayed_variance_obligations));
429 		FREE_HASHTABLE(CG(delayed_variance_obligations));
430 		CG(delayed_variance_obligations) = NULL;
431 	}
432 	if (CG(delayed_autoloads)) {
433 		zend_hash_destroy(CG(delayed_autoloads));
434 		FREE_HASHTABLE(CG(delayed_autoloads));
435 		CG(delayed_autoloads) = NULL;
436 	}
437 	if (CG(unlinked_uses)) {
438 		zend_hash_destroy(CG(unlinked_uses));
439 		FREE_HASHTABLE(CG(unlinked_uses));
440 		CG(unlinked_uses) = NULL;
441 	}
442 	CG(current_linking_class) = NULL;
443 }
444 /* }}} */
445 
zend_set_compiled_filename(zend_string * new_compiled_filename)446 ZEND_API zend_string *zend_set_compiled_filename(zend_string *new_compiled_filename) /* {{{ */
447 {
448 	CG(compiled_filename) = zend_string_copy(new_compiled_filename);
449 	return new_compiled_filename;
450 }
451 /* }}} */
452 
zend_restore_compiled_filename(zend_string * original_compiled_filename)453 ZEND_API void zend_restore_compiled_filename(zend_string *original_compiled_filename) /* {{{ */
454 {
455 	if (CG(compiled_filename)) {
456 		zend_string_release(CG(compiled_filename));
457 		CG(compiled_filename) = NULL;
458 	}
459 	CG(compiled_filename) = original_compiled_filename;
460 }
461 /* }}} */
462 
zend_get_compiled_filename(void)463 ZEND_API zend_string *zend_get_compiled_filename(void) /* {{{ */
464 {
465 	return CG(compiled_filename);
466 }
467 /* }}} */
468 
zend_get_compiled_lineno(void)469 ZEND_API int zend_get_compiled_lineno(void) /* {{{ */
470 {
471 	return CG(zend_lineno);
472 }
473 /* }}} */
474 
zend_is_compiling(void)475 ZEND_API bool zend_is_compiling(void) /* {{{ */
476 {
477 	return CG(in_compilation);
478 }
479 /* }}} */
480 
get_temporary_variable(void)481 static zend_always_inline uint32_t get_temporary_variable(void) /* {{{ */
482 {
483 	return (uint32_t)CG(active_op_array)->T++;
484 }
485 /* }}} */
486 
lookup_cv(zend_string * name)487 static int lookup_cv(zend_string *name) /* {{{ */{
488 	zend_op_array *op_array = CG(active_op_array);
489 	int i = 0;
490 	zend_ulong hash_value = zend_string_hash_val(name);
491 
492 	while (i < op_array->last_var) {
493 		if (ZSTR_H(op_array->vars[i]) == hash_value
494 		 && zend_string_equals(op_array->vars[i], name)) {
495 			return EX_NUM_TO_VAR(i);
496 		}
497 		i++;
498 	}
499 	i = op_array->last_var;
500 	op_array->last_var++;
501 	if (op_array->last_var > CG(context).vars_size) {
502 		CG(context).vars_size += 16; /* FIXME */
503 		op_array->vars = erealloc(op_array->vars, CG(context).vars_size * sizeof(zend_string*));
504 	}
505 
506 	op_array->vars[i] = zend_string_copy(name);
507 	return EX_NUM_TO_VAR(i);
508 }
509 /* }}} */
510 
zval_make_interned_string(zval * zv)511 zend_string *zval_make_interned_string(zval *zv)
512 {
513 	ZEND_ASSERT(Z_TYPE_P(zv) == IS_STRING);
514 	Z_STR_P(zv) = zend_new_interned_string(Z_STR_P(zv));
515 	if (ZSTR_IS_INTERNED(Z_STR_P(zv))) {
516 		Z_TYPE_FLAGS_P(zv) = 0;
517 	}
518 	return Z_STR_P(zv);
519 }
520 
521 /* Common part of zend_add_literal and zend_append_individual_literal */
zend_insert_literal(zend_op_array * op_array,zval * zv,int literal_position)522 static inline void zend_insert_literal(zend_op_array *op_array, zval *zv, int literal_position) /* {{{ */
523 {
524 	zval *lit = CT_CONSTANT_EX(op_array, literal_position);
525 	if (Z_TYPE_P(zv) == IS_STRING) {
526 		zval_make_interned_string(zv);
527 	}
528 	ZVAL_COPY_VALUE(lit, zv);
529 	Z_EXTRA_P(lit) = 0;
530 }
531 /* }}} */
532 
533 /* Is used while compiling a function, using the context to keep track
534    of an approximate size to avoid to relocate to often.
535    Literals are truncated to actual size in the second compiler pass (pass_two()). */
zend_add_literal(zval * zv)536 static int zend_add_literal(zval *zv) /* {{{ */
537 {
538 	zend_op_array *op_array = CG(active_op_array);
539 	int i = op_array->last_literal;
540 	op_array->last_literal++;
541 	if (i >= CG(context).literals_size) {
542 		while (i >= CG(context).literals_size) {
543 			CG(context).literals_size += 16; /* FIXME */
544 		}
545 		op_array->literals = (zval*)erealloc(op_array->literals, CG(context).literals_size * sizeof(zval));
546 	}
547 	zend_insert_literal(op_array, zv, i);
548 	return i;
549 }
550 /* }}} */
551 
zend_add_literal_string(zend_string ** str)552 static inline int zend_add_literal_string(zend_string **str) /* {{{ */
553 {
554 	int ret;
555 	zval zv;
556 	ZVAL_STR(&zv, *str);
557 	ret = zend_add_literal(&zv);
558 	*str = Z_STR(zv);
559 	return ret;
560 }
561 /* }}} */
562 
zend_add_func_name_literal(zend_string * name)563 static int zend_add_func_name_literal(zend_string *name) /* {{{ */
564 {
565 	/* Original name */
566 	int ret = zend_add_literal_string(&name);
567 
568 	/* Lowercased name */
569 	zend_string *lc_name = zend_string_tolower(name);
570 	zend_add_literal_string(&lc_name);
571 
572 	return ret;
573 }
574 /* }}} */
575 
zend_add_ns_func_name_literal(zend_string * name)576 static int zend_add_ns_func_name_literal(zend_string *name) /* {{{ */
577 {
578 	const char *unqualified_name;
579 	size_t unqualified_name_len;
580 
581 	/* Original name */
582 	int ret = zend_add_literal_string(&name);
583 
584 	/* Lowercased name */
585 	zend_string *lc_name = zend_string_tolower(name);
586 	zend_add_literal_string(&lc_name);
587 
588 	/* Lowercased unqualified name */
589 	if (zend_get_unqualified_name(name, &unqualified_name, &unqualified_name_len)) {
590 		lc_name = zend_string_alloc(unqualified_name_len, 0);
591 		zend_str_tolower_copy(ZSTR_VAL(lc_name), unqualified_name, unqualified_name_len);
592 		zend_add_literal_string(&lc_name);
593 	}
594 
595 	return ret;
596 }
597 /* }}} */
598 
zend_add_class_name_literal(zend_string * name)599 static int zend_add_class_name_literal(zend_string *name) /* {{{ */
600 {
601 	/* Original name */
602 	int ret = zend_add_literal_string(&name);
603 
604 	/* Lowercased name */
605 	zend_string *lc_name = zend_string_tolower(name);
606 	zend_add_literal_string(&lc_name);
607 
608 	return ret;
609 }
610 /* }}} */
611 
zend_add_const_name_literal(zend_string * name,bool unqualified)612 static int zend_add_const_name_literal(zend_string *name, bool unqualified) /* {{{ */
613 {
614 	zend_string *tmp_name;
615 
616 	int ret = zend_add_literal_string(&name);
617 
618 	size_t ns_len = 0, after_ns_len = ZSTR_LEN(name);
619 	const char *after_ns = zend_memrchr(ZSTR_VAL(name), '\\', ZSTR_LEN(name));
620 	if (after_ns) {
621 		after_ns += 1;
622 		ns_len = after_ns - ZSTR_VAL(name) - 1;
623 		after_ns_len = ZSTR_LEN(name) - ns_len - 1;
624 
625 		/* lowercased namespace name & original constant name */
626 		tmp_name = zend_string_init(ZSTR_VAL(name), ZSTR_LEN(name), 0);
627 		zend_str_tolower(ZSTR_VAL(tmp_name), ns_len);
628 		zend_add_literal_string(&tmp_name);
629 
630 		if (!unqualified) {
631 			return ret;
632 		}
633 	} else {
634 		after_ns = ZSTR_VAL(name);
635 	}
636 
637 	/* original unqualified constant name */
638 	tmp_name = zend_string_init(after_ns, after_ns_len, 0);
639 	zend_add_literal_string(&tmp_name);
640 
641 	return ret;
642 }
643 /* }}} */
644 
645 #define LITERAL_STR(op, str) do { \
646 		zval _c; \
647 		ZVAL_STR(&_c, str); \
648 		op.constant = zend_add_literal(&_c); \
649 	} while (0)
650 
zend_stop_lexing(void)651 void zend_stop_lexing(void)
652 {
653 	if (LANG_SCNG(on_event)) {
654 		LANG_SCNG(on_event)(ON_STOP, END, 0, NULL, 0, LANG_SCNG(on_event_context));
655 	}
656 
657 	LANG_SCNG(yy_cursor) = LANG_SCNG(yy_limit);
658 }
659 
zend_begin_loop(zend_uchar free_opcode,const znode * loop_var,bool is_switch)660 static inline void zend_begin_loop(
661 		zend_uchar free_opcode, const znode *loop_var, bool is_switch) /* {{{ */
662 {
663 	zend_brk_cont_element *brk_cont_element;
664 	int parent = CG(context).current_brk_cont;
665 	zend_loop_var info = {0};
666 
667 	CG(context).current_brk_cont = CG(context).last_brk_cont;
668 	brk_cont_element = get_next_brk_cont_element();
669 	brk_cont_element->parent = parent;
670 	brk_cont_element->is_switch = is_switch;
671 
672 	if (loop_var && (loop_var->op_type & (IS_VAR|IS_TMP_VAR))) {
673 		uint32_t start = get_next_op_number();
674 
675 		info.opcode = free_opcode;
676 		info.var_type = loop_var->op_type;
677 		info.var_num = loop_var->u.op.var;
678 		brk_cont_element->start = start;
679 	} else {
680 		info.opcode = ZEND_NOP;
681 		/* The start field is used to free temporary variables in case of exceptions.
682 		 * We won't try to free something of we don't have loop variable.  */
683 		brk_cont_element->start = -1;
684 	}
685 
686 	zend_stack_push(&CG(loop_var_stack), &info);
687 }
688 /* }}} */
689 
zend_end_loop(int cont_addr,const znode * var_node)690 static inline void zend_end_loop(int cont_addr, const znode *var_node) /* {{{ */
691 {
692 	uint32_t end = get_next_op_number();
693 	zend_brk_cont_element *brk_cont_element
694 		= &CG(context).brk_cont_array[CG(context).current_brk_cont];
695 	brk_cont_element->cont = cont_addr;
696 	brk_cont_element->brk = end;
697 	CG(context).current_brk_cont = brk_cont_element->parent;
698 
699 	zend_stack_del_top(&CG(loop_var_stack));
700 }
701 /* }}} */
702 
zend_do_free(znode * op1)703 static void zend_do_free(znode *op1) /* {{{ */
704 {
705 	if (op1->op_type == IS_TMP_VAR) {
706 		zend_op *opline = &CG(active_op_array)->opcodes[CG(active_op_array)->last-1];
707 
708 		while (opline->opcode == ZEND_END_SILENCE ||
709 		       opline->opcode == ZEND_OP_DATA) {
710 			opline--;
711 		}
712 
713 		if (opline->result_type == IS_TMP_VAR && opline->result.var == op1->u.op.var) {
714 			switch (opline->opcode) {
715 				case ZEND_BOOL:
716 				case ZEND_BOOL_NOT:
717 					/* boolean results don't have to be freed */
718 					return;
719 				case ZEND_POST_INC_STATIC_PROP:
720 				case ZEND_POST_DEC_STATIC_PROP:
721 				case ZEND_POST_INC_OBJ:
722 				case ZEND_POST_DEC_OBJ:
723 				case ZEND_POST_INC:
724 				case ZEND_POST_DEC:
725 					/* convert $i++ to ++$i */
726 					opline->opcode -= 2;
727 					SET_UNUSED(opline->result);
728 					return;
729 				case ZEND_ASSIGN:
730 				case ZEND_ASSIGN_DIM:
731 				case ZEND_ASSIGN_OBJ:
732 				case ZEND_ASSIGN_STATIC_PROP:
733 				case ZEND_ASSIGN_OP:
734 				case ZEND_ASSIGN_DIM_OP:
735 				case ZEND_ASSIGN_OBJ_OP:
736 				case ZEND_ASSIGN_STATIC_PROP_OP:
737 				case ZEND_PRE_INC_STATIC_PROP:
738 				case ZEND_PRE_DEC_STATIC_PROP:
739 				case ZEND_PRE_INC_OBJ:
740 				case ZEND_PRE_DEC_OBJ:
741 				case ZEND_PRE_INC:
742 				case ZEND_PRE_DEC:
743 					SET_UNUSED(opline->result);
744 					return;
745 			}
746 		}
747 
748 		zend_emit_op(NULL, ZEND_FREE, op1, NULL);
749 	} else if (op1->op_type == IS_VAR) {
750 		zend_op *opline = &CG(active_op_array)->opcodes[CG(active_op_array)->last-1];
751 		while (opline->opcode == ZEND_END_SILENCE ||
752 				opline->opcode == ZEND_EXT_FCALL_END ||
753 				opline->opcode == ZEND_OP_DATA) {
754 			opline--;
755 		}
756 		if (opline->result_type == IS_VAR
757 			&& opline->result.var == op1->u.op.var) {
758 			if (opline->opcode == ZEND_FETCH_THIS) {
759 				opline->opcode = ZEND_NOP;
760 			}
761 			SET_UNUSED(opline->result);
762 		} else {
763 			while (opline >= CG(active_op_array)->opcodes) {
764 				if ((opline->opcode == ZEND_FETCH_LIST_R ||
765 				     opline->opcode == ZEND_FETCH_LIST_W) &&
766 				    opline->op1_type == IS_VAR &&
767 				    opline->op1.var == op1->u.op.var) {
768 					zend_emit_op(NULL, ZEND_FREE, op1, NULL);
769 					return;
770 				}
771 				if (opline->result_type == IS_VAR
772 					&& opline->result.var == op1->u.op.var) {
773 					if (opline->opcode == ZEND_NEW) {
774 						zend_emit_op(NULL, ZEND_FREE, op1, NULL);
775 					}
776 					break;
777 				}
778 				opline--;
779 			}
780 		}
781 	} else if (op1->op_type == IS_CONST) {
782 		/* Destroy value without using GC: When opcache moves arrays into SHM it will
783 		 * free the zend_array structure, so references to it from outside the op array
784 		 * become invalid. GC would cause such a reference in the root buffer. */
785 		zval_ptr_dtor_nogc(&op1->u.constant);
786 	}
787 }
788 /* }}} */
789 
zend_add_class_modifier(uint32_t flags,uint32_t new_flag)790 uint32_t zend_add_class_modifier(uint32_t flags, uint32_t new_flag) /* {{{ */
791 {
792 	uint32_t new_flags = flags | new_flag;
793 	if ((flags & ZEND_ACC_EXPLICIT_ABSTRACT_CLASS) && (new_flag & ZEND_ACC_EXPLICIT_ABSTRACT_CLASS)) {
794 		zend_throw_exception(zend_ce_compile_error,
795 			"Multiple abstract modifiers are not allowed", 0);
796 		return 0;
797 	}
798 	if ((flags & ZEND_ACC_FINAL) && (new_flag & ZEND_ACC_FINAL)) {
799 		zend_throw_exception(zend_ce_compile_error, "Multiple final modifiers are not allowed", 0);
800 		return 0;
801 	}
802 	if ((flags & ZEND_ACC_READONLY_CLASS) && (new_flag & ZEND_ACC_READONLY_CLASS)) {
803 		zend_throw_exception(zend_ce_compile_error, "Multiple readonly modifiers are not allowed", 0);
804 		return 0;
805 	}
806 	if ((new_flags & ZEND_ACC_EXPLICIT_ABSTRACT_CLASS) && (new_flags & ZEND_ACC_FINAL)) {
807 		zend_throw_exception(zend_ce_compile_error,
808 			"Cannot use the final modifier on an abstract class", 0);
809 		return 0;
810 	}
811 	return new_flags;
812 }
813 /* }}} */
814 
zend_add_member_modifier(uint32_t flags,uint32_t new_flag)815 uint32_t zend_add_member_modifier(uint32_t flags, uint32_t new_flag) /* {{{ */
816 {
817 	uint32_t new_flags = flags | new_flag;
818 	if ((flags & ZEND_ACC_PPP_MASK) && (new_flag & ZEND_ACC_PPP_MASK)) {
819 		zend_throw_exception(zend_ce_compile_error,
820 			"Multiple access type modifiers are not allowed", 0);
821 		return 0;
822 	}
823 	if ((flags & ZEND_ACC_ABSTRACT) && (new_flag & ZEND_ACC_ABSTRACT)) {
824 		zend_throw_exception(zend_ce_compile_error, "Multiple abstract modifiers are not allowed", 0);
825 		return 0;
826 	}
827 	if ((flags & ZEND_ACC_STATIC) && (new_flag & ZEND_ACC_STATIC)) {
828 		zend_throw_exception(zend_ce_compile_error, "Multiple static modifiers are not allowed", 0);
829 		return 0;
830 	}
831 	if ((flags & ZEND_ACC_FINAL) && (new_flag & ZEND_ACC_FINAL)) {
832 		zend_throw_exception(zend_ce_compile_error, "Multiple final modifiers are not allowed", 0);
833 		return 0;
834 	}
835 	if ((flags & ZEND_ACC_READONLY) && (new_flag & ZEND_ACC_READONLY)) {
836 		zend_throw_exception(zend_ce_compile_error,
837 			"Multiple readonly modifiers are not allowed", 0);
838 		return 0;
839 	}
840 	if ((new_flags & ZEND_ACC_ABSTRACT) && (new_flags & ZEND_ACC_FINAL)) {
841 		zend_throw_exception(zend_ce_compile_error,
842 			"Cannot use the final modifier on an abstract class member", 0);
843 		return 0;
844 	}
845 	return new_flags;
846 }
847 /* }}} */
848 
zend_create_member_string(zend_string * class_name,zend_string * member_name)849 ZEND_API zend_string *zend_create_member_string(zend_string *class_name, zend_string *member_name) {
850 	return zend_string_concat3(
851 		ZSTR_VAL(class_name), ZSTR_LEN(class_name),
852 		"::", sizeof("::") - 1,
853 		ZSTR_VAL(member_name), ZSTR_LEN(member_name));
854 }
855 
zend_concat_names(char * name1,size_t name1_len,char * name2,size_t name2_len)856 static zend_string *zend_concat_names(char *name1, size_t name1_len, char *name2, size_t name2_len) {
857 	return zend_string_concat3(name1, name1_len, "\\", 1, name2, name2_len);
858 }
859 
zend_prefix_with_ns(zend_string * name)860 static zend_string *zend_prefix_with_ns(zend_string *name) {
861 	if (FC(current_namespace)) {
862 		zend_string *ns = FC(current_namespace);
863 		return zend_concat_names(ZSTR_VAL(ns), ZSTR_LEN(ns), ZSTR_VAL(name), ZSTR_LEN(name));
864 	} else {
865 		return zend_string_copy(name);
866 	}
867 }
868 
zend_resolve_non_class_name(zend_string * name,uint32_t type,bool * is_fully_qualified,bool case_sensitive,HashTable * current_import_sub)869 static zend_string *zend_resolve_non_class_name(
870 	zend_string *name, uint32_t type, bool *is_fully_qualified,
871 	bool case_sensitive, HashTable *current_import_sub
872 ) {
873 	char *compound;
874 	*is_fully_qualified = 0;
875 
876 	if (ZSTR_VAL(name)[0] == '\\') {
877 		/* Remove \ prefix (only relevant if this is a string rather than a label) */
878 		*is_fully_qualified = 1;
879 		return zend_string_init(ZSTR_VAL(name) + 1, ZSTR_LEN(name) - 1, 0);
880 	}
881 
882 	if (type == ZEND_NAME_FQ) {
883 		*is_fully_qualified = 1;
884 		return zend_string_copy(name);
885 	}
886 
887 	if (type == ZEND_NAME_RELATIVE) {
888 		*is_fully_qualified = 1;
889 		return zend_prefix_with_ns(name);
890 	}
891 
892 	if (current_import_sub) {
893 		/* If an unqualified name is a function/const alias, replace it. */
894 		zend_string *import_name;
895 		if (case_sensitive) {
896 			import_name = zend_hash_find_ptr(current_import_sub, name);
897 		} else {
898 			import_name = zend_hash_find_ptr_lc(current_import_sub, name);
899 		}
900 
901 		if (import_name) {
902 			*is_fully_qualified = 1;
903 			return zend_string_copy(import_name);
904 		}
905 	}
906 
907 	compound = memchr(ZSTR_VAL(name), '\\', ZSTR_LEN(name));
908 	if (compound) {
909 		*is_fully_qualified = 1;
910 	}
911 
912 	if (compound && FC(imports)) {
913 		/* If the first part of a qualified name is an alias, substitute it. */
914 		size_t len = compound - ZSTR_VAL(name);
915 		zend_string *import_name = zend_hash_str_find_ptr_lc(FC(imports), ZSTR_VAL(name), len);
916 
917 		if (import_name) {
918 			return zend_concat_names(
919 				ZSTR_VAL(import_name), ZSTR_LEN(import_name), ZSTR_VAL(name) + len + 1, ZSTR_LEN(name) - len - 1);
920 		}
921 	}
922 
923 	return zend_prefix_with_ns(name);
924 }
925 /* }}} */
926 
zend_resolve_function_name(zend_string * name,uint32_t type,bool * is_fully_qualified)927 static zend_string *zend_resolve_function_name(zend_string *name, uint32_t type, bool *is_fully_qualified)
928 {
929 	return zend_resolve_non_class_name(
930 		name, type, is_fully_qualified, 0, FC(imports_function));
931 }
932 
zend_resolve_const_name(zend_string * name,uint32_t type,bool * is_fully_qualified)933 static zend_string *zend_resolve_const_name(zend_string *name, uint32_t type, bool *is_fully_qualified)
934 {
935 	return zend_resolve_non_class_name(
936 		name, type, is_fully_qualified, 1, FC(imports_const));
937 }
938 
zend_resolve_class_name(zend_string * name,uint32_t type)939 static zend_string *zend_resolve_class_name(zend_string *name, uint32_t type) /* {{{ */
940 {
941 	char *compound;
942 
943 	if (ZEND_FETCH_CLASS_DEFAULT != zend_get_class_fetch_type(name)) {
944 		if (type == ZEND_NAME_FQ) {
945 			zend_error_noreturn(E_COMPILE_ERROR,
946 				"'\\%s' is an invalid class name", ZSTR_VAL(name));
947 		}
948 		if (type == ZEND_NAME_RELATIVE) {
949 			zend_error_noreturn(E_COMPILE_ERROR,
950 				"'namespace\\%s' is an invalid class name", ZSTR_VAL(name));
951 		}
952 		ZEND_ASSERT(type == ZEND_NAME_NOT_FQ);
953 		return zend_string_copy(name);
954 	}
955 
956 	if (type == ZEND_NAME_RELATIVE) {
957 		return zend_prefix_with_ns(name);
958 	}
959 
960 	if (type == ZEND_NAME_FQ) {
961 		if (ZSTR_VAL(name)[0] == '\\') {
962 			/* Remove \ prefix (only relevant if this is a string rather than a label) */
963 			name = zend_string_init(ZSTR_VAL(name) + 1, ZSTR_LEN(name) - 1, 0);
964 			if (ZEND_FETCH_CLASS_DEFAULT != zend_get_class_fetch_type(name)) {
965 				zend_error_noreturn(E_COMPILE_ERROR,
966 					"'\\%s' is an invalid class name", ZSTR_VAL(name));
967 			}
968 			return name;
969 		}
970 
971 		return zend_string_copy(name);
972 	}
973 
974 	if (FC(imports)) {
975 		compound = memchr(ZSTR_VAL(name), '\\', ZSTR_LEN(name));
976 		if (compound) {
977 			/* If the first part of a qualified name is an alias, substitute it. */
978 			size_t len = compound - ZSTR_VAL(name);
979 			zend_string *import_name =
980 				zend_hash_str_find_ptr_lc(FC(imports), ZSTR_VAL(name), len);
981 
982 			if (import_name) {
983 				return zend_concat_names(
984 					ZSTR_VAL(import_name), ZSTR_LEN(import_name), ZSTR_VAL(name) + len + 1, ZSTR_LEN(name) - len - 1);
985 			}
986 		} else {
987 			/* If an unqualified name is an alias, replace it. */
988 			zend_string *import_name
989 				= zend_hash_find_ptr_lc(FC(imports), name);
990 
991 			if (import_name) {
992 				return zend_string_copy(import_name);
993 			}
994 		}
995 	}
996 
997 	/* If not fully qualified and not an alias, prepend the current namespace */
998 	return zend_prefix_with_ns(name);
999 }
1000 /* }}} */
1001 
zend_resolve_class_name_ast(zend_ast * ast)1002 zend_string *zend_resolve_class_name_ast(zend_ast *ast) /* {{{ */
1003 {
1004 	zval *class_name = zend_ast_get_zval(ast);
1005 	if (Z_TYPE_P(class_name) != IS_STRING) {
1006 		zend_error_noreturn(E_COMPILE_ERROR, "Illegal class name");
1007 	}
1008 	return zend_resolve_class_name(Z_STR_P(class_name), ast->attr);
1009 }
1010 /* }}} */
1011 
label_ptr_dtor(zval * zv)1012 static void label_ptr_dtor(zval *zv) /* {{{ */
1013 {
1014 	efree_size(Z_PTR_P(zv), sizeof(zend_label));
1015 }
1016 /* }}} */
1017 
str_dtor(zval * zv)1018 static void str_dtor(zval *zv)  /* {{{ */ {
1019 	zend_string_release_ex(Z_STR_P(zv), 0);
1020 }
1021 /* }}} */
1022 
1023 static bool zend_is_call(zend_ast *ast);
1024 
zend_add_try_element(uint32_t try_op)1025 static uint32_t zend_add_try_element(uint32_t try_op) /* {{{ */
1026 {
1027 	zend_op_array *op_array = CG(active_op_array);
1028 	uint32_t try_catch_offset = op_array->last_try_catch++;
1029 	zend_try_catch_element *elem;
1030 
1031 	op_array->try_catch_array = safe_erealloc(
1032 		op_array->try_catch_array, sizeof(zend_try_catch_element), op_array->last_try_catch, 0);
1033 
1034 	elem = &op_array->try_catch_array[try_catch_offset];
1035 	elem->try_op = try_op;
1036 	elem->catch_op = 0;
1037 	elem->finally_op = 0;
1038 	elem->finally_end = 0;
1039 
1040 	return try_catch_offset;
1041 }
1042 /* }}} */
1043 
function_add_ref(zend_function * function)1044 ZEND_API void function_add_ref(zend_function *function) /* {{{ */
1045 {
1046 	if (function->type == ZEND_USER_FUNCTION) {
1047 		zend_op_array *op_array = &function->op_array;
1048 		if (op_array->refcount) {
1049 			(*op_array->refcount)++;
1050 		}
1051 
1052 		ZEND_MAP_PTR_INIT(op_array->run_time_cache, NULL);
1053 		ZEND_MAP_PTR_INIT(op_array->static_variables_ptr, NULL);
1054 	}
1055 
1056 	if (function->common.function_name) {
1057 		zend_string_addref(function->common.function_name);
1058 	}
1059 }
1060 /* }}} */
1061 
do_bind_function_error(zend_string * lcname,zend_op_array * op_array,bool compile_time)1062 static zend_never_inline ZEND_COLD ZEND_NORETURN void do_bind_function_error(zend_string *lcname, zend_op_array *op_array, bool compile_time) /* {{{ */
1063 {
1064 	zval *zv = zend_hash_find_known_hash(compile_time ? CG(function_table) : EG(function_table), lcname);
1065 	int error_level = compile_time ? E_COMPILE_ERROR : E_ERROR;
1066 	zend_function *old_function;
1067 
1068 	ZEND_ASSERT(zv != NULL);
1069 	old_function = (zend_function*)Z_PTR_P(zv);
1070 	if (old_function->type == ZEND_USER_FUNCTION
1071 		&& old_function->op_array.last > 0) {
1072 		zend_error_noreturn(error_level, "Cannot redeclare %s() (previously declared in %s:%d)",
1073 					op_array ? ZSTR_VAL(op_array->function_name) : ZSTR_VAL(old_function->common.function_name),
1074 					ZSTR_VAL(old_function->op_array.filename),
1075 					old_function->op_array.line_start);
1076 	} else {
1077 		zend_error_noreturn(error_level, "Cannot redeclare %s()",
1078 			op_array ? ZSTR_VAL(op_array->function_name) : ZSTR_VAL(old_function->common.function_name));
1079 	}
1080 }
1081 
do_bind_function(zend_function * func,zval * lcname)1082 ZEND_API zend_result do_bind_function(zend_function *func, zval *lcname) /* {{{ */
1083 {
1084 	zend_function *added_func = zend_hash_add_ptr(EG(function_table), Z_STR_P(lcname), func);
1085 	if (UNEXPECTED(!added_func)) {
1086 		do_bind_function_error(Z_STR_P(lcname), &func->op_array, 0);
1087 		return FAILURE;
1088 	}
1089 
1090 	if (func->op_array.refcount) {
1091 		++*func->op_array.refcount;
1092 	}
1093 	if (func->common.function_name) {
1094 		zend_string_addref(func->common.function_name);
1095 	}
1096 	zend_observer_function_declared_notify(&func->op_array, Z_STR_P(lcname));
1097 	return SUCCESS;
1098 }
1099 /* }}} */
1100 
zend_bind_class_in_slot(zval * class_table_slot,zval * lcname,zend_string * lc_parent_name)1101 ZEND_API zend_class_entry *zend_bind_class_in_slot(
1102 		zval *class_table_slot, zval *lcname, zend_string *lc_parent_name)
1103 {
1104 	zend_class_entry *ce = Z_PTR_P(class_table_slot);
1105 	bool is_preloaded =
1106 		(ce->ce_flags & ZEND_ACC_PRELOADED) && !(CG(compiler_options) & ZEND_COMPILE_PRELOAD);
1107 	bool success;
1108 	if (EXPECTED(!is_preloaded)) {
1109 		success = zend_hash_set_bucket_key(EG(class_table), (Bucket*) class_table_slot, Z_STR_P(lcname)) != NULL;
1110 	} else {
1111 		/* If preloading is used, don't replace the existing bucket, add a new one. */
1112 		success = zend_hash_add_ptr(EG(class_table), Z_STR_P(lcname), ce) != NULL;
1113 	}
1114 	if (UNEXPECTED(!success)) {
1115 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot declare %s %s, because the name is already in use", zend_get_object_type(ce), ZSTR_VAL(ce->name));
1116 		return NULL;
1117 	}
1118 
1119 	if (ce->ce_flags & ZEND_ACC_LINKED) {
1120 		zend_observer_class_linked_notify(ce, Z_STR_P(lcname));
1121 		return ce;
1122 	}
1123 
1124 	ce = zend_do_link_class(ce, lc_parent_name, Z_STR_P(lcname));
1125 	if (ce) {
1126 		ZEND_ASSERT(!EG(exception));
1127 		zend_observer_class_linked_notify(ce, Z_STR_P(lcname));
1128 		return ce;
1129 	}
1130 
1131 	if (!is_preloaded) {
1132 		/* Reload bucket pointer, the hash table may have been reallocated */
1133 		zval *zv = zend_hash_find(EG(class_table), Z_STR_P(lcname));
1134 		zend_hash_set_bucket_key(EG(class_table), (Bucket *) zv, Z_STR_P(lcname + 1));
1135 	} else {
1136 		zend_hash_del(EG(class_table), Z_STR_P(lcname));
1137 	}
1138 	return NULL;
1139 }
1140 
do_bind_class(zval * lcname,zend_string * lc_parent_name)1141 ZEND_API zend_result do_bind_class(zval *lcname, zend_string *lc_parent_name) /* {{{ */
1142 {
1143 	zend_class_entry *ce;
1144 	zval *rtd_key, *zv;
1145 
1146 	rtd_key = lcname + 1;
1147 
1148 	zv = zend_hash_find_known_hash(EG(class_table), Z_STR_P(rtd_key));
1149 
1150 	if (UNEXPECTED(!zv)) {
1151 		ce = zend_hash_find_ptr(EG(class_table), Z_STR_P(lcname));
1152 		ZEND_ASSERT(ce);
1153 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot declare %s %s, because the name is already in use", zend_get_object_type(ce), ZSTR_VAL(ce->name));
1154 		return FAILURE;
1155 	}
1156 
1157 	/* Register the derived class */
1158 	return zend_bind_class_in_slot(zv, lcname, lc_parent_name) ? SUCCESS : FAILURE;
1159 }
1160 /* }}} */
1161 
add_type_string(zend_string * type,zend_string * new_type,bool is_intersection)1162 static zend_string *add_type_string(zend_string *type, zend_string *new_type, bool is_intersection) {
1163 	zend_string *result;
1164 	if (type == NULL) {
1165 		return zend_string_copy(new_type);
1166 	}
1167 
1168 	if (is_intersection) {
1169 		result = zend_string_concat3(ZSTR_VAL(type), ZSTR_LEN(type),
1170 			"&", 1, ZSTR_VAL(new_type), ZSTR_LEN(new_type));
1171 		zend_string_release(type);
1172 	} else {
1173 		result = zend_string_concat3(
1174 			ZSTR_VAL(type), ZSTR_LEN(type), "|", 1, ZSTR_VAL(new_type), ZSTR_LEN(new_type));
1175 		zend_string_release(type);
1176 	}
1177 	return result;
1178 }
1179 
resolve_class_name(zend_string * name,zend_class_entry * scope)1180 static zend_string *resolve_class_name(zend_string *name, zend_class_entry *scope) {
1181 	if (scope) {
1182 		if (zend_string_equals_literal_ci(name, "self")) {
1183 			name = scope->name;
1184 		} else if (zend_string_equals_literal_ci(name, "parent") && scope->parent) {
1185 			name = scope->parent->name;
1186 		}
1187 	}
1188 
1189 	/* The resolved name for anonymous classes contains null bytes. Cut off everything after the
1190 	 * null byte here, to avoid larger parts of the type being omitted by printing code later. */
1191 	size_t len = strlen(ZSTR_VAL(name));
1192 	if (len != ZSTR_LEN(name)) {
1193 		ZEND_ASSERT(scope && "This should only happen with resolved types");
1194 		return zend_string_init(ZSTR_VAL(name), len, 0);
1195 	}
1196 	return zend_string_copy(name);
1197 }
1198 
add_intersection_type(zend_string * str,zend_type_list * intersection_type_list,zend_class_entry * scope,bool is_bracketed)1199 static zend_string *add_intersection_type(zend_string *str,
1200 	zend_type_list *intersection_type_list, zend_class_entry *scope,
1201 	bool is_bracketed)
1202 {
1203 	zend_type *single_type;
1204 	zend_string *intersection_str = NULL;
1205 
1206 	ZEND_TYPE_LIST_FOREACH(intersection_type_list, single_type) {
1207 		ZEND_ASSERT(!ZEND_TYPE_HAS_LIST(*single_type));
1208 		ZEND_ASSERT(ZEND_TYPE_HAS_NAME(*single_type));
1209 		zend_string *name = ZEND_TYPE_NAME(*single_type);
1210 		zend_string *resolved = resolve_class_name(name, scope);
1211 		intersection_str = add_type_string(intersection_str, resolved, /* is_intersection */ true);
1212 		zend_string_release(resolved);
1213 	} ZEND_TYPE_LIST_FOREACH_END();
1214 
1215 	ZEND_ASSERT(intersection_str);
1216 
1217 	if (is_bracketed) {
1218 		zend_string *result = zend_string_concat3("(", 1, ZSTR_VAL(intersection_str), ZSTR_LEN(intersection_str), ")", 1);
1219 		zend_string_release(intersection_str);
1220 		intersection_str = result;
1221 	}
1222 	str = add_type_string(str, intersection_str, /* is_intersection */ false);
1223 	zend_string_release(intersection_str);
1224 	return str;
1225 }
1226 
zend_type_to_string_resolved(zend_type type,zend_class_entry * scope)1227 zend_string *zend_type_to_string_resolved(zend_type type, zend_class_entry *scope) {
1228 	zend_string *str = NULL;
1229 
1230 	/* Pure intersection type */
1231 	if (ZEND_TYPE_IS_INTERSECTION(type)) {
1232 		ZEND_ASSERT(!ZEND_TYPE_IS_UNION(type));
1233 		str = add_intersection_type(str, ZEND_TYPE_LIST(type), scope, /* is_bracketed */ false);
1234 	} else if (ZEND_TYPE_HAS_LIST(type)) {
1235 		/* A union type might not be a list */
1236 		zend_type *list_type;
1237 		ZEND_TYPE_LIST_FOREACH(ZEND_TYPE_LIST(type), list_type) {
1238 			if (ZEND_TYPE_IS_INTERSECTION(*list_type)) {
1239 				str = add_intersection_type(str, ZEND_TYPE_LIST(*list_type), scope, /* is_bracketed */ true);
1240 				continue;
1241 			}
1242 			ZEND_ASSERT(!ZEND_TYPE_HAS_LIST(*list_type));
1243 			ZEND_ASSERT(ZEND_TYPE_HAS_NAME(*list_type));
1244 			zend_string *name = ZEND_TYPE_NAME(*list_type);
1245 			zend_string *resolved = resolve_class_name(name, scope);
1246 			str = add_type_string(str, resolved, /* is_intersection */ false);
1247 			zend_string_release(resolved);
1248 		} ZEND_TYPE_LIST_FOREACH_END();
1249 	} else if (ZEND_TYPE_HAS_NAME(type)) {
1250 		str = resolve_class_name(ZEND_TYPE_NAME(type), scope);
1251 	}
1252 
1253 	uint32_t type_mask = ZEND_TYPE_PURE_MASK(type);
1254 
1255 	if (type_mask == MAY_BE_ANY) {
1256 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_MIXED), /* is_intersection */ false);
1257 
1258 		return str;
1259 	}
1260 	if (type_mask & MAY_BE_STATIC) {
1261 		zend_string *name = ZSTR_KNOWN(ZEND_STR_STATIC);
1262 		// During compilation of eval'd code the called scope refers to the scope calling the eval
1263 		if (scope && !zend_is_compiling()) {
1264 			zend_class_entry *called_scope = zend_get_called_scope(EG(current_execute_data));
1265 			if (called_scope) {
1266 				name = called_scope->name;
1267 			}
1268 		}
1269 		str = add_type_string(str, name, /* is_intersection */ false);
1270 	}
1271 	if (type_mask & MAY_BE_CALLABLE) {
1272 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_CALLABLE), /* is_intersection */ false);
1273 	}
1274 	if (type_mask & MAY_BE_OBJECT) {
1275 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_OBJECT), /* is_intersection */ false);
1276 	}
1277 	if (type_mask & MAY_BE_ARRAY) {
1278 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_ARRAY), /* is_intersection */ false);
1279 	}
1280 	if (type_mask & MAY_BE_STRING) {
1281 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_STRING), /* is_intersection */ false);
1282 	}
1283 	if (type_mask & MAY_BE_LONG) {
1284 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_INT), /* is_intersection */ false);
1285 	}
1286 	if (type_mask & MAY_BE_DOUBLE) {
1287 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_FLOAT), /* is_intersection */ false);
1288 	}
1289 	if ((type_mask & MAY_BE_BOOL) == MAY_BE_BOOL) {
1290 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_BOOL), /* is_intersection */ false);
1291 	} else if (type_mask & MAY_BE_FALSE) {
1292 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_FALSE), /* is_intersection */ false);
1293 	} else if (type_mask & MAY_BE_TRUE) {
1294 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_TRUE), /* is_intersection */ false);
1295 	}
1296 	if (type_mask & MAY_BE_VOID) {
1297 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_VOID), /* is_intersection */ false);
1298 	}
1299 	if (type_mask & MAY_BE_NEVER) {
1300 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_NEVER), /* is_intersection */ false);
1301 	}
1302 
1303 	if (type_mask & MAY_BE_NULL) {
1304 		bool is_union = !str || memchr(ZSTR_VAL(str), '|', ZSTR_LEN(str)) != NULL;
1305 		bool has_intersection = !str || memchr(ZSTR_VAL(str), '&', ZSTR_LEN(str)) != NULL;
1306 		if (!is_union && !has_intersection) {
1307 			zend_string *nullable_str = zend_string_concat2("?", 1, ZSTR_VAL(str), ZSTR_LEN(str));
1308 			zend_string_release(str);
1309 			return nullable_str;
1310 		}
1311 
1312 		str = add_type_string(str, ZSTR_KNOWN(ZEND_STR_NULL_LOWERCASE), /* is_intersection */ false);
1313 	}
1314 	return str;
1315 }
1316 
zend_type_to_string(zend_type type)1317 ZEND_API zend_string *zend_type_to_string(zend_type type) {
1318 	return zend_type_to_string_resolved(type, NULL);
1319 }
1320 
is_generator_compatible_class_type(zend_string * name)1321 static bool is_generator_compatible_class_type(zend_string *name) {
1322 	return zend_string_equals_literal_ci(name, "Traversable")
1323 		|| zend_string_equals_literal_ci(name, "Iterator")
1324 		|| zend_string_equals_literal_ci(name, "Generator");
1325 }
1326 
zend_mark_function_as_generator(void)1327 static void zend_mark_function_as_generator(void) /* {{{ */
1328 {
1329 	if (!CG(active_op_array)->function_name) {
1330 		zend_error_noreturn(E_COMPILE_ERROR,
1331 			"The \"yield\" expression can only be used inside a function");
1332 	}
1333 
1334 	if (CG(active_op_array)->fn_flags & ZEND_ACC_HAS_RETURN_TYPE) {
1335 		zend_type return_type = CG(active_op_array)->arg_info[-1].type;
1336 		bool valid_type = (ZEND_TYPE_FULL_MASK(return_type) & MAY_BE_OBJECT) != 0;
1337 		if (!valid_type) {
1338 			zend_type *single_type;
1339 			ZEND_TYPE_FOREACH(return_type, single_type) {
1340 				if (ZEND_TYPE_HAS_NAME(*single_type)
1341 						&& is_generator_compatible_class_type(ZEND_TYPE_NAME(*single_type))) {
1342 					valid_type = 1;
1343 					break;
1344 				}
1345 			} ZEND_TYPE_FOREACH_END();
1346 		}
1347 
1348 		if (!valid_type) {
1349 			zend_string *str = zend_type_to_string(return_type);
1350 			zend_error_noreturn(E_COMPILE_ERROR,
1351 				"Generator return type must be a supertype of Generator, %s given",
1352 				ZSTR_VAL(str));
1353 		}
1354 	}
1355 
1356 	CG(active_op_array)->fn_flags |= ZEND_ACC_GENERATOR;
1357 }
1358 /* }}} */
1359 
zend_mangle_property_name(const char * src1,size_t src1_length,const char * src2,size_t src2_length,bool internal)1360 ZEND_API zend_string *zend_mangle_property_name(const char *src1, size_t src1_length, const char *src2, size_t src2_length, bool internal) /* {{{ */
1361 {
1362 	size_t prop_name_length = 1 + src1_length + 1 + src2_length;
1363 	zend_string *prop_name = zend_string_alloc(prop_name_length, internal);
1364 
1365 	ZSTR_VAL(prop_name)[0] = '\0';
1366 	memcpy(ZSTR_VAL(prop_name) + 1, src1, src1_length+1);
1367 	memcpy(ZSTR_VAL(prop_name) + 1 + src1_length + 1, src2, src2_length+1);
1368 	return prop_name;
1369 }
1370 /* }}} */
1371 
zend_strnlen(const char * s,size_t maxlen)1372 static zend_always_inline size_t zend_strnlen(const char* s, size_t maxlen) /* {{{ */
1373 {
1374 	size_t len = 0;
1375 	while (*s++ && maxlen--) len++;
1376 	return len;
1377 }
1378 /* }}} */
1379 
zend_unmangle_property_name_ex(const zend_string * name,const char ** class_name,const char ** prop_name,size_t * prop_len)1380 ZEND_API zend_result zend_unmangle_property_name_ex(const zend_string *name, const char **class_name, const char **prop_name, size_t *prop_len) /* {{{ */
1381 {
1382 	size_t class_name_len;
1383 	size_t anonclass_src_len;
1384 
1385 	*class_name = NULL;
1386 
1387 	if (!ZSTR_LEN(name) || ZSTR_VAL(name)[0] != '\0') {
1388 		*prop_name = ZSTR_VAL(name);
1389 		if (prop_len) {
1390 			*prop_len = ZSTR_LEN(name);
1391 		}
1392 		return SUCCESS;
1393 	}
1394 	if (ZSTR_LEN(name) < 3 || ZSTR_VAL(name)[1] == '\0') {
1395 		zend_error(E_NOTICE, "Illegal member variable name");
1396 		*prop_name = ZSTR_VAL(name);
1397 		if (prop_len) {
1398 			*prop_len = ZSTR_LEN(name);
1399 		}
1400 		return FAILURE;
1401 	}
1402 
1403 	class_name_len = zend_strnlen(ZSTR_VAL(name) + 1, ZSTR_LEN(name) - 2);
1404 	if (class_name_len >= ZSTR_LEN(name) - 2 || ZSTR_VAL(name)[class_name_len + 1] != '\0') {
1405 		zend_error(E_NOTICE, "Corrupt member variable name");
1406 		*prop_name = ZSTR_VAL(name);
1407 		if (prop_len) {
1408 			*prop_len = ZSTR_LEN(name);
1409 		}
1410 		return FAILURE;
1411 	}
1412 
1413 	*class_name = ZSTR_VAL(name) + 1;
1414 	anonclass_src_len = zend_strnlen(*class_name + class_name_len + 1, ZSTR_LEN(name) - class_name_len - 2);
1415 	if (class_name_len + anonclass_src_len + 2 != ZSTR_LEN(name)) {
1416 		class_name_len += anonclass_src_len + 1;
1417 	}
1418 	*prop_name = ZSTR_VAL(name) + class_name_len + 2;
1419 	if (prop_len) {
1420 		*prop_len = ZSTR_LEN(name) - class_name_len - 2;
1421 	}
1422 	return SUCCESS;
1423 }
1424 /* }}} */
1425 
array_is_const_ex(zend_array * array,uint32_t * max_checks)1426 static bool array_is_const_ex(zend_array *array, uint32_t *max_checks)
1427 {
1428 	if (zend_hash_num_elements(array) > *max_checks) {
1429 		return false;
1430 	}
1431 	*max_checks -= zend_hash_num_elements(array);
1432 
1433 	zval *element;
1434 	ZEND_HASH_FOREACH_VAL(array, element) {
1435 		if (Z_TYPE_P(element) < IS_ARRAY) {
1436 			continue;
1437 		} else if (Z_TYPE_P(element) == IS_ARRAY) {
1438 			if (!array_is_const_ex(array, max_checks)) {
1439 				return false;
1440 			}
1441 		} else {
1442 			return false;
1443 		}
1444 	} ZEND_HASH_FOREACH_END();
1445 
1446 	return true;
1447 }
1448 
array_is_const(zend_array * array)1449 static bool array_is_const(zend_array *array)
1450 {
1451 	uint32_t max_checks = 50;
1452 	return array_is_const_ex(array, &max_checks);
1453 }
1454 
can_ct_eval_const(zend_constant * c)1455 static bool can_ct_eval_const(zend_constant *c) {
1456 	if (ZEND_CONSTANT_FLAGS(c) & CONST_DEPRECATED) {
1457 		return 0;
1458 	}
1459 	if ((ZEND_CONSTANT_FLAGS(c) & CONST_PERSISTENT)
1460 			&& !(CG(compiler_options) & ZEND_COMPILE_NO_PERSISTENT_CONSTANT_SUBSTITUTION)
1461 			&& !((ZEND_CONSTANT_FLAGS(c) & CONST_NO_FILE_CACHE)
1462 				&& (CG(compiler_options) & ZEND_COMPILE_WITH_FILE_CACHE))) {
1463 		return 1;
1464 	}
1465 	if (Z_TYPE(c->value) < IS_ARRAY
1466 			&& !(CG(compiler_options) & ZEND_COMPILE_NO_CONSTANT_SUBSTITUTION)) {
1467 		return 1;
1468 	} else if (Z_TYPE(c->value) == IS_ARRAY
1469 			&& !(CG(compiler_options) & ZEND_COMPILE_NO_CONSTANT_SUBSTITUTION)
1470 			&& array_is_const(Z_ARR(c->value))) {
1471 		return 1;
1472 	}
1473 	return 0;
1474 }
1475 
zend_try_ct_eval_const(zval * zv,zend_string * name,bool is_fully_qualified)1476 static bool zend_try_ct_eval_const(zval *zv, zend_string *name, bool is_fully_qualified) /* {{{ */
1477 {
1478 	/* Substitute true, false and null (including unqualified usage in namespaces)
1479 	 * before looking up the possibly namespaced name. */
1480 	const char *lookup_name = ZSTR_VAL(name);
1481 	size_t lookup_len = ZSTR_LEN(name);
1482 
1483 	if (!is_fully_qualified) {
1484 		zend_get_unqualified_name(name, &lookup_name, &lookup_len);
1485 	}
1486 
1487 	zend_constant *c;
1488 	if ((c = zend_get_special_const(lookup_name, lookup_len))) {
1489 		ZVAL_COPY_VALUE(zv, &c->value);
1490 		return 1;
1491 	}
1492 	c = zend_hash_find_ptr(EG(zend_constants), name);
1493 	if (c && can_ct_eval_const(c)) {
1494 		ZVAL_COPY_OR_DUP(zv, &c->value);
1495 		return 1;
1496 	}
1497 	return 0;
1498 }
1499 /* }}} */
1500 
zend_is_scope_known(void)1501 static inline bool zend_is_scope_known(void) /* {{{ */
1502 {
1503 	if (!CG(active_op_array)) {
1504 		/* This can only happen when evaluating a default value string. */
1505 		return 0;
1506 	}
1507 
1508 	if (CG(active_op_array)->fn_flags & ZEND_ACC_CLOSURE) {
1509 		/* Closures can be rebound to a different scope */
1510 		return 0;
1511 	}
1512 
1513 	if (!CG(active_class_entry)) {
1514 		/* The scope is known if we're in a free function (no scope), but not if we're in
1515 		 * a file/eval (which inherits including/eval'ing scope). */
1516 		return CG(active_op_array)->function_name != NULL;
1517 	}
1518 
1519 	/* For traits self etc refers to the using class, not the trait itself */
1520 	return (CG(active_class_entry)->ce_flags & ZEND_ACC_TRAIT) == 0;
1521 }
1522 /* }}} */
1523 
class_name_refers_to_active_ce(zend_string * class_name,uint32_t fetch_type)1524 static inline bool class_name_refers_to_active_ce(zend_string *class_name, uint32_t fetch_type) /* {{{ */
1525 {
1526 	if (!CG(active_class_entry)) {
1527 		return 0;
1528 	}
1529 	if (fetch_type == ZEND_FETCH_CLASS_SELF && zend_is_scope_known()) {
1530 		return 1;
1531 	}
1532 	return fetch_type == ZEND_FETCH_CLASS_DEFAULT
1533 		&& zend_string_equals_ci(class_name, CG(active_class_entry)->name);
1534 }
1535 /* }}} */
1536 
zend_get_class_fetch_type(zend_string * name)1537 uint32_t zend_get_class_fetch_type(zend_string *name) /* {{{ */
1538 {
1539 	if (zend_string_equals_literal_ci(name, "self")) {
1540 		return ZEND_FETCH_CLASS_SELF;
1541 	} else if (zend_string_equals_literal_ci(name, "parent")) {
1542 		return ZEND_FETCH_CLASS_PARENT;
1543 	} else if (zend_string_equals_literal_ci(name, "static")) {
1544 		return ZEND_FETCH_CLASS_STATIC;
1545 	} else {
1546 		return ZEND_FETCH_CLASS_DEFAULT;
1547 	}
1548 }
1549 /* }}} */
1550 
zend_get_class_fetch_type_ast(zend_ast * name_ast)1551 static uint32_t zend_get_class_fetch_type_ast(zend_ast *name_ast) /* {{{ */
1552 {
1553 	/* Fully qualified names are always default refs */
1554 	if (name_ast->attr == ZEND_NAME_FQ) {
1555 		return ZEND_FETCH_CLASS_DEFAULT;
1556 	}
1557 
1558 	return zend_get_class_fetch_type(zend_ast_get_str(name_ast));
1559 }
1560 /* }}} */
1561 
zend_resolve_const_class_name_reference(zend_ast * ast,const char * type)1562 static zend_string *zend_resolve_const_class_name_reference(zend_ast *ast, const char *type)
1563 {
1564 	zend_string *class_name = zend_ast_get_str(ast);
1565 	if (ZEND_FETCH_CLASS_DEFAULT != zend_get_class_fetch_type_ast(ast)) {
1566 		zend_error_noreturn(E_COMPILE_ERROR,
1567 			"Cannot use '%s' as %s, as it is reserved",
1568 			ZSTR_VAL(class_name), type);
1569 	}
1570 	return zend_resolve_class_name(class_name, ast->attr);
1571 }
1572 
zend_ensure_valid_class_fetch_type(uint32_t fetch_type)1573 static void zend_ensure_valid_class_fetch_type(uint32_t fetch_type) /* {{{ */
1574 {
1575 	if (fetch_type != ZEND_FETCH_CLASS_DEFAULT && zend_is_scope_known()) {
1576 		zend_class_entry *ce = CG(active_class_entry);
1577 		if (!ce) {
1578 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use \"%s\" when no class scope is active",
1579 				fetch_type == ZEND_FETCH_CLASS_SELF ? "self" :
1580 				fetch_type == ZEND_FETCH_CLASS_PARENT ? "parent" : "static");
1581 		} else if (fetch_type == ZEND_FETCH_CLASS_PARENT && !ce->parent_name) {
1582 			zend_error_noreturn(E_COMPILE_ERROR,
1583 				"Cannot use \"parent\" when current class scope has no parent");
1584 		}
1585 	}
1586 }
1587 /* }}} */
1588 
zend_try_compile_const_expr_resolve_class_name(zval * zv,zend_ast * class_ast)1589 static bool zend_try_compile_const_expr_resolve_class_name(zval *zv, zend_ast *class_ast) /* {{{ */
1590 {
1591 	uint32_t fetch_type;
1592 	zval *class_name;
1593 
1594 	if (class_ast->kind != ZEND_AST_ZVAL) {
1595 		return 0;
1596 	}
1597 
1598 	class_name = zend_ast_get_zval(class_ast);
1599 
1600 	if (Z_TYPE_P(class_name) != IS_STRING) {
1601 		zend_error_noreturn(E_COMPILE_ERROR, "Illegal class name");
1602 	}
1603 
1604 	fetch_type = zend_get_class_fetch_type(Z_STR_P(class_name));
1605 	zend_ensure_valid_class_fetch_type(fetch_type);
1606 
1607 	switch (fetch_type) {
1608 		case ZEND_FETCH_CLASS_SELF:
1609 			if (CG(active_class_entry) && zend_is_scope_known()) {
1610 				ZVAL_STR_COPY(zv, CG(active_class_entry)->name);
1611 				return 1;
1612 			}
1613 			return 0;
1614 		case ZEND_FETCH_CLASS_PARENT:
1615 			if (CG(active_class_entry) && CG(active_class_entry)->parent_name
1616 					&& zend_is_scope_known()) {
1617 				ZVAL_STR_COPY(zv, CG(active_class_entry)->parent_name);
1618 				return 1;
1619 			}
1620 			return 0;
1621 		case ZEND_FETCH_CLASS_STATIC:
1622 			return 0;
1623 		case ZEND_FETCH_CLASS_DEFAULT:
1624 			ZVAL_STR(zv, zend_resolve_class_name_ast(class_ast));
1625 			return 1;
1626 		EMPTY_SWITCH_DEFAULT_CASE()
1627 	}
1628 }
1629 /* }}} */
1630 
1631 /* We don't use zend_verify_const_access because we need to deal with unlinked classes. */
zend_verify_ct_const_access(zend_class_constant * c,zend_class_entry * scope)1632 static bool zend_verify_ct_const_access(zend_class_constant *c, zend_class_entry *scope)
1633 {
1634 	if (c->ce->ce_flags & ZEND_ACC_TRAIT) {
1635 		/* This condition is only met on directly accessing trait constants,
1636 		 * because the ce is replaced to the class entry of the composing class
1637 		 * on binding. */
1638 		return 0;
1639 	} else if (ZEND_CLASS_CONST_FLAGS(c) & ZEND_ACC_PUBLIC) {
1640 		return 1;
1641 	} else if (ZEND_CLASS_CONST_FLAGS(c) & ZEND_ACC_PRIVATE) {
1642 		return c->ce == scope;
1643 	} else {
1644 		zend_class_entry *ce = c->ce;
1645 		while (1) {
1646 			if (ce == scope) {
1647 				return 1;
1648 			}
1649 			if (!ce->parent) {
1650 				break;
1651 			}
1652 			if (ce->ce_flags & ZEND_ACC_RESOLVED_PARENT) {
1653 				ce = ce->parent;
1654 			} else {
1655 				ce = zend_hash_find_ptr_lc(CG(class_table), ce->parent_name);
1656 				if (!ce) {
1657 					break;
1658 				}
1659 			}
1660 		}
1661 		/* Reverse case cannot be true during compilation */
1662 		return 0;
1663 	}
1664 }
1665 
zend_try_ct_eval_class_const(zval * zv,zend_string * class_name,zend_string * name)1666 static bool zend_try_ct_eval_class_const(zval *zv, zend_string *class_name, zend_string *name) /* {{{ */
1667 {
1668 	uint32_t fetch_type = zend_get_class_fetch_type(class_name);
1669 	zend_class_constant *cc;
1670 	zval *c;
1671 
1672 	if (class_name_refers_to_active_ce(class_name, fetch_type)) {
1673 		cc = zend_hash_find_ptr(&CG(active_class_entry)->constants_table, name);
1674 	} else if (fetch_type == ZEND_FETCH_CLASS_DEFAULT && !(CG(compiler_options) & ZEND_COMPILE_NO_CONSTANT_SUBSTITUTION)) {
1675 		zend_class_entry *ce = zend_hash_find_ptr_lc(CG(class_table), class_name);
1676 		if (ce) {
1677 			cc = zend_hash_find_ptr(&ce->constants_table, name);
1678 		} else {
1679 			return 0;
1680 		}
1681 	} else {
1682 		return 0;
1683 	}
1684 
1685 	if (CG(compiler_options) & ZEND_COMPILE_NO_PERSISTENT_CONSTANT_SUBSTITUTION) {
1686 		return 0;
1687 	}
1688 
1689 	if (!cc || !zend_verify_ct_const_access(cc, CG(active_class_entry))) {
1690 		return 0;
1691 	}
1692 
1693 	c = &cc->value;
1694 
1695 	/* Substitute case-sensitive (or lowercase) persistent class constants */
1696 	if (Z_TYPE_P(c) < IS_ARRAY) {
1697 		ZVAL_COPY_OR_DUP(zv, c);
1698 		return 1;
1699 	} else if (Z_TYPE_P(c) == IS_ARRAY && array_is_const(Z_ARR_P(c))) {
1700 		ZVAL_COPY_OR_DUP(zv, c);
1701 		return 1;
1702 	}
1703 
1704 	return 0;
1705 }
1706 /* }}} */
1707 
zend_add_to_list(void * result,void * item)1708 static void zend_add_to_list(void *result, void *item) /* {{{ */
1709 {
1710 	void** list = *(void**)result;
1711 	size_t n = 0;
1712 
1713 	if (list) {
1714 		while (list[n]) {
1715 			n++;
1716 		}
1717 	}
1718 
1719 	list = erealloc(list, sizeof(void*) * (n+2));
1720 
1721 	list[n]   = item;
1722 	list[n+1] = NULL;
1723 
1724 	*(void**)result = list;
1725 }
1726 /* }}} */
1727 
zend_do_extended_stmt(void)1728 static void zend_do_extended_stmt(void) /* {{{ */
1729 {
1730 	zend_op *opline;
1731 
1732 	if (!(CG(compiler_options) & ZEND_COMPILE_EXTENDED_STMT)) {
1733 		return;
1734 	}
1735 
1736 	opline = get_next_op();
1737 
1738 	opline->opcode = ZEND_EXT_STMT;
1739 }
1740 /* }}} */
1741 
zend_do_extended_fcall_begin(void)1742 static void zend_do_extended_fcall_begin(void) /* {{{ */
1743 {
1744 	zend_op *opline;
1745 
1746 	if (!(CG(compiler_options) & ZEND_COMPILE_EXTENDED_FCALL)) {
1747 		return;
1748 	}
1749 
1750 	opline = get_next_op();
1751 
1752 	opline->opcode = ZEND_EXT_FCALL_BEGIN;
1753 }
1754 /* }}} */
1755 
zend_do_extended_fcall_end(void)1756 static void zend_do_extended_fcall_end(void) /* {{{ */
1757 {
1758 	zend_op *opline;
1759 
1760 	if (!(CG(compiler_options) & ZEND_COMPILE_EXTENDED_FCALL)) {
1761 		return;
1762 	}
1763 
1764 	opline = get_next_op();
1765 
1766 	opline->opcode = ZEND_EXT_FCALL_END;
1767 }
1768 /* }}} */
1769 
zend_is_auto_global_str(const char * name,size_t len)1770 ZEND_API bool zend_is_auto_global_str(const char *name, size_t len) /* {{{ */ {
1771 	zend_auto_global *auto_global;
1772 
1773 	if ((auto_global = zend_hash_str_find_ptr(CG(auto_globals), name, len)) != NULL) {
1774 		if (auto_global->armed) {
1775 			auto_global->armed = auto_global->auto_global_callback(auto_global->name);
1776 		}
1777 		return 1;
1778 	}
1779 	return 0;
1780 }
1781 /* }}} */
1782 
zend_is_auto_global(zend_string * name)1783 ZEND_API bool zend_is_auto_global(zend_string *name) /* {{{ */
1784 {
1785 	zend_auto_global *auto_global;
1786 
1787 	if ((auto_global = zend_hash_find_ptr(CG(auto_globals), name)) != NULL) {
1788 		if (auto_global->armed) {
1789 			auto_global->armed = auto_global->auto_global_callback(auto_global->name);
1790 		}
1791 		return 1;
1792 	}
1793 	return 0;
1794 }
1795 /* }}} */
1796 
zend_register_auto_global(zend_string * name,bool jit,zend_auto_global_callback auto_global_callback)1797 ZEND_API zend_result zend_register_auto_global(zend_string *name, bool jit, zend_auto_global_callback auto_global_callback) /* {{{ */
1798 {
1799 	zend_auto_global auto_global;
1800 	zend_result retval;
1801 
1802 	auto_global.name = name;
1803 	auto_global.auto_global_callback = auto_global_callback;
1804 	auto_global.jit = jit;
1805 
1806 	retval = zend_hash_add_mem(CG(auto_globals), auto_global.name, &auto_global, sizeof(zend_auto_global)) != NULL ? SUCCESS : FAILURE;
1807 
1808 	return retval;
1809 }
1810 /* }}} */
1811 
zend_activate_auto_globals(void)1812 ZEND_API void zend_activate_auto_globals(void) /* {{{ */
1813 {
1814 	zend_auto_global *auto_global;
1815 
1816 	ZEND_HASH_MAP_FOREACH_PTR(CG(auto_globals), auto_global) {
1817 		if (auto_global->jit) {
1818 			auto_global->armed = 1;
1819 		} else if (auto_global->auto_global_callback) {
1820 			auto_global->armed = auto_global->auto_global_callback(auto_global->name);
1821 		} else {
1822 			auto_global->armed = 0;
1823 		}
1824 	} ZEND_HASH_FOREACH_END();
1825 }
1826 /* }}} */
1827 
zendlex(zend_parser_stack_elem * elem)1828 int ZEND_FASTCALL zendlex(zend_parser_stack_elem *elem) /* {{{ */
1829 {
1830 	zval zv;
1831 	int ret;
1832 
1833 	if (CG(increment_lineno)) {
1834 		CG(zend_lineno)++;
1835 		CG(increment_lineno) = 0;
1836 	}
1837 
1838 	ret = lex_scan(&zv, elem);
1839 	ZEND_ASSERT(!EG(exception) || ret == T_ERROR);
1840 	return ret;
1841 
1842 }
1843 /* }}} */
1844 
zend_initialize_class_data(zend_class_entry * ce,bool nullify_handlers)1845 ZEND_API void zend_initialize_class_data(zend_class_entry *ce, bool nullify_handlers) /* {{{ */
1846 {
1847 	bool persistent_hashes = ce->type == ZEND_INTERNAL_CLASS;
1848 
1849 	ce->refcount = 1;
1850 	ce->ce_flags = ZEND_ACC_CONSTANTS_UPDATED;
1851 
1852 	if (CG(compiler_options) & ZEND_COMPILE_GUARDS) {
1853 		ce->ce_flags |= ZEND_ACC_USE_GUARDS;
1854 	}
1855 
1856 	ce->default_properties_table = NULL;
1857 	ce->default_static_members_table = NULL;
1858 	zend_hash_init(&ce->properties_info, 8, NULL, NULL, persistent_hashes);
1859 	zend_hash_init(&ce->constants_table, 8, NULL, NULL, persistent_hashes);
1860 	zend_hash_init(&ce->function_table, 8, NULL, ZEND_FUNCTION_DTOR, persistent_hashes);
1861 
1862 	if (ce->type == ZEND_USER_CLASS) {
1863 		ce->info.user.doc_comment = NULL;
1864 	}
1865 	ZEND_MAP_PTR_INIT(ce->static_members_table, NULL);
1866 	ZEND_MAP_PTR_INIT(ce->mutable_data, NULL);
1867 
1868 	ce->default_properties_count = 0;
1869 	ce->default_static_members_count = 0;
1870 	ce->properties_info_table = NULL;
1871 	ce->attributes = NULL;
1872 	ce->enum_backing_type = IS_UNDEF;
1873 	ce->backed_enum_table = NULL;
1874 
1875 	if (nullify_handlers) {
1876 		ce->constructor = NULL;
1877 		ce->destructor = NULL;
1878 		ce->clone = NULL;
1879 		ce->__get = NULL;
1880 		ce->__set = NULL;
1881 		ce->__unset = NULL;
1882 		ce->__isset = NULL;
1883 		ce->__call = NULL;
1884 		ce->__callstatic = NULL;
1885 		ce->__tostring = NULL;
1886 		ce->__serialize = NULL;
1887 		ce->__unserialize = NULL;
1888 		ce->__debugInfo = NULL;
1889 		ce->create_object = NULL;
1890 		ce->get_iterator = NULL;
1891 		ce->iterator_funcs_ptr = NULL;
1892 		ce->arrayaccess_funcs_ptr = NULL;
1893 		ce->get_static_method = NULL;
1894 		ce->parent = NULL;
1895 		ce->parent_name = NULL;
1896 		ce->num_interfaces = 0;
1897 		ce->interfaces = NULL;
1898 		ce->num_traits = 0;
1899 		ce->trait_names = NULL;
1900 		ce->trait_aliases = NULL;
1901 		ce->trait_precedences = NULL;
1902 		ce->serialize = NULL;
1903 		ce->unserialize = NULL;
1904 		if (ce->type == ZEND_INTERNAL_CLASS) {
1905 			ce->info.internal.module = NULL;
1906 			ce->info.internal.builtin_functions = NULL;
1907 		}
1908 	}
1909 }
1910 /* }}} */
1911 
zend_get_compiled_variable_name(const zend_op_array * op_array,uint32_t var)1912 ZEND_API zend_string *zend_get_compiled_variable_name(const zend_op_array *op_array, uint32_t var) /* {{{ */
1913 {
1914 	return op_array->vars[EX_VAR_TO_NUM(var)];
1915 }
1916 /* }}} */
1917 
zend_ast_append_str(zend_ast * left_ast,zend_ast * right_ast)1918 zend_ast *zend_ast_append_str(zend_ast *left_ast, zend_ast *right_ast) /* {{{ */
1919 {
1920 	zval *left_zv = zend_ast_get_zval(left_ast);
1921 	zend_string *left = Z_STR_P(left_zv);
1922 	zend_string *right = zend_ast_get_str(right_ast);
1923 
1924 	zend_string *result;
1925 	size_t left_len = ZSTR_LEN(left);
1926 	size_t len = left_len + ZSTR_LEN(right) + 1; /* left\right */
1927 
1928 	result = zend_string_extend(left, len, 0);
1929 	ZSTR_VAL(result)[left_len] = '\\';
1930 	memcpy(&ZSTR_VAL(result)[left_len + 1], ZSTR_VAL(right), ZSTR_LEN(right));
1931 	ZSTR_VAL(result)[len] = '\0';
1932 	zend_string_release_ex(right, 0);
1933 
1934 	ZVAL_STR(left_zv, result);
1935 	return left_ast;
1936 }
1937 /* }}} */
1938 
zend_negate_num_string(zend_ast * ast)1939 zend_ast *zend_negate_num_string(zend_ast *ast) /* {{{ */
1940 {
1941 	zval *zv = zend_ast_get_zval(ast);
1942 	if (Z_TYPE_P(zv) == IS_LONG) {
1943 		if (Z_LVAL_P(zv) == 0) {
1944 			ZVAL_NEW_STR(zv, zend_string_init("-0", sizeof("-0")-1, 0));
1945 		} else {
1946 			ZEND_ASSERT(Z_LVAL_P(zv) > 0);
1947 			Z_LVAL_P(zv) *= -1;
1948 		}
1949 	} else if (Z_TYPE_P(zv) == IS_STRING) {
1950 		size_t orig_len = Z_STRLEN_P(zv);
1951 		Z_STR_P(zv) = zend_string_extend(Z_STR_P(zv), orig_len + 1, 0);
1952 		memmove(Z_STRVAL_P(zv) + 1, Z_STRVAL_P(zv), orig_len + 1);
1953 		Z_STRVAL_P(zv)[0] = '-';
1954 	} else {
1955 		ZEND_UNREACHABLE();
1956 	}
1957 	return ast;
1958 }
1959 /* }}} */
1960 
zend_verify_namespace(void)1961 static void zend_verify_namespace(void) /* {{{ */
1962 {
1963 	if (FC(has_bracketed_namespaces) && !FC(in_namespace)) {
1964 		zend_error_noreturn(E_COMPILE_ERROR, "No code may exist outside of namespace {}");
1965 	}
1966 }
1967 /* }}} */
1968 
1969 /* {{{ zend_dirname
1970    Returns directory name component of path */
zend_dirname(char * path,size_t len)1971 ZEND_API size_t zend_dirname(char *path, size_t len)
1972 {
1973 	char *end = path + len - 1;
1974 	unsigned int len_adjust = 0;
1975 
1976 #ifdef ZEND_WIN32
1977 	/* Note that on Win32 CWD is per drive (heritage from CP/M).
1978 	 * This means dirname("c:foo") maps to "c:." or "c:" - which means CWD on C: drive.
1979 	 */
1980 	if ((2 <= len) && isalpha((int)((unsigned char *)path)[0]) && (':' == path[1])) {
1981 		/* Skip over the drive spec (if any) so as not to change */
1982 		path += 2;
1983 		len_adjust += 2;
1984 		if (2 == len) {
1985 			/* Return "c:" on Win32 for dirname("c:").
1986 			 * It would be more consistent to return "c:."
1987 			 * but that would require making the string *longer*.
1988 			 */
1989 			return len;
1990 		}
1991 	}
1992 #endif
1993 
1994 	if (len == 0) {
1995 		/* Illegal use of this function */
1996 		return 0;
1997 	}
1998 
1999 	/* Strip trailing slashes */
2000 	while (end >= path && IS_SLASH_P(end)) {
2001 		end--;
2002 	}
2003 	if (end < path) {
2004 		/* The path only contained slashes */
2005 		path[0] = DEFAULT_SLASH;
2006 		path[1] = '\0';
2007 		return 1 + len_adjust;
2008 	}
2009 
2010 	/* Strip filename */
2011 	while (end >= path && !IS_SLASH_P(end)) {
2012 		end--;
2013 	}
2014 	if (end < path) {
2015 		/* No slash found, therefore return '.' */
2016 		path[0] = '.';
2017 		path[1] = '\0';
2018 		return 1 + len_adjust;
2019 	}
2020 
2021 	/* Strip slashes which came before the file name */
2022 	while (end >= path && IS_SLASH_P(end)) {
2023 		end--;
2024 	}
2025 	if (end < path) {
2026 		path[0] = DEFAULT_SLASH;
2027 		path[1] = '\0';
2028 		return 1 + len_adjust;
2029 	}
2030 	*(end+1) = '\0';
2031 
2032 	return (size_t)(end + 1 - path) + len_adjust;
2033 }
2034 /* }}} */
2035 
zend_adjust_for_fetch_type(zend_op * opline,znode * result,uint32_t type)2036 static void zend_adjust_for_fetch_type(zend_op *opline, znode *result, uint32_t type) /* {{{ */
2037 {
2038 	zend_uchar factor = (opline->opcode == ZEND_FETCH_STATIC_PROP_R) ? 1 : 3;
2039 
2040 	switch (type) {
2041 		case BP_VAR_R:
2042 			opline->result_type = IS_TMP_VAR;
2043 			result->op_type = IS_TMP_VAR;
2044 			return;
2045 		case BP_VAR_W:
2046 			opline->opcode += 1 * factor;
2047 			return;
2048 		case BP_VAR_RW:
2049 			opline->opcode += 2 * factor;
2050 			return;
2051 		case BP_VAR_IS:
2052 			opline->result_type = IS_TMP_VAR;
2053 			result->op_type = IS_TMP_VAR;
2054 			opline->opcode += 3 * factor;
2055 			return;
2056 		case BP_VAR_FUNC_ARG:
2057 			opline->opcode += 4 * factor;
2058 			return;
2059 		case BP_VAR_UNSET:
2060 			opline->opcode += 5 * factor;
2061 			return;
2062 		EMPTY_SWITCH_DEFAULT_CASE()
2063 	}
2064 }
2065 /* }}} */
2066 
zend_make_var_result(znode * result,zend_op * opline)2067 static inline void zend_make_var_result(znode *result, zend_op *opline) /* {{{ */
2068 {
2069 	opline->result_type = IS_VAR;
2070 	opline->result.var = get_temporary_variable();
2071 	GET_NODE(result, opline->result);
2072 }
2073 /* }}} */
2074 
zend_make_tmp_result(znode * result,zend_op * opline)2075 static inline void zend_make_tmp_result(znode *result, zend_op *opline) /* {{{ */
2076 {
2077 	opline->result_type = IS_TMP_VAR;
2078 	opline->result.var = get_temporary_variable();
2079 	GET_NODE(result, opline->result);
2080 }
2081 /* }}} */
2082 
zend_emit_op(znode * result,zend_uchar opcode,znode * op1,znode * op2)2083 static zend_op *zend_emit_op(znode *result, zend_uchar opcode, znode *op1, znode *op2) /* {{{ */
2084 {
2085 	zend_op *opline = get_next_op();
2086 	opline->opcode = opcode;
2087 
2088 	if (op1 != NULL) {
2089 		SET_NODE(opline->op1, op1);
2090 	}
2091 
2092 	if (op2 != NULL) {
2093 		SET_NODE(opline->op2, op2);
2094 	}
2095 
2096 	if (result) {
2097 		zend_make_var_result(result, opline);
2098 	}
2099 	return opline;
2100 }
2101 /* }}} */
2102 
zend_emit_op_tmp(znode * result,zend_uchar opcode,znode * op1,znode * op2)2103 static zend_op *zend_emit_op_tmp(znode *result, zend_uchar opcode, znode *op1, znode *op2) /* {{{ */
2104 {
2105 	zend_op *opline = get_next_op();
2106 	opline->opcode = opcode;
2107 
2108 	if (op1 != NULL) {
2109 		SET_NODE(opline->op1, op1);
2110 	}
2111 
2112 	if (op2 != NULL) {
2113 		SET_NODE(opline->op2, op2);
2114 	}
2115 
2116 	if (result) {
2117 		zend_make_tmp_result(result, opline);
2118 	}
2119 
2120 	return opline;
2121 }
2122 /* }}} */
2123 
zend_emit_tick(void)2124 static void zend_emit_tick(void) /* {{{ */
2125 {
2126 	zend_op *opline;
2127 
2128 	/* This prevents a double TICK generated by the parser statement of "declare()" */
2129 	if (CG(active_op_array)->last && CG(active_op_array)->opcodes[CG(active_op_array)->last - 1].opcode == ZEND_TICKS) {
2130 		return;
2131 	}
2132 
2133 	opline = get_next_op();
2134 
2135 	opline->opcode = ZEND_TICKS;
2136 	opline->extended_value = FC(declarables).ticks;
2137 }
2138 /* }}} */
2139 
zend_emit_op_data(znode * value)2140 static inline zend_op *zend_emit_op_data(znode *value) /* {{{ */
2141 {
2142 	return zend_emit_op(NULL, ZEND_OP_DATA, value, NULL);
2143 }
2144 /* }}} */
2145 
zend_emit_jump(uint32_t opnum_target)2146 static inline uint32_t zend_emit_jump(uint32_t opnum_target) /* {{{ */
2147 {
2148 	uint32_t opnum = get_next_op_number();
2149 	zend_op *opline = zend_emit_op(NULL, ZEND_JMP, NULL, NULL);
2150 	opline->op1.opline_num = opnum_target;
2151 	return opnum;
2152 }
2153 /* }}} */
2154 
zend_is_smart_branch(const zend_op * opline)2155 ZEND_API bool zend_is_smart_branch(const zend_op *opline) /* {{{ */
2156 {
2157 	switch (opline->opcode) {
2158 		case ZEND_IS_IDENTICAL:
2159 		case ZEND_IS_NOT_IDENTICAL:
2160 		case ZEND_IS_EQUAL:
2161 		case ZEND_IS_NOT_EQUAL:
2162 		case ZEND_IS_SMALLER:
2163 		case ZEND_IS_SMALLER_OR_EQUAL:
2164 		case ZEND_CASE:
2165 		case ZEND_CASE_STRICT:
2166 		case ZEND_ISSET_ISEMPTY_CV:
2167 		case ZEND_ISSET_ISEMPTY_VAR:
2168 		case ZEND_ISSET_ISEMPTY_DIM_OBJ:
2169 		case ZEND_ISSET_ISEMPTY_PROP_OBJ:
2170 		case ZEND_ISSET_ISEMPTY_STATIC_PROP:
2171 		case ZEND_INSTANCEOF:
2172 		case ZEND_TYPE_CHECK:
2173 		case ZEND_DEFINED:
2174 		case ZEND_IN_ARRAY:
2175 		case ZEND_ARRAY_KEY_EXISTS:
2176 			return 1;
2177 		default:
2178 			return 0;
2179 	}
2180 }
2181 /* }}} */
2182 
zend_emit_cond_jump(zend_uchar opcode,znode * cond,uint32_t opnum_target)2183 static inline uint32_t zend_emit_cond_jump(zend_uchar opcode, znode *cond, uint32_t opnum_target) /* {{{ */
2184 {
2185 	uint32_t opnum = get_next_op_number();
2186 	zend_op *opline;
2187 
2188 	if (cond->op_type == IS_TMP_VAR && opnum > 0) {
2189 		opline = CG(active_op_array)->opcodes + opnum - 1;
2190 		if (opline->result_type == IS_TMP_VAR
2191 		 && opline->result.var == cond->u.op.var
2192 		 && zend_is_smart_branch(opline)) {
2193 			if (opcode == ZEND_JMPZ) {
2194 				opline->result_type = IS_TMP_VAR | IS_SMART_BRANCH_JMPZ;
2195 			} else {
2196 				ZEND_ASSERT(opcode == ZEND_JMPNZ);
2197 				opline->result_type = IS_TMP_VAR | IS_SMART_BRANCH_JMPNZ;
2198 			}
2199 		}
2200 	}
2201 	opline = zend_emit_op(NULL, opcode, cond, NULL);
2202 	opline->op2.opline_num = opnum_target;
2203 	return opnum;
2204 }
2205 /* }}} */
2206 
zend_update_jump_target(uint32_t opnum_jump,uint32_t opnum_target)2207 static inline void zend_update_jump_target(uint32_t opnum_jump, uint32_t opnum_target) /* {{{ */
2208 {
2209 	zend_op *opline = &CG(active_op_array)->opcodes[opnum_jump];
2210 	switch (opline->opcode) {
2211 		case ZEND_JMP:
2212 			opline->op1.opline_num = opnum_target;
2213 			break;
2214 		case ZEND_JMPZ:
2215 		case ZEND_JMPNZ:
2216 		case ZEND_JMPZ_EX:
2217 		case ZEND_JMPNZ_EX:
2218 		case ZEND_JMP_SET:
2219 		case ZEND_COALESCE:
2220 		case ZEND_JMP_NULL:
2221 			opline->op2.opline_num = opnum_target;
2222 			break;
2223 		EMPTY_SWITCH_DEFAULT_CASE()
2224 	}
2225 }
2226 /* }}} */
2227 
zend_update_jump_target_to_next(uint32_t opnum_jump)2228 static inline void zend_update_jump_target_to_next(uint32_t opnum_jump) /* {{{ */
2229 {
2230 	zend_update_jump_target(opnum_jump, get_next_op_number());
2231 }
2232 /* }}} */
2233 
zend_delayed_emit_op(znode * result,zend_uchar opcode,znode * op1,znode * op2)2234 static inline zend_op *zend_delayed_emit_op(znode *result, zend_uchar opcode, znode *op1, znode *op2) /* {{{ */
2235 {
2236 	zend_op tmp_opline;
2237 
2238 	init_op(&tmp_opline);
2239 
2240 	tmp_opline.opcode = opcode;
2241 	if (op1 != NULL) {
2242 		SET_NODE(tmp_opline.op1, op1);
2243 	}
2244 	if (op2 != NULL) {
2245 		SET_NODE(tmp_opline.op2, op2);
2246 	}
2247 	if (result) {
2248 		zend_make_var_result(result, &tmp_opline);
2249 	}
2250 
2251 	zend_stack_push(&CG(delayed_oplines_stack), &tmp_opline);
2252 	return zend_stack_top(&CG(delayed_oplines_stack));
2253 }
2254 /* }}} */
2255 
zend_delayed_compile_begin(void)2256 static inline uint32_t zend_delayed_compile_begin(void) /* {{{ */
2257 {
2258 	return zend_stack_count(&CG(delayed_oplines_stack));
2259 }
2260 /* }}} */
2261 
zend_delayed_compile_end(uint32_t offset)2262 static zend_op *zend_delayed_compile_end(uint32_t offset) /* {{{ */
2263 {
2264 	zend_op *opline = NULL, *oplines = zend_stack_base(&CG(delayed_oplines_stack));
2265 	uint32_t i, count = zend_stack_count(&CG(delayed_oplines_stack));
2266 
2267 	ZEND_ASSERT(count >= offset);
2268 	for (i = offset; i < count; ++i) {
2269 		if (EXPECTED(oplines[i].opcode != ZEND_NOP)) {
2270 			opline = get_next_op();
2271 			memcpy(opline, &oplines[i], sizeof(zend_op));
2272 		} else {
2273 			opline = CG(active_op_array)->opcodes + oplines[i].extended_value;
2274 		}
2275 	}
2276 
2277 	CG(delayed_oplines_stack).top = offset;
2278 	return opline;
2279 }
2280 /* }}} */
2281 
zend_ast_kind_is_short_circuited(zend_ast_kind ast_kind)2282 static bool zend_ast_kind_is_short_circuited(zend_ast_kind ast_kind)
2283 {
2284 	switch (ast_kind) {
2285 		case ZEND_AST_DIM:
2286 		case ZEND_AST_PROP:
2287 		case ZEND_AST_NULLSAFE_PROP:
2288 		case ZEND_AST_STATIC_PROP:
2289 		case ZEND_AST_METHOD_CALL:
2290 		case ZEND_AST_NULLSAFE_METHOD_CALL:
2291 		case ZEND_AST_STATIC_CALL:
2292 			return 1;
2293 		default:
2294 			return 0;
2295 	}
2296 }
2297 
zend_ast_is_short_circuited(const zend_ast * ast)2298 static bool zend_ast_is_short_circuited(const zend_ast *ast)
2299 {
2300 	switch (ast->kind) {
2301 		case ZEND_AST_DIM:
2302 		case ZEND_AST_PROP:
2303 		case ZEND_AST_STATIC_PROP:
2304 		case ZEND_AST_METHOD_CALL:
2305 		case ZEND_AST_STATIC_CALL:
2306 			return zend_ast_is_short_circuited(ast->child[0]);
2307 		case ZEND_AST_NULLSAFE_PROP:
2308 		case ZEND_AST_NULLSAFE_METHOD_CALL:
2309 			return 1;
2310 		default:
2311 			return 0;
2312 	}
2313 }
2314 
zend_assert_not_short_circuited(const zend_ast * ast)2315 static void zend_assert_not_short_circuited(const zend_ast *ast)
2316 {
2317 	if (zend_ast_is_short_circuited(ast)) {
2318 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot take reference of a nullsafe chain");
2319 	}
2320 }
2321 
2322 /* Mark nodes that are an inner part of a short-circuiting chain.
2323  * We should not perform a "commit" on them, as it will be performed by the outer-most node.
2324  * We do this to avoid passing down an argument in various compile functions. */
2325 
2326 #define ZEND_SHORT_CIRCUITING_INNER 0x8000
2327 
zend_short_circuiting_mark_inner(zend_ast * ast)2328 static void zend_short_circuiting_mark_inner(zend_ast *ast) {
2329 	if (zend_ast_kind_is_short_circuited(ast->kind)) {
2330 		ast->attr |= ZEND_SHORT_CIRCUITING_INNER;
2331 	}
2332 }
2333 
zend_short_circuiting_checkpoint(void)2334 static uint32_t zend_short_circuiting_checkpoint(void)
2335 {
2336 	return zend_stack_count(&CG(short_circuiting_opnums));
2337 }
2338 
zend_short_circuiting_commit(uint32_t checkpoint,znode * result,zend_ast * ast)2339 static void zend_short_circuiting_commit(uint32_t checkpoint, znode *result, zend_ast *ast)
2340 {
2341 	bool is_short_circuited = zend_ast_kind_is_short_circuited(ast->kind)
2342 		|| ast->kind == ZEND_AST_ISSET || ast->kind == ZEND_AST_EMPTY;
2343 	if (!is_short_circuited) {
2344 		ZEND_ASSERT(zend_stack_count(&CG(short_circuiting_opnums)) == checkpoint
2345 			&& "Short circuiting stack should be empty");
2346 		return;
2347 	}
2348 
2349 	if (ast->attr & ZEND_SHORT_CIRCUITING_INNER) {
2350 		/* Outer-most node will commit. */
2351 		return;
2352 	}
2353 
2354 	while (zend_stack_count(&CG(short_circuiting_opnums)) != checkpoint) {
2355 		uint32_t opnum = *(uint32_t *) zend_stack_top(&CG(short_circuiting_opnums));
2356 		zend_op *opline = &CG(active_op_array)->opcodes[opnum];
2357 		opline->op2.opline_num = get_next_op_number();
2358 		SET_NODE(opline->result, result);
2359 		opline->extended_value |=
2360 			ast->kind == ZEND_AST_ISSET ? ZEND_SHORT_CIRCUITING_CHAIN_ISSET :
2361 			ast->kind == ZEND_AST_EMPTY ? ZEND_SHORT_CIRCUITING_CHAIN_EMPTY :
2362 			                              ZEND_SHORT_CIRCUITING_CHAIN_EXPR;
2363 		zend_stack_del_top(&CG(short_circuiting_opnums));
2364 	}
2365 }
2366 
zend_emit_jmp_null(znode * obj_node,uint32_t bp_type)2367 static void zend_emit_jmp_null(znode *obj_node, uint32_t bp_type)
2368 {
2369 	uint32_t jmp_null_opnum = get_next_op_number();
2370 	zend_op *opline = zend_emit_op(NULL, ZEND_JMP_NULL, obj_node, NULL);
2371 	if (opline->op1_type == IS_CONST) {
2372 		Z_TRY_ADDREF_P(CT_CONSTANT(opline->op1));
2373 	}
2374 	if (bp_type == BP_VAR_IS) {
2375 		opline->extended_value |= ZEND_JMP_NULL_BP_VAR_IS;
2376 	}
2377 	zend_stack_push(&CG(short_circuiting_opnums), &jmp_null_opnum);
2378 }
2379 
2380 #define ZEND_MEMOIZE_NONE 0
2381 #define ZEND_MEMOIZE_COMPILE 1
2382 #define ZEND_MEMOIZE_FETCH 2
2383 
zend_compile_memoized_expr(znode * result,zend_ast * expr)2384 static void zend_compile_memoized_expr(znode *result, zend_ast *expr) /* {{{ */
2385 {
2386 	int memoize_mode = CG(memoize_mode);
2387 	if (memoize_mode == ZEND_MEMOIZE_COMPILE) {
2388 		znode memoized_result;
2389 
2390 		/* Go through normal compilation */
2391 		CG(memoize_mode) = ZEND_MEMOIZE_NONE;
2392 		zend_compile_expr(result, expr);
2393 		CG(memoize_mode) = ZEND_MEMOIZE_COMPILE;
2394 
2395 		if (result->op_type == IS_VAR) {
2396 			zend_emit_op(&memoized_result, ZEND_COPY_TMP, result, NULL);
2397 		} else if (result->op_type == IS_TMP_VAR) {
2398 			zend_emit_op_tmp(&memoized_result, ZEND_COPY_TMP, result, NULL);
2399 		} else {
2400 			if (result->op_type == IS_CONST) {
2401 				Z_TRY_ADDREF(result->u.constant);
2402 			}
2403 			memoized_result = *result;
2404 		}
2405 
2406 		zend_hash_index_update_mem(
2407 			CG(memoized_exprs), (uintptr_t) expr, &memoized_result, sizeof(znode));
2408 	} else if (memoize_mode == ZEND_MEMOIZE_FETCH) {
2409 		znode *memoized_result = zend_hash_index_find_ptr(CG(memoized_exprs), (uintptr_t) expr);
2410 		*result = *memoized_result;
2411 		if (result->op_type == IS_CONST) {
2412 			Z_TRY_ADDREF(result->u.constant);
2413 		}
2414 	} else {
2415 		ZEND_UNREACHABLE();
2416 	}
2417 }
2418 /* }}} */
2419 
2420 /* Remember to update type_num_classes() in compact_literals.c when changing this function */
zend_type_get_num_classes(zend_type type)2421 static size_t zend_type_get_num_classes(zend_type type) {
2422 	if (!ZEND_TYPE_IS_COMPLEX(type)) {
2423 		return 0;
2424 	}
2425 	if (ZEND_TYPE_HAS_LIST(type)) {
2426 		/* Intersection types cannot have nested list types */
2427 		if (ZEND_TYPE_IS_INTERSECTION(type)) {
2428 			return ZEND_TYPE_LIST(type)->num_types;
2429 		}
2430 		ZEND_ASSERT(ZEND_TYPE_IS_UNION(type));
2431 		size_t count = 0;
2432 		zend_type *list_type;
2433 
2434 		ZEND_TYPE_LIST_FOREACH(ZEND_TYPE_LIST(type), list_type) {
2435 			if (ZEND_TYPE_IS_INTERSECTION(*list_type)) {
2436 				count += ZEND_TYPE_LIST(*list_type)->num_types;
2437 			} else {
2438 				ZEND_ASSERT(!ZEND_TYPE_HAS_LIST(*list_type));
2439 				count += 1;
2440 			}
2441 		} ZEND_TYPE_LIST_FOREACH_END();
2442 		return count;
2443 	}
2444 	return 1;
2445 }
2446 
zend_emit_return_type_check(znode * expr,zend_arg_info * return_info,bool implicit)2447 static void zend_emit_return_type_check(
2448 		znode *expr, zend_arg_info *return_info, bool implicit) /* {{{ */
2449 {
2450 	zend_type type = return_info->type;
2451 	if (ZEND_TYPE_IS_SET(type)) {
2452 		zend_op *opline;
2453 
2454 		/* `return ...;` is illegal in a void function (but `return;` isn't) */
2455 		if (ZEND_TYPE_CONTAINS_CODE(type, IS_VOID)) {
2456 			if (expr) {
2457 				if (expr->op_type == IS_CONST && Z_TYPE(expr->u.constant) == IS_NULL) {
2458 					zend_error_noreturn(E_COMPILE_ERROR,
2459 						"A void function must not return a value "
2460 						"(did you mean \"return;\" instead of \"return null;\"?)");
2461 				} else {
2462 					zend_error_noreturn(E_COMPILE_ERROR, "A void function must not return a value");
2463 				}
2464 			}
2465 			/* we don't need run-time check */
2466 			return;
2467 		}
2468 
2469 		/* `return` is illegal in a never-returning function */
2470 		if (ZEND_TYPE_CONTAINS_CODE(type, IS_NEVER)) {
2471 			/* Implicit case handled separately using VERIFY_NEVER_TYPE opcode. */
2472 			ZEND_ASSERT(!implicit);
2473 			zend_error_noreturn(E_COMPILE_ERROR, "A never-returning function must not return");
2474 			return;
2475 		}
2476 
2477 		if (!expr && !implicit) {
2478 			if (ZEND_TYPE_ALLOW_NULL(type)) {
2479 				zend_error_noreturn(E_COMPILE_ERROR,
2480 					"A function with return type must return a value "
2481 					"(did you mean \"return null;\" instead of \"return;\"?)");
2482 			} else {
2483 				zend_error_noreturn(E_COMPILE_ERROR,
2484 					"A function with return type must return a value");
2485 			}
2486 		}
2487 
2488 		if (expr && ZEND_TYPE_PURE_MASK(type) == MAY_BE_ANY) {
2489 			/* we don't need run-time check for mixed return type */
2490 			return;
2491 		}
2492 
2493 		if (expr && expr->op_type == IS_CONST && ZEND_TYPE_CONTAINS_CODE(type, Z_TYPE(expr->u.constant))) {
2494 			/* we don't need run-time check */
2495 			return;
2496 		}
2497 
2498 		opline = zend_emit_op(NULL, ZEND_VERIFY_RETURN_TYPE, expr, NULL);
2499 		if (expr && expr->op_type == IS_CONST) {
2500 			opline->result_type = expr->op_type = IS_TMP_VAR;
2501 			opline->result.var = expr->u.op.var = get_temporary_variable();
2502 		}
2503 
2504 		opline->op2.num = zend_alloc_cache_slots(zend_type_get_num_classes(return_info->type));
2505 	}
2506 }
2507 /* }}} */
2508 
zend_emit_final_return(bool return_one)2509 void zend_emit_final_return(bool return_one) /* {{{ */
2510 {
2511 	znode zn;
2512 	zend_op *ret;
2513 	bool returns_reference = (CG(active_op_array)->fn_flags & ZEND_ACC_RETURN_REFERENCE) != 0;
2514 
2515 	if ((CG(active_op_array)->fn_flags & ZEND_ACC_HAS_RETURN_TYPE)
2516 			&& !(CG(active_op_array)->fn_flags & ZEND_ACC_GENERATOR)) {
2517 		zend_arg_info *return_info = CG(active_op_array)->arg_info - 1;
2518 
2519 		if (ZEND_TYPE_CONTAINS_CODE(return_info->type, IS_NEVER)) {
2520 			zend_emit_op(NULL, ZEND_VERIFY_NEVER_TYPE, NULL, NULL);
2521 			return;
2522 		}
2523 
2524 		zend_emit_return_type_check(NULL, return_info, 1);
2525 	}
2526 
2527 	zn.op_type = IS_CONST;
2528 	if (return_one) {
2529 		ZVAL_LONG(&zn.u.constant, 1);
2530 	} else {
2531 		ZVAL_NULL(&zn.u.constant);
2532 	}
2533 
2534 	ret = zend_emit_op(NULL, returns_reference ? ZEND_RETURN_BY_REF : ZEND_RETURN, &zn, NULL);
2535 	ret->extended_value = -1;
2536 }
2537 /* }}} */
2538 
zend_is_variable(zend_ast * ast)2539 static inline bool zend_is_variable(zend_ast *ast) /* {{{ */
2540 {
2541 	return ast->kind == ZEND_AST_VAR
2542 		|| ast->kind == ZEND_AST_DIM
2543 		|| ast->kind == ZEND_AST_PROP
2544 		|| ast->kind == ZEND_AST_NULLSAFE_PROP
2545 		|| ast->kind == ZEND_AST_STATIC_PROP;
2546 }
2547 /* }}} */
2548 
zend_is_call(zend_ast * ast)2549 static inline bool zend_is_call(zend_ast *ast) /* {{{ */
2550 {
2551 	return ast->kind == ZEND_AST_CALL
2552 		|| ast->kind == ZEND_AST_METHOD_CALL
2553 		|| ast->kind == ZEND_AST_NULLSAFE_METHOD_CALL
2554 		|| ast->kind == ZEND_AST_STATIC_CALL;
2555 }
2556 /* }}} */
2557 
zend_is_variable_or_call(zend_ast * ast)2558 static inline bool zend_is_variable_or_call(zend_ast *ast) /* {{{ */
2559 {
2560 	return zend_is_variable(ast) || zend_is_call(ast);
2561 }
2562 /* }}} */
2563 
zend_is_unticked_stmt(zend_ast * ast)2564 static inline bool zend_is_unticked_stmt(zend_ast *ast) /* {{{ */
2565 {
2566 	return ast->kind == ZEND_AST_STMT_LIST || ast->kind == ZEND_AST_LABEL
2567 		|| ast->kind == ZEND_AST_PROP_DECL || ast->kind == ZEND_AST_CLASS_CONST_GROUP
2568 		|| ast->kind == ZEND_AST_USE_TRAIT || ast->kind == ZEND_AST_METHOD;
2569 }
2570 /* }}} */
2571 
zend_can_write_to_variable(zend_ast * ast)2572 static inline bool zend_can_write_to_variable(zend_ast *ast) /* {{{ */
2573 {
2574 	while (
2575 		ast->kind == ZEND_AST_DIM
2576 		|| ast->kind == ZEND_AST_PROP
2577 	) {
2578 		ast = ast->child[0];
2579 	}
2580 
2581 	return zend_is_variable_or_call(ast) && !zend_ast_is_short_circuited(ast);
2582 }
2583 /* }}} */
2584 
zend_is_const_default_class_ref(zend_ast * name_ast)2585 static inline bool zend_is_const_default_class_ref(zend_ast *name_ast) /* {{{ */
2586 {
2587 	if (name_ast->kind != ZEND_AST_ZVAL) {
2588 		return 0;
2589 	}
2590 
2591 	return ZEND_FETCH_CLASS_DEFAULT == zend_get_class_fetch_type_ast(name_ast);
2592 }
2593 /* }}} */
2594 
zend_handle_numeric_op(znode * node)2595 static inline void zend_handle_numeric_op(znode *node) /* {{{ */
2596 {
2597 	if (node->op_type == IS_CONST && Z_TYPE(node->u.constant) == IS_STRING) {
2598 		zend_ulong index;
2599 
2600 		if (ZEND_HANDLE_NUMERIC(Z_STR(node->u.constant), index)) {
2601 			zval_ptr_dtor(&node->u.constant);
2602 			ZVAL_LONG(&node->u.constant, index);
2603 		}
2604 	}
2605 }
2606 /* }}} */
2607 
zend_handle_numeric_dim(zend_op * opline,znode * dim_node)2608 static inline void zend_handle_numeric_dim(zend_op *opline, znode *dim_node) /* {{{ */
2609 {
2610 	if (Z_TYPE(dim_node->u.constant) == IS_STRING) {
2611 		zend_ulong index;
2612 
2613 		if (ZEND_HANDLE_NUMERIC(Z_STR(dim_node->u.constant), index)) {
2614 			/* For numeric indexes we also keep the original value to use by ArrayAccess
2615 			 * See bug #63217
2616 			 */
2617 			int c = zend_add_literal(&dim_node->u.constant);
2618 			ZEND_ASSERT(opline->op2.constant + 1 == c);
2619 			ZVAL_LONG(CT_CONSTANT(opline->op2), index);
2620 			Z_EXTRA_P(CT_CONSTANT(opline->op2)) = ZEND_EXTRA_VALUE;
2621 			return;
2622 		}
2623 	}
2624 }
2625 /* }}} */
2626 
zend_set_class_name_op1(zend_op * opline,znode * class_node)2627 static inline void zend_set_class_name_op1(zend_op *opline, znode *class_node) /* {{{ */
2628 {
2629 	if (class_node->op_type == IS_CONST) {
2630 		opline->op1_type = IS_CONST;
2631 		opline->op1.constant = zend_add_class_name_literal(
2632 			Z_STR(class_node->u.constant));
2633 	} else {
2634 		SET_NODE(opline->op1, class_node);
2635 	}
2636 }
2637 /* }}} */
2638 
zend_compile_class_ref(znode * result,zend_ast * name_ast,uint32_t fetch_flags)2639 static void zend_compile_class_ref(znode *result, zend_ast *name_ast, uint32_t fetch_flags) /* {{{ */
2640 {
2641 	uint32_t fetch_type;
2642 
2643 	if (name_ast->kind != ZEND_AST_ZVAL) {
2644 		znode name_node;
2645 
2646 		zend_compile_expr(&name_node, name_ast);
2647 
2648 		if (name_node.op_type == IS_CONST) {
2649 			zend_string *name;
2650 
2651 			if (Z_TYPE(name_node.u.constant) != IS_STRING) {
2652 				zend_error_noreturn(E_COMPILE_ERROR, "Illegal class name");
2653 			}
2654 
2655 			name = Z_STR(name_node.u.constant);
2656 			fetch_type = zend_get_class_fetch_type(name);
2657 
2658 			if (fetch_type == ZEND_FETCH_CLASS_DEFAULT) {
2659 				result->op_type = IS_CONST;
2660 				ZVAL_STR(&result->u.constant, zend_resolve_class_name(name, ZEND_NAME_FQ));
2661 			} else {
2662 				zend_ensure_valid_class_fetch_type(fetch_type);
2663 				result->op_type = IS_UNUSED;
2664 				result->u.op.num = fetch_type | fetch_flags;
2665 			}
2666 
2667 			zend_string_release_ex(name, 0);
2668 		} else {
2669 			zend_op *opline = zend_emit_op(result, ZEND_FETCH_CLASS, NULL, &name_node);
2670 			opline->op1.num = ZEND_FETCH_CLASS_DEFAULT | fetch_flags;
2671 		}
2672 		return;
2673 	}
2674 
2675 	/* Fully qualified names are always default refs */
2676 	if (name_ast->attr == ZEND_NAME_FQ) {
2677 		result->op_type = IS_CONST;
2678 		ZVAL_STR(&result->u.constant, zend_resolve_class_name_ast(name_ast));
2679 		return;
2680 	}
2681 
2682 	fetch_type = zend_get_class_fetch_type(zend_ast_get_str(name_ast));
2683 	if (ZEND_FETCH_CLASS_DEFAULT == fetch_type) {
2684 		result->op_type = IS_CONST;
2685 		ZVAL_STR(&result->u.constant, zend_resolve_class_name_ast(name_ast));
2686 	} else {
2687 		zend_ensure_valid_class_fetch_type(fetch_type);
2688 		result->op_type = IS_UNUSED;
2689 		result->u.op.num = fetch_type | fetch_flags;
2690 	}
2691 }
2692 /* }}} */
2693 
zend_try_compile_cv(znode * result,zend_ast * ast)2694 static zend_result zend_try_compile_cv(znode *result, zend_ast *ast) /* {{{ */
2695 {
2696 	zend_ast *name_ast = ast->child[0];
2697 	if (name_ast->kind == ZEND_AST_ZVAL) {
2698 		zval *zv = zend_ast_get_zval(name_ast);
2699 		zend_string *name;
2700 
2701 		if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
2702 			name = zval_make_interned_string(zv);
2703 		} else {
2704 			name = zend_new_interned_string(zval_get_string_func(zv));
2705 		}
2706 
2707 		if (zend_is_auto_global(name)) {
2708 			return FAILURE;
2709 		}
2710 
2711 		result->op_type = IS_CV;
2712 		result->u.op.var = lookup_cv(name);
2713 
2714 		if (UNEXPECTED(Z_TYPE_P(zv) != IS_STRING)) {
2715 			zend_string_release_ex(name, 0);
2716 		}
2717 
2718 		return SUCCESS;
2719 	}
2720 
2721 	return FAILURE;
2722 }
2723 /* }}} */
2724 
zend_compile_simple_var_no_cv(znode * result,zend_ast * ast,uint32_t type,bool delayed)2725 static zend_op *zend_compile_simple_var_no_cv(znode *result, zend_ast *ast, uint32_t type, bool delayed) /* {{{ */
2726 {
2727 	zend_ast *name_ast = ast->child[0];
2728 	znode name_node;
2729 	zend_op *opline;
2730 
2731 	zend_compile_expr(&name_node, name_ast);
2732 	if (name_node.op_type == IS_CONST) {
2733 		convert_to_string(&name_node.u.constant);
2734 	}
2735 
2736 	if (delayed) {
2737 		opline = zend_delayed_emit_op(result, ZEND_FETCH_R, &name_node, NULL);
2738 	} else {
2739 		opline = zend_emit_op(result, ZEND_FETCH_R, &name_node, NULL);
2740 	}
2741 
2742 	if (name_node.op_type == IS_CONST &&
2743 	    zend_is_auto_global(Z_STR(name_node.u.constant))) {
2744 
2745 		opline->extended_value = ZEND_FETCH_GLOBAL;
2746 	} else {
2747 		opline->extended_value = ZEND_FETCH_LOCAL;
2748 	}
2749 
2750 	zend_adjust_for_fetch_type(opline, result, type);
2751 	return opline;
2752 }
2753 /* }}} */
2754 
is_this_fetch(zend_ast * ast)2755 static bool is_this_fetch(zend_ast *ast) /* {{{ */
2756 {
2757 	if (ast->kind == ZEND_AST_VAR && ast->child[0]->kind == ZEND_AST_ZVAL) {
2758 		zval *name = zend_ast_get_zval(ast->child[0]);
2759 		return Z_TYPE_P(name) == IS_STRING && zend_string_equals_literal(Z_STR_P(name), "this");
2760 	}
2761 
2762 	return 0;
2763 }
2764 /* }}} */
2765 
is_globals_fetch(const zend_ast * ast)2766 static bool is_globals_fetch(const zend_ast *ast)
2767 {
2768 	if (ast->kind == ZEND_AST_VAR && ast->child[0]->kind == ZEND_AST_ZVAL) {
2769 		zval *name = zend_ast_get_zval(ast->child[0]);
2770 		return Z_TYPE_P(name) == IS_STRING && zend_string_equals_literal(Z_STR_P(name), "GLOBALS");
2771 	}
2772 
2773 	return 0;
2774 }
2775 
is_global_var_fetch(zend_ast * ast)2776 static bool is_global_var_fetch(zend_ast *ast)
2777 {
2778 	return ast->kind == ZEND_AST_DIM && is_globals_fetch(ast->child[0]);
2779 }
2780 
this_guaranteed_exists(void)2781 static bool this_guaranteed_exists(void) /* {{{ */
2782 {
2783 	zend_op_array *op_array = CG(active_op_array);
2784 	/* Instance methods always have a $this.
2785 	 * This also includes closures that have a scope and use $this. */
2786 	return op_array->scope != NULL
2787 		&& (op_array->fn_flags & ZEND_ACC_STATIC) == 0;
2788 }
2789 /* }}} */
2790 
zend_compile_simple_var(znode * result,zend_ast * ast,uint32_t type,bool delayed)2791 static zend_op *zend_compile_simple_var(znode *result, zend_ast *ast, uint32_t type, bool delayed) /* {{{ */
2792 {
2793 	if (is_this_fetch(ast)) {
2794 		zend_op *opline = zend_emit_op(result, ZEND_FETCH_THIS, NULL, NULL);
2795 		if ((type == BP_VAR_R) || (type == BP_VAR_IS)) {
2796 			opline->result_type = IS_TMP_VAR;
2797 			result->op_type = IS_TMP_VAR;
2798 		}
2799 		CG(active_op_array)->fn_flags |= ZEND_ACC_USES_THIS;
2800 		return opline;
2801 	} else if (is_globals_fetch(ast)) {
2802 		zend_op *opline = zend_emit_op(result, ZEND_FETCH_GLOBALS, NULL, NULL);
2803 		if (type == BP_VAR_R || type == BP_VAR_IS) {
2804 			opline->result_type = IS_TMP_VAR;
2805 			result->op_type = IS_TMP_VAR;
2806 		}
2807 		return opline;
2808 	} else if (zend_try_compile_cv(result, ast) == FAILURE) {
2809 		return zend_compile_simple_var_no_cv(result, ast, type, delayed);
2810 	}
2811 	return NULL;
2812 }
2813 /* }}} */
2814 
zend_separate_if_call_and_write(znode * node,zend_ast * ast,uint32_t type)2815 static void zend_separate_if_call_and_write(znode *node, zend_ast *ast, uint32_t type) /* {{{ */
2816 {
2817 	if (type != BP_VAR_R
2818 	 && type != BP_VAR_IS
2819 	 /* Whether a FUNC_ARG is R may only be determined at runtime. */
2820 	 && type != BP_VAR_FUNC_ARG
2821 	 && zend_is_call(ast)) {
2822 		if (node->op_type == IS_VAR) {
2823 			zend_op *opline = zend_emit_op(NULL, ZEND_SEPARATE, node, NULL);
2824 			opline->result_type = IS_VAR;
2825 			opline->result.var = opline->op1.var;
2826 		} else {
2827 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use result of built-in function in write context");
2828 		}
2829 	}
2830 }
2831 /* }}} */
2832 
zend_emit_assign_znode(zend_ast * var_ast,znode * value_node)2833 static inline void zend_emit_assign_znode(zend_ast *var_ast, znode *value_node) /* {{{ */
2834 {
2835 	znode dummy_node;
2836 	zend_ast *assign_ast = zend_ast_create(ZEND_AST_ASSIGN, var_ast,
2837 		zend_ast_create_znode(value_node));
2838 	zend_compile_expr(&dummy_node, assign_ast);
2839 	zend_do_free(&dummy_node);
2840 }
2841 /* }}} */
2842 
zend_delayed_compile_dim(znode * result,zend_ast * ast,uint32_t type,bool by_ref)2843 static zend_op *zend_delayed_compile_dim(znode *result, zend_ast *ast, uint32_t type, bool by_ref)
2844 {
2845 	if (ast->attr == ZEND_DIM_ALTERNATIVE_SYNTAX) {
2846 		zend_error(E_COMPILE_ERROR, "Array and string offset access syntax with curly braces is no longer supported");
2847 	}
2848 	zend_ast *var_ast = ast->child[0];
2849 	zend_ast *dim_ast = ast->child[1];
2850 	zend_op *opline;
2851 
2852 	znode var_node, dim_node;
2853 
2854 	if (is_globals_fetch(var_ast)) {
2855 		if (dim_ast == NULL) {
2856 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot append to $GLOBALS");
2857 		}
2858 
2859 		zend_compile_expr(&dim_node, dim_ast);
2860 		if (dim_node.op_type == IS_CONST) {
2861 			convert_to_string(&dim_node.u.constant);
2862 		}
2863 
2864 		opline = zend_delayed_emit_op(result, ZEND_FETCH_R, &dim_node, NULL);
2865 		opline->extended_value = ZEND_FETCH_GLOBAL;
2866 		zend_adjust_for_fetch_type(opline, result, type);
2867 		return opline;
2868 	} else {
2869 		zend_short_circuiting_mark_inner(var_ast);
2870 		opline = zend_delayed_compile_var(&var_node, var_ast, type, 0);
2871 		if (opline) {
2872 			if (type == BP_VAR_W && (opline->opcode == ZEND_FETCH_STATIC_PROP_W || opline->opcode == ZEND_FETCH_OBJ_W)) {
2873 				opline->extended_value |= ZEND_FETCH_DIM_WRITE;
2874 			} else if (opline->opcode == ZEND_FETCH_DIM_W
2875 					|| opline->opcode == ZEND_FETCH_DIM_RW
2876 					|| opline->opcode == ZEND_FETCH_DIM_FUNC_ARG
2877 					|| opline->opcode == ZEND_FETCH_DIM_UNSET) {
2878 				opline->extended_value = ZEND_FETCH_DIM_DIM;
2879 			}
2880 		}
2881 	}
2882 
2883 	zend_separate_if_call_and_write(&var_node, var_ast, type);
2884 
2885 	if (dim_ast == NULL) {
2886 		if (type == BP_VAR_R || type == BP_VAR_IS) {
2887 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for reading");
2888 		}
2889 		if (type == BP_VAR_UNSET) {
2890 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for unsetting");
2891 		}
2892 		dim_node.op_type = IS_UNUSED;
2893 	} else {
2894 		zend_compile_expr(&dim_node, dim_ast);
2895 	}
2896 
2897 	opline = zend_delayed_emit_op(result, ZEND_FETCH_DIM_R, &var_node, &dim_node);
2898 	zend_adjust_for_fetch_type(opline, result, type);
2899 	if (by_ref) {
2900 		opline->extended_value = ZEND_FETCH_DIM_REF;
2901 	}
2902 
2903 	if (dim_node.op_type == IS_CONST) {
2904 		zend_handle_numeric_dim(opline, &dim_node);
2905 	}
2906 	return opline;
2907 }
2908 
zend_compile_dim(znode * result,zend_ast * ast,uint32_t type,bool by_ref)2909 static zend_op *zend_compile_dim(znode *result, zend_ast *ast, uint32_t type, bool by_ref) /* {{{ */
2910 {
2911 	uint32_t offset = zend_delayed_compile_begin();
2912 	zend_delayed_compile_dim(result, ast, type, by_ref);
2913 	return zend_delayed_compile_end(offset);
2914 }
2915 /* }}} */
2916 
zend_delayed_compile_prop(znode * result,zend_ast * ast,uint32_t type)2917 static zend_op *zend_delayed_compile_prop(znode *result, zend_ast *ast, uint32_t type) /* {{{ */
2918 {
2919 	zend_ast *obj_ast = ast->child[0];
2920 	zend_ast *prop_ast = ast->child[1];
2921 
2922 	znode obj_node, prop_node;
2923 	zend_op *opline;
2924 	bool nullsafe = ast->kind == ZEND_AST_NULLSAFE_PROP;
2925 
2926 	if (is_this_fetch(obj_ast)) {
2927 		if (this_guaranteed_exists()) {
2928 			obj_node.op_type = IS_UNUSED;
2929 		} else {
2930 			zend_emit_op(&obj_node, ZEND_FETCH_THIS, NULL, NULL);
2931 		}
2932 		CG(active_op_array)->fn_flags |= ZEND_ACC_USES_THIS;
2933 
2934 		/* We will throw if $this doesn't exist, so there's no need to emit a JMP_NULL
2935 		 * check for a nullsafe access. */
2936 	} else {
2937 		zend_short_circuiting_mark_inner(obj_ast);
2938 		opline = zend_delayed_compile_var(&obj_node, obj_ast, type, 0);
2939 		if (opline && (opline->opcode == ZEND_FETCH_DIM_W
2940 				|| opline->opcode == ZEND_FETCH_DIM_RW
2941 				|| opline->opcode == ZEND_FETCH_DIM_FUNC_ARG
2942 				|| opline->opcode == ZEND_FETCH_DIM_UNSET)) {
2943 			opline->extended_value = ZEND_FETCH_DIM_OBJ;
2944 		}
2945 
2946 		zend_separate_if_call_and_write(&obj_node, obj_ast, type);
2947 		if (nullsafe) {
2948 			if (obj_node.op_type == IS_TMP_VAR) {
2949 				/* Flush delayed oplines */
2950 				zend_op *opline = NULL, *oplines = zend_stack_base(&CG(delayed_oplines_stack));
2951 				uint32_t var = obj_node.u.op.var;
2952 				uint32_t count = zend_stack_count(&CG(delayed_oplines_stack));
2953 				uint32_t i = count;
2954 
2955 				while (i > 0 && oplines[i-1].result_type == IS_TMP_VAR && oplines[i-1].result.var == var) {
2956 					i--;
2957 					if (oplines[i].op1_type == IS_TMP_VAR) {
2958 						var = oplines[i].op1.var;
2959 					} else {
2960 						break;
2961 					}
2962 				}
2963 				for (; i < count; ++i) {
2964 					if (oplines[i].opcode != ZEND_NOP) {
2965 						opline = get_next_op();
2966 						memcpy(opline, &oplines[i], sizeof(zend_op));
2967 						oplines[i].opcode = ZEND_NOP;
2968 						oplines[i].extended_value = opline - CG(active_op_array)->opcodes;
2969 					}
2970 				}
2971 			}
2972 			zend_emit_jmp_null(&obj_node, type);
2973 		}
2974 	}
2975 
2976 	zend_compile_expr(&prop_node, prop_ast);
2977 
2978 	opline = zend_delayed_emit_op(result, ZEND_FETCH_OBJ_R, &obj_node, &prop_node);
2979 	if (opline->op2_type == IS_CONST) {
2980 		convert_to_string(CT_CONSTANT(opline->op2));
2981 		zend_string_hash_val(Z_STR_P(CT_CONSTANT(opline->op2)));
2982 		opline->extended_value = zend_alloc_cache_slots(3);
2983 	}
2984 
2985 	zend_adjust_for_fetch_type(opline, result, type);
2986 
2987 	return opline;
2988 }
2989 /* }}} */
2990 
zend_compile_prop(znode * result,zend_ast * ast,uint32_t type,bool by_ref)2991 static zend_op *zend_compile_prop(znode *result, zend_ast *ast, uint32_t type, bool by_ref) /* {{{ */
2992 {
2993 	uint32_t offset = zend_delayed_compile_begin();
2994 	zend_op *opline = zend_delayed_compile_prop(result, ast, type);
2995 	if (by_ref) { /* shared with cache_slot */
2996 		opline->extended_value |= ZEND_FETCH_REF;
2997 	}
2998 	return zend_delayed_compile_end(offset);
2999 }
3000 /* }}} */
3001 
zend_compile_static_prop(znode * result,zend_ast * ast,uint32_t type,bool by_ref,bool delayed)3002 static zend_op *zend_compile_static_prop(znode *result, zend_ast *ast, uint32_t type, bool by_ref, bool delayed) /* {{{ */
3003 {
3004 	zend_ast *class_ast = ast->child[0];
3005 	zend_ast *prop_ast = ast->child[1];
3006 
3007 	znode class_node, prop_node;
3008 	zend_op *opline;
3009 
3010 	zend_short_circuiting_mark_inner(class_ast);
3011 	zend_compile_class_ref(&class_node, class_ast, ZEND_FETCH_CLASS_EXCEPTION);
3012 
3013 	zend_compile_expr(&prop_node, prop_ast);
3014 
3015 	if (delayed) {
3016 		opline = zend_delayed_emit_op(result, ZEND_FETCH_STATIC_PROP_R, &prop_node, NULL);
3017 	} else {
3018 		opline = zend_emit_op(result, ZEND_FETCH_STATIC_PROP_R, &prop_node, NULL);
3019 	}
3020 	if (opline->op1_type == IS_CONST) {
3021 		convert_to_string(CT_CONSTANT(opline->op1));
3022 		opline->extended_value = zend_alloc_cache_slots(3);
3023 	}
3024 	if (class_node.op_type == IS_CONST) {
3025 		opline->op2_type = IS_CONST;
3026 		opline->op2.constant = zend_add_class_name_literal(
3027 			Z_STR(class_node.u.constant));
3028 		if (opline->op1_type != IS_CONST) {
3029 			opline->extended_value = zend_alloc_cache_slot();
3030 		}
3031 	} else {
3032 		SET_NODE(opline->op2, &class_node);
3033 	}
3034 
3035 	if (by_ref && (type == BP_VAR_W || type == BP_VAR_FUNC_ARG)) { /* shared with cache_slot */
3036 		opline->extended_value |= ZEND_FETCH_REF;
3037 	}
3038 
3039 	zend_adjust_for_fetch_type(opline, result, type);
3040 	return opline;
3041 }
3042 /* }}} */
3043 
zend_verify_list_assign_target(zend_ast * var_ast,zend_ast_attr array_style)3044 static void zend_verify_list_assign_target(zend_ast *var_ast, zend_ast_attr array_style) /* {{{ */ {
3045 	if (var_ast->kind == ZEND_AST_ARRAY) {
3046 		if (var_ast->attr == ZEND_ARRAY_SYNTAX_LONG) {
3047 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot assign to array(), use [] instead");
3048 		}
3049 		if (array_style != var_ast->attr) {
3050 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot mix [] and list()");
3051 		}
3052 	} else if (!zend_can_write_to_variable(var_ast)) {
3053 		zend_error_noreturn(E_COMPILE_ERROR, "Assignments can only happen to writable values");
3054 	}
3055 }
3056 /* }}} */
3057 
3058 static inline void zend_emit_assign_ref_znode(zend_ast *var_ast, znode *value_node);
3059 
3060 /* Propagate refs used on leaf elements to the surrounding list() structures. */
zend_propagate_list_refs(zend_ast * ast)3061 static bool zend_propagate_list_refs(zend_ast *ast) { /* {{{ */
3062 	zend_ast_list *list = zend_ast_get_list(ast);
3063 	bool has_refs = 0;
3064 	uint32_t i;
3065 
3066 	for (i = 0; i < list->children; ++i) {
3067 		zend_ast *elem_ast = list->child[i];
3068 
3069 		if (elem_ast) {
3070 			zend_ast *var_ast = elem_ast->child[0];
3071 			if (var_ast->kind == ZEND_AST_ARRAY) {
3072 				elem_ast->attr = zend_propagate_list_refs(var_ast);
3073 			}
3074 			has_refs |= elem_ast->attr;
3075 		}
3076 	}
3077 
3078 	return has_refs;
3079 }
3080 /* }}} */
3081 
list_is_keyed(zend_ast_list * list)3082 static bool list_is_keyed(zend_ast_list *list)
3083 {
3084 	for (uint32_t i = 0; i < list->children; i++) {
3085 		zend_ast *child = list->child[i];
3086 		if (child) {
3087 			return child->kind == ZEND_AST_ARRAY_ELEM && child->child[1] != NULL;
3088 		}
3089 	}
3090 	return false;
3091 }
3092 
zend_compile_list_assign(znode * result,zend_ast * ast,znode * expr_node,zend_ast_attr array_style)3093 static void zend_compile_list_assign(
3094 		znode *result, zend_ast *ast, znode *expr_node, zend_ast_attr array_style) /* {{{ */
3095 {
3096 	zend_ast_list *list = zend_ast_get_list(ast);
3097 	uint32_t i;
3098 	bool has_elems = 0;
3099 	bool is_keyed = list_is_keyed(list);
3100 
3101 	if (list->children && expr_node->op_type == IS_CONST && Z_TYPE(expr_node->u.constant) == IS_STRING) {
3102 		zval_make_interned_string(&expr_node->u.constant);
3103 	}
3104 
3105 	for (i = 0; i < list->children; ++i) {
3106 		zend_ast *elem_ast = list->child[i];
3107 		zend_ast *var_ast, *key_ast;
3108 		znode fetch_result, dim_node;
3109 		zend_op *opline;
3110 
3111 		if (elem_ast == NULL) {
3112 			if (is_keyed) {
3113 				zend_error(E_COMPILE_ERROR,
3114 					"Cannot use empty array entries in keyed array assignment");
3115 			} else {
3116 				continue;
3117 			}
3118 		}
3119 
3120 		if (elem_ast->kind == ZEND_AST_UNPACK) {
3121 			zend_error(E_COMPILE_ERROR,
3122 					"Spread operator is not supported in assignments");
3123 		}
3124 
3125 		var_ast = elem_ast->child[0];
3126 		key_ast = elem_ast->child[1];
3127 		has_elems = 1;
3128 
3129 		if (is_keyed) {
3130 			if (key_ast == NULL) {
3131 				zend_error(E_COMPILE_ERROR,
3132 					"Cannot mix keyed and unkeyed array entries in assignments");
3133 			}
3134 
3135 			zend_compile_expr(&dim_node, key_ast);
3136 		} else {
3137 			if (key_ast != NULL) {
3138 				zend_error(E_COMPILE_ERROR,
3139 					"Cannot mix keyed and unkeyed array entries in assignments");
3140 			}
3141 
3142 			dim_node.op_type = IS_CONST;
3143 			ZVAL_LONG(&dim_node.u.constant, i);
3144 		}
3145 
3146 		if (expr_node->op_type == IS_CONST) {
3147 			Z_TRY_ADDREF(expr_node->u.constant);
3148 		}
3149 
3150 		zend_verify_list_assign_target(var_ast, array_style);
3151 
3152 		opline = zend_emit_op(&fetch_result,
3153 			elem_ast->attr ? (expr_node->op_type == IS_CV ? ZEND_FETCH_DIM_W : ZEND_FETCH_LIST_W) : ZEND_FETCH_LIST_R, expr_node, &dim_node);
3154 
3155 		if (dim_node.op_type == IS_CONST) {
3156 			zend_handle_numeric_dim(opline, &dim_node);
3157 		}
3158 
3159 		if (elem_ast->attr) {
3160 			zend_emit_op(&fetch_result, ZEND_MAKE_REF, &fetch_result, NULL);
3161 		}
3162 		if (var_ast->kind == ZEND_AST_ARRAY) {
3163 			zend_compile_list_assign(NULL, var_ast, &fetch_result, var_ast->attr);
3164 		} else if (elem_ast->attr) {
3165 			zend_emit_assign_ref_znode(var_ast, &fetch_result);
3166 		} else {
3167 			zend_emit_assign_znode(var_ast, &fetch_result);
3168 		}
3169 	}
3170 
3171 	if (has_elems == 0) {
3172 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use empty list");
3173 	}
3174 
3175 	if (result) {
3176 		*result = *expr_node;
3177 	} else {
3178 		zend_do_free(expr_node);
3179 	}
3180 }
3181 /* }}} */
3182 
zend_ensure_writable_variable(const zend_ast * ast)3183 static void zend_ensure_writable_variable(const zend_ast *ast) /* {{{ */
3184 {
3185 	if (ast->kind == ZEND_AST_CALL) {
3186 		zend_error_noreturn(E_COMPILE_ERROR, "Can't use function return value in write context");
3187 	}
3188 	if (
3189 		ast->kind == ZEND_AST_METHOD_CALL
3190 		|| ast->kind == ZEND_AST_NULLSAFE_METHOD_CALL
3191 		|| ast->kind == ZEND_AST_STATIC_CALL
3192 	) {
3193 		zend_error_noreturn(E_COMPILE_ERROR, "Can't use method return value in write context");
3194 	}
3195 	if (zend_ast_is_short_circuited(ast)) {
3196 		zend_error_noreturn(E_COMPILE_ERROR, "Can't use nullsafe operator in write context");
3197 	}
3198 	if (is_globals_fetch(ast)) {
3199 		zend_error_noreturn(E_COMPILE_ERROR,
3200 			"$GLOBALS can only be modified using the $GLOBALS[$name] = $value syntax");
3201 	}
3202 }
3203 /* }}} */
3204 
3205 /* Detects $a... = $a pattern */
zend_is_assign_to_self(zend_ast * var_ast,zend_ast * expr_ast)3206 static bool zend_is_assign_to_self(zend_ast *var_ast, zend_ast *expr_ast) /* {{{ */
3207 {
3208 	if (expr_ast->kind != ZEND_AST_VAR || expr_ast->child[0]->kind != ZEND_AST_ZVAL) {
3209 		return 0;
3210 	}
3211 
3212 	while (zend_is_variable(var_ast) && var_ast->kind != ZEND_AST_VAR) {
3213 		var_ast = var_ast->child[0];
3214 	}
3215 
3216 	if (var_ast->kind != ZEND_AST_VAR || var_ast->child[0]->kind != ZEND_AST_ZVAL) {
3217 		return 0;
3218 	}
3219 
3220 	{
3221 		zend_string *name1 = zval_get_string(zend_ast_get_zval(var_ast->child[0]));
3222 		zend_string *name2 = zval_get_string(zend_ast_get_zval(expr_ast->child[0]));
3223 		bool result = zend_string_equals(name1, name2);
3224 		zend_string_release_ex(name1, 0);
3225 		zend_string_release_ex(name2, 0);
3226 		return result;
3227 	}
3228 }
3229 /* }}} */
3230 
zend_compile_expr_with_potential_assign_to_self(znode * expr_node,zend_ast * expr_ast,zend_ast * var_ast)3231 static void zend_compile_expr_with_potential_assign_to_self(
3232 		znode *expr_node, zend_ast *expr_ast, zend_ast *var_ast) {
3233 	if (zend_is_assign_to_self(var_ast, expr_ast) && !is_this_fetch(expr_ast)) {
3234 		/* $a[0] = $a should evaluate the right $a first */
3235 		znode cv_node;
3236 
3237 		if (zend_try_compile_cv(&cv_node, expr_ast) == FAILURE) {
3238 			zend_compile_simple_var_no_cv(expr_node, expr_ast, BP_VAR_R, 0);
3239 		} else {
3240 			zend_emit_op_tmp(expr_node, ZEND_QM_ASSIGN, &cv_node, NULL);
3241 		}
3242 	} else {
3243 		zend_compile_expr(expr_node, expr_ast);
3244 	}
3245 }
3246 
zend_compile_assign(znode * result,zend_ast * ast)3247 static void zend_compile_assign(znode *result, zend_ast *ast) /* {{{ */
3248 {
3249 	zend_ast *var_ast = ast->child[0];
3250 	zend_ast *expr_ast = ast->child[1];
3251 
3252 	znode var_node, expr_node;
3253 	zend_op *opline;
3254 	uint32_t offset;
3255 	if (is_this_fetch(var_ast)) {
3256 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot re-assign $this");
3257 	}
3258 
3259 	zend_ensure_writable_variable(var_ast);
3260 
3261 	/* Treat $GLOBALS['x'] assignment like assignment to variable. */
3262 	zend_ast_kind kind = is_global_var_fetch(var_ast) ? ZEND_AST_VAR : var_ast->kind;
3263 	switch (kind) {
3264 		case ZEND_AST_VAR:
3265 			offset = zend_delayed_compile_begin();
3266 			zend_delayed_compile_var(&var_node, var_ast, BP_VAR_W, 0);
3267 			zend_compile_expr(&expr_node, expr_ast);
3268 			zend_delayed_compile_end(offset);
3269 			CG(zend_lineno) = zend_ast_get_lineno(var_ast);
3270 			zend_emit_op_tmp(result, ZEND_ASSIGN, &var_node, &expr_node);
3271 			return;
3272 		case ZEND_AST_STATIC_PROP:
3273 			offset = zend_delayed_compile_begin();
3274 			zend_delayed_compile_var(result, var_ast, BP_VAR_W, 0);
3275 			zend_compile_expr(&expr_node, expr_ast);
3276 
3277 			opline = zend_delayed_compile_end(offset);
3278 			opline->opcode = ZEND_ASSIGN_STATIC_PROP;
3279 			opline->result_type = IS_TMP_VAR;
3280 			result->op_type = IS_TMP_VAR;
3281 
3282 			zend_emit_op_data(&expr_node);
3283 			return;
3284 		case ZEND_AST_DIM:
3285 			offset = zend_delayed_compile_begin();
3286 			zend_delayed_compile_dim(result, var_ast, BP_VAR_W, /* by_ref */ false);
3287 			zend_compile_expr_with_potential_assign_to_self(&expr_node, expr_ast, var_ast);
3288 
3289 			opline = zend_delayed_compile_end(offset);
3290 			opline->opcode = ZEND_ASSIGN_DIM;
3291 			opline->result_type = IS_TMP_VAR;
3292 			result->op_type = IS_TMP_VAR;
3293 
3294 			opline = zend_emit_op_data(&expr_node);
3295 			return;
3296 		case ZEND_AST_PROP:
3297 		case ZEND_AST_NULLSAFE_PROP:
3298 			offset = zend_delayed_compile_begin();
3299 			zend_delayed_compile_prop(result, var_ast, BP_VAR_W);
3300 			zend_compile_expr(&expr_node, expr_ast);
3301 
3302 			opline = zend_delayed_compile_end(offset);
3303 			opline->opcode = ZEND_ASSIGN_OBJ;
3304 			opline->result_type = IS_TMP_VAR;
3305 			result->op_type = IS_TMP_VAR;
3306 
3307 			zend_emit_op_data(&expr_node);
3308 			return;
3309 		case ZEND_AST_ARRAY:
3310 			if (zend_propagate_list_refs(var_ast)) {
3311 				if (!zend_is_variable_or_call(expr_ast)) {
3312 					zend_error_noreturn(E_COMPILE_ERROR,
3313 						"Cannot assign reference to non referenceable value");
3314 				} else {
3315 					zend_assert_not_short_circuited(expr_ast);
3316 				}
3317 
3318 				zend_compile_var(&expr_node, expr_ast, BP_VAR_W, 1);
3319 				/* MAKE_REF is usually not necessary for CVs. However, if there are
3320 				 * self-assignments, this forces the RHS to evaluate first. */
3321 				zend_emit_op(&expr_node, ZEND_MAKE_REF, &expr_node, NULL);
3322 			} else {
3323 				if (expr_ast->kind == ZEND_AST_VAR) {
3324 					/* list($a, $b) = $a should evaluate the right $a first */
3325 					znode cv_node;
3326 
3327 					if (zend_try_compile_cv(&cv_node, expr_ast) == FAILURE) {
3328 						zend_compile_simple_var_no_cv(&expr_node, expr_ast, BP_VAR_R, 0);
3329 					} else {
3330 						zend_emit_op_tmp(&expr_node, ZEND_QM_ASSIGN, &cv_node, NULL);
3331 					}
3332 				} else {
3333 					zend_compile_expr(&expr_node, expr_ast);
3334 				}
3335 			}
3336 
3337 			zend_compile_list_assign(result, var_ast, &expr_node, var_ast->attr);
3338 			return;
3339 		EMPTY_SWITCH_DEFAULT_CASE();
3340 	}
3341 }
3342 /* }}} */
3343 
zend_compile_assign_ref(znode * result,zend_ast * ast)3344 static void zend_compile_assign_ref(znode *result, zend_ast *ast) /* {{{ */
3345 {
3346 	zend_ast *target_ast = ast->child[0];
3347 	zend_ast *source_ast = ast->child[1];
3348 
3349 	znode target_node, source_node;
3350 	zend_op *opline;
3351 	uint32_t offset, flags;
3352 
3353 	if (is_this_fetch(target_ast)) {
3354 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot re-assign $this");
3355 	}
3356 	zend_ensure_writable_variable(target_ast);
3357 	zend_assert_not_short_circuited(source_ast);
3358 	if (is_globals_fetch(source_ast)) {
3359 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot acquire reference to $GLOBALS");
3360 	}
3361 
3362 	offset = zend_delayed_compile_begin();
3363 	zend_delayed_compile_var(&target_node, target_ast, BP_VAR_W, 1);
3364 	zend_compile_var(&source_node, source_ast, BP_VAR_W, 1);
3365 
3366 	if ((target_ast->kind != ZEND_AST_VAR
3367 	  || target_ast->child[0]->kind != ZEND_AST_ZVAL)
3368 	 && source_ast->kind != ZEND_AST_ZNODE
3369 	 && source_node.op_type != IS_CV) {
3370 		/* Both LHS and RHS expressions may modify the same data structure,
3371 		 * and the modification during RHS evaluation may dangle the pointer
3372 		 * to the result of the LHS evaluation.
3373 		 * Use MAKE_REF instruction to replace direct pointer with REFERENCE.
3374 		 * See: Bug #71539
3375 		 */
3376 		zend_emit_op(&source_node, ZEND_MAKE_REF, &source_node, NULL);
3377 	}
3378 
3379 	opline = zend_delayed_compile_end(offset);
3380 
3381 	if (source_node.op_type != IS_VAR && zend_is_call(source_ast)) {
3382 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use result of built-in function in write context");
3383 	}
3384 
3385 	flags = zend_is_call(source_ast) ? ZEND_RETURNS_FUNCTION : 0;
3386 
3387 	if (opline && opline->opcode == ZEND_FETCH_OBJ_W) {
3388 		opline->opcode = ZEND_ASSIGN_OBJ_REF;
3389 		opline->extended_value &= ~ZEND_FETCH_REF;
3390 		opline->extended_value |= flags;
3391 		zend_emit_op_data(&source_node);
3392 		*result = target_node;
3393 	} else if (opline && opline->opcode == ZEND_FETCH_STATIC_PROP_W) {
3394 		opline->opcode = ZEND_ASSIGN_STATIC_PROP_REF;
3395 		opline->extended_value &= ~ZEND_FETCH_REF;
3396 		opline->extended_value |= flags;
3397 		zend_emit_op_data(&source_node);
3398 		*result = target_node;
3399 	} else {
3400 		opline = zend_emit_op(result, ZEND_ASSIGN_REF, &target_node, &source_node);
3401 		opline->extended_value = flags;
3402 	}
3403 }
3404 /* }}} */
3405 
zend_emit_assign_ref_znode(zend_ast * var_ast,znode * value_node)3406 static inline void zend_emit_assign_ref_znode(zend_ast *var_ast, znode *value_node) /* {{{ */
3407 {
3408 	znode dummy_node;
3409 	zend_ast *assign_ast = zend_ast_create(ZEND_AST_ASSIGN_REF, var_ast,
3410 		zend_ast_create_znode(value_node));
3411 	zend_compile_expr(&dummy_node, assign_ast);
3412 	zend_do_free(&dummy_node);
3413 }
3414 /* }}} */
3415 
zend_compile_compound_assign(znode * result,zend_ast * ast)3416 static void zend_compile_compound_assign(znode *result, zend_ast *ast) /* {{{ */
3417 {
3418 	zend_ast *var_ast = ast->child[0];
3419 	zend_ast *expr_ast = ast->child[1];
3420 	uint32_t opcode = ast->attr;
3421 
3422 	znode var_node, expr_node;
3423 	zend_op *opline;
3424 	uint32_t offset, cache_slot;
3425 
3426 	zend_ensure_writable_variable(var_ast);
3427 
3428 	/* Treat $GLOBALS['x'] assignment like assignment to variable. */
3429 	zend_ast_kind kind = is_global_var_fetch(var_ast) ? ZEND_AST_VAR : var_ast->kind;
3430 	switch (kind) {
3431 		case ZEND_AST_VAR:
3432 			offset = zend_delayed_compile_begin();
3433 			zend_delayed_compile_var(&var_node, var_ast, BP_VAR_RW, 0);
3434 			zend_compile_expr(&expr_node, expr_ast);
3435 			zend_delayed_compile_end(offset);
3436 			opline = zend_emit_op_tmp(result, ZEND_ASSIGN_OP, &var_node, &expr_node);
3437 			opline->extended_value = opcode;
3438 			return;
3439 		case ZEND_AST_STATIC_PROP:
3440 			offset = zend_delayed_compile_begin();
3441 			zend_delayed_compile_var(result, var_ast, BP_VAR_RW, 0);
3442 			zend_compile_expr(&expr_node, expr_ast);
3443 
3444 			opline = zend_delayed_compile_end(offset);
3445 			cache_slot = opline->extended_value;
3446 			opline->opcode = ZEND_ASSIGN_STATIC_PROP_OP;
3447 			opline->extended_value = opcode;
3448 			opline->result_type = IS_TMP_VAR;
3449 			result->op_type = IS_TMP_VAR;
3450 
3451 			opline = zend_emit_op_data(&expr_node);
3452 			opline->extended_value = cache_slot;
3453 			return;
3454 		case ZEND_AST_DIM:
3455 			offset = zend_delayed_compile_begin();
3456 			zend_delayed_compile_dim(result, var_ast, BP_VAR_RW, /* by_ref */ false);
3457 			zend_compile_expr_with_potential_assign_to_self(&expr_node, expr_ast, var_ast);
3458 
3459 			opline = zend_delayed_compile_end(offset);
3460 			opline->opcode = ZEND_ASSIGN_DIM_OP;
3461 			opline->extended_value = opcode;
3462 			opline->result_type = IS_TMP_VAR;
3463 			result->op_type = IS_TMP_VAR;
3464 
3465 			zend_emit_op_data(&expr_node);
3466 			return;
3467 		case ZEND_AST_PROP:
3468 		case ZEND_AST_NULLSAFE_PROP:
3469 			offset = zend_delayed_compile_begin();
3470 			zend_delayed_compile_prop(result, var_ast, BP_VAR_RW);
3471 			zend_compile_expr(&expr_node, expr_ast);
3472 
3473 			opline = zend_delayed_compile_end(offset);
3474 			cache_slot = opline->extended_value;
3475 			opline->opcode = ZEND_ASSIGN_OBJ_OP;
3476 			opline->extended_value = opcode;
3477 			opline->result_type = IS_TMP_VAR;
3478 			result->op_type = IS_TMP_VAR;
3479 
3480 			opline = zend_emit_op_data(&expr_node);
3481 			opline->extended_value = cache_slot;
3482 			return;
3483 		EMPTY_SWITCH_DEFAULT_CASE()
3484 	}
3485 }
3486 /* }}} */
3487 
zend_get_arg_num(zend_function * fn,zend_string * arg_name)3488 static uint32_t zend_get_arg_num(zend_function *fn, zend_string *arg_name) {
3489 	// TODO: Caching?
3490 	if (fn->type == ZEND_USER_FUNCTION) {
3491 		for (uint32_t i = 0; i < fn->common.num_args; i++) {
3492 			zend_arg_info *arg_info = &fn->op_array.arg_info[i];
3493 			if (zend_string_equals(arg_info->name, arg_name)) {
3494 				return i + 1;
3495 			}
3496 		}
3497 	} else {
3498 		for (uint32_t i = 0; i < fn->common.num_args; i++) {
3499 			zend_internal_arg_info *arg_info = &fn->internal_function.arg_info[i];
3500 			size_t len = strlen(arg_info->name);
3501 			if (zend_string_equals_cstr(arg_name, arg_info->name, len)) {
3502 				return i + 1;
3503 			}
3504 		}
3505 	}
3506 
3507 	/* Either an invalid argument name, or collected into a variadic argument. */
3508 	return (uint32_t) -1;
3509 }
3510 
zend_compile_args(zend_ast * ast,zend_function * fbc,bool * may_have_extra_named_args)3511 static uint32_t zend_compile_args(
3512 		zend_ast *ast, zend_function *fbc, bool *may_have_extra_named_args) /* {{{ */
3513 {
3514 	zend_ast_list *args = zend_ast_get_list(ast);
3515 	uint32_t i;
3516 	bool uses_arg_unpack = 0;
3517 	uint32_t arg_count = 0; /* number of arguments not including unpacks */
3518 
3519 	/* Whether named arguments are used syntactically, to enforce language level limitations.
3520 	 * May not actually use named argument passing. */
3521 	bool uses_named_args = 0;
3522 	/* Whether there may be any undef arguments due to the use of named arguments. */
3523 	bool may_have_undef = 0;
3524 	/* Whether there may be any extra named arguments collected into a variadic. */
3525 	*may_have_extra_named_args = 0;
3526 
3527 	for (i = 0; i < args->children; ++i) {
3528 		zend_ast *arg = args->child[i];
3529 		zend_string *arg_name = NULL;
3530 		uint32_t arg_num = i + 1;
3531 
3532 		znode arg_node;
3533 		zend_op *opline;
3534 		zend_uchar opcode;
3535 
3536 		if (arg->kind == ZEND_AST_UNPACK) {
3537 			if (uses_named_args) {
3538 				zend_error_noreturn(E_COMPILE_ERROR,
3539 					"Cannot use argument unpacking after named arguments");
3540 			}
3541 
3542 			uses_arg_unpack = 1;
3543 			fbc = NULL;
3544 
3545 			zend_compile_expr(&arg_node, arg->child[0]);
3546 			opline = zend_emit_op(NULL, ZEND_SEND_UNPACK, &arg_node, NULL);
3547 			opline->op2.num = arg_count;
3548 			opline->result.var = EX_NUM_TO_VAR(arg_count - 1);
3549 
3550 			/* Unpack may contain named arguments. */
3551 			may_have_undef = 1;
3552 			if (!fbc || (fbc->common.fn_flags & ZEND_ACC_VARIADIC)) {
3553 				*may_have_extra_named_args = 1;
3554 			}
3555 			continue;
3556 		}
3557 
3558 		if (arg->kind == ZEND_AST_NAMED_ARG) {
3559 			uses_named_args = 1;
3560 			arg_name = zval_make_interned_string(zend_ast_get_zval(arg->child[0]));
3561 			arg = arg->child[1];
3562 
3563 			if (fbc && !uses_arg_unpack) {
3564 				arg_num = zend_get_arg_num(fbc, arg_name);
3565 				if (arg_num == arg_count + 1 && !may_have_undef) {
3566 					/* Using named arguments, but passing in order. */
3567 					arg_name = NULL;
3568 					arg_count++;
3569 				} else {
3570 					// TODO: We could track which arguments were passed, even if out of order.
3571 					may_have_undef = 1;
3572 					if (arg_num == (uint32_t) -1 && (fbc->common.fn_flags & ZEND_ACC_VARIADIC)) {
3573 						*may_have_extra_named_args = 1;
3574 					}
3575 				}
3576 			} else {
3577 				arg_num = (uint32_t) -1;
3578 				may_have_undef = 1;
3579 				*may_have_extra_named_args = 1;
3580 			}
3581 		} else {
3582 			if (uses_arg_unpack) {
3583 				zend_error_noreturn(E_COMPILE_ERROR,
3584 					"Cannot use positional argument after argument unpacking");
3585 			}
3586 
3587 			if (uses_named_args) {
3588 				zend_error_noreturn(E_COMPILE_ERROR,
3589 					"Cannot use positional argument after named argument");
3590 			}
3591 
3592 			arg_count++;
3593 		}
3594 
3595 		/* Treat passing of $GLOBALS the same as passing a call.
3596 		 * This will error at runtime if the argument is by-ref. */
3597 		if (zend_is_call(arg) || is_globals_fetch(arg)) {
3598 			zend_compile_var(&arg_node, arg, BP_VAR_R, 0);
3599 			if (arg_node.op_type & (IS_CONST|IS_TMP_VAR)) {
3600 				/* Function call was converted into builtin instruction */
3601 				if (!fbc || ARG_MUST_BE_SENT_BY_REF(fbc, arg_num)) {
3602 					opcode = ZEND_SEND_VAL_EX;
3603 				} else {
3604 					opcode = ZEND_SEND_VAL;
3605 				}
3606 			} else {
3607 				if (fbc && arg_num != (uint32_t) -1) {
3608 					if (ARG_MUST_BE_SENT_BY_REF(fbc, arg_num)) {
3609 						opcode = ZEND_SEND_VAR_NO_REF;
3610 					} else if (ARG_MAY_BE_SENT_BY_REF(fbc, arg_num)) {
3611 						/* For IS_VAR operands, SEND_VAL will pass through the operand without
3612 						 * dereferencing, so it will use a by-ref pass if the call returned by-ref
3613 						 * and a by-value pass if it returned by-value. */
3614 						opcode = ZEND_SEND_VAL;
3615 					} else {
3616 						opcode = ZEND_SEND_VAR;
3617 					}
3618 				} else {
3619 					opcode = ZEND_SEND_VAR_NO_REF_EX;
3620 				}
3621 			}
3622 		} else if (zend_is_variable(arg) && !zend_ast_is_short_circuited(arg)) {
3623 			if (fbc && arg_num != (uint32_t) -1) {
3624 				if (ARG_SHOULD_BE_SENT_BY_REF(fbc, arg_num)) {
3625 					zend_compile_var(&arg_node, arg, BP_VAR_W, 1);
3626 					opcode = ZEND_SEND_REF;
3627 				} else {
3628 					zend_compile_var(&arg_node, arg, BP_VAR_R, 0);
3629 					opcode = (arg_node.op_type == IS_TMP_VAR) ? ZEND_SEND_VAL : ZEND_SEND_VAR;
3630 				}
3631 			} else {
3632 				do {
3633 					if (arg->kind == ZEND_AST_VAR) {
3634 						CG(zend_lineno) = zend_ast_get_lineno(ast);
3635 						if (is_this_fetch(arg)) {
3636 							zend_emit_op(&arg_node, ZEND_FETCH_THIS, NULL, NULL);
3637 							opcode = ZEND_SEND_VAR_EX;
3638 							CG(active_op_array)->fn_flags |= ZEND_ACC_USES_THIS;
3639 							break;
3640 						} else if (zend_try_compile_cv(&arg_node, arg) == SUCCESS) {
3641 							opcode = ZEND_SEND_VAR_EX;
3642 							break;
3643 						}
3644 					}
3645 					opline = zend_emit_op(NULL, ZEND_CHECK_FUNC_ARG, NULL, NULL);
3646 					if (arg_name) {
3647 						opline->op2_type = IS_CONST;
3648 						zend_string_addref(arg_name);
3649 						opline->op2.constant = zend_add_literal_string(&arg_name);
3650 						opline->result.num = zend_alloc_cache_slots(2);
3651 					} else {
3652 						opline->op2.num = arg_num;
3653 					}
3654 					zend_compile_var(&arg_node, arg, BP_VAR_FUNC_ARG, 1);
3655 					opcode = ZEND_SEND_FUNC_ARG;
3656 				} while (0);
3657 			}
3658 		} else {
3659 			zend_compile_expr(&arg_node, arg);
3660 			if (arg_node.op_type == IS_VAR) {
3661 				/* pass ++$a or something similar */
3662 				if (fbc && arg_num != (uint32_t) -1) {
3663 					if (ARG_MUST_BE_SENT_BY_REF(fbc, arg_num)) {
3664 						opcode = ZEND_SEND_VAR_NO_REF;
3665 					} else if (ARG_MAY_BE_SENT_BY_REF(fbc, arg_num)) {
3666 						opcode = ZEND_SEND_VAL;
3667 					} else {
3668 						opcode = ZEND_SEND_VAR;
3669 					}
3670 				} else {
3671 					opcode = ZEND_SEND_VAR_NO_REF_EX;
3672 				}
3673 			} else if (arg_node.op_type == IS_CV) {
3674 				if (fbc && arg_num != (uint32_t) -1) {
3675 					if (ARG_SHOULD_BE_SENT_BY_REF(fbc, arg_num)) {
3676 						opcode = ZEND_SEND_REF;
3677 					} else {
3678 						opcode = ZEND_SEND_VAR;
3679 					}
3680 				} else {
3681 					opcode = ZEND_SEND_VAR_EX;
3682 				}
3683 			} else {
3684 				/* Delay "Only variables can be passed by reference" error to execution */
3685 				if (fbc && arg_num != (uint32_t) -1 && !ARG_MUST_BE_SENT_BY_REF(fbc, arg_num)) {
3686 					opcode = ZEND_SEND_VAL;
3687 				} else {
3688 					opcode = ZEND_SEND_VAL_EX;
3689 				}
3690 			}
3691 		}
3692 
3693 		opline = zend_emit_op(NULL, opcode, &arg_node, NULL);
3694 		if (arg_name) {
3695 			opline->op2_type = IS_CONST;
3696 			zend_string_addref(arg_name);
3697 			opline->op2.constant = zend_add_literal_string(&arg_name);
3698 			opline->result.num = zend_alloc_cache_slots(2);
3699 		} else {
3700 			opline->op2.opline_num = arg_num;
3701 			opline->result.var = EX_NUM_TO_VAR(arg_num - 1);
3702 		}
3703 	}
3704 
3705 	if (may_have_undef) {
3706 		zend_emit_op(NULL, ZEND_CHECK_UNDEF_ARGS, NULL, NULL);
3707 	}
3708 
3709 	return arg_count;
3710 }
3711 /* }}} */
3712 
zend_get_call_op(const zend_op * init_op,zend_function * fbc)3713 ZEND_API zend_uchar zend_get_call_op(const zend_op *init_op, zend_function *fbc) /* {{{ */
3714 {
3715 	if (fbc) {
3716 		ZEND_ASSERT(!(fbc->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE));
3717 		if (fbc->type == ZEND_INTERNAL_FUNCTION && !(CG(compiler_options) & ZEND_COMPILE_IGNORE_INTERNAL_FUNCTIONS)) {
3718 			if (init_op->opcode == ZEND_INIT_FCALL && !zend_execute_internal) {
3719 				if (!(fbc->common.fn_flags & ZEND_ACC_DEPRECATED)) {
3720 					return ZEND_DO_ICALL;
3721 				} else {
3722 					return ZEND_DO_FCALL_BY_NAME;
3723 				}
3724 			}
3725 		} else if (!(CG(compiler_options) & ZEND_COMPILE_IGNORE_USER_FUNCTIONS)){
3726 			if (zend_execute_ex == execute_ex) {
3727 				return ZEND_DO_UCALL;
3728 			}
3729 		}
3730 	} else if (zend_execute_ex == execute_ex &&
3731 	           !zend_execute_internal &&
3732 	           (init_op->opcode == ZEND_INIT_FCALL_BY_NAME ||
3733 	            init_op->opcode == ZEND_INIT_NS_FCALL_BY_NAME)) {
3734 		return ZEND_DO_FCALL_BY_NAME;
3735 	}
3736 	return ZEND_DO_FCALL;
3737 }
3738 /* }}} */
3739 
zend_compile_call_common(znode * result,zend_ast * args_ast,zend_function * fbc,uint32_t lineno)3740 static bool zend_compile_call_common(znode *result, zend_ast *args_ast, zend_function *fbc, uint32_t lineno) /* {{{ */
3741 {
3742 	zend_op *opline;
3743 	uint32_t opnum_init = get_next_op_number() - 1;
3744 
3745 	if (args_ast->kind == ZEND_AST_CALLABLE_CONVERT) {
3746 		opline = &CG(active_op_array)->opcodes[opnum_init];
3747 		opline->extended_value = 0;
3748 
3749 		if (opline->opcode == ZEND_NEW) {
3750 		    zend_error_noreturn(E_COMPILE_ERROR, "Cannot create Closure for new expression");
3751 		}
3752 
3753 		if (opline->opcode == ZEND_INIT_FCALL) {
3754 			opline->op1.num = zend_vm_calc_used_stack(0, fbc);
3755 		}
3756 
3757 		zend_emit_op_tmp(result, ZEND_CALLABLE_CONVERT, NULL, NULL);
3758 		return true;
3759 	}
3760 
3761 	bool may_have_extra_named_args;
3762 	uint32_t arg_count = zend_compile_args(args_ast, fbc, &may_have_extra_named_args);
3763 
3764 	zend_do_extended_fcall_begin();
3765 
3766 	opline = &CG(active_op_array)->opcodes[opnum_init];
3767 	opline->extended_value = arg_count;
3768 
3769 	if (opline->opcode == ZEND_INIT_FCALL) {
3770 		opline->op1.num = zend_vm_calc_used_stack(arg_count, fbc);
3771 	}
3772 
3773 	opline = zend_emit_op(result, zend_get_call_op(opline, fbc), NULL, NULL);
3774 	if (may_have_extra_named_args) {
3775 		opline->extended_value = ZEND_FCALL_MAY_HAVE_EXTRA_NAMED_PARAMS;
3776 	}
3777 	opline->lineno = lineno;
3778 	zend_do_extended_fcall_end();
3779 	return false;
3780 }
3781 /* }}} */
3782 
zend_compile_function_name(znode * name_node,zend_ast * name_ast)3783 static bool zend_compile_function_name(znode *name_node, zend_ast *name_ast) /* {{{ */
3784 {
3785 	zend_string *orig_name = zend_ast_get_str(name_ast);
3786 	bool is_fully_qualified;
3787 
3788 	name_node->op_type = IS_CONST;
3789 	ZVAL_STR(&name_node->u.constant, zend_resolve_function_name(
3790 		orig_name, name_ast->attr, &is_fully_qualified));
3791 
3792 	return !is_fully_qualified && FC(current_namespace);
3793 }
3794 /* }}} */
3795 
zend_compile_ns_call(znode * result,znode * name_node,zend_ast * args_ast,uint32_t lineno)3796 static void zend_compile_ns_call(znode *result, znode *name_node, zend_ast *args_ast, uint32_t lineno) /* {{{ */
3797 {
3798 	zend_op *opline = get_next_op();
3799 	opline->opcode = ZEND_INIT_NS_FCALL_BY_NAME;
3800 	opline->op2_type = IS_CONST;
3801 	opline->op2.constant = zend_add_ns_func_name_literal(
3802 		Z_STR(name_node->u.constant));
3803 	opline->result.num = zend_alloc_cache_slot();
3804 
3805 	zend_compile_call_common(result, args_ast, NULL, lineno);
3806 }
3807 /* }}} */
3808 
zend_compile_dynamic_call(znode * result,znode * name_node,zend_ast * args_ast,uint32_t lineno)3809 static void zend_compile_dynamic_call(znode *result, znode *name_node, zend_ast *args_ast, uint32_t lineno) /* {{{ */
3810 {
3811 	if (name_node->op_type == IS_CONST && Z_TYPE(name_node->u.constant) == IS_STRING) {
3812 		const char *colon;
3813 		zend_string *str = Z_STR(name_node->u.constant);
3814 		if ((colon = zend_memrchr(ZSTR_VAL(str), ':', ZSTR_LEN(str))) != NULL && colon > ZSTR_VAL(str) && *(colon - 1) == ':') {
3815 			zend_string *class = zend_string_init(ZSTR_VAL(str), colon - ZSTR_VAL(str) - 1, 0);
3816 			zend_string *method = zend_string_init(colon + 1, ZSTR_LEN(str) - (colon - ZSTR_VAL(str)) - 1, 0);
3817 			zend_op *opline = get_next_op();
3818 
3819 			opline->opcode = ZEND_INIT_STATIC_METHOD_CALL;
3820 			opline->op1_type = IS_CONST;
3821 			opline->op1.constant = zend_add_class_name_literal(class);
3822 			opline->op2_type = IS_CONST;
3823 			opline->op2.constant = zend_add_func_name_literal(method);
3824 			/* 2 slots, for class and method */
3825 			opline->result.num = zend_alloc_cache_slots(2);
3826 			zval_ptr_dtor(&name_node->u.constant);
3827 		} else {
3828 			zend_op *opline = get_next_op();
3829 
3830 			opline->opcode = ZEND_INIT_FCALL_BY_NAME;
3831 			opline->op2_type = IS_CONST;
3832 			opline->op2.constant = zend_add_func_name_literal(str);
3833 			opline->result.num = zend_alloc_cache_slot();
3834 		}
3835 	} else {
3836 		zend_emit_op(NULL, ZEND_INIT_DYNAMIC_CALL, NULL, name_node);
3837 	}
3838 
3839 	zend_compile_call_common(result, args_ast, NULL, lineno);
3840 }
3841 /* }}} */
3842 
zend_args_contain_unpack_or_named(zend_ast_list * args)3843 static inline bool zend_args_contain_unpack_or_named(zend_ast_list *args) /* {{{ */
3844 {
3845 	uint32_t i;
3846 	for (i = 0; i < args->children; ++i) {
3847 		zend_ast *arg = args->child[i];
3848 		if (arg->kind == ZEND_AST_UNPACK || arg->kind == ZEND_AST_NAMED_ARG) {
3849 			return 1;
3850 		}
3851 	}
3852 	return 0;
3853 }
3854 /* }}} */
3855 
zend_compile_func_strlen(znode * result,zend_ast_list * args)3856 static zend_result zend_compile_func_strlen(znode *result, zend_ast_list *args) /* {{{ */
3857 {
3858 	znode arg_node;
3859 
3860 	if (args->children != 1) {
3861 		return FAILURE;
3862 	}
3863 
3864 	zend_compile_expr(&arg_node, args->child[0]);
3865 	if (arg_node.op_type == IS_CONST && Z_TYPE(arg_node.u.constant) == IS_STRING) {
3866 		result->op_type = IS_CONST;
3867 		ZVAL_LONG(&result->u.constant, Z_STRLEN(arg_node.u.constant));
3868 		zval_ptr_dtor_str(&arg_node.u.constant);
3869 	} else {
3870 		zend_emit_op_tmp(result, ZEND_STRLEN, &arg_node, NULL);
3871 	}
3872 	return SUCCESS;
3873 }
3874 /* }}} */
3875 
zend_compile_func_typecheck(znode * result,zend_ast_list * args,uint32_t type)3876 static zend_result zend_compile_func_typecheck(znode *result, zend_ast_list *args, uint32_t type) /* {{{ */
3877 {
3878 	znode arg_node;
3879 	zend_op *opline;
3880 
3881 	if (args->children != 1) {
3882 		return FAILURE;
3883 	}
3884 
3885 	zend_compile_expr(&arg_node, args->child[0]);
3886 	opline = zend_emit_op_tmp(result, ZEND_TYPE_CHECK, &arg_node, NULL);
3887 	if (type != _IS_BOOL) {
3888 		opline->extended_value = (1 << type);
3889 	} else {
3890 		opline->extended_value = (1 << IS_FALSE) | (1 << IS_TRUE);
3891 	}
3892 	return SUCCESS;
3893 }
3894 /* }}} */
3895 
zend_compile_func_is_scalar(znode * result,zend_ast_list * args)3896 static zend_result zend_compile_func_is_scalar(znode *result, zend_ast_list *args) /* {{{ */
3897 {
3898 	znode arg_node;
3899 	zend_op *opline;
3900 
3901 	if (args->children != 1) {
3902 		return FAILURE;
3903 	}
3904 
3905 	zend_compile_expr(&arg_node, args->child[0]);
3906 	opline = zend_emit_op_tmp(result, ZEND_TYPE_CHECK, &arg_node, NULL);
3907 	opline->extended_value = (1 << IS_FALSE | 1 << IS_TRUE | 1 << IS_DOUBLE | 1 << IS_LONG | 1 << IS_STRING);
3908 	return SUCCESS;
3909 }
3910 
zend_compile_func_cast(znode * result,zend_ast_list * args,uint32_t type)3911 static zend_result zend_compile_func_cast(znode *result, zend_ast_list *args, uint32_t type) /* {{{ */
3912 {
3913 	znode arg_node;
3914 	zend_op *opline;
3915 
3916 	if (args->children != 1) {
3917 		return FAILURE;
3918 	}
3919 
3920 	zend_compile_expr(&arg_node, args->child[0]);
3921 	if (type == _IS_BOOL) {
3922 		opline = zend_emit_op_tmp(result, ZEND_BOOL, &arg_node, NULL);
3923 	} else {
3924 		opline = zend_emit_op_tmp(result, ZEND_CAST, &arg_node, NULL);
3925 		opline->extended_value = type;
3926 	}
3927 	return SUCCESS;
3928 }
3929 /* }}} */
3930 
zend_compile_func_defined(znode * result,zend_ast_list * args)3931 static zend_result zend_compile_func_defined(znode *result, zend_ast_list *args) /* {{{ */
3932 {
3933 	zend_string *name;
3934 	zend_op *opline;
3935 
3936 	if (args->children != 1 || args->child[0]->kind != ZEND_AST_ZVAL) {
3937 		return FAILURE;
3938 	}
3939 
3940 	name = zval_get_string(zend_ast_get_zval(args->child[0]));
3941 	if (zend_memrchr(ZSTR_VAL(name), '\\', ZSTR_LEN(name)) || zend_memrchr(ZSTR_VAL(name), ':', ZSTR_LEN(name))) {
3942 		zend_string_release_ex(name, 0);
3943 		return FAILURE;
3944 	}
3945 
3946 	if (zend_try_ct_eval_const(&result->u.constant, name, 0)) {
3947 		zend_string_release_ex(name, 0);
3948 		zval_ptr_dtor(&result->u.constant);
3949 		ZVAL_TRUE(&result->u.constant);
3950 		result->op_type = IS_CONST;
3951 		return SUCCESS;
3952 	}
3953 
3954 	opline = zend_emit_op_tmp(result, ZEND_DEFINED, NULL, NULL);
3955 	opline->op1_type = IS_CONST;
3956 	LITERAL_STR(opline->op1, name);
3957 	opline->extended_value = zend_alloc_cache_slot();
3958 
3959 	return SUCCESS;
3960 }
3961 /* }}} */
3962 
zend_compile_func_chr(znode * result,zend_ast_list * args)3963 static zend_result zend_compile_func_chr(znode *result, zend_ast_list *args) /* {{{ */
3964 {
3965 
3966 	if (args->children == 1 &&
3967 	    args->child[0]->kind == ZEND_AST_ZVAL &&
3968 	    Z_TYPE_P(zend_ast_get_zval(args->child[0])) == IS_LONG) {
3969 
3970 		zend_long c = Z_LVAL_P(zend_ast_get_zval(args->child[0])) & 0xff;
3971 
3972 		result->op_type = IS_CONST;
3973 		ZVAL_CHAR(&result->u.constant, c);
3974 		return SUCCESS;
3975 	} else {
3976 		return FAILURE;
3977 	}
3978 }
3979 /* }}} */
3980 
zend_compile_func_ord(znode * result,zend_ast_list * args)3981 static zend_result zend_compile_func_ord(znode *result, zend_ast_list *args) /* {{{ */
3982 {
3983 	if (args->children == 1 &&
3984 	    args->child[0]->kind == ZEND_AST_ZVAL &&
3985 	    Z_TYPE_P(zend_ast_get_zval(args->child[0])) == IS_STRING) {
3986 
3987 		result->op_type = IS_CONST;
3988 		ZVAL_LONG(&result->u.constant, (unsigned char)Z_STRVAL_P(zend_ast_get_zval(args->child[0]))[0]);
3989 		return SUCCESS;
3990 	} else {
3991 		return FAILURE;
3992 	}
3993 }
3994 /* }}} */
3995 
3996 /* We can only calculate the stack size for functions that have been fully compiled, otherwise
3997  * additional CV or TMP slots may still be added. This prevents the use of INIT_FCALL for
3998  * directly or indirectly recursive function calls. */
fbc_is_finalized(zend_function * fbc)3999 static bool fbc_is_finalized(zend_function *fbc) {
4000 	return !ZEND_USER_CODE(fbc->type) || (fbc->common.fn_flags & ZEND_ACC_DONE_PASS_TWO);
4001 }
4002 
zend_compile_ignore_class(zend_class_entry * ce,zend_string * filename)4003 static bool zend_compile_ignore_class(zend_class_entry *ce, zend_string *filename)
4004 {
4005 	if (ce->type == ZEND_INTERNAL_CLASS) {
4006 		return CG(compiler_options) & ZEND_COMPILE_IGNORE_INTERNAL_CLASSES;
4007 	} else {
4008 		return (CG(compiler_options) & ZEND_COMPILE_IGNORE_OTHER_FILES)
4009 			&& ce->info.user.filename != filename;
4010 	}
4011 }
4012 
zend_compile_ignore_function(zend_function * fbc,zend_string * filename)4013 static bool zend_compile_ignore_function(zend_function *fbc, zend_string *filename)
4014 {
4015 	if (fbc->type == ZEND_INTERNAL_FUNCTION) {
4016 		return CG(compiler_options) & ZEND_COMPILE_IGNORE_INTERNAL_FUNCTIONS;
4017 	} else {
4018 		return (CG(compiler_options) & ZEND_COMPILE_IGNORE_USER_FUNCTIONS)
4019 			|| ((CG(compiler_options) & ZEND_COMPILE_IGNORE_OTHER_FILES)
4020 				&& fbc->op_array.filename != filename);
4021 	}
4022 }
4023 
zend_try_compile_ct_bound_init_user_func(zend_ast * name_ast,uint32_t num_args)4024 static zend_result zend_try_compile_ct_bound_init_user_func(zend_ast *name_ast, uint32_t num_args) /* {{{ */
4025 {
4026 	zend_string *name, *lcname;
4027 	zend_function *fbc;
4028 	zend_op *opline;
4029 
4030 	if (name_ast->kind != ZEND_AST_ZVAL || Z_TYPE_P(zend_ast_get_zval(name_ast)) != IS_STRING) {
4031 		return FAILURE;
4032 	}
4033 
4034 	name = zend_ast_get_str(name_ast);
4035 	lcname = zend_string_tolower(name);
4036 
4037 	fbc = zend_hash_find_ptr(CG(function_table), lcname);
4038 	if (!fbc
4039 	 || !fbc_is_finalized(fbc)
4040 	 || zend_compile_ignore_function(fbc, CG(active_op_array)->filename)) {
4041 		zend_string_release_ex(lcname, 0);
4042 		return FAILURE;
4043 	}
4044 
4045 	opline = zend_emit_op(NULL, ZEND_INIT_FCALL, NULL, NULL);
4046 	opline->extended_value = num_args;
4047 	opline->op1.num = zend_vm_calc_used_stack(num_args, fbc);
4048 	opline->op2_type = IS_CONST;
4049 	LITERAL_STR(opline->op2, lcname);
4050 	opline->result.num = zend_alloc_cache_slot();
4051 
4052 	return SUCCESS;
4053 }
4054 /* }}} */
4055 
zend_compile_init_user_func(zend_ast * name_ast,uint32_t num_args,zend_string * orig_func_name)4056 static void zend_compile_init_user_func(zend_ast *name_ast, uint32_t num_args, zend_string *orig_func_name) /* {{{ */
4057 {
4058 	zend_op *opline;
4059 	znode name_node;
4060 
4061 	if (zend_try_compile_ct_bound_init_user_func(name_ast, num_args) == SUCCESS) {
4062 		return;
4063 	}
4064 
4065 	zend_compile_expr(&name_node, name_ast);
4066 
4067 	opline = zend_emit_op(NULL, ZEND_INIT_USER_CALL, NULL, &name_node);
4068 	opline->op1_type = IS_CONST;
4069 	LITERAL_STR(opline->op1, zend_string_copy(orig_func_name));
4070 	opline->extended_value = num_args;
4071 }
4072 /* }}} */
4073 
4074 /* cufa = call_user_func_array */
zend_compile_func_cufa(znode * result,zend_ast_list * args,zend_string * lcname)4075 static zend_result zend_compile_func_cufa(znode *result, zend_ast_list *args, zend_string *lcname) /* {{{ */
4076 {
4077 	znode arg_node;
4078 	zend_op *opline;
4079 
4080 	if (args->children != 2) {
4081 		return FAILURE;
4082 	}
4083 
4084 	zend_compile_init_user_func(args->child[0], 0, lcname);
4085 	if (args->child[1]->kind == ZEND_AST_CALL
4086 	 && args->child[1]->child[0]->kind == ZEND_AST_ZVAL
4087 	 && Z_TYPE_P(zend_ast_get_zval(args->child[1]->child[0])) == IS_STRING
4088 	 && args->child[1]->child[1]->kind == ZEND_AST_ARG_LIST) {
4089 		zend_string *orig_name = zend_ast_get_str(args->child[1]->child[0]);
4090 		zend_ast_list *list = zend_ast_get_list(args->child[1]->child[1]);
4091 		bool is_fully_qualified;
4092 		zend_string *name = zend_resolve_function_name(orig_name, args->child[1]->child[0]->attr, &is_fully_qualified);
4093 
4094 		if (zend_string_equals_literal_ci(name, "array_slice")
4095 	     && !zend_args_contain_unpack_or_named(list)
4096 		 && list->children == 3
4097 		 && list->child[1]->kind == ZEND_AST_ZVAL) {
4098 			zval *zv = zend_ast_get_zval(list->child[1]);
4099 
4100 			if (Z_TYPE_P(zv) == IS_LONG
4101 			 && Z_LVAL_P(zv) >= 0
4102 			 && Z_LVAL_P(zv) <= 0x7fffffff) {
4103 				zend_op *opline;
4104 				znode len_node;
4105 
4106 				zend_compile_expr(&arg_node, list->child[0]);
4107 				zend_compile_expr(&len_node, list->child[2]);
4108 				opline = zend_emit_op(NULL, ZEND_SEND_ARRAY, &arg_node, &len_node);
4109 				opline->extended_value = Z_LVAL_P(zv);
4110 				zend_emit_op(result, ZEND_DO_FCALL, NULL, NULL);
4111 				zend_string_release_ex(name, 0);
4112 				return SUCCESS;
4113 			}
4114 		}
4115 		zend_string_release_ex(name, 0);
4116 	}
4117 	zend_compile_expr(&arg_node, args->child[1]);
4118 	zend_emit_op(NULL, ZEND_SEND_ARRAY, &arg_node, NULL);
4119 	zend_emit_op(NULL, ZEND_CHECK_UNDEF_ARGS, NULL, NULL);
4120 	opline = zend_emit_op(result, ZEND_DO_FCALL, NULL, NULL);
4121 	opline->extended_value = ZEND_FCALL_MAY_HAVE_EXTRA_NAMED_PARAMS;
4122 
4123 	return SUCCESS;
4124 }
4125 /* }}} */
4126 
4127 /* cuf = call_user_func */
zend_compile_func_cuf(znode * result,zend_ast_list * args,zend_string * lcname)4128 static zend_result zend_compile_func_cuf(znode *result, zend_ast_list *args, zend_string *lcname) /* {{{ */
4129 {
4130 	uint32_t i;
4131 
4132 	if (args->children < 1) {
4133 		return FAILURE;
4134 	}
4135 
4136 	zend_compile_init_user_func(args->child[0], args->children - 1, lcname);
4137 	for (i = 1; i < args->children; ++i) {
4138 		zend_ast *arg_ast = args->child[i];
4139 		znode arg_node;
4140 		zend_op *opline;
4141 
4142 		zend_compile_expr(&arg_node, arg_ast);
4143 
4144 		opline = zend_emit_op(NULL, ZEND_SEND_USER, &arg_node, NULL);
4145 		opline->op2.num = i;
4146 		opline->result.var = EX_NUM_TO_VAR(i - 1);
4147 	}
4148 	zend_emit_op(result, ZEND_DO_FCALL, NULL, NULL);
4149 
4150 	return SUCCESS;
4151 }
4152 /* }}} */
4153 
zend_compile_assert(znode * result,zend_ast_list * args,zend_string * name,zend_function * fbc,uint32_t lineno)4154 static void zend_compile_assert(znode *result, zend_ast_list *args, zend_string *name, zend_function *fbc, uint32_t lineno) /* {{{ */
4155 {
4156 	if (EG(assertions) >= 0) {
4157 		znode name_node;
4158 		zend_op *opline;
4159 		uint32_t check_op_number = get_next_op_number();
4160 
4161 		zend_emit_op(NULL, ZEND_ASSERT_CHECK, NULL, NULL);
4162 
4163 		if (fbc && fbc_is_finalized(fbc)) {
4164 			name_node.op_type = IS_CONST;
4165 			ZVAL_STR_COPY(&name_node.u.constant, name);
4166 
4167 			opline = zend_emit_op(NULL, ZEND_INIT_FCALL, NULL, &name_node);
4168 		} else {
4169 			opline = zend_emit_op(NULL, ZEND_INIT_NS_FCALL_BY_NAME, NULL, NULL);
4170 			opline->op2_type = IS_CONST;
4171 			opline->op2.constant = zend_add_ns_func_name_literal(name);
4172 		}
4173 		opline->result.num = zend_alloc_cache_slot();
4174 
4175 		if (args->children == 1) {
4176 			/* add "assert(condition) as assertion message */
4177 			zend_ast *arg = zend_ast_create_zval_from_str(
4178 				zend_ast_export("assert(", args->child[0], ")"));
4179 			if (args->child[0]->kind == ZEND_AST_NAMED_ARG) {
4180 				/* If the original argument was named, add the new argument as named as well,
4181 				 * as mixing named and positional is not allowed. */
4182 				zend_ast *name = zend_ast_create_zval_from_str(
4183 					zend_string_init("description", sizeof("description") - 1, 0));
4184 				arg = zend_ast_create(ZEND_AST_NAMED_ARG, name, arg);
4185 			}
4186 			zend_ast_list_add((zend_ast *) args, arg);
4187 		}
4188 
4189 		zend_compile_call_common(result, (zend_ast*)args, fbc, lineno);
4190 
4191 		opline = &CG(active_op_array)->opcodes[check_op_number];
4192 		opline->op2.opline_num = get_next_op_number();
4193 		SET_NODE(opline->result, result);
4194 	} else {
4195 		if (!fbc) {
4196 			zend_string_release_ex(name, 0);
4197 		}
4198 		result->op_type = IS_CONST;
4199 		ZVAL_TRUE(&result->u.constant);
4200 	}
4201 }
4202 /* }}} */
4203 
zend_compile_func_in_array(znode * result,zend_ast_list * args)4204 static zend_result zend_compile_func_in_array(znode *result, zend_ast_list *args) /* {{{ */
4205 {
4206 	bool strict = 0;
4207 	znode array, needly;
4208 	zend_op *opline;
4209 
4210 	if (args->children == 3) {
4211 		if (args->child[2]->kind == ZEND_AST_ZVAL) {
4212 			strict = zend_is_true(zend_ast_get_zval(args->child[2]));
4213 		} else if (args->child[2]->kind == ZEND_AST_CONST) {
4214 			zval value;
4215 			zend_ast *name_ast = args->child[2]->child[0];
4216 			bool is_fully_qualified;
4217 			zend_string *resolved_name = zend_resolve_const_name(
4218 				zend_ast_get_str(name_ast), name_ast->attr, &is_fully_qualified);
4219 
4220 			if (!zend_try_ct_eval_const(&value, resolved_name, is_fully_qualified)) {
4221 				zend_string_release_ex(resolved_name, 0);
4222 				return FAILURE;
4223 			}
4224 
4225 			zend_string_release_ex(resolved_name, 0);
4226 			strict = zend_is_true(&value);
4227 			zval_ptr_dtor(&value);
4228 		} else {
4229 			return FAILURE;
4230 		}
4231 	} else if (args->children != 2) {
4232 		return FAILURE;
4233 	}
4234 
4235 	if (args->child[1]->kind != ZEND_AST_ARRAY
4236 	 || !zend_try_ct_eval_array(&array.u.constant, args->child[1])) {
4237 		return FAILURE;
4238 	}
4239 
4240 	if (zend_hash_num_elements(Z_ARRVAL(array.u.constant)) > 0) {
4241 		bool ok = 1;
4242 		zval *val, tmp;
4243 		HashTable *src = Z_ARRVAL(array.u.constant);
4244 		HashTable *dst = zend_new_array(zend_hash_num_elements(src));
4245 
4246 		ZVAL_TRUE(&tmp);
4247 
4248 		if (strict) {
4249 			ZEND_HASH_FOREACH_VAL(src, val) {
4250 				if (Z_TYPE_P(val) == IS_STRING) {
4251 					zend_hash_add(dst, Z_STR_P(val), &tmp);
4252 				} else if (Z_TYPE_P(val) == IS_LONG) {
4253 					zend_hash_index_add(dst, Z_LVAL_P(val), &tmp);
4254 				} else {
4255 					zend_array_destroy(dst);
4256 					ok = 0;
4257 					break;
4258 				}
4259 			} ZEND_HASH_FOREACH_END();
4260 		} else {
4261 			ZEND_HASH_FOREACH_VAL(src, val) {
4262 				if (Z_TYPE_P(val) != IS_STRING
4263 				 || is_numeric_string(Z_STRVAL_P(val), Z_STRLEN_P(val), NULL, NULL, 0)) {
4264 					zend_array_destroy(dst);
4265 					ok = 0;
4266 					break;
4267 				}
4268 				zend_hash_add(dst, Z_STR_P(val), &tmp);
4269 			} ZEND_HASH_FOREACH_END();
4270 		}
4271 
4272 		zend_array_destroy(src);
4273 		if (!ok) {
4274 			return FAILURE;
4275 		}
4276 		Z_ARRVAL(array.u.constant) = dst;
4277 	}
4278 	array.op_type = IS_CONST;
4279 
4280 	zend_compile_expr(&needly, args->child[0]);
4281 
4282 	opline = zend_emit_op_tmp(result, ZEND_IN_ARRAY, &needly, &array);
4283 	opline->extended_value = strict;
4284 
4285 	return SUCCESS;
4286 }
4287 /* }}} */
4288 
zend_compile_func_count(znode * result,zend_ast_list * args,zend_string * lcname)4289 static zend_result zend_compile_func_count(znode *result, zend_ast_list *args, zend_string *lcname) /* {{{ */
4290 {
4291 	znode arg_node;
4292 	zend_op *opline;
4293 
4294 	if (args->children != 1) {
4295 		return FAILURE;
4296 	}
4297 
4298 	zend_compile_expr(&arg_node, args->child[0]);
4299 	opline = zend_emit_op_tmp(result, ZEND_COUNT, &arg_node, NULL);
4300 	opline->extended_value = zend_string_equals_literal(lcname, "sizeof");
4301 
4302 	return SUCCESS;
4303 }
4304 /* }}} */
4305 
zend_compile_func_get_class(znode * result,zend_ast_list * args)4306 static zend_result zend_compile_func_get_class(znode *result, zend_ast_list *args) /* {{{ */
4307 {
4308 	if (args->children == 0) {
4309 		zend_emit_op_tmp(result, ZEND_GET_CLASS, NULL, NULL);
4310 	} else {
4311 		znode arg_node;
4312 
4313 		if (args->children != 1) {
4314 			return FAILURE;
4315 		}
4316 
4317 		zend_compile_expr(&arg_node, args->child[0]);
4318 		zend_emit_op_tmp(result, ZEND_GET_CLASS, &arg_node, NULL);
4319 	}
4320 	return SUCCESS;
4321 }
4322 /* }}} */
4323 
zend_compile_func_get_called_class(znode * result,zend_ast_list * args)4324 static zend_result zend_compile_func_get_called_class(znode *result, zend_ast_list *args) /* {{{ */
4325 {
4326 	if (args->children != 0) {
4327 		return FAILURE;
4328 	}
4329 
4330 	zend_emit_op_tmp(result, ZEND_GET_CALLED_CLASS, NULL, NULL);
4331 	return SUCCESS;
4332 }
4333 /* }}} */
4334 
zend_compile_func_gettype(znode * result,zend_ast_list * args)4335 static zend_result zend_compile_func_gettype(znode *result, zend_ast_list *args) /* {{{ */
4336 {
4337 	znode arg_node;
4338 
4339 	if (args->children != 1) {
4340 		return FAILURE;
4341 	}
4342 
4343 	zend_compile_expr(&arg_node, args->child[0]);
4344 	zend_emit_op_tmp(result, ZEND_GET_TYPE, &arg_node, NULL);
4345 	return SUCCESS;
4346 }
4347 /* }}} */
4348 
zend_compile_func_num_args(znode * result,zend_ast_list * args)4349 static zend_result zend_compile_func_num_args(znode *result, zend_ast_list *args) /* {{{ */
4350 {
4351 	if (CG(active_op_array)->function_name && args->children == 0) {
4352 		zend_emit_op_tmp(result, ZEND_FUNC_NUM_ARGS, NULL, NULL);
4353 		return SUCCESS;
4354 	} else {
4355 		return FAILURE;
4356 	}
4357 }
4358 /* }}} */
4359 
zend_compile_func_get_args(znode * result,zend_ast_list * args)4360 static zend_result zend_compile_func_get_args(znode *result, zend_ast_list *args) /* {{{ */
4361 {
4362 	if (CG(active_op_array)->function_name && args->children == 0) {
4363 		zend_emit_op_tmp(result, ZEND_FUNC_GET_ARGS, NULL, NULL);
4364 		return SUCCESS;
4365 	} else {
4366 		return FAILURE;
4367 	}
4368 }
4369 /* }}} */
4370 
zend_compile_func_array_key_exists(znode * result,zend_ast_list * args)4371 static zend_result zend_compile_func_array_key_exists(znode *result, zend_ast_list *args) /* {{{ */
4372 {
4373 	znode subject, needle;
4374 
4375 	if (args->children != 2) {
4376 		return FAILURE;
4377 	}
4378 
4379 	zend_compile_expr(&needle, args->child[0]);
4380 	zend_compile_expr(&subject, args->child[1]);
4381 
4382 	zend_emit_op_tmp(result, ZEND_ARRAY_KEY_EXISTS, &needle, &subject);
4383 	return SUCCESS;
4384 }
4385 /* }}} */
4386 
zend_compile_func_array_slice(znode * result,zend_ast_list * args)4387 static zend_result zend_compile_func_array_slice(znode *result, zend_ast_list *args) /* {{{ */
4388 {
4389 	if (CG(active_op_array)->function_name
4390 	 && args->children == 2
4391 	 && args->child[0]->kind == ZEND_AST_CALL
4392 	 && args->child[0]->child[0]->kind == ZEND_AST_ZVAL
4393 	 && Z_TYPE_P(zend_ast_get_zval(args->child[0]->child[0])) == IS_STRING
4394 	 && args->child[0]->child[1]->kind == ZEND_AST_ARG_LIST
4395 	 && args->child[1]->kind == ZEND_AST_ZVAL) {
4396 
4397 		zend_string *orig_name = zend_ast_get_str(args->child[0]->child[0]);
4398 		bool is_fully_qualified;
4399 		zend_string *name = zend_resolve_function_name(orig_name, args->child[0]->child[0]->attr, &is_fully_qualified);
4400 		zend_ast_list *list = zend_ast_get_list(args->child[0]->child[1]);
4401 		zval *zv = zend_ast_get_zval(args->child[1]);
4402 		znode first;
4403 
4404 		if (zend_string_equals_literal_ci(name, "func_get_args")
4405 		 && list->children == 0
4406 		 && Z_TYPE_P(zv) == IS_LONG
4407 		 && Z_LVAL_P(zv) >= 0) {
4408 			first.op_type = IS_CONST;
4409 			ZVAL_LONG(&first.u.constant, Z_LVAL_P(zv));
4410 			zend_emit_op_tmp(result, ZEND_FUNC_GET_ARGS, &first, NULL);
4411 			zend_string_release_ex(name, 0);
4412 			return SUCCESS;
4413 		}
4414 		zend_string_release_ex(name, 0);
4415 	}
4416 	return FAILURE;
4417 }
4418 /* }}} */
4419 
zend_try_compile_special_func(znode * result,zend_string * lcname,zend_ast_list * args,zend_function * fbc,uint32_t type)4420 static zend_result zend_try_compile_special_func(znode *result, zend_string *lcname, zend_ast_list *args, zend_function *fbc, uint32_t type) /* {{{ */
4421 {
4422 	if (CG(compiler_options) & ZEND_COMPILE_NO_BUILTINS) {
4423 		return FAILURE;
4424 	}
4425 
4426 	if (fbc->type != ZEND_INTERNAL_FUNCTION) {
4427 		/* If the function is part of disabled_functions, it may be redeclared as a userland
4428 		 * function with a different implementation. Don't use the VM builtin in that case. */
4429 		return FAILURE;
4430 	}
4431 
4432 	if (zend_args_contain_unpack_or_named(args)) {
4433 		return FAILURE;
4434 	}
4435 
4436 	if (zend_string_equals_literal(lcname, "strlen")) {
4437 		return zend_compile_func_strlen(result, args);
4438 	} else if (zend_string_equals_literal(lcname, "is_null")) {
4439 		return zend_compile_func_typecheck(result, args, IS_NULL);
4440 	} else if (zend_string_equals_literal(lcname, "is_bool")) {
4441 		return zend_compile_func_typecheck(result, args, _IS_BOOL);
4442 	} else if (zend_string_equals_literal(lcname, "is_long")
4443 		|| zend_string_equals_literal(lcname, "is_int")
4444 		|| zend_string_equals_literal(lcname, "is_integer")
4445 	) {
4446 		return zend_compile_func_typecheck(result, args, IS_LONG);
4447 	} else if (zend_string_equals_literal(lcname, "is_float")
4448 		|| zend_string_equals_literal(lcname, "is_double")
4449 	) {
4450 		return zend_compile_func_typecheck(result, args, IS_DOUBLE);
4451 	} else if (zend_string_equals_literal(lcname, "is_string")) {
4452 		return zend_compile_func_typecheck(result, args, IS_STRING);
4453 	} else if (zend_string_equals_literal(lcname, "is_array")) {
4454 		return zend_compile_func_typecheck(result, args, IS_ARRAY);
4455 	} else if (zend_string_equals_literal(lcname, "is_object")) {
4456 		return zend_compile_func_typecheck(result, args, IS_OBJECT);
4457 	} else if (zend_string_equals_literal(lcname, "is_resource")) {
4458 		return zend_compile_func_typecheck(result, args, IS_RESOURCE);
4459 	} else if (zend_string_equals_literal(lcname, "is_scalar")) {
4460 		return zend_compile_func_is_scalar(result, args);
4461 	} else if (zend_string_equals_literal(lcname, "boolval")) {
4462 		return zend_compile_func_cast(result, args, _IS_BOOL);
4463 	} else if (zend_string_equals_literal(lcname, "intval")) {
4464 		return zend_compile_func_cast(result, args, IS_LONG);
4465 	} else if (zend_string_equals_literal(lcname, "floatval")
4466 		|| zend_string_equals_literal(lcname, "doubleval")
4467 	) {
4468 		return zend_compile_func_cast(result, args, IS_DOUBLE);
4469 	} else if (zend_string_equals_literal(lcname, "strval")) {
4470 		return zend_compile_func_cast(result, args, IS_STRING);
4471 	} else if (zend_string_equals_literal(lcname, "defined")) {
4472 		return zend_compile_func_defined(result, args);
4473 	} else if (zend_string_equals_literal(lcname, "chr") && type == BP_VAR_R) {
4474 		return zend_compile_func_chr(result, args);
4475 	} else if (zend_string_equals_literal(lcname, "ord") && type == BP_VAR_R) {
4476 		return zend_compile_func_ord(result, args);
4477 	} else if (zend_string_equals_literal(lcname, "call_user_func_array")) {
4478 		return zend_compile_func_cufa(result, args, lcname);
4479 	} else if (zend_string_equals_literal(lcname, "call_user_func")) {
4480 		return zend_compile_func_cuf(result, args, lcname);
4481 	} else if (zend_string_equals_literal(lcname, "in_array")) {
4482 		return zend_compile_func_in_array(result, args);
4483 	} else if (zend_string_equals_literal(lcname, "count")
4484 			|| zend_string_equals_literal(lcname, "sizeof")) {
4485 		return zend_compile_func_count(result, args, lcname);
4486 	} else if (zend_string_equals_literal(lcname, "get_class")) {
4487 		return zend_compile_func_get_class(result, args);
4488 	} else if (zend_string_equals_literal(lcname, "get_called_class")) {
4489 		return zend_compile_func_get_called_class(result, args);
4490 	} else if (zend_string_equals_literal(lcname, "gettype")) {
4491 		return zend_compile_func_gettype(result, args);
4492 	} else if (zend_string_equals_literal(lcname, "func_num_args")) {
4493 		return zend_compile_func_num_args(result, args);
4494 	} else if (zend_string_equals_literal(lcname, "func_get_args")) {
4495 		return zend_compile_func_get_args(result, args);
4496 	} else if (zend_string_equals_literal(lcname, "array_slice")) {
4497 		return zend_compile_func_array_slice(result, args);
4498 	} else if (zend_string_equals_literal(lcname, "array_key_exists")) {
4499 		return zend_compile_func_array_key_exists(result, args);
4500 	} else {
4501 		return FAILURE;
4502 	}
4503 }
4504 /* }}} */
4505 
zend_compile_call(znode * result,zend_ast * ast,uint32_t type)4506 static void zend_compile_call(znode *result, zend_ast *ast, uint32_t type) /* {{{ */
4507 {
4508 	zend_ast *name_ast = ast->child[0];
4509 	zend_ast *args_ast = ast->child[1];
4510 	bool is_callable_convert = args_ast->kind == ZEND_AST_CALLABLE_CONVERT;
4511 
4512 	znode name_node;
4513 
4514 	if (name_ast->kind != ZEND_AST_ZVAL || Z_TYPE_P(zend_ast_get_zval(name_ast)) != IS_STRING) {
4515 		zend_compile_expr(&name_node, name_ast);
4516 		zend_compile_dynamic_call(result, &name_node, args_ast, ast->lineno);
4517 		return;
4518 	}
4519 
4520 	{
4521 		bool runtime_resolution = zend_compile_function_name(&name_node, name_ast);
4522 		if (runtime_resolution) {
4523 			if (zend_string_equals_literal_ci(zend_ast_get_str(name_ast), "assert")
4524 					&& !is_callable_convert) {
4525 				if (CG(memoize_mode) == ZEND_MEMOIZE_NONE) {
4526 					zend_compile_assert(result, zend_ast_get_list(args_ast), Z_STR(name_node.u.constant), NULL, ast->lineno);
4527 				} else {
4528 					/* We want to always memoize assert calls, even if they are positioned in
4529 					 * write-context. This prevents memoizing their arguments that might not be
4530 					 * evaluated if assertions are disabled, using a TMPVAR that wasn't initialized. */
4531 					zend_compile_memoized_expr(result, ast);
4532 				}
4533 			} else {
4534 				zend_compile_ns_call(result, &name_node, args_ast, ast->lineno);
4535 			}
4536 			return;
4537 		}
4538 	}
4539 
4540 	{
4541 		zval *name = &name_node.u.constant;
4542 		zend_string *lcname;
4543 		zend_function *fbc;
4544 		zend_op *opline;
4545 
4546 		lcname = zend_string_tolower(Z_STR_P(name));
4547 		fbc = zend_hash_find_ptr(CG(function_table), lcname);
4548 
4549 		/* Special assert() handling should apply independently of compiler flags. */
4550 		if (fbc && zend_string_equals_literal(lcname, "assert") && !is_callable_convert) {
4551 			if (CG(memoize_mode) == ZEND_MEMOIZE_NONE) {
4552 				zend_compile_assert(result, zend_ast_get_list(args_ast), lcname, fbc, ast->lineno);
4553 			} else {
4554 				/* We want to always memoize assert calls, even if they are positioned in
4555 				 * write-context. This prevents memoizing their arguments that might not be
4556 				 * evaluated if assertions are disabled, using a TMPVAR that wasn't initialized. */
4557 				zend_compile_memoized_expr(result, ast);
4558 			}
4559 			zend_string_release(lcname);
4560 			zval_ptr_dtor(&name_node.u.constant);
4561 			return;
4562 		}
4563 
4564 		if (!fbc
4565 		 || !fbc_is_finalized(fbc)
4566 		 || zend_compile_ignore_function(fbc, CG(active_op_array)->filename)) {
4567 			zend_string_release_ex(lcname, 0);
4568 			zend_compile_dynamic_call(result, &name_node, args_ast, ast->lineno);
4569 			return;
4570 		}
4571 
4572 		if (!is_callable_convert &&
4573 		    zend_try_compile_special_func(result, lcname,
4574 				zend_ast_get_list(args_ast), fbc, type) == SUCCESS
4575 		) {
4576 			zend_string_release_ex(lcname, 0);
4577 			zval_ptr_dtor(&name_node.u.constant);
4578 			return;
4579 		}
4580 
4581 		zval_ptr_dtor(&name_node.u.constant);
4582 		ZVAL_NEW_STR(&name_node.u.constant, lcname);
4583 
4584 		opline = zend_emit_op(NULL, ZEND_INIT_FCALL, NULL, &name_node);
4585 		opline->result.num = zend_alloc_cache_slot();
4586 
4587 		zend_compile_call_common(result, args_ast, fbc, ast->lineno);
4588 	}
4589 }
4590 /* }}} */
4591 
zend_compile_method_call(znode * result,zend_ast * ast,uint32_t type)4592 static void zend_compile_method_call(znode *result, zend_ast *ast, uint32_t type) /* {{{ */
4593 {
4594 	zend_ast *obj_ast = ast->child[0];
4595 	zend_ast *method_ast = ast->child[1];
4596 	zend_ast *args_ast = ast->child[2];
4597 
4598 	znode obj_node, method_node;
4599 	zend_op *opline;
4600 	zend_function *fbc = NULL;
4601 	bool nullsafe = ast->kind == ZEND_AST_NULLSAFE_METHOD_CALL;
4602 	uint32_t short_circuiting_checkpoint = zend_short_circuiting_checkpoint();
4603 
4604 	if (is_this_fetch(obj_ast)) {
4605 		if (this_guaranteed_exists()) {
4606 			obj_node.op_type = IS_UNUSED;
4607 		} else {
4608 			zend_emit_op(&obj_node, ZEND_FETCH_THIS, NULL, NULL);
4609 		}
4610 		CG(active_op_array)->fn_flags |= ZEND_ACC_USES_THIS;
4611 
4612 		/* We will throw if $this doesn't exist, so there's no need to emit a JMP_NULL
4613 		 * check for a nullsafe access. */
4614 	} else {
4615 		zend_short_circuiting_mark_inner(obj_ast);
4616 		zend_compile_expr(&obj_node, obj_ast);
4617 		if (nullsafe) {
4618 			zend_emit_jmp_null(&obj_node, type);
4619 		}
4620 	}
4621 
4622 	zend_compile_expr(&method_node, method_ast);
4623 	opline = zend_emit_op(NULL, ZEND_INIT_METHOD_CALL, &obj_node, NULL);
4624 
4625 	if (method_node.op_type == IS_CONST) {
4626 		if (Z_TYPE(method_node.u.constant) != IS_STRING) {
4627 			zend_error_noreturn(E_COMPILE_ERROR, "Method name must be a string");
4628 		}
4629 
4630 		opline->op2_type = IS_CONST;
4631 		opline->op2.constant = zend_add_func_name_literal(
4632 			Z_STR(method_node.u.constant));
4633 		opline->result.num = zend_alloc_cache_slots(2);
4634 	} else {
4635 		SET_NODE(opline->op2, &method_node);
4636 	}
4637 
4638 	/* Check if this calls a known method on $this */
4639 	if (opline->op1_type == IS_UNUSED && opline->op2_type == IS_CONST &&
4640 			CG(active_class_entry) && zend_is_scope_known()) {
4641 		zend_string *lcname = Z_STR_P(CT_CONSTANT(opline->op2) + 1);
4642 		fbc = zend_hash_find_ptr(&CG(active_class_entry)->function_table, lcname);
4643 
4644 		/* We only know the exact method that is being called if it is either private or final.
4645 		 * Otherwise an overriding method in a child class may be called. */
4646 		if (fbc && !(fbc->common.fn_flags & (ZEND_ACC_PRIVATE|ZEND_ACC_FINAL))) {
4647 			fbc = NULL;
4648 		}
4649 	}
4650 
4651 	if (zend_compile_call_common(result, args_ast, fbc, zend_ast_get_lineno(method_ast))) {
4652 		if (short_circuiting_checkpoint != zend_short_circuiting_checkpoint()) {
4653 			zend_error_noreturn(E_COMPILE_ERROR,
4654 				"Cannot combine nullsafe operator with Closure creation");
4655 		}
4656 	}
4657 }
4658 /* }}} */
4659 
zend_is_constructor(zend_string * name)4660 static bool zend_is_constructor(zend_string *name) /* {{{ */
4661 {
4662 	return zend_string_equals_literal_ci(name, ZEND_CONSTRUCTOR_FUNC_NAME);
4663 }
4664 /* }}} */
4665 
zend_get_compatible_func_or_null(zend_class_entry * ce,zend_string * lcname)4666 static zend_function *zend_get_compatible_func_or_null(zend_class_entry *ce, zend_string *lcname) /* {{{ */
4667 {
4668 	zend_function *fbc = zend_hash_find_ptr(&ce->function_table, lcname);
4669 	if (!fbc || (fbc->common.fn_flags & ZEND_ACC_PUBLIC) || ce == CG(active_class_entry)) {
4670 		return fbc;
4671 	}
4672 
4673 	if (!(fbc->common.fn_flags & ZEND_ACC_PRIVATE)
4674 		&& (fbc->common.scope->ce_flags & ZEND_ACC_LINKED)
4675 		&& (!CG(active_class_entry) || (CG(active_class_entry)->ce_flags & ZEND_ACC_LINKED))
4676 		&& zend_check_protected(zend_get_function_root_class(fbc), CG(active_class_entry))) {
4677 		return fbc;
4678 	}
4679 
4680 	return NULL;
4681 }
4682 /* }}} */
4683 
zend_compile_static_call(znode * result,zend_ast * ast,uint32_t type)4684 static void zend_compile_static_call(znode *result, zend_ast *ast, uint32_t type) /* {{{ */
4685 {
4686 	zend_ast *class_ast = ast->child[0];
4687 	zend_ast *method_ast = ast->child[1];
4688 	zend_ast *args_ast = ast->child[2];
4689 
4690 	znode class_node, method_node;
4691 	zend_op *opline;
4692 	zend_function *fbc = NULL;
4693 
4694 	zend_short_circuiting_mark_inner(class_ast);
4695 	zend_compile_class_ref(&class_node, class_ast, ZEND_FETCH_CLASS_EXCEPTION);
4696 
4697 	zend_compile_expr(&method_node, method_ast);
4698 
4699 	if (method_node.op_type == IS_CONST) {
4700 		zval *name = &method_node.u.constant;
4701 		if (Z_TYPE_P(name) != IS_STRING) {
4702 			zend_error_noreturn(E_COMPILE_ERROR, "Method name must be a string");
4703 		}
4704 		if (zend_is_constructor(Z_STR_P(name))) {
4705 			zval_ptr_dtor(name);
4706 			method_node.op_type = IS_UNUSED;
4707 		}
4708 	}
4709 
4710 	opline = get_next_op();
4711 	opline->opcode = ZEND_INIT_STATIC_METHOD_CALL;
4712 
4713 	zend_set_class_name_op1(opline, &class_node);
4714 
4715 	if (method_node.op_type == IS_CONST) {
4716 		opline->op2_type = IS_CONST;
4717 		opline->op2.constant = zend_add_func_name_literal(
4718 			Z_STR(method_node.u.constant));
4719 		opline->result.num = zend_alloc_cache_slots(2);
4720 	} else {
4721 		if (opline->op1_type == IS_CONST) {
4722 			opline->result.num = zend_alloc_cache_slot();
4723 		}
4724 		SET_NODE(opline->op2, &method_node);
4725 	}
4726 
4727 	/* Check if we already know which method we're calling */
4728 	if (opline->op2_type == IS_CONST) {
4729 		zend_class_entry *ce = NULL;
4730 		if (opline->op1_type == IS_CONST) {
4731 			zend_string *lcname = Z_STR_P(CT_CONSTANT(opline->op1) + 1);
4732 			ce = zend_hash_find_ptr(CG(class_table), lcname);
4733 			if (ce) {
4734 				if (zend_compile_ignore_class(ce, CG(active_op_array)->filename)) {
4735 					ce = NULL;
4736 				}
4737 			} else if (CG(active_class_entry)
4738 					&& zend_string_equals_ci(CG(active_class_entry)->name, lcname)) {
4739 				ce = CG(active_class_entry);
4740 			}
4741 		} else if (opline->op1_type == IS_UNUSED
4742 				&& (opline->op1.num & ZEND_FETCH_CLASS_MASK) == ZEND_FETCH_CLASS_SELF
4743 				&& zend_is_scope_known()) {
4744 			ce = CG(active_class_entry);
4745 		}
4746 		if (ce) {
4747 			zend_string *lcname = Z_STR_P(CT_CONSTANT(opline->op2) + 1);
4748 			fbc = zend_get_compatible_func_or_null(ce, lcname);
4749 		}
4750 	}
4751 
4752 	zend_compile_call_common(result, args_ast, fbc, zend_ast_get_lineno(method_ast));
4753 }
4754 /* }}} */
4755 
4756 static void zend_compile_class_decl(znode *result, zend_ast *ast, bool toplevel);
4757 
zend_compile_new(znode * result,zend_ast * ast)4758 static void zend_compile_new(znode *result, zend_ast *ast) /* {{{ */
4759 {
4760 	zend_ast *class_ast = ast->child[0];
4761 	zend_ast *args_ast = ast->child[1];
4762 
4763 	znode class_node, ctor_result;
4764 	zend_op *opline;
4765 
4766 	if (class_ast->kind == ZEND_AST_CLASS) {
4767 		/* anon class declaration */
4768 		zend_compile_class_decl(&class_node, class_ast, 0);
4769 	} else {
4770 		zend_compile_class_ref(&class_node, class_ast, ZEND_FETCH_CLASS_EXCEPTION);
4771 	}
4772 
4773 	opline = zend_emit_op(result, ZEND_NEW, NULL, NULL);
4774 
4775 	if (class_node.op_type == IS_CONST) {
4776 		opline->op1_type = IS_CONST;
4777 		opline->op1.constant = zend_add_class_name_literal(
4778 			Z_STR(class_node.u.constant));
4779 		opline->op2.num = zend_alloc_cache_slot();
4780 	} else {
4781 		SET_NODE(opline->op1, &class_node);
4782 	}
4783 
4784 	zend_compile_call_common(&ctor_result, args_ast, NULL, ast->lineno);
4785 	zend_do_free(&ctor_result);
4786 }
4787 /* }}} */
4788 
zend_compile_clone(znode * result,zend_ast * ast)4789 static void zend_compile_clone(znode *result, zend_ast *ast) /* {{{ */
4790 {
4791 	zend_ast *obj_ast = ast->child[0];
4792 
4793 	znode obj_node;
4794 	zend_compile_expr(&obj_node, obj_ast);
4795 
4796 	zend_emit_op_tmp(result, ZEND_CLONE, &obj_node, NULL);
4797 }
4798 /* }}} */
4799 
zend_compile_global_var(zend_ast * ast)4800 static void zend_compile_global_var(zend_ast *ast) /* {{{ */
4801 {
4802 	zend_ast *var_ast = ast->child[0];
4803 	zend_ast *name_ast = var_ast->child[0];
4804 
4805 	znode name_node, result;
4806 
4807 	zend_compile_expr(&name_node, name_ast);
4808 	if (name_node.op_type == IS_CONST) {
4809 		convert_to_string(&name_node.u.constant);
4810 	}
4811 
4812 	// TODO(GLOBALS) Forbid "global $GLOBALS"?
4813 	if (is_this_fetch(var_ast)) {
4814 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use $this as global variable");
4815 	} else if (zend_try_compile_cv(&result, var_ast) == SUCCESS) {
4816 		zend_op *opline = zend_emit_op(NULL, ZEND_BIND_GLOBAL, &result, &name_node);
4817 		opline->extended_value = zend_alloc_cache_slot();
4818 	} else {
4819 		/* name_ast should be evaluated only. FETCH_GLOBAL_LOCK instructs FETCH_W
4820 		 * to not free the name_node operand, so it can be reused in the following
4821 		 * ASSIGN_REF, which then frees it. */
4822 		zend_op *opline = zend_emit_op(&result, ZEND_FETCH_W, &name_node, NULL);
4823 		opline->extended_value = ZEND_FETCH_GLOBAL_LOCK;
4824 
4825 		if (name_node.op_type == IS_CONST) {
4826 			zend_string_addref(Z_STR(name_node.u.constant));
4827 		}
4828 
4829 		zend_emit_assign_ref_znode(
4830 			zend_ast_create(ZEND_AST_VAR, zend_ast_create_znode(&name_node)),
4831 			&result
4832 		);
4833 	}
4834 }
4835 /* }}} */
4836 
zend_compile_static_var_common(zend_string * var_name,zval * value,uint32_t mode)4837 static void zend_compile_static_var_common(zend_string *var_name, zval *value, uint32_t mode) /* {{{ */
4838 {
4839 	zend_op *opline;
4840 	if (!CG(active_op_array)->static_variables) {
4841 		if (CG(active_op_array)->scope) {
4842 			CG(active_op_array)->scope->ce_flags |= ZEND_HAS_STATIC_IN_METHODS;
4843 		}
4844 		CG(active_op_array)->static_variables = zend_new_array(8);
4845 	}
4846 
4847 	value = zend_hash_update(CG(active_op_array)->static_variables, var_name, value);
4848 
4849 	if (zend_string_equals_literal(var_name, "this")) {
4850 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use $this as static variable");
4851 	}
4852 
4853 	opline = zend_emit_op(NULL, ZEND_BIND_STATIC, NULL, NULL);
4854 	opline->op1_type = IS_CV;
4855 	opline->op1.var = lookup_cv(var_name);
4856 	opline->extended_value = (uint32_t)((char*)value - (char*)CG(active_op_array)->static_variables->arData) | mode;
4857 }
4858 /* }}} */
4859 
zend_compile_static_var(zend_ast * ast)4860 static void zend_compile_static_var(zend_ast *ast) /* {{{ */
4861 {
4862 	zend_ast *var_ast = ast->child[0];
4863 	zend_ast **value_ast_ptr = &ast->child[1];
4864 	zval value_zv;
4865 
4866 	if (*value_ast_ptr) {
4867 		zend_const_expr_to_zval(&value_zv, value_ast_ptr, /* allow_dynamic */ true);
4868 	} else {
4869 		ZVAL_NULL(&value_zv);
4870 	}
4871 
4872 	zend_compile_static_var_common(zend_ast_get_str(var_ast), &value_zv, ZEND_BIND_REF);
4873 }
4874 /* }}} */
4875 
zend_compile_unset(zend_ast * ast)4876 static void zend_compile_unset(zend_ast *ast) /* {{{ */
4877 {
4878 	zend_ast *var_ast = ast->child[0];
4879 	znode var_node;
4880 	zend_op *opline;
4881 
4882 	zend_ensure_writable_variable(var_ast);
4883 
4884 	if (is_global_var_fetch(var_ast)) {
4885 		if (!var_ast->child[1]) {
4886 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for unsetting");
4887 		}
4888 
4889 		zend_compile_expr(&var_node, var_ast->child[1]);
4890 		if (var_node.op_type == IS_CONST) {
4891 			convert_to_string(&var_node.u.constant);
4892 		}
4893 
4894 		opline = zend_emit_op(NULL, ZEND_UNSET_VAR, &var_node, NULL);
4895 		opline->extended_value = ZEND_FETCH_GLOBAL;
4896 		return;
4897 	}
4898 
4899 	switch (var_ast->kind) {
4900 		case ZEND_AST_VAR:
4901 			if (is_this_fetch(var_ast)) {
4902 				zend_error_noreturn(E_COMPILE_ERROR, "Cannot unset $this");
4903 			} else if (zend_try_compile_cv(&var_node, var_ast) == SUCCESS) {
4904 				opline = zend_emit_op(NULL, ZEND_UNSET_CV, &var_node, NULL);
4905 			} else {
4906 				opline = zend_compile_simple_var_no_cv(NULL, var_ast, BP_VAR_UNSET, 0);
4907 				opline->opcode = ZEND_UNSET_VAR;
4908 			}
4909 			return;
4910 		case ZEND_AST_DIM:
4911 			opline = zend_compile_dim(NULL, var_ast, BP_VAR_UNSET, /* by_ref */ false);
4912 			opline->opcode = ZEND_UNSET_DIM;
4913 			return;
4914 		case ZEND_AST_PROP:
4915 		case ZEND_AST_NULLSAFE_PROP:
4916 			opline = zend_compile_prop(NULL, var_ast, BP_VAR_UNSET, 0);
4917 			opline->opcode = ZEND_UNSET_OBJ;
4918 			return;
4919 		case ZEND_AST_STATIC_PROP:
4920 			opline = zend_compile_static_prop(NULL, var_ast, BP_VAR_UNSET, 0, 0);
4921 			opline->opcode = ZEND_UNSET_STATIC_PROP;
4922 			return;
4923 		EMPTY_SWITCH_DEFAULT_CASE()
4924 	}
4925 }
4926 /* }}} */
4927 
zend_handle_loops_and_finally_ex(zend_long depth,znode * return_value)4928 static bool zend_handle_loops_and_finally_ex(zend_long depth, znode *return_value) /* {{{ */
4929 {
4930 	zend_loop_var *base;
4931 	zend_loop_var *loop_var = zend_stack_top(&CG(loop_var_stack));
4932 
4933 	if (!loop_var) {
4934 		return 1;
4935 	}
4936 	base = zend_stack_base(&CG(loop_var_stack));
4937 	for (; loop_var >= base; loop_var--) {
4938 		if (loop_var->opcode == ZEND_FAST_CALL) {
4939 			zend_op *opline = get_next_op();
4940 
4941 			opline->opcode = ZEND_FAST_CALL;
4942 			opline->result_type = IS_TMP_VAR;
4943 			opline->result.var = loop_var->var_num;
4944 			if (return_value) {
4945 				SET_NODE(opline->op2, return_value);
4946 			}
4947 			opline->op1.num = loop_var->try_catch_offset;
4948 		} else if (loop_var->opcode == ZEND_DISCARD_EXCEPTION) {
4949 			zend_op *opline = get_next_op();
4950 			opline->opcode = ZEND_DISCARD_EXCEPTION;
4951 			opline->op1_type = IS_TMP_VAR;
4952 			opline->op1.var = loop_var->var_num;
4953 		} else if (loop_var->opcode == ZEND_RETURN) {
4954 			/* Stack separator */
4955 			break;
4956 		} else if (depth <= 1) {
4957 			return 1;
4958 		} else if (loop_var->opcode == ZEND_NOP) {
4959 			/* Loop doesn't have freeable variable */
4960 			depth--;
4961 		} else {
4962 			zend_op *opline;
4963 
4964 			ZEND_ASSERT(loop_var->var_type & (IS_VAR|IS_TMP_VAR));
4965 			opline = get_next_op();
4966 			opline->opcode = loop_var->opcode;
4967 			opline->op1_type = loop_var->var_type;
4968 			opline->op1.var = loop_var->var_num;
4969 			opline->extended_value = ZEND_FREE_ON_RETURN;
4970 			depth--;
4971 	    }
4972 	}
4973 	return (depth == 0);
4974 }
4975 /* }}} */
4976 
zend_handle_loops_and_finally(znode * return_value)4977 static bool zend_handle_loops_and_finally(znode *return_value) /* {{{ */
4978 {
4979 	return zend_handle_loops_and_finally_ex(zend_stack_count(&CG(loop_var_stack)) + 1, return_value);
4980 }
4981 /* }}} */
4982 
zend_has_finally_ex(zend_long depth)4983 static bool zend_has_finally_ex(zend_long depth) /* {{{ */
4984 {
4985 	zend_loop_var *base;
4986 	zend_loop_var *loop_var = zend_stack_top(&CG(loop_var_stack));
4987 
4988 	if (!loop_var) {
4989 		return 0;
4990 	}
4991 	base = zend_stack_base(&CG(loop_var_stack));
4992 	for (; loop_var >= base; loop_var--) {
4993 		if (loop_var->opcode == ZEND_FAST_CALL) {
4994 			return 1;
4995 		} else if (loop_var->opcode == ZEND_DISCARD_EXCEPTION) {
4996 		} else if (loop_var->opcode == ZEND_RETURN) {
4997 			/* Stack separator */
4998 			return 0;
4999 		} else if (depth <= 1) {
5000 			return 0;
5001 		} else {
5002 			depth--;
5003 	    }
5004 	}
5005 	return 0;
5006 }
5007 /* }}} */
5008 
zend_has_finally(void)5009 static bool zend_has_finally(void) /* {{{ */
5010 {
5011 	return zend_has_finally_ex(zend_stack_count(&CG(loop_var_stack)) + 1);
5012 }
5013 /* }}} */
5014 
zend_compile_return(zend_ast * ast)5015 static void zend_compile_return(zend_ast *ast) /* {{{ */
5016 {
5017 	zend_ast *expr_ast = ast->child[0];
5018 	bool is_generator = (CG(active_op_array)->fn_flags & ZEND_ACC_GENERATOR) != 0;
5019 	bool by_ref = (CG(active_op_array)->fn_flags & ZEND_ACC_RETURN_REFERENCE) != 0;
5020 
5021 	znode expr_node;
5022 	zend_op *opline;
5023 
5024 	if (is_generator) {
5025 		/* For generators the by-ref flag refers to yields, not returns */
5026 		by_ref = 0;
5027 	}
5028 
5029 	if (!expr_ast) {
5030 		expr_node.op_type = IS_CONST;
5031 		ZVAL_NULL(&expr_node.u.constant);
5032 	} else if (by_ref && zend_is_variable(expr_ast)) {
5033 		zend_assert_not_short_circuited(expr_ast);
5034 		zend_compile_var(&expr_node, expr_ast, BP_VAR_W, 1);
5035 	} else {
5036 		zend_compile_expr(&expr_node, expr_ast);
5037 	}
5038 
5039 	if ((CG(active_op_array)->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK)
5040 	 && (expr_node.op_type == IS_CV || (by_ref && expr_node.op_type == IS_VAR))
5041 	 && zend_has_finally()) {
5042 		/* Copy return value into temporary VAR to avoid modification in finally code */
5043 		if (by_ref) {
5044 			zend_emit_op(&expr_node, ZEND_MAKE_REF, &expr_node, NULL);
5045 		} else {
5046 			zend_emit_op_tmp(&expr_node, ZEND_QM_ASSIGN, &expr_node, NULL);
5047 		}
5048 	}
5049 
5050 	/* Generator return types are handled separately */
5051 	if (!is_generator && (CG(active_op_array)->fn_flags & ZEND_ACC_HAS_RETURN_TYPE)) {
5052 		zend_emit_return_type_check(
5053 			expr_ast ? &expr_node : NULL, CG(active_op_array)->arg_info - 1, 0);
5054 	}
5055 
5056 	zend_handle_loops_and_finally((expr_node.op_type & (IS_TMP_VAR | IS_VAR)) ? &expr_node : NULL);
5057 
5058 	opline = zend_emit_op(NULL, by_ref ? ZEND_RETURN_BY_REF : ZEND_RETURN,
5059 		&expr_node, NULL);
5060 
5061 	if (by_ref && expr_ast) {
5062 		if (zend_is_call(expr_ast)) {
5063 			opline->extended_value = ZEND_RETURNS_FUNCTION;
5064 		} else if (!zend_is_variable(expr_ast) || zend_ast_is_short_circuited(expr_ast)) {
5065 			opline->extended_value = ZEND_RETURNS_VALUE;
5066 		}
5067 	}
5068 }
5069 /* }}} */
5070 
zend_compile_echo(zend_ast * ast)5071 static void zend_compile_echo(zend_ast *ast) /* {{{ */
5072 {
5073 	zend_op *opline;
5074 	zend_ast *expr_ast = ast->child[0];
5075 
5076 	znode expr_node;
5077 	zend_compile_expr(&expr_node, expr_ast);
5078 
5079 	opline = zend_emit_op(NULL, ZEND_ECHO, &expr_node, NULL);
5080 	opline->extended_value = 0;
5081 }
5082 /* }}} */
5083 
zend_compile_throw(znode * result,zend_ast * ast)5084 static void zend_compile_throw(znode *result, zend_ast *ast) /* {{{ */
5085 {
5086 	zend_ast *expr_ast = ast->child[0];
5087 
5088 	znode expr_node;
5089 	zend_compile_expr(&expr_node, expr_ast);
5090 
5091 	zend_op *opline = zend_emit_op(NULL, ZEND_THROW, &expr_node, NULL);
5092 	if (result) {
5093 		/* Mark this as an "expression throw" for opcache. */
5094 		opline->extended_value = ZEND_THROW_IS_EXPR;
5095 		result->op_type = IS_CONST;
5096 		ZVAL_TRUE(&result->u.constant);
5097 	}
5098 }
5099 /* }}} */
5100 
zend_compile_break_continue(zend_ast * ast)5101 static void zend_compile_break_continue(zend_ast *ast) /* {{{ */
5102 {
5103 	zend_ast *depth_ast = ast->child[0];
5104 
5105 	zend_op *opline;
5106 	zend_long depth;
5107 
5108 	ZEND_ASSERT(ast->kind == ZEND_AST_BREAK || ast->kind == ZEND_AST_CONTINUE);
5109 
5110 	if (depth_ast) {
5111 		zval *depth_zv;
5112 		if (depth_ast->kind != ZEND_AST_ZVAL) {
5113 			zend_error_noreturn(E_COMPILE_ERROR, "'%s' operator with non-integer operand "
5114 				"is no longer supported", ast->kind == ZEND_AST_BREAK ? "break" : "continue");
5115 		}
5116 
5117 		depth_zv = zend_ast_get_zval(depth_ast);
5118 		if (Z_TYPE_P(depth_zv) != IS_LONG || Z_LVAL_P(depth_zv) < 1) {
5119 			zend_error_noreturn(E_COMPILE_ERROR, "'%s' operator accepts only positive integers",
5120 				ast->kind == ZEND_AST_BREAK ? "break" : "continue");
5121 		}
5122 
5123 		depth = Z_LVAL_P(depth_zv);
5124 	} else {
5125 		depth = 1;
5126 	}
5127 
5128 	if (CG(context).current_brk_cont == -1) {
5129 		zend_error_noreturn(E_COMPILE_ERROR, "'%s' not in the 'loop' or 'switch' context",
5130 			ast->kind == ZEND_AST_BREAK ? "break" : "continue");
5131 	} else {
5132 		if (!zend_handle_loops_and_finally_ex(depth, NULL)) {
5133 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot '%s' " ZEND_LONG_FMT " level%s",
5134 				ast->kind == ZEND_AST_BREAK ? "break" : "continue",
5135 				depth, depth == 1 ? "" : "s");
5136 		}
5137 	}
5138 
5139 	if (ast->kind == ZEND_AST_CONTINUE) {
5140 		int d, cur = CG(context).current_brk_cont;
5141 		for (d = depth - 1; d > 0; d--) {
5142 			cur = CG(context).brk_cont_array[cur].parent;
5143 			ZEND_ASSERT(cur != -1);
5144 		}
5145 
5146 		if (CG(context).brk_cont_array[cur].is_switch) {
5147 			if (depth == 1) {
5148 				if (CG(context).brk_cont_array[cur].parent == -1) {
5149 					zend_error(E_WARNING,
5150 						"\"continue\" targeting switch is equivalent to \"break\"");
5151 				} else {
5152 					zend_error(E_WARNING,
5153 						"\"continue\" targeting switch is equivalent to \"break\". " \
5154 						"Did you mean to use \"continue " ZEND_LONG_FMT "\"?",
5155 						depth + 1);
5156 				}
5157 			} else {
5158 				if (CG(context).brk_cont_array[cur].parent == -1) {
5159 					zend_error(E_WARNING,
5160 						"\"continue " ZEND_LONG_FMT "\" targeting switch is equivalent to \"break " ZEND_LONG_FMT "\"",
5161 						depth, depth);
5162 				} else {
5163 					zend_error(E_WARNING,
5164 						"\"continue " ZEND_LONG_FMT "\" targeting switch is equivalent to \"break " ZEND_LONG_FMT "\". " \
5165 						"Did you mean to use \"continue " ZEND_LONG_FMT "\"?",
5166 						depth, depth, depth + 1);
5167 				}
5168 			}
5169 		}
5170 	}
5171 
5172 	opline = zend_emit_op(NULL, ast->kind == ZEND_AST_BREAK ? ZEND_BRK : ZEND_CONT, NULL, NULL);
5173 	opline->op1.num = CG(context).current_brk_cont;
5174 	opline->op2.num = depth;
5175 }
5176 /* }}} */
5177 
zend_resolve_goto_label(zend_op_array * op_array,zend_op * opline)5178 void zend_resolve_goto_label(zend_op_array *op_array, zend_op *opline) /* {{{ */
5179 {
5180 	zend_label *dest;
5181 	int current, remove_oplines = opline->op1.num;
5182 	zval *label;
5183 	uint32_t opnum = opline - op_array->opcodes;
5184 
5185 	label = CT_CONSTANT_EX(op_array, opline->op2.constant);
5186 	if (CG(context).labels == NULL ||
5187 	    (dest = zend_hash_find_ptr(CG(context).labels, Z_STR_P(label))) == NULL
5188 	) {
5189 		CG(in_compilation) = 1;
5190 		CG(active_op_array) = op_array;
5191 		CG(zend_lineno) = opline->lineno;
5192 		zend_error_noreturn(E_COMPILE_ERROR, "'goto' to undefined label '%s'", Z_STRVAL_P(label));
5193 	}
5194 
5195 	zval_ptr_dtor_str(label);
5196 	ZVAL_NULL(label);
5197 
5198 	current = opline->extended_value;
5199 	for (; current != dest->brk_cont; current = CG(context).brk_cont_array[current].parent) {
5200 		if (current == -1) {
5201 			CG(in_compilation) = 1;
5202 			CG(active_op_array) = op_array;
5203 			CG(zend_lineno) = opline->lineno;
5204 			zend_error_noreturn(E_COMPILE_ERROR, "'goto' into loop or switch statement is disallowed");
5205 		}
5206 		if (CG(context).brk_cont_array[current].start >= 0) {
5207 			remove_oplines--;
5208 		}
5209 	}
5210 
5211 	for (current = 0; current < op_array->last_try_catch; ++current) {
5212 		zend_try_catch_element *elem = &op_array->try_catch_array[current];
5213 		if (elem->try_op > opnum) {
5214 			break;
5215 		}
5216 		if (elem->finally_op && opnum < elem->finally_op - 1
5217 			&& (dest->opline_num > elem->finally_end || dest->opline_num < elem->try_op)
5218 		) {
5219 			remove_oplines--;
5220 		}
5221 	}
5222 
5223 	opline->opcode = ZEND_JMP;
5224 	SET_UNUSED(opline->op1);
5225 	SET_UNUSED(opline->op2);
5226 	SET_UNUSED(opline->result);
5227 	opline->op1.opline_num = dest->opline_num;
5228 	opline->extended_value = 0;
5229 
5230 	ZEND_ASSERT(remove_oplines >= 0);
5231 	while (remove_oplines--) {
5232 		opline--;
5233 		MAKE_NOP(opline);
5234 		ZEND_VM_SET_OPCODE_HANDLER(opline);
5235 	}
5236 }
5237 /* }}} */
5238 
zend_compile_goto(zend_ast * ast)5239 static void zend_compile_goto(zend_ast *ast) /* {{{ */
5240 {
5241 	zend_ast *label_ast = ast->child[0];
5242 	znode label_node;
5243 	zend_op *opline;
5244 	uint32_t opnum_start = get_next_op_number();
5245 
5246 	zend_compile_expr(&label_node, label_ast);
5247 
5248 	/* Label resolution and unwinding adjustments happen in pass two. */
5249 	zend_handle_loops_and_finally(NULL);
5250 	opline = zend_emit_op(NULL, ZEND_GOTO, NULL, &label_node);
5251 	opline->op1.num = get_next_op_number() - opnum_start - 1;
5252 	opline->extended_value = CG(context).current_brk_cont;
5253 }
5254 /* }}} */
5255 
zend_compile_label(zend_ast * ast)5256 static void zend_compile_label(zend_ast *ast) /* {{{ */
5257 {
5258 	zend_string *label = zend_ast_get_str(ast->child[0]);
5259 	zend_label dest;
5260 
5261 	if (!CG(context).labels) {
5262 		ALLOC_HASHTABLE(CG(context).labels);
5263 		zend_hash_init(CG(context).labels, 8, NULL, label_ptr_dtor, 0);
5264 	}
5265 
5266 	dest.brk_cont = CG(context).current_brk_cont;
5267 	dest.opline_num = get_next_op_number();
5268 
5269 	if (!zend_hash_add_mem(CG(context).labels, label, &dest, sizeof(zend_label))) {
5270 		zend_error_noreturn(E_COMPILE_ERROR, "Label '%s' already defined", ZSTR_VAL(label));
5271 	}
5272 }
5273 /* }}} */
5274 
zend_compile_while(zend_ast * ast)5275 static void zend_compile_while(zend_ast *ast) /* {{{ */
5276 {
5277 	zend_ast *cond_ast = ast->child[0];
5278 	zend_ast *stmt_ast = ast->child[1];
5279 	znode cond_node;
5280 	uint32_t opnum_start, opnum_jmp, opnum_cond;
5281 
5282 	opnum_jmp = zend_emit_jump(0);
5283 
5284 	zend_begin_loop(ZEND_NOP, NULL, 0);
5285 
5286 	opnum_start = get_next_op_number();
5287 	zend_compile_stmt(stmt_ast);
5288 
5289 	opnum_cond = get_next_op_number();
5290 	zend_update_jump_target(opnum_jmp, opnum_cond);
5291 	zend_compile_expr(&cond_node, cond_ast);
5292 
5293 	zend_emit_cond_jump(ZEND_JMPNZ, &cond_node, opnum_start);
5294 
5295 	zend_end_loop(opnum_cond, NULL);
5296 }
5297 /* }}} */
5298 
zend_compile_do_while(zend_ast * ast)5299 static void zend_compile_do_while(zend_ast *ast) /* {{{ */
5300 {
5301 	zend_ast *stmt_ast = ast->child[0];
5302 	zend_ast *cond_ast = ast->child[1];
5303 
5304 	znode cond_node;
5305 	uint32_t opnum_start, opnum_cond;
5306 
5307 	zend_begin_loop(ZEND_NOP, NULL, 0);
5308 
5309 	opnum_start = get_next_op_number();
5310 	zend_compile_stmt(stmt_ast);
5311 
5312 	opnum_cond = get_next_op_number();
5313 	zend_compile_expr(&cond_node, cond_ast);
5314 
5315 	zend_emit_cond_jump(ZEND_JMPNZ, &cond_node, opnum_start);
5316 
5317 	zend_end_loop(opnum_cond, NULL);
5318 }
5319 /* }}} */
5320 
zend_compile_expr_list(znode * result,zend_ast * ast)5321 static void zend_compile_expr_list(znode *result, zend_ast *ast) /* {{{ */
5322 {
5323 	zend_ast_list *list;
5324 	uint32_t i;
5325 
5326 	result->op_type = IS_CONST;
5327 	ZVAL_TRUE(&result->u.constant);
5328 
5329 	if (!ast) {
5330 		return;
5331 	}
5332 
5333 	list = zend_ast_get_list(ast);
5334 	for (i = 0; i < list->children; ++i) {
5335 		zend_ast *expr_ast = list->child[i];
5336 
5337 		zend_do_free(result);
5338 		zend_compile_expr(result, expr_ast);
5339 	}
5340 }
5341 /* }}} */
5342 
zend_compile_for(zend_ast * ast)5343 static void zend_compile_for(zend_ast *ast) /* {{{ */
5344 {
5345 	zend_ast *init_ast = ast->child[0];
5346 	zend_ast *cond_ast = ast->child[1];
5347 	zend_ast *loop_ast = ast->child[2];
5348 	zend_ast *stmt_ast = ast->child[3];
5349 
5350 	znode result;
5351 	uint32_t opnum_start, opnum_jmp, opnum_loop;
5352 
5353 	zend_compile_expr_list(&result, init_ast);
5354 	zend_do_free(&result);
5355 
5356 	opnum_jmp = zend_emit_jump(0);
5357 
5358 	zend_begin_loop(ZEND_NOP, NULL, 0);
5359 
5360 	opnum_start = get_next_op_number();
5361 	zend_compile_stmt(stmt_ast);
5362 
5363 	opnum_loop = get_next_op_number();
5364 	zend_compile_expr_list(&result, loop_ast);
5365 	zend_do_free(&result);
5366 
5367 	zend_update_jump_target_to_next(opnum_jmp);
5368 	zend_compile_expr_list(&result, cond_ast);
5369 	zend_do_extended_stmt();
5370 
5371 	zend_emit_cond_jump(ZEND_JMPNZ, &result, opnum_start);
5372 
5373 	zend_end_loop(opnum_loop, NULL);
5374 }
5375 /* }}} */
5376 
zend_compile_foreach(zend_ast * ast)5377 static void zend_compile_foreach(zend_ast *ast) /* {{{ */
5378 {
5379 	zend_ast *expr_ast = ast->child[0];
5380 	zend_ast *value_ast = ast->child[1];
5381 	zend_ast *key_ast = ast->child[2];
5382 	zend_ast *stmt_ast = ast->child[3];
5383 	bool by_ref = value_ast->kind == ZEND_AST_REF;
5384 	bool is_variable = zend_is_variable(expr_ast) && zend_can_write_to_variable(expr_ast);
5385 
5386 	znode expr_node, reset_node, value_node, key_node;
5387 	zend_op *opline;
5388 	uint32_t opnum_reset, opnum_fetch;
5389 
5390 	if (key_ast) {
5391 		if (key_ast->kind == ZEND_AST_REF) {
5392 			zend_error_noreturn(E_COMPILE_ERROR, "Key element cannot be a reference");
5393 		}
5394 		if (key_ast->kind == ZEND_AST_ARRAY) {
5395 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use list as key element");
5396 		}
5397 	}
5398 
5399 	if (by_ref) {
5400 		value_ast = value_ast->child[0];
5401 	}
5402 
5403 	if (value_ast->kind == ZEND_AST_ARRAY && zend_propagate_list_refs(value_ast)) {
5404 		by_ref = 1;
5405 	}
5406 
5407 	if (by_ref && is_variable) {
5408 		zend_compile_var(&expr_node, expr_ast, BP_VAR_W, 1);
5409 	} else {
5410 		zend_compile_expr(&expr_node, expr_ast);
5411 	}
5412 
5413 	if (by_ref) {
5414 		zend_separate_if_call_and_write(&expr_node, expr_ast, BP_VAR_W);
5415 	}
5416 
5417 	opnum_reset = get_next_op_number();
5418 	opline = zend_emit_op(&reset_node, by_ref ? ZEND_FE_RESET_RW : ZEND_FE_RESET_R, &expr_node, NULL);
5419 
5420 	zend_begin_loop(ZEND_FE_FREE, &reset_node, 0);
5421 
5422 	opnum_fetch = get_next_op_number();
5423 	opline = zend_emit_op(NULL, by_ref ? ZEND_FE_FETCH_RW : ZEND_FE_FETCH_R, &reset_node, NULL);
5424 
5425 	if (is_this_fetch(value_ast)) {
5426 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot re-assign $this");
5427 	} else if (value_ast->kind == ZEND_AST_VAR &&
5428 		zend_try_compile_cv(&value_node, value_ast) == SUCCESS) {
5429 		SET_NODE(opline->op2, &value_node);
5430 	} else {
5431 		opline->op2_type = IS_VAR;
5432 		opline->op2.var = get_temporary_variable();
5433 		GET_NODE(&value_node, opline->op2);
5434 		if (value_ast->kind == ZEND_AST_ARRAY) {
5435 			zend_compile_list_assign(NULL, value_ast, &value_node, value_ast->attr);
5436 		} else if (by_ref) {
5437 			zend_emit_assign_ref_znode(value_ast, &value_node);
5438 		} else {
5439 			zend_emit_assign_znode(value_ast, &value_node);
5440 		}
5441 	}
5442 
5443 	if (key_ast) {
5444 		opline = &CG(active_op_array)->opcodes[opnum_fetch];
5445 		zend_make_tmp_result(&key_node, opline);
5446 		zend_emit_assign_znode(key_ast, &key_node);
5447 	}
5448 
5449 	zend_compile_stmt(stmt_ast);
5450 
5451 	/* Place JMP and FE_FREE on the line where foreach starts. It would be
5452 	 * better to use the end line, but this information is not available
5453 	 * currently. */
5454 	CG(zend_lineno) = ast->lineno;
5455 	zend_emit_jump(opnum_fetch);
5456 
5457 	opline = &CG(active_op_array)->opcodes[opnum_reset];
5458 	opline->op2.opline_num = get_next_op_number();
5459 
5460 	opline = &CG(active_op_array)->opcodes[opnum_fetch];
5461 	opline->extended_value = get_next_op_number();
5462 
5463 	zend_end_loop(opnum_fetch, &reset_node);
5464 
5465 	opline = zend_emit_op(NULL, ZEND_FE_FREE, &reset_node, NULL);
5466 }
5467 /* }}} */
5468 
zend_compile_if(zend_ast * ast)5469 static void zend_compile_if(zend_ast *ast) /* {{{ */
5470 {
5471 	zend_ast_list *list = zend_ast_get_list(ast);
5472 	uint32_t i;
5473 	uint32_t *jmp_opnums = NULL;
5474 
5475 	if (list->children > 1) {
5476 		jmp_opnums = safe_emalloc(sizeof(uint32_t), list->children - 1, 0);
5477 	}
5478 
5479 	for (i = 0; i < list->children; ++i) {
5480 		zend_ast *elem_ast = list->child[i];
5481 		zend_ast *cond_ast = elem_ast->child[0];
5482 		zend_ast *stmt_ast = elem_ast->child[1];
5483 
5484 		if (cond_ast) {
5485 			znode cond_node;
5486 			uint32_t opnum_jmpz;
5487 
5488 			if (i > 0) {
5489 				CG(zend_lineno) = cond_ast->lineno;
5490 				zend_do_extended_stmt();
5491 			}
5492 
5493 			zend_compile_expr(&cond_node, cond_ast);
5494 			opnum_jmpz = zend_emit_cond_jump(ZEND_JMPZ, &cond_node, 0);
5495 
5496 			zend_compile_stmt(stmt_ast);
5497 
5498 			if (i != list->children - 1) {
5499 				/* Set the lineno of JMP to the position of the if keyword, as we don't want to
5500 				 * report the last line in the if branch as covered if it hasn't actually executed. */
5501 				CG(zend_lineno) = elem_ast->lineno;
5502 				jmp_opnums[i] = zend_emit_jump(0);
5503 			}
5504 			zend_update_jump_target_to_next(opnum_jmpz);
5505 		} else {
5506 			/* "else" can only occur as last element. */
5507 			ZEND_ASSERT(i == list->children - 1);
5508 			zend_compile_stmt(stmt_ast);
5509 		}
5510 	}
5511 
5512 	if (list->children > 1) {
5513 		for (i = 0; i < list->children - 1; ++i) {
5514 			zend_update_jump_target_to_next(jmp_opnums[i]);
5515 		}
5516 		efree(jmp_opnums);
5517 	}
5518 }
5519 /* }}} */
5520 
determine_switch_jumptable_type(zend_ast_list * cases)5521 static zend_uchar determine_switch_jumptable_type(zend_ast_list *cases) {
5522 	uint32_t i;
5523 	zend_uchar common_type = IS_UNDEF;
5524 	for (i = 0; i < cases->children; i++) {
5525 		zend_ast *case_ast = cases->child[i];
5526 		zend_ast **cond_ast = &case_ast->child[0];
5527 		zval *cond_zv;
5528 		if (!case_ast->child[0]) {
5529 			/* Skip default clause */
5530 			continue;
5531 		}
5532 
5533 		zend_eval_const_expr(cond_ast);
5534 		if ((*cond_ast)->kind != ZEND_AST_ZVAL) {
5535 			/* Non-constant case */
5536 			return IS_UNDEF;
5537 		}
5538 
5539 		cond_zv = zend_ast_get_zval(case_ast->child[0]);
5540 		if (Z_TYPE_P(cond_zv) != IS_LONG && Z_TYPE_P(cond_zv) != IS_STRING) {
5541 			/* We only optimize switched on integers and strings */
5542 			return IS_UNDEF;
5543 		}
5544 
5545 		if (common_type == IS_UNDEF) {
5546 			common_type = Z_TYPE_P(cond_zv);
5547 		} else if (common_type != Z_TYPE_P(cond_zv)) {
5548 			/* Non-uniform case types */
5549 			return IS_UNDEF;
5550 		}
5551 
5552 		if (Z_TYPE_P(cond_zv) == IS_STRING
5553 				&& is_numeric_string(Z_STRVAL_P(cond_zv), Z_STRLEN_P(cond_zv), NULL, NULL, 0)) {
5554 			/* Numeric strings cannot be compared with a simple hash lookup */
5555 			return IS_UNDEF;
5556 		}
5557 	}
5558 
5559 	return common_type;
5560 }
5561 
should_use_jumptable(zend_ast_list * cases,zend_uchar jumptable_type)5562 static bool should_use_jumptable(zend_ast_list *cases, zend_uchar jumptable_type) {
5563 	if (CG(compiler_options) & ZEND_COMPILE_NO_JUMPTABLES) {
5564 		return 0;
5565 	}
5566 
5567 	/* Thresholds are chosen based on when the average switch time for equidistributed
5568 	 * input becomes smaller when using the jumptable optimization. */
5569 	if (jumptable_type == IS_LONG) {
5570 		return cases->children >= 5;
5571 	} else {
5572 		ZEND_ASSERT(jumptable_type == IS_STRING);
5573 		return cases->children >= 2;
5574 	}
5575 }
5576 
zend_compile_switch(zend_ast * ast)5577 static void zend_compile_switch(zend_ast *ast) /* {{{ */
5578 {
5579 	zend_ast *expr_ast = ast->child[0];
5580 	zend_ast_list *cases = zend_ast_get_list(ast->child[1]);
5581 
5582 	uint32_t i;
5583 	bool has_default_case = 0;
5584 
5585 	znode expr_node, case_node;
5586 	zend_op *opline;
5587 	uint32_t *jmpnz_opnums, opnum_default_jmp, opnum_switch = (uint32_t)-1;
5588 	zend_uchar jumptable_type;
5589 	HashTable *jumptable = NULL;
5590 
5591 	zend_compile_expr(&expr_node, expr_ast);
5592 
5593 	zend_begin_loop(ZEND_FREE, &expr_node, 1);
5594 
5595 	case_node.op_type = IS_TMP_VAR;
5596 	case_node.u.op.var = get_temporary_variable();
5597 
5598 	jumptable_type = determine_switch_jumptable_type(cases);
5599 	if (jumptable_type != IS_UNDEF && should_use_jumptable(cases, jumptable_type)) {
5600 		znode jumptable_op;
5601 
5602 		ALLOC_HASHTABLE(jumptable);
5603 		zend_hash_init(jumptable, cases->children, NULL, NULL, 0);
5604 		jumptable_op.op_type = IS_CONST;
5605 		ZVAL_ARR(&jumptable_op.u.constant, jumptable);
5606 
5607 		opline = zend_emit_op(NULL,
5608 			jumptable_type == IS_LONG ? ZEND_SWITCH_LONG : ZEND_SWITCH_STRING,
5609 			&expr_node, &jumptable_op);
5610 		if (opline->op1_type == IS_CONST) {
5611 			Z_TRY_ADDREF_P(CT_CONSTANT(opline->op1));
5612 		}
5613 		opnum_switch = opline - CG(active_op_array)->opcodes;
5614 	}
5615 
5616 	jmpnz_opnums = safe_emalloc(sizeof(uint32_t), cases->children, 0);
5617 	for (i = 0; i < cases->children; ++i) {
5618 		zend_ast *case_ast = cases->child[i];
5619 		zend_ast *cond_ast = case_ast->child[0];
5620 		znode cond_node;
5621 
5622 		if (!cond_ast) {
5623 			if (has_default_case) {
5624 				CG(zend_lineno) = case_ast->lineno;
5625 				zend_error_noreturn(E_COMPILE_ERROR,
5626 					"Switch statements may only contain one default clause");
5627 			}
5628 			has_default_case = 1;
5629 			continue;
5630 		}
5631 
5632 		zend_compile_expr(&cond_node, cond_ast);
5633 
5634 		if (expr_node.op_type == IS_CONST
5635 			&& Z_TYPE(expr_node.u.constant) == IS_FALSE) {
5636 			jmpnz_opnums[i] = zend_emit_cond_jump(ZEND_JMPZ, &cond_node, 0);
5637 		} else if (expr_node.op_type == IS_CONST
5638 			&& Z_TYPE(expr_node.u.constant) == IS_TRUE) {
5639 			jmpnz_opnums[i] = zend_emit_cond_jump(ZEND_JMPNZ, &cond_node, 0);
5640 		} else {
5641 			opline = zend_emit_op(NULL,
5642 				(expr_node.op_type & (IS_VAR|IS_TMP_VAR)) ? ZEND_CASE : ZEND_IS_EQUAL,
5643 				&expr_node, &cond_node);
5644 			SET_NODE(opline->result, &case_node);
5645 			if (opline->op1_type == IS_CONST) {
5646 				Z_TRY_ADDREF_P(CT_CONSTANT(opline->op1));
5647 			}
5648 
5649 			jmpnz_opnums[i] = zend_emit_cond_jump(ZEND_JMPNZ, &case_node, 0);
5650 		}
5651 	}
5652 
5653 	opnum_default_jmp = zend_emit_jump(0);
5654 
5655 	for (i = 0; i < cases->children; ++i) {
5656 		zend_ast *case_ast = cases->child[i];
5657 		zend_ast *cond_ast = case_ast->child[0];
5658 		zend_ast *stmt_ast = case_ast->child[1];
5659 
5660 		if (cond_ast) {
5661 			zend_update_jump_target_to_next(jmpnz_opnums[i]);
5662 
5663 			if (jumptable) {
5664 				zval *cond_zv = zend_ast_get_zval(cond_ast);
5665 				zval jmp_target;
5666 				ZVAL_LONG(&jmp_target, get_next_op_number());
5667 
5668 				ZEND_ASSERT(Z_TYPE_P(cond_zv) == jumptable_type);
5669 				if (Z_TYPE_P(cond_zv) == IS_LONG) {
5670 					zend_hash_index_add(jumptable, Z_LVAL_P(cond_zv), &jmp_target);
5671 				} else {
5672 					ZEND_ASSERT(Z_TYPE_P(cond_zv) == IS_STRING);
5673 					zend_hash_add(jumptable, Z_STR_P(cond_zv), &jmp_target);
5674 				}
5675 			}
5676 		} else {
5677 			zend_update_jump_target_to_next(opnum_default_jmp);
5678 
5679 			if (jumptable) {
5680 				ZEND_ASSERT(opnum_switch != (uint32_t)-1);
5681 				opline = &CG(active_op_array)->opcodes[opnum_switch];
5682 				opline->extended_value = get_next_op_number();
5683 			}
5684 		}
5685 
5686 		zend_compile_stmt(stmt_ast);
5687 	}
5688 
5689 	if (!has_default_case) {
5690 		zend_update_jump_target_to_next(opnum_default_jmp);
5691 
5692 		if (jumptable) {
5693 			opline = &CG(active_op_array)->opcodes[opnum_switch];
5694 			opline->extended_value = get_next_op_number();
5695 		}
5696 	}
5697 
5698 	zend_end_loop(get_next_op_number(), &expr_node);
5699 
5700 	if (expr_node.op_type & (IS_VAR|IS_TMP_VAR)) {
5701 		opline = zend_emit_op(NULL, ZEND_FREE, &expr_node, NULL);
5702 		opline->extended_value = ZEND_FREE_SWITCH;
5703 	} else if (expr_node.op_type == IS_CONST) {
5704 		zval_ptr_dtor_nogc(&expr_node.u.constant);
5705 	}
5706 
5707 	efree(jmpnz_opnums);
5708 }
5709 /* }}} */
5710 
count_match_conds(zend_ast_list * arms)5711 static uint32_t count_match_conds(zend_ast_list *arms)
5712 {
5713 	uint32_t num_conds = 0;
5714 
5715 	for (uint32_t i = 0; i < arms->children; i++) {
5716 		zend_ast *arm_ast = arms->child[i];
5717 		if (arm_ast->child[0] == NULL) {
5718 			continue;
5719 		}
5720 
5721 		zend_ast_list *conds = zend_ast_get_list(arm_ast->child[0]);
5722 		num_conds += conds->children;
5723 	}
5724 
5725 	return num_conds;
5726 }
5727 
can_match_use_jumptable(zend_ast_list * arms)5728 static bool can_match_use_jumptable(zend_ast_list *arms) {
5729 	for (uint32_t i = 0; i < arms->children; i++) {
5730 		zend_ast *arm_ast = arms->child[i];
5731 		if (!arm_ast->child[0]) {
5732 			/* Skip default arm */
5733 			continue;
5734 		}
5735 
5736 		zend_ast_list *conds = zend_ast_get_list(arm_ast->child[0]);
5737 		for (uint32_t j = 0; j < conds->children; j++) {
5738 			zend_ast **cond_ast = &conds->child[j];
5739 
5740 			zend_eval_const_expr(cond_ast);
5741 			if ((*cond_ast)->kind != ZEND_AST_ZVAL) {
5742 				return 0;
5743 			}
5744 
5745 			zval *cond_zv = zend_ast_get_zval(*cond_ast);
5746 			if (Z_TYPE_P(cond_zv) != IS_LONG && Z_TYPE_P(cond_zv) != IS_STRING) {
5747 				return 0;
5748 			}
5749 		}
5750 	}
5751 
5752 	return 1;
5753 }
5754 
zend_compile_match(znode * result,zend_ast * ast)5755 static void zend_compile_match(znode *result, zend_ast *ast)
5756 {
5757 	zend_ast *expr_ast = ast->child[0];
5758 	zend_ast_list *arms = zend_ast_get_list(ast->child[1]);
5759 	bool has_default_arm = 0;
5760 	uint32_t opnum_match = (uint32_t)-1;
5761 
5762 	znode expr_node;
5763 	zend_compile_expr(&expr_node, expr_ast);
5764 
5765 	znode case_node;
5766 	case_node.op_type = IS_TMP_VAR;
5767 	case_node.u.op.var = get_temporary_variable();
5768 
5769 	uint32_t num_conds = count_match_conds(arms);
5770 	zend_uchar can_use_jumptable = can_match_use_jumptable(arms);
5771 	bool uses_jumptable = can_use_jumptable && num_conds >= 2;
5772 	HashTable *jumptable = NULL;
5773 	uint32_t *jmpnz_opnums = NULL;
5774 
5775 	for (uint32_t i = 0; i < arms->children; ++i) {
5776 		zend_ast *arm_ast = arms->child[i];
5777 
5778 		if (!arm_ast->child[0]) {
5779 			if (has_default_arm) {
5780 				CG(zend_lineno) = arm_ast->lineno;
5781 				zend_error_noreturn(E_COMPILE_ERROR,
5782 					"Match expressions may only contain one default arm");
5783 			}
5784 			has_default_arm = 1;
5785 		}
5786 	}
5787 
5788 	if (uses_jumptable) {
5789 		znode jumptable_op;
5790 
5791 		ALLOC_HASHTABLE(jumptable);
5792 		zend_hash_init(jumptable, num_conds, NULL, NULL, 0);
5793 		jumptable_op.op_type = IS_CONST;
5794 		ZVAL_ARR(&jumptable_op.u.constant, jumptable);
5795 
5796 		zend_op *opline = zend_emit_op(NULL, ZEND_MATCH, &expr_node, &jumptable_op);
5797 		if (opline->op1_type == IS_CONST) {
5798 			Z_TRY_ADDREF_P(CT_CONSTANT(opline->op1));
5799 		}
5800 		opnum_match = opline - CG(active_op_array)->opcodes;
5801 	} else {
5802 		jmpnz_opnums = safe_emalloc(sizeof(uint32_t), num_conds, 0);
5803 		uint32_t cond_count = 0;
5804 		for (uint32_t i = 0; i < arms->children; ++i) {
5805 			zend_ast *arm_ast = arms->child[i];
5806 
5807 			if (!arm_ast->child[0]) {
5808 				continue;
5809 			}
5810 
5811 			zend_ast_list *conds = zend_ast_get_list(arm_ast->child[0]);
5812 			for (uint32_t j = 0; j < conds->children; j++) {
5813 				zend_ast *cond_ast = conds->child[j];
5814 
5815 				znode cond_node;
5816 				zend_compile_expr(&cond_node, cond_ast);
5817 
5818 				uint32_t opcode = (expr_node.op_type & (IS_VAR|IS_TMP_VAR)) ? ZEND_CASE_STRICT : ZEND_IS_IDENTICAL;
5819 				zend_op *opline = zend_emit_op(NULL, opcode, &expr_node, &cond_node);
5820 				SET_NODE(opline->result, &case_node);
5821 				if (opline->op1_type == IS_CONST) {
5822 					Z_TRY_ADDREF_P(CT_CONSTANT(opline->op1));
5823 				}
5824 
5825 				jmpnz_opnums[cond_count] = zend_emit_cond_jump(ZEND_JMPNZ, &case_node, 0);
5826 
5827 				cond_count++;
5828 			}
5829 		}
5830 	}
5831 
5832 	uint32_t opnum_default_jmp = 0;
5833 	if (!uses_jumptable) {
5834 		opnum_default_jmp = zend_emit_jump(0);
5835 	}
5836 
5837 	bool is_first_case = 1;
5838 	uint32_t cond_count = 0;
5839 	uint32_t *jmp_end_opnums = safe_emalloc(sizeof(uint32_t), arms->children, 0);
5840 
5841 	// The generated default arm is emitted first to avoid live range issues where the tmpvar
5842 	// for the arm result is freed even though it has not been initialized yet.
5843 	if (!has_default_arm) {
5844 		if (!uses_jumptable) {
5845 			zend_update_jump_target_to_next(opnum_default_jmp);
5846 		}
5847 
5848 		if (jumptable) {
5849 			zend_op *opline = &CG(active_op_array)->opcodes[opnum_match];
5850 			opline->extended_value = get_next_op_number();
5851 		}
5852 
5853 		zend_op *opline = zend_emit_op(NULL, ZEND_MATCH_ERROR, &expr_node, NULL);
5854 		if (opline->op1_type == IS_CONST) {
5855 			Z_TRY_ADDREF_P(CT_CONSTANT(opline->op1));
5856 		}
5857 		if (arms->children == 0) {
5858 			/* Mark this as an "expression throw" for opcache. */
5859 			opline->extended_value = ZEND_THROW_IS_EXPR;
5860 		}
5861 	}
5862 
5863 	for (uint32_t i = 0; i < arms->children; ++i) {
5864 		zend_ast *arm_ast = arms->child[i];
5865 		zend_ast *body_ast = arm_ast->child[1];
5866 
5867 		if (arm_ast->child[0] != NULL) {
5868 			zend_ast_list *conds = zend_ast_get_list(arm_ast->child[0]);
5869 
5870 			for (uint32_t j = 0; j < conds->children; j++) {
5871 				zend_ast *cond_ast = conds->child[j];
5872 
5873 				if (jmpnz_opnums != NULL) {
5874 					zend_update_jump_target_to_next(jmpnz_opnums[cond_count]);
5875 				}
5876 
5877 				if (jumptable) {
5878 					zval *cond_zv = zend_ast_get_zval(cond_ast);
5879 					zval jmp_target;
5880 					ZVAL_LONG(&jmp_target, get_next_op_number());
5881 
5882 					if (Z_TYPE_P(cond_zv) == IS_LONG) {
5883 						zend_hash_index_add(jumptable, Z_LVAL_P(cond_zv), &jmp_target);
5884 					} else {
5885 						ZEND_ASSERT(Z_TYPE_P(cond_zv) == IS_STRING);
5886 						zend_hash_add(jumptable, Z_STR_P(cond_zv), &jmp_target);
5887 					}
5888 				}
5889 
5890 				cond_count++;
5891 			}
5892 		} else {
5893 			if (!uses_jumptable) {
5894 				zend_update_jump_target_to_next(opnum_default_jmp);
5895 			}
5896 
5897 			if (jumptable) {
5898 				ZEND_ASSERT(opnum_match != (uint32_t)-1);
5899 				zend_op *opline = &CG(active_op_array)->opcodes[opnum_match];
5900 				opline->extended_value = get_next_op_number();
5901 			}
5902 		}
5903 
5904 		znode body_node;
5905 		zend_compile_expr(&body_node, body_ast);
5906 
5907 		if (is_first_case) {
5908 			zend_emit_op_tmp(result, ZEND_QM_ASSIGN, &body_node, NULL);
5909 			is_first_case = 0;
5910 		} else {
5911 			zend_op *opline_qm_assign = zend_emit_op(NULL, ZEND_QM_ASSIGN, &body_node, NULL);
5912 			SET_NODE(opline_qm_assign->result, result);
5913 		}
5914 
5915 		jmp_end_opnums[i] = zend_emit_jump(0);
5916 	}
5917 
5918 	// Initialize result in case there is no arm
5919 	if (arms->children == 0) {
5920 		result->op_type = IS_CONST;
5921 		ZVAL_NULL(&result->u.constant);
5922 	}
5923 
5924 	for (uint32_t i = 0; i < arms->children; ++i) {
5925 		zend_update_jump_target_to_next(jmp_end_opnums[i]);
5926 	}
5927 
5928 	if (expr_node.op_type & (IS_VAR|IS_TMP_VAR)) {
5929 		zend_op *opline = zend_emit_op(NULL, ZEND_FREE, &expr_node, NULL);
5930 		opline->extended_value = ZEND_FREE_SWITCH;
5931 	} else if (expr_node.op_type == IS_CONST) {
5932 		zval_ptr_dtor_nogc(&expr_node.u.constant);
5933 	}
5934 
5935 	if (jmpnz_opnums != NULL) {
5936 		efree(jmpnz_opnums);
5937 	}
5938 	efree(jmp_end_opnums);
5939 }
5940 
zend_compile_try(zend_ast * ast)5941 static void zend_compile_try(zend_ast *ast) /* {{{ */
5942 {
5943 	zend_ast *try_ast = ast->child[0];
5944 	zend_ast_list *catches = zend_ast_get_list(ast->child[1]);
5945 	zend_ast *finally_ast = ast->child[2];
5946 
5947 	uint32_t i, j;
5948 	zend_op *opline;
5949 	uint32_t try_catch_offset;
5950 	uint32_t *jmp_opnums = safe_emalloc(sizeof(uint32_t), catches->children, 0);
5951 	uint32_t orig_fast_call_var = CG(context).fast_call_var;
5952 	uint32_t orig_try_catch_offset = CG(context).try_catch_offset;
5953 
5954 	if (catches->children == 0 && !finally_ast) {
5955 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use try without catch or finally");
5956 	}
5957 
5958 	/* label: try { } must not be equal to try { label: } */
5959 	if (CG(context).labels) {
5960 		zend_label *label;
5961 		ZEND_HASH_MAP_REVERSE_FOREACH_PTR(CG(context).labels, label) {
5962 			if (label->opline_num == get_next_op_number()) {
5963 				zend_emit_op(NULL, ZEND_NOP, NULL, NULL);
5964 			}
5965 			break;
5966 		} ZEND_HASH_FOREACH_END();
5967 	}
5968 
5969 	try_catch_offset = zend_add_try_element(get_next_op_number());
5970 
5971 	if (finally_ast) {
5972 		zend_loop_var fast_call;
5973 		if (!(CG(active_op_array)->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK)) {
5974 			CG(active_op_array)->fn_flags |= ZEND_ACC_HAS_FINALLY_BLOCK;
5975 		}
5976 		CG(context).fast_call_var = get_temporary_variable();
5977 
5978 		/* Push FAST_CALL on unwind stack */
5979 		fast_call.opcode = ZEND_FAST_CALL;
5980 		fast_call.var_type = IS_TMP_VAR;
5981 		fast_call.var_num = CG(context).fast_call_var;
5982 		fast_call.try_catch_offset = try_catch_offset;
5983 		zend_stack_push(&CG(loop_var_stack), &fast_call);
5984 	}
5985 
5986 	CG(context).try_catch_offset = try_catch_offset;
5987 
5988 	zend_compile_stmt(try_ast);
5989 
5990 	if (catches->children != 0) {
5991 		jmp_opnums[0] = zend_emit_jump(0);
5992 	}
5993 
5994 	for (i = 0; i < catches->children; ++i) {
5995 		zend_ast *catch_ast = catches->child[i];
5996 		zend_ast_list *classes = zend_ast_get_list(catch_ast->child[0]);
5997 		zend_ast *var_ast = catch_ast->child[1];
5998 		zend_ast *stmt_ast = catch_ast->child[2];
5999 		zend_string *var_name = var_ast ? zval_make_interned_string(zend_ast_get_zval(var_ast)) : NULL;
6000 		bool is_last_catch = (i + 1 == catches->children);
6001 
6002 		uint32_t *jmp_multicatch = safe_emalloc(sizeof(uint32_t), classes->children - 1, 0);
6003 		uint32_t opnum_catch = (uint32_t)-1;
6004 
6005 		CG(zend_lineno) = catch_ast->lineno;
6006 
6007 		for (j = 0; j < classes->children; j++) {
6008 			zend_ast *class_ast = classes->child[j];
6009 			bool is_last_class = (j + 1 == classes->children);
6010 
6011 			if (!zend_is_const_default_class_ref(class_ast)) {
6012 				zend_error_noreturn(E_COMPILE_ERROR, "Bad class name in the catch statement");
6013 			}
6014 
6015 			opnum_catch = get_next_op_number();
6016 			if (i == 0 && j == 0) {
6017 				CG(active_op_array)->try_catch_array[try_catch_offset].catch_op = opnum_catch;
6018 			}
6019 
6020 			opline = get_next_op();
6021 			opline->opcode = ZEND_CATCH;
6022 			opline->op1_type = IS_CONST;
6023 			opline->op1.constant = zend_add_class_name_literal(
6024 					zend_resolve_class_name_ast(class_ast));
6025 			opline->extended_value = zend_alloc_cache_slot();
6026 
6027 			if (var_name && zend_string_equals_literal(var_name, "this")) {
6028 				zend_error_noreturn(E_COMPILE_ERROR, "Cannot re-assign $this");
6029 			}
6030 
6031 			opline->result_type = var_name ? IS_CV : IS_UNUSED;
6032 			opline->result.var = var_name ? lookup_cv(var_name) : -1;
6033 
6034 			if (is_last_catch && is_last_class) {
6035 				opline->extended_value |= ZEND_LAST_CATCH;
6036 			}
6037 
6038 			if (!is_last_class) {
6039 				jmp_multicatch[j] = zend_emit_jump(0);
6040 				opline = &CG(active_op_array)->opcodes[opnum_catch];
6041 				opline->op2.opline_num = get_next_op_number();
6042 			}
6043 		}
6044 
6045 		for (j = 0; j < classes->children - 1; j++) {
6046 			zend_update_jump_target_to_next(jmp_multicatch[j]);
6047 		}
6048 
6049 		efree(jmp_multicatch);
6050 
6051 		zend_compile_stmt(stmt_ast);
6052 
6053 		if (!is_last_catch) {
6054 			jmp_opnums[i + 1] = zend_emit_jump(0);
6055 		}
6056 
6057 		ZEND_ASSERT(opnum_catch != (uint32_t)-1 && "Should have at least one class");
6058 		opline = &CG(active_op_array)->opcodes[opnum_catch];
6059 		if (!is_last_catch) {
6060 			opline->op2.opline_num = get_next_op_number();
6061 		}
6062 	}
6063 
6064 	for (i = 0; i < catches->children; ++i) {
6065 		zend_update_jump_target_to_next(jmp_opnums[i]);
6066 	}
6067 
6068 	if (finally_ast) {
6069 		zend_loop_var discard_exception;
6070 		uint32_t opnum_jmp = get_next_op_number() + 1;
6071 
6072 		/* Pop FAST_CALL from unwind stack */
6073 		zend_stack_del_top(&CG(loop_var_stack));
6074 
6075 		/* Push DISCARD_EXCEPTION on unwind stack */
6076 		discard_exception.opcode = ZEND_DISCARD_EXCEPTION;
6077 		discard_exception.var_type = IS_TMP_VAR;
6078 		discard_exception.var_num = CG(context).fast_call_var;
6079 		zend_stack_push(&CG(loop_var_stack), &discard_exception);
6080 
6081 		CG(zend_lineno) = finally_ast->lineno;
6082 
6083 		opline = zend_emit_op(NULL, ZEND_FAST_CALL, NULL, NULL);
6084 		opline->op1.num = try_catch_offset;
6085 		opline->result_type = IS_TMP_VAR;
6086 		opline->result.var = CG(context).fast_call_var;
6087 
6088 		zend_emit_op(NULL, ZEND_JMP, NULL, NULL);
6089 
6090 		zend_compile_stmt(finally_ast);
6091 
6092 		CG(active_op_array)->try_catch_array[try_catch_offset].finally_op = opnum_jmp + 1;
6093 		CG(active_op_array)->try_catch_array[try_catch_offset].finally_end
6094 			= get_next_op_number();
6095 
6096 		opline = zend_emit_op(NULL, ZEND_FAST_RET, NULL, NULL);
6097 		opline->op1_type = IS_TMP_VAR;
6098 		opline->op1.var = CG(context).fast_call_var;
6099 		opline->op2.num = orig_try_catch_offset;
6100 
6101 		zend_update_jump_target_to_next(opnum_jmp);
6102 
6103 		CG(context).fast_call_var = orig_fast_call_var;
6104 
6105 		/* Pop DISCARD_EXCEPTION from unwind stack */
6106 		zend_stack_del_top(&CG(loop_var_stack));
6107 	}
6108 
6109 	CG(context).try_catch_offset = orig_try_catch_offset;
6110 
6111 	efree(jmp_opnums);
6112 }
6113 /* }}} */
6114 
6115 /* Encoding declarations must already be handled during parsing */
zend_handle_encoding_declaration(zend_ast * ast)6116 bool zend_handle_encoding_declaration(zend_ast *ast) /* {{{ */
6117 {
6118 	zend_ast_list *declares = zend_ast_get_list(ast);
6119 	uint32_t i;
6120 	for (i = 0; i < declares->children; ++i) {
6121 		zend_ast *declare_ast = declares->child[i];
6122 		zend_ast *name_ast = declare_ast->child[0];
6123 		zend_ast *value_ast = declare_ast->child[1];
6124 		zend_string *name = zend_ast_get_str(name_ast);
6125 
6126 		if (zend_string_equals_literal_ci(name, "encoding")) {
6127 			if (value_ast->kind != ZEND_AST_ZVAL) {
6128 				zend_throw_exception(zend_ce_compile_error, "Encoding must be a literal", 0);
6129 				return 0;
6130 			}
6131 
6132 			if (CG(multibyte)) {
6133 				zend_string *encoding_name = zval_get_string(zend_ast_get_zval(value_ast));
6134 
6135 				const zend_encoding *new_encoding, *old_encoding;
6136 				zend_encoding_filter old_input_filter;
6137 
6138 				CG(encoding_declared) = 1;
6139 
6140 				new_encoding = zend_multibyte_fetch_encoding(ZSTR_VAL(encoding_name));
6141 				if (!new_encoding) {
6142 					zend_error(E_COMPILE_WARNING, "Unsupported encoding [%s]", ZSTR_VAL(encoding_name));
6143 				} else {
6144 					old_input_filter = LANG_SCNG(input_filter);
6145 					old_encoding = LANG_SCNG(script_encoding);
6146 					zend_multibyte_set_filter(new_encoding);
6147 
6148 					/* need to re-scan if input filter changed */
6149 					if (old_input_filter != LANG_SCNG(input_filter) ||
6150 						 (old_input_filter && new_encoding != old_encoding)) {
6151 						zend_multibyte_yyinput_again(old_input_filter, old_encoding);
6152 					}
6153 				}
6154 
6155 				zend_string_release_ex(encoding_name, 0);
6156 			} else {
6157 				zend_error(E_COMPILE_WARNING, "declare(encoding=...) ignored because "
6158 					"Zend multibyte feature is turned off by settings");
6159 			}
6160 		}
6161 	}
6162 
6163 	return 1;
6164 }
6165 /* }}} */
6166 
6167 /* Check whether this is the first statement, not counting declares. */
zend_is_first_statement(zend_ast * ast,bool allow_nop)6168 static zend_result zend_is_first_statement(zend_ast *ast, bool allow_nop) /* {{{ */
6169 {
6170 	uint32_t i = 0;
6171 	zend_ast_list *file_ast = zend_ast_get_list(CG(ast));
6172 
6173 	while (i < file_ast->children) {
6174 		if (file_ast->child[i] == ast) {
6175 			return SUCCESS;
6176 		} else if (file_ast->child[i] == NULL) {
6177 			if (!allow_nop) {
6178 				return FAILURE;
6179 			}
6180 		} else if (file_ast->child[i]->kind != ZEND_AST_DECLARE) {
6181 			return FAILURE;
6182 		}
6183 		i++;
6184 	}
6185 	return FAILURE;
6186 }
6187 /* }}} */
6188 
zend_compile_declare(zend_ast * ast)6189 static void zend_compile_declare(zend_ast *ast) /* {{{ */
6190 {
6191 	zend_ast_list *declares = zend_ast_get_list(ast->child[0]);
6192 	zend_ast *stmt_ast = ast->child[1];
6193 	zend_declarables orig_declarables = FC(declarables);
6194 	uint32_t i;
6195 
6196 	for (i = 0; i < declares->children; ++i) {
6197 		zend_ast *declare_ast = declares->child[i];
6198 		zend_ast *name_ast = declare_ast->child[0];
6199 		zend_ast **value_ast_ptr = &declare_ast->child[1];
6200 		zend_string *name = zend_ast_get_str(name_ast);
6201 
6202 		if ((*value_ast_ptr)->kind != ZEND_AST_ZVAL) {
6203 			zend_error_noreturn(E_COMPILE_ERROR, "declare(%s) value must be a literal", ZSTR_VAL(name));
6204 		}
6205 
6206 		if (zend_string_equals_literal_ci(name, "ticks")) {
6207 			zval value_zv;
6208 			zend_const_expr_to_zval(&value_zv, value_ast_ptr, /* allow_dynamic */ false);
6209 			FC(declarables).ticks = zval_get_long(&value_zv);
6210 			zval_ptr_dtor_nogc(&value_zv);
6211 		} else if (zend_string_equals_literal_ci(name, "encoding")) {
6212 
6213 			if (FAILURE == zend_is_first_statement(ast, /* allow_nop */ 0)) {
6214 				zend_error_noreturn(E_COMPILE_ERROR, "Encoding declaration pragma must be "
6215 					"the very first statement in the script");
6216 			}
6217 		} else if (zend_string_equals_literal_ci(name, "strict_types")) {
6218 			zval value_zv;
6219 
6220 			if (FAILURE == zend_is_first_statement(ast, /* allow_nop */ 0)) {
6221 				zend_error_noreturn(E_COMPILE_ERROR, "strict_types declaration must be "
6222 					"the very first statement in the script");
6223 			}
6224 
6225 			if (ast->child[1] != NULL) {
6226 				zend_error_noreturn(E_COMPILE_ERROR, "strict_types declaration must not "
6227 					"use block mode");
6228 			}
6229 
6230 			zend_const_expr_to_zval(&value_zv, value_ast_ptr, /* allow_dynamic */ false);
6231 
6232 			if (Z_TYPE(value_zv) != IS_LONG || (Z_LVAL(value_zv) != 0 && Z_LVAL(value_zv) != 1)) {
6233 				zend_error_noreturn(E_COMPILE_ERROR, "strict_types declaration must have 0 or 1 as its value");
6234 			}
6235 
6236 			if (Z_LVAL(value_zv) == 1) {
6237 				CG(active_op_array)->fn_flags |= ZEND_ACC_STRICT_TYPES;
6238 			}
6239 
6240 		} else {
6241 			zend_error(E_COMPILE_WARNING, "Unsupported declare '%s'", ZSTR_VAL(name));
6242 		}
6243 	}
6244 
6245 	if (stmt_ast) {
6246 		zend_compile_stmt(stmt_ast);
6247 
6248 		FC(declarables) = orig_declarables;
6249 	}
6250 }
6251 /* }}} */
6252 
zend_compile_stmt_list(zend_ast * ast)6253 static void zend_compile_stmt_list(zend_ast *ast) /* {{{ */
6254 {
6255 	zend_ast_list *list = zend_ast_get_list(ast);
6256 	uint32_t i;
6257 	for (i = 0; i < list->children; ++i) {
6258 		zend_compile_stmt(list->child[i]);
6259 	}
6260 }
6261 /* }}} */
6262 
zend_set_function_arg_flags(zend_function * func)6263 ZEND_API void zend_set_function_arg_flags(zend_function *func) /* {{{ */
6264 {
6265 	uint32_t i, n;
6266 
6267 	func->common.arg_flags[0] = 0;
6268 	func->common.arg_flags[1] = 0;
6269 	func->common.arg_flags[2] = 0;
6270 	if (func->common.arg_info) {
6271 		n = MIN(func->common.num_args, MAX_ARG_FLAG_NUM);
6272 		i = 0;
6273 		while (i < n) {
6274 			ZEND_SET_ARG_FLAG(func, i + 1, ZEND_ARG_SEND_MODE(&func->common.arg_info[i]));
6275 			i++;
6276 		}
6277 		if (UNEXPECTED((func->common.fn_flags & ZEND_ACC_VARIADIC) && ZEND_ARG_SEND_MODE(&func->common.arg_info[i]))) {
6278 			uint32_t pass_by_reference = ZEND_ARG_SEND_MODE(&func->common.arg_info[i]);
6279 			while (i < MAX_ARG_FLAG_NUM) {
6280 				ZEND_SET_ARG_FLAG(func, i + 1, pass_by_reference);
6281 				i++;
6282 			}
6283 		}
6284 	}
6285 }
6286 /* }}} */
6287 
zend_compile_single_typename(zend_ast * ast)6288 static zend_type zend_compile_single_typename(zend_ast *ast)
6289 {
6290 	ZEND_ASSERT(!(ast->attr & ZEND_TYPE_NULLABLE));
6291 	if (ast->kind == ZEND_AST_TYPE) {
6292 		if (ast->attr == IS_STATIC && !CG(active_class_entry) && zend_is_scope_known()) {
6293 			zend_error_noreturn(E_COMPILE_ERROR,
6294 				"Cannot use \"static\" when no class scope is active");
6295 		}
6296 
6297 		return (zend_type) ZEND_TYPE_INIT_CODE(ast->attr, 0, 0);
6298 	} else {
6299 		zend_string *class_name = zend_ast_get_str(ast);
6300 		zend_uchar type_code = zend_lookup_builtin_type_by_name(class_name);
6301 
6302 		if (type_code != 0) {
6303 			if ((ast->attr & ZEND_NAME_NOT_FQ) != ZEND_NAME_NOT_FQ) {
6304 				zend_error_noreturn(E_COMPILE_ERROR,
6305 					"Type declaration '%s' must be unqualified",
6306 					ZSTR_VAL(zend_string_tolower(class_name)));
6307 			}
6308 
6309 			/* Transform iterable into a type union alias */
6310 			if (type_code == IS_ITERABLE) {
6311 				/* Set iterable bit for BC compat during Reflection and string representation of type */
6312 				zend_type iterable = (zend_type) ZEND_TYPE_INIT_CLASS_CONST_MASK(ZSTR_KNOWN(ZEND_STR_TRAVERSABLE),
6313                 	(MAY_BE_ARRAY|_ZEND_TYPE_ITERABLE_BIT));
6314 				return iterable;
6315 			}
6316 
6317 			return (zend_type) ZEND_TYPE_INIT_CODE(type_code, 0, 0);
6318 		} else {
6319 			const char *correct_name;
6320 			zend_string *orig_name = zend_ast_get_str(ast);
6321 			uint32_t fetch_type = zend_get_class_fetch_type_ast(ast);
6322 			if (fetch_type == ZEND_FETCH_CLASS_DEFAULT) {
6323 				class_name = zend_resolve_class_name_ast(ast);
6324 				zend_assert_valid_class_name(class_name);
6325 			} else {
6326 				zend_ensure_valid_class_fetch_type(fetch_type);
6327 				zend_string_addref(class_name);
6328 			}
6329 
6330 			if (ast->attr == ZEND_NAME_NOT_FQ
6331 					&& zend_is_confusable_type(orig_name, &correct_name)
6332 					&& zend_is_not_imported(orig_name)) {
6333 				const char *extra =
6334 					FC(current_namespace) ? " or import the class with \"use\"" : "";
6335 				if (correct_name) {
6336 					zend_error(E_COMPILE_WARNING,
6337 						"\"%s\" will be interpreted as a class name. Did you mean \"%s\"? "
6338 						"Write \"\\%s\"%s to suppress this warning",
6339 						ZSTR_VAL(orig_name), correct_name, ZSTR_VAL(class_name), extra);
6340 				} else {
6341 					zend_error(E_COMPILE_WARNING,
6342 						"\"%s\" is not a supported builtin type "
6343 						"and will be interpreted as a class name. "
6344 						"Write \"\\%s\"%s to suppress this warning",
6345 						ZSTR_VAL(orig_name), ZSTR_VAL(class_name), extra);
6346 				}
6347 			}
6348 
6349 			class_name = zend_new_interned_string(class_name);
6350 			zend_alloc_ce_cache(class_name);
6351 			return (zend_type) ZEND_TYPE_INIT_CLASS(class_name, 0, 0);
6352 		}
6353 	}
6354 }
6355 
zend_are_intersection_types_redundant(zend_type left_type,zend_type right_type)6356 static void zend_are_intersection_types_redundant(zend_type left_type, zend_type right_type)
6357 {
6358 	ZEND_ASSERT(ZEND_TYPE_IS_INTERSECTION(left_type));
6359 	ZEND_ASSERT(ZEND_TYPE_IS_INTERSECTION(right_type));
6360 	zend_type_list *l_type_list = ZEND_TYPE_LIST(left_type);
6361 	zend_type_list *r_type_list = ZEND_TYPE_LIST(right_type);
6362 	zend_type_list *smaller_type_list, *larger_type_list;
6363 	bool flipped = false;
6364 
6365 	if (r_type_list->num_types < l_type_list->num_types) {
6366 		smaller_type_list = r_type_list;
6367 		larger_type_list = l_type_list;
6368 		flipped = true;
6369 	} else {
6370 		smaller_type_list = l_type_list;
6371 		larger_type_list = r_type_list;
6372 	}
6373 
6374 	unsigned int sum = 0;
6375 	zend_type *outer_type;
6376 	ZEND_TYPE_LIST_FOREACH(smaller_type_list, outer_type)
6377 		zend_type *inner_type;
6378 		ZEND_TYPE_LIST_FOREACH(larger_type_list, inner_type)
6379 			if (zend_string_equals_ci(ZEND_TYPE_NAME(*inner_type), ZEND_TYPE_NAME(*outer_type))) {
6380 				sum++;
6381 				break;
6382 			}
6383 		ZEND_TYPE_LIST_FOREACH_END();
6384 	ZEND_TYPE_LIST_FOREACH_END();
6385 
6386 	if (sum == smaller_type_list->num_types) {
6387 		zend_string *smaller_type_str;
6388 		zend_string *larger_type_str;
6389 		if (flipped) {
6390 			smaller_type_str = zend_type_to_string(right_type);
6391 			larger_type_str = zend_type_to_string(left_type);
6392 		} else {
6393 			smaller_type_str = zend_type_to_string(left_type);
6394 			larger_type_str = zend_type_to_string(right_type);
6395 		}
6396 		if (smaller_type_list->num_types == larger_type_list->num_types) {
6397 			zend_error_noreturn(E_COMPILE_ERROR, "Type %s is redundant with type %s",
6398 				ZSTR_VAL(smaller_type_str), ZSTR_VAL(larger_type_str));
6399 		} else {
6400 			zend_error_noreturn(E_COMPILE_ERROR, "Type %s is redundant as it is more restrictive than type %s",
6401 				ZSTR_VAL(larger_type_str), ZSTR_VAL(smaller_type_str));
6402 		}
6403 	}
6404 }
6405 
zend_is_intersection_type_redundant_by_single_type(zend_type intersection_type,zend_type single_type)6406 static void zend_is_intersection_type_redundant_by_single_type(zend_type intersection_type, zend_type single_type)
6407 {
6408 	ZEND_ASSERT(ZEND_TYPE_IS_INTERSECTION(intersection_type));
6409 	ZEND_ASSERT(!ZEND_TYPE_IS_INTERSECTION(single_type));
6410 
6411 	zend_type *single_intersection_type = NULL;
6412 	ZEND_TYPE_FOREACH(intersection_type, single_intersection_type)
6413 		if (zend_string_equals_ci(ZEND_TYPE_NAME(*single_intersection_type), ZEND_TYPE_NAME(single_type))) {
6414 			zend_string *single_type_str = zend_type_to_string(single_type);
6415 			zend_string *complete_type = zend_type_to_string(intersection_type);
6416 			zend_error_noreturn(E_COMPILE_ERROR, "Type %s is redundant as it is more restrictive than type %s",
6417 					ZSTR_VAL(complete_type), ZSTR_VAL(single_type_str));
6418 		}
6419 	ZEND_TYPE_FOREACH_END();
6420 }
6421 
6422 /* Used by both intersection and union types prior to transforming the type list to a full zend_type */
zend_is_type_list_redundant_by_single_type(zend_type_list * type_list,zend_type type)6423 static void zend_is_type_list_redundant_by_single_type(zend_type_list *type_list, zend_type type)
6424 {
6425 	ZEND_ASSERT(!ZEND_TYPE_IS_INTERSECTION(type));
6426 	for (size_t i = 0; i < type_list->num_types - 1; i++) {
6427 		if (ZEND_TYPE_IS_INTERSECTION(type_list->types[i])) {
6428 			zend_is_intersection_type_redundant_by_single_type(type_list->types[i], type);
6429 			continue;
6430 		}
6431 		if (zend_string_equals_ci(ZEND_TYPE_NAME(type_list->types[i]), ZEND_TYPE_NAME(type))) {
6432 			zend_string *single_type_str = zend_type_to_string(type);
6433 			zend_error_noreturn(E_COMPILE_ERROR, "Duplicate type %s is redundant", ZSTR_VAL(single_type_str));
6434 		}
6435 	}
6436 }
6437 
zend_compile_typename(zend_ast * ast,bool force_allow_null)6438 static zend_type zend_compile_typename(
6439 		zend_ast *ast, bool force_allow_null) /* {{{ */
6440 {
6441 	bool is_marked_nullable = ast->attr & ZEND_TYPE_NULLABLE;
6442 	zend_ast_attr orig_ast_attr = ast->attr;
6443 	zend_type type = ZEND_TYPE_INIT_NONE(0);
6444 
6445 	if (is_marked_nullable) {
6446 		ast->attr &= ~ZEND_TYPE_NULLABLE;
6447 	}
6448 
6449 	if (ast->kind == ZEND_AST_TYPE_UNION) {
6450 		zend_ast_list *list = zend_ast_get_list(ast);
6451 		zend_type_list *type_list;
6452 		bool is_composite = false;
6453 		bool has_only_iterable_class = true;
6454 		ALLOCA_FLAG(use_heap)
6455 
6456 		type_list = do_alloca(ZEND_TYPE_LIST_SIZE(list->children), use_heap);
6457 		type_list->num_types = 0;
6458 
6459 		for (uint32_t i = 0; i < list->children; i++) {
6460 			zend_ast *type_ast = list->child[i];
6461 			zend_type single_type;
6462 			uint32_t type_mask = ZEND_TYPE_FULL_MASK(type);
6463 
6464 			if (type_ast->kind == ZEND_AST_TYPE_INTERSECTION) {
6465 				has_only_iterable_class = false;
6466 				is_composite = true;
6467 				/* The first class type can be stored directly as the type ptr payload. */
6468 				if (ZEND_TYPE_IS_COMPLEX(type) && !ZEND_TYPE_HAS_LIST(type)) {
6469 					/* Switch from single name to name list. */
6470 					type_list->num_types = 1;
6471 					type_list->types[0] = type;
6472 					ZEND_TYPE_FULL_MASK(type_list->types[0]) &= ~_ZEND_TYPE_MAY_BE_MASK;
6473 				}
6474 				/* Mark type as list type */
6475 				ZEND_TYPE_SET_LIST(type, type_list);
6476 
6477 				single_type = zend_compile_typename(type_ast, false);
6478 				ZEND_ASSERT(ZEND_TYPE_IS_INTERSECTION(single_type));
6479 
6480 				type_list->types[type_list->num_types++] = single_type;
6481 
6482 				/* Check for trivially redundant class types */
6483 				for (size_t i = 0; i < type_list->num_types - 1; i++) {
6484 					if (ZEND_TYPE_IS_INTERSECTION(type_list->types[i])) {
6485 						zend_are_intersection_types_redundant(single_type, type_list->types[i]);
6486 						continue;
6487 					}
6488 					/* Type from type list is a simple type */
6489 					zend_is_intersection_type_redundant_by_single_type(single_type, type_list->types[i]);
6490 				}
6491 				continue;
6492 			}
6493 
6494 			single_type = zend_compile_single_typename(type_ast);
6495 			uint32_t single_type_mask = ZEND_TYPE_PURE_MASK(single_type);
6496 
6497 			if (single_type_mask == MAY_BE_ANY) {
6498 				zend_error_noreturn(E_COMPILE_ERROR, "Type mixed can only be used as a standalone type");
6499 			}
6500 			if (ZEND_TYPE_IS_COMPLEX(single_type) && !ZEND_TYPE_IS_ITERABLE_FALLBACK(single_type)) {
6501 				has_only_iterable_class = false;
6502 			}
6503 
6504 			uint32_t type_mask_overlap = ZEND_TYPE_PURE_MASK(type) & single_type_mask;
6505 			if (type_mask_overlap) {
6506 				zend_type overlap_type = ZEND_TYPE_INIT_MASK(type_mask_overlap);
6507 				zend_string *overlap_type_str = zend_type_to_string(overlap_type);
6508 				zend_error_noreturn(E_COMPILE_ERROR,
6509 					"Duplicate type %s is redundant", ZSTR_VAL(overlap_type_str));
6510 			}
6511 
6512 			if ( ((type_mask & MAY_BE_TRUE) && (single_type_mask == MAY_BE_FALSE))
6513 					|| ((type_mask & MAY_BE_FALSE) && (single_type_mask == MAY_BE_TRUE)) ) {
6514 				zend_error_noreturn(E_COMPILE_ERROR,
6515 					"Type contains both true and false, bool should be used instead");
6516 			}
6517 			ZEND_TYPE_FULL_MASK(type) |= ZEND_TYPE_PURE_MASK(single_type);
6518 			ZEND_TYPE_FULL_MASK(single_type) &= ~_ZEND_TYPE_MAY_BE_MASK;
6519 
6520 			if (ZEND_TYPE_IS_COMPLEX(single_type)) {
6521 				if (!ZEND_TYPE_IS_COMPLEX(type) && !is_composite) {
6522 					/* The first class type can be stored directly as the type ptr payload. */
6523 					ZEND_TYPE_SET_PTR(type, ZEND_TYPE_NAME(single_type));
6524 					ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_NAME_BIT;
6525 				} else {
6526 					if (type_list->num_types == 0) {
6527 						/* Switch from single name to name list. */
6528 						type_list->num_types = 1;
6529 						type_list->types[0] = type;
6530 						ZEND_TYPE_FULL_MASK(type_list->types[0]) &= ~_ZEND_TYPE_MAY_BE_MASK;
6531 						ZEND_TYPE_SET_LIST(type, type_list);
6532 					}
6533 
6534 					type_list->types[type_list->num_types++] = single_type;
6535 
6536 					/* Check for trivially redundant class types */
6537 					zend_is_type_list_redundant_by_single_type(type_list, single_type);
6538 				}
6539 			}
6540 		}
6541 
6542 		if (type_list->num_types) {
6543 			zend_type_list *list = zend_arena_alloc(
6544 				&CG(arena), ZEND_TYPE_LIST_SIZE(type_list->num_types));
6545 			memcpy(list, type_list, ZEND_TYPE_LIST_SIZE(type_list->num_types));
6546 			ZEND_TYPE_SET_LIST(type, list);
6547 			ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_ARENA_BIT;
6548 			/* Inform that the type list is a union type */
6549 			ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_UNION_BIT;
6550 		}
6551 
6552 		free_alloca(type_list, use_heap);
6553 
6554 		uint32_t type_mask = ZEND_TYPE_FULL_MASK(type);
6555 		if ((type_mask & MAY_BE_OBJECT) &&
6556 				((!has_only_iterable_class && ZEND_TYPE_IS_COMPLEX(type)) || (type_mask & MAY_BE_STATIC))) {
6557 			zend_string *type_str = zend_type_to_string(type);
6558 			zend_error_noreturn(E_COMPILE_ERROR,
6559 				"Type %s contains both object and a class type, which is redundant",
6560 				ZSTR_VAL(type_str));
6561 		}
6562 	} else if (ast->kind == ZEND_AST_TYPE_INTERSECTION) {
6563 		zend_ast_list *list = zend_ast_get_list(ast);
6564 		zend_type_list *type_list;
6565 
6566 		/* Allocate the type list directly on the arena as it must be a type
6567 		 * list of the same number of elements as the AST list has children */
6568 		type_list = zend_arena_alloc(&CG(arena), ZEND_TYPE_LIST_SIZE(list->children));
6569 		type_list->num_types = 0;
6570 
6571 		ZEND_ASSERT(list->children > 1);
6572 
6573 		for (uint32_t i = 0; i < list->children; i++) {
6574 			zend_ast *type_ast = list->child[i];
6575 			zend_type single_type = zend_compile_single_typename(type_ast);
6576 
6577 			/* An intersection of union types cannot exist so invalidate it
6578 			 * Currently only can happen with iterable getting canonicalized to Traversable|array */
6579 			if (ZEND_TYPE_IS_ITERABLE_FALLBACK(single_type)) {
6580 				zend_string *standard_type_str = zend_type_to_string(single_type);
6581 				zend_error_noreturn(E_COMPILE_ERROR,
6582 					"Type %s cannot be part of an intersection type", ZSTR_VAL(standard_type_str));
6583 				zend_string_release_ex(standard_type_str, false);
6584 			}
6585 			/* An intersection of standard types cannot exist so invalidate it */
6586 			if (ZEND_TYPE_IS_ONLY_MASK(single_type)) {
6587 				zend_string *standard_type_str = zend_type_to_string(single_type);
6588 				zend_error_noreturn(E_COMPILE_ERROR,
6589 					"Type %s cannot be part of an intersection type", ZSTR_VAL(standard_type_str));
6590 				zend_string_release_ex(standard_type_str, false);
6591 			}
6592 			/* Check for "self" and "parent" too */
6593 			if (zend_string_equals_literal_ci(ZEND_TYPE_NAME(single_type), "self")
6594 					|| zend_string_equals_literal_ci(ZEND_TYPE_NAME(single_type), "parent")) {
6595 				zend_error_noreturn(E_COMPILE_ERROR,
6596 					"Type %s cannot be part of an intersection type", ZSTR_VAL(ZEND_TYPE_NAME(single_type)));
6597 			}
6598 
6599 			/* Add type to the type list */
6600 			type_list->types[type_list->num_types++] = single_type;
6601 
6602 			/* Check for trivially redundant class types */
6603 			zend_is_type_list_redundant_by_single_type(type_list, single_type);
6604 		}
6605 
6606 		ZEND_ASSERT(list->children == type_list->num_types);
6607 
6608 		/* An implicitly nullable intersection type needs to be converted to a DNF type */
6609 		if (force_allow_null) {
6610 			zend_type intersection_type = ZEND_TYPE_INIT_NONE(0);
6611 			ZEND_TYPE_SET_LIST(intersection_type, type_list);
6612 			ZEND_TYPE_FULL_MASK(intersection_type) |= _ZEND_TYPE_INTERSECTION_BIT;
6613 			ZEND_TYPE_FULL_MASK(intersection_type) |= _ZEND_TYPE_ARENA_BIT;
6614 
6615 			zend_type_list *dnf_type_list = zend_arena_alloc(&CG(arena), ZEND_TYPE_LIST_SIZE(1));
6616 			dnf_type_list->num_types = 1;
6617 			dnf_type_list->types[0] = intersection_type;
6618 			ZEND_TYPE_SET_LIST(type, dnf_type_list);
6619 			/* Inform that the type list is a DNF type */
6620 			ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_UNION_BIT;
6621 			ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_ARENA_BIT;
6622 		} else {
6623 			ZEND_TYPE_SET_LIST(type, type_list);
6624 			/* Inform that the type list is an intersection type */
6625 			ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_INTERSECTION_BIT;
6626 			ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_ARENA_BIT;
6627 		}
6628 	} else {
6629 		type = zend_compile_single_typename(ast);
6630 	}
6631 
6632 	uint32_t type_mask = ZEND_TYPE_PURE_MASK(type);
6633 
6634 	if (type_mask == MAY_BE_ANY && is_marked_nullable) {
6635 		zend_error_noreturn(E_COMPILE_ERROR, "Type mixed cannot be marked as nullable since mixed already includes null");
6636 	}
6637 
6638 	if ((type_mask & MAY_BE_NULL) && is_marked_nullable) {
6639 		zend_error_noreturn(E_COMPILE_ERROR, "null cannot be marked as nullable");
6640 	}
6641 
6642 	if (is_marked_nullable || force_allow_null) {
6643 		ZEND_TYPE_FULL_MASK(type) |= MAY_BE_NULL;
6644 		type_mask = ZEND_TYPE_PURE_MASK(type);
6645 	}
6646 
6647 	if ((type_mask & MAY_BE_VOID) && (ZEND_TYPE_IS_COMPLEX(type) || type_mask != MAY_BE_VOID)) {
6648 		zend_error_noreturn(E_COMPILE_ERROR, "Void can only be used as a standalone type");
6649 	}
6650 
6651 	if ((type_mask & MAY_BE_NEVER) && (ZEND_TYPE_IS_COMPLEX(type) || type_mask != MAY_BE_NEVER)) {
6652 		zend_error_noreturn(E_COMPILE_ERROR, "never can only be used as a standalone type");
6653 	}
6654 
6655 	ast->attr = orig_ast_attr;
6656 	return type;
6657 }
6658 /* }}} */
6659 
6660 /* May convert value from int to float. */
zend_is_valid_default_value(zend_type type,zval * value)6661 static bool zend_is_valid_default_value(zend_type type, zval *value)
6662 {
6663 	ZEND_ASSERT(ZEND_TYPE_IS_SET(type));
6664 	if (ZEND_TYPE_CONTAINS_CODE(type, Z_TYPE_P(value))) {
6665 		return 1;
6666 	}
6667 	if ((ZEND_TYPE_FULL_MASK(type) & MAY_BE_DOUBLE) && Z_TYPE_P(value) == IS_LONG) {
6668 		/* Integers are allowed as initializers for floating-point values. */
6669 		convert_to_double(value);
6670 		return 1;
6671 	}
6672 	return 0;
6673 }
6674 
zend_compile_attributes(HashTable ** attributes,zend_ast * ast,uint32_t offset,uint32_t target,uint32_t promoted)6675 static void zend_compile_attributes(
6676 	HashTable **attributes, zend_ast *ast, uint32_t offset, uint32_t target, uint32_t promoted
6677 ) /* {{{ */ {
6678 	zend_attribute *attr;
6679 	zend_internal_attribute *config;
6680 
6681 	zend_ast_list *list = zend_ast_get_list(ast);
6682 	uint32_t g, i, j;
6683 
6684 	ZEND_ASSERT(ast->kind == ZEND_AST_ATTRIBUTE_LIST);
6685 
6686 	for (g = 0; g < list->children; g++) {
6687 		zend_ast_list *group = zend_ast_get_list(list->child[g]);
6688 
6689 		ZEND_ASSERT(group->kind == ZEND_AST_ATTRIBUTE_GROUP);
6690 
6691 		for (i = 0; i < group->children; i++) {
6692 			ZEND_ASSERT(group->child[i]->kind == ZEND_AST_ATTRIBUTE);
6693 
6694 			zend_ast *el = group->child[i];
6695 
6696 			if (el->child[1] &&
6697 			    el->child[1]->kind == ZEND_AST_CALLABLE_CONVERT) {
6698 			    zend_error_noreturn(E_COMPILE_ERROR,
6699 			        "Cannot create Closure as attribute argument");
6700 			}
6701 
6702 			zend_string *name = zend_resolve_class_name_ast(el->child[0]);
6703 			zend_string *lcname = zend_string_tolower_ex(name, false);
6704 			zend_ast_list *args = el->child[1] ? zend_ast_get_list(el->child[1]) : NULL;
6705 
6706 			config = zend_internal_attribute_get(lcname);
6707 			zend_string_release(lcname);
6708 
6709 			/* Exclude internal attributes that do not match on promoted properties. */
6710 			if (config && !(target & (config->flags & ZEND_ATTRIBUTE_TARGET_ALL))) {
6711 				if (promoted & (config->flags & ZEND_ATTRIBUTE_TARGET_ALL)) {
6712 					zend_string_release(name);
6713 					continue;
6714 				}
6715 			}
6716 
6717 			uint32_t flags = (CG(active_op_array)->fn_flags & ZEND_ACC_STRICT_TYPES)
6718 				? ZEND_ATTRIBUTE_STRICT_TYPES : 0;
6719 			attr = zend_add_attribute(
6720 				attributes, name, args ? args->children : 0, flags, offset, el->lineno);
6721 			zend_string_release(name);
6722 
6723 			/* Populate arguments */
6724 			if (args) {
6725 				ZEND_ASSERT(args->kind == ZEND_AST_ARG_LIST);
6726 
6727 				bool uses_named_args = 0;
6728 				for (j = 0; j < args->children; j++) {
6729 					zend_ast **arg_ast_ptr = &args->child[j];
6730 					zend_ast *arg_ast = *arg_ast_ptr;
6731 
6732 					if (arg_ast->kind == ZEND_AST_UNPACK) {
6733 						zend_error_noreturn(E_COMPILE_ERROR,
6734 							"Cannot use unpacking in attribute argument list");
6735 					}
6736 
6737 					if (arg_ast->kind == ZEND_AST_NAMED_ARG) {
6738 						attr->args[j].name = zend_string_copy(zend_ast_get_str(arg_ast->child[0]));
6739 						arg_ast_ptr = &arg_ast->child[1];
6740 						uses_named_args = 1;
6741 
6742 						for (uint32_t k = 0; k < j; k++) {
6743 							if (attr->args[k].name &&
6744 									zend_string_equals(attr->args[k].name, attr->args[j].name)) {
6745 								zend_error_noreturn(E_COMPILE_ERROR, "Duplicate named parameter $%s",
6746 									ZSTR_VAL(attr->args[j].name));
6747 							}
6748 						}
6749 					} else if (uses_named_args) {
6750 						zend_error_noreturn(E_COMPILE_ERROR,
6751 							"Cannot use positional argument after named argument");
6752 					}
6753 
6754 					zend_const_expr_to_zval(
6755 						&attr->args[j].value, arg_ast_ptr, /* allow_dynamic */ true);
6756 				}
6757 			}
6758 		}
6759 	}
6760 
6761 	if (*attributes != NULL) {
6762 		/* Validate attributes in a secondary loop (needed to detect repeated attributes). */
6763 		ZEND_HASH_PACKED_FOREACH_PTR(*attributes, attr) {
6764 			if (attr->offset != offset || NULL == (config = zend_internal_attribute_get(attr->lcname))) {
6765 				continue;
6766 			}
6767 
6768 			if (!(target & (config->flags & ZEND_ATTRIBUTE_TARGET_ALL))) {
6769 				zend_string *location = zend_get_attribute_target_names(target);
6770 				zend_string *allowed = zend_get_attribute_target_names(config->flags);
6771 
6772 				zend_error_noreturn(E_ERROR, "Attribute \"%s\" cannot target %s (allowed targets: %s)",
6773 					ZSTR_VAL(attr->name), ZSTR_VAL(location), ZSTR_VAL(allowed)
6774 				);
6775 			}
6776 
6777 			if (!(config->flags & ZEND_ATTRIBUTE_IS_REPEATABLE)) {
6778 				if (zend_is_attribute_repeated(*attributes, attr)) {
6779 					zend_error_noreturn(E_ERROR, "Attribute \"%s\" must not be repeated", ZSTR_VAL(attr->name));
6780 				}
6781 			}
6782 
6783 			if (config->validator != NULL) {
6784 				config->validator(attr, target, CG(active_class_entry));
6785 			}
6786 		} ZEND_HASH_FOREACH_END();
6787 	}
6788 }
6789 /* }}} */
6790 
zend_compile_params(zend_ast * ast,zend_ast * return_type_ast,uint32_t fallback_return_type)6791 static void zend_compile_params(zend_ast *ast, zend_ast *return_type_ast, uint32_t fallback_return_type) /* {{{ */
6792 {
6793 	zend_ast_list *list = zend_ast_get_list(ast);
6794 	uint32_t i;
6795 	zend_op_array *op_array = CG(active_op_array);
6796 	zend_arg_info *arg_infos;
6797 
6798 	if (return_type_ast || fallback_return_type) {
6799 		/* Use op_array->arg_info[-1] for return type */
6800 		arg_infos = safe_emalloc(sizeof(zend_arg_info), list->children + 1, 0);
6801 		arg_infos->name = NULL;
6802 		if (return_type_ast) {
6803 			arg_infos->type = zend_compile_typename(
6804 				return_type_ast, /* force_allow_null */ 0);
6805 			ZEND_TYPE_FULL_MASK(arg_infos->type) |= _ZEND_ARG_INFO_FLAGS(
6806 				(op_array->fn_flags & ZEND_ACC_RETURN_REFERENCE) != 0, /* is_variadic */ 0, /* is_tentative */ 0);
6807 		} else {
6808 			arg_infos->type = (zend_type) ZEND_TYPE_INIT_CODE(fallback_return_type, 0, 0);
6809 		}
6810 		arg_infos++;
6811 		op_array->fn_flags |= ZEND_ACC_HAS_RETURN_TYPE;
6812 
6813 		if (ZEND_TYPE_CONTAINS_CODE(arg_infos[-1].type, IS_VOID)
6814 				&& (op_array->fn_flags & ZEND_ACC_RETURN_REFERENCE)) {
6815 			zend_error(E_DEPRECATED, "Returning by reference from a void function is deprecated");
6816 		}
6817 	} else {
6818 		if (list->children == 0) {
6819 			return;
6820 		}
6821 		arg_infos = safe_emalloc(sizeof(zend_arg_info), list->children, 0);
6822 	}
6823 
6824 	/* Find last required parameter number for deprecation message. */
6825 	uint32_t last_required_param = (uint32_t) -1;
6826 	for (i = 0; i < list->children; ++i) {
6827 		zend_ast *param_ast = list->child[i];
6828 		zend_ast *default_ast_ptr = param_ast->child[2];
6829 		bool is_variadic = (param_ast->attr & ZEND_PARAM_VARIADIC) != 0;
6830 		if (!default_ast_ptr && !is_variadic) {
6831 			last_required_param = i;
6832 		}
6833 	}
6834 
6835 	for (i = 0; i < list->children; ++i) {
6836 		zend_ast *param_ast = list->child[i];
6837 		zend_ast *type_ast = param_ast->child[0];
6838 		zend_ast *var_ast = param_ast->child[1];
6839 		zend_ast **default_ast_ptr = &param_ast->child[2];
6840 		zend_ast *attributes_ast = param_ast->child[3];
6841 		zend_ast *doc_comment_ast = param_ast->child[4];
6842 		zend_string *name = zval_make_interned_string(zend_ast_get_zval(var_ast));
6843 		bool is_ref = (param_ast->attr & ZEND_PARAM_REF) != 0;
6844 		bool is_variadic = (param_ast->attr & ZEND_PARAM_VARIADIC) != 0;
6845 		uint32_t property_flags = param_ast->attr & (ZEND_ACC_PPP_MASK | ZEND_ACC_READONLY);
6846 
6847 		znode var_node, default_node;
6848 		zend_uchar opcode;
6849 		zend_op *opline;
6850 		zend_arg_info *arg_info;
6851 
6852 		if (zend_is_auto_global(name)) {
6853 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot re-assign auto-global variable %s",
6854 				ZSTR_VAL(name));
6855 		}
6856 
6857 		var_node.op_type = IS_CV;
6858 		var_node.u.op.var = lookup_cv(name);
6859 
6860 		if (EX_VAR_TO_NUM(var_node.u.op.var) != i) {
6861 			zend_error_noreturn(E_COMPILE_ERROR, "Redefinition of parameter $%s",
6862 				ZSTR_VAL(name));
6863 		} else if (zend_string_equals_literal(name, "this")) {
6864 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use $this as parameter");
6865 		}
6866 
6867 		if (op_array->fn_flags & ZEND_ACC_VARIADIC) {
6868 			zend_error_noreturn(E_COMPILE_ERROR, "Only the last parameter can be variadic");
6869 		}
6870 
6871 		if (is_variadic) {
6872 			opcode = ZEND_RECV_VARIADIC;
6873 			default_node.op_type = IS_UNUSED;
6874 			op_array->fn_flags |= ZEND_ACC_VARIADIC;
6875 
6876 			if (*default_ast_ptr) {
6877 				zend_error_noreturn(E_COMPILE_ERROR,
6878 					"Variadic parameter cannot have a default value");
6879 			}
6880 		} else if (*default_ast_ptr) {
6881 			/* we cannot substitute constants here or it will break ReflectionParameter::getDefaultValueConstantName() and ReflectionParameter::isDefaultValueConstant() */
6882 			uint32_t cops = CG(compiler_options);
6883 			CG(compiler_options) |= ZEND_COMPILE_NO_CONSTANT_SUBSTITUTION | ZEND_COMPILE_NO_PERSISTENT_CONSTANT_SUBSTITUTION;
6884 			opcode = ZEND_RECV_INIT;
6885 			default_node.op_type = IS_CONST;
6886 			zend_const_expr_to_zval(
6887 				&default_node.u.constant, default_ast_ptr, /* allow_dynamic */ true);
6888 			CG(compiler_options) = cops;
6889 
6890 			if (last_required_param != (uint32_t) -1 && i < last_required_param) {
6891 				/* Ignore parameters of the form "Type $param = null".
6892 				 * This is the PHP 5 style way of writing "?Type $param", so allow it for now. */
6893 				bool is_implicit_nullable =
6894 					type_ast && !(type_ast->attr & ZEND_TYPE_NULLABLE)
6895 					&& Z_TYPE(default_node.u.constant) == IS_NULL;
6896 				if (!is_implicit_nullable) {
6897 					zend_ast *required_param_ast = list->child[last_required_param];
6898 					zend_error(E_DEPRECATED,
6899 						"Optional parameter $%s declared before required parameter $%s "
6900 						"is implicitly treated as a required parameter",
6901 						ZSTR_VAL(name), ZSTR_VAL(zend_ast_get_str(required_param_ast->child[1])));
6902 				}
6903 
6904 				/* Regardless of whether we issue a deprecation, convert this parameter into
6905 				 * a required parameter without a default value. This ensures that it cannot be
6906 				 * used as an optional parameter even with named parameters. */
6907 				opcode = ZEND_RECV;
6908 				default_node.op_type = IS_UNUSED;
6909 				zval_ptr_dtor(&default_node.u.constant);
6910 			}
6911 		} else {
6912 			opcode = ZEND_RECV;
6913 			default_node.op_type = IS_UNUSED;
6914 			op_array->required_num_args = i + 1;
6915 		}
6916 
6917 		arg_info = &arg_infos[i];
6918 		arg_info->name = zend_string_copy(name);
6919 		arg_info->type = (zend_type) ZEND_TYPE_INIT_NONE(0);
6920 
6921 		if (attributes_ast) {
6922 			zend_compile_attributes(
6923 				&op_array->attributes, attributes_ast, i + 1, ZEND_ATTRIBUTE_TARGET_PARAMETER,
6924 				property_flags ? ZEND_ATTRIBUTE_TARGET_PROPERTY : 0
6925 			);
6926 		}
6927 
6928 		if (type_ast) {
6929 			uint32_t default_type = *default_ast_ptr ? Z_TYPE(default_node.u.constant) : IS_UNDEF;
6930 			bool force_nullable = default_type == IS_NULL && !property_flags;
6931 
6932 			op_array->fn_flags |= ZEND_ACC_HAS_TYPE_HINTS;
6933 			arg_info->type = zend_compile_typename(type_ast, force_nullable);
6934 
6935 			if (ZEND_TYPE_FULL_MASK(arg_info->type) & MAY_BE_VOID) {
6936 				zend_error_noreturn(E_COMPILE_ERROR, "void cannot be used as a parameter type");
6937 			}
6938 
6939 			if (ZEND_TYPE_FULL_MASK(arg_info->type) & MAY_BE_NEVER) {
6940 				zend_error_noreturn(E_COMPILE_ERROR, "never cannot be used as a parameter type");
6941 			}
6942 
6943 			if (default_type != IS_UNDEF && default_type != IS_CONSTANT_AST && !force_nullable
6944 					&& !zend_is_valid_default_value(arg_info->type, &default_node.u.constant)) {
6945 				zend_string *type_str = zend_type_to_string(arg_info->type);
6946 				zend_error_noreturn(E_COMPILE_ERROR,
6947 					"Cannot use %s as default value for parameter $%s of type %s",
6948 					zend_get_type_by_const(default_type),
6949 					ZSTR_VAL(name), ZSTR_VAL(type_str));
6950 			}
6951 		}
6952 
6953 		opline = zend_emit_op(NULL, opcode, NULL, &default_node);
6954 		SET_NODE(opline->result, &var_node);
6955 		opline->op1.num = i + 1;
6956 
6957 		if (type_ast) {
6958 			/* Allocate cache slot to speed-up run-time class resolution */
6959 			opline->extended_value =
6960 				zend_alloc_cache_slots(zend_type_get_num_classes(arg_info->type));
6961 		}
6962 
6963 		uint32_t arg_info_flags = _ZEND_ARG_INFO_FLAGS(is_ref, is_variadic, /* is_tentative */ 0)
6964 			| (property_flags ? _ZEND_IS_PROMOTED_BIT : 0);
6965 		ZEND_TYPE_FULL_MASK(arg_info->type) |= arg_info_flags;
6966 		if (opcode == ZEND_RECV) {
6967 			opline->op2.num = type_ast ?
6968 				ZEND_TYPE_FULL_MASK(arg_info->type) : MAY_BE_ANY;
6969 		}
6970 
6971 		if (property_flags) {
6972 			zend_op_array *op_array = CG(active_op_array);
6973 			zend_class_entry *scope = op_array->scope;
6974 
6975 			bool is_ctor =
6976 				scope && zend_is_constructor(op_array->function_name);
6977 			if (!is_ctor) {
6978 				zend_error_noreturn(E_COMPILE_ERROR,
6979 					"Cannot declare promoted property outside a constructor");
6980 			}
6981 			if ((op_array->fn_flags & ZEND_ACC_ABSTRACT)
6982 					|| (scope->ce_flags & ZEND_ACC_INTERFACE)) {
6983 				zend_error_noreturn(E_COMPILE_ERROR,
6984 					"Cannot declare promoted property in an abstract constructor");
6985 			}
6986 			if (is_variadic) {
6987 				zend_error_noreturn(E_COMPILE_ERROR,
6988 					"Cannot declare variadic promoted property");
6989 			}
6990 			if (zend_hash_exists(&scope->properties_info, name)) {
6991 				zend_error_noreturn(E_COMPILE_ERROR, "Cannot redeclare %s::$%s",
6992 					ZSTR_VAL(scope->name), ZSTR_VAL(name));
6993 			}
6994 			if (ZEND_TYPE_FULL_MASK(arg_info->type) & MAY_BE_CALLABLE) {
6995 				zend_string *str = zend_type_to_string(arg_info->type);
6996 				zend_error_noreturn(E_COMPILE_ERROR,
6997 					"Property %s::$%s cannot have type %s",
6998 					ZSTR_VAL(scope->name), ZSTR_VAL(name), ZSTR_VAL(str));
6999 			}
7000 
7001 			if (!(property_flags & ZEND_ACC_READONLY) && (scope->ce_flags & ZEND_ACC_READONLY_CLASS)) {
7002 				property_flags |= ZEND_ACC_READONLY;
7003 			}
7004 
7005 			/* Recompile the type, as it has different memory management requirements. */
7006 			zend_type type = ZEND_TYPE_INIT_NONE(0);
7007 			if (type_ast) {
7008 				type = zend_compile_typename(type_ast, /* force_allow_null */ 0);
7009 			}
7010 
7011 			/* Don't give the property an explicit default value. For typed properties this means
7012 			 * uninitialized, for untyped properties it means an implicit null default value. */
7013 			zval default_value;
7014 			if (ZEND_TYPE_IS_SET(type)) {
7015 				ZVAL_UNDEF(&default_value);
7016 			} else {
7017 				if (property_flags & ZEND_ACC_READONLY) {
7018 					zend_error_noreturn(E_COMPILE_ERROR, "Readonly property %s::$%s must have type",
7019 						ZSTR_VAL(scope->name), ZSTR_VAL(name));
7020 				}
7021 
7022 				ZVAL_NULL(&default_value);
7023 			}
7024 
7025 			zend_string *doc_comment =
7026 				doc_comment_ast ? zend_string_copy(zend_ast_get_str(doc_comment_ast)) : NULL;
7027 			zend_property_info *prop = zend_declare_typed_property(
7028 				scope, name, &default_value, property_flags | ZEND_ACC_PROMOTED, doc_comment, type);
7029 			if (attributes_ast) {
7030 				zend_compile_attributes(
7031 					&prop->attributes, attributes_ast, 0, ZEND_ATTRIBUTE_TARGET_PROPERTY, ZEND_ATTRIBUTE_TARGET_PARAMETER);
7032 			}
7033 		}
7034 	}
7035 
7036 	/* These are assigned at the end to avoid uninitialized memory in case of an error */
7037 	op_array->num_args = list->children;
7038 	op_array->arg_info = arg_infos;
7039 
7040 	/* Don't count the variadic argument */
7041 	if (op_array->fn_flags & ZEND_ACC_VARIADIC) {
7042 		op_array->num_args--;
7043 	}
7044 	zend_set_function_arg_flags((zend_function*)op_array);
7045 
7046 	for (i = 0; i < list->children; i++) {
7047 		zend_ast *param_ast = list->child[i];
7048 		bool is_ref = (param_ast->attr & ZEND_PARAM_REF) != 0;
7049 		uint32_t flags = param_ast->attr & (ZEND_ACC_PPP_MASK | ZEND_ACC_READONLY);
7050 		if (!flags) {
7051 			continue;
7052 		}
7053 
7054 		/* Emit $this->prop = $prop for promoted properties. */
7055 		zend_string *name = zend_ast_get_str(param_ast->child[1]);
7056 		znode name_node, value_node;
7057 		name_node.op_type = IS_CONST;
7058 		ZVAL_STR_COPY(&name_node.u.constant, name);
7059 		value_node.op_type = IS_CV;
7060 		value_node.u.op.var = lookup_cv(name);
7061 
7062 		zend_op *opline = zend_emit_op(NULL,
7063 			is_ref ? ZEND_ASSIGN_OBJ_REF : ZEND_ASSIGN_OBJ, NULL, &name_node);
7064 		opline->extended_value = zend_alloc_cache_slots(3);
7065 		zend_emit_op_data(&value_node);
7066 	}
7067 }
7068 /* }}} */
7069 
zend_compile_closure_binding(znode * closure,zend_op_array * op_array,zend_ast * uses_ast)7070 static void zend_compile_closure_binding(znode *closure, zend_op_array *op_array, zend_ast *uses_ast) /* {{{ */
7071 {
7072 	zend_ast_list *list = zend_ast_get_list(uses_ast);
7073 	uint32_t i;
7074 
7075 	if (!list->children) {
7076 		return;
7077 	}
7078 
7079 	if (!op_array->static_variables) {
7080 		op_array->static_variables = zend_new_array(8);
7081 	}
7082 
7083 	for (i = 0; i < list->children; ++i) {
7084 		zend_ast *var_name_ast = list->child[i];
7085 		zend_string *var_name = zval_make_interned_string(zend_ast_get_zval(var_name_ast));
7086 		uint32_t mode = var_name_ast->attr;
7087 		zend_op *opline;
7088 		zval *value;
7089 
7090 		if (zend_string_equals_literal(var_name, "this")) {
7091 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use $this as lexical variable");
7092 		}
7093 
7094 		if (zend_is_auto_global(var_name)) {
7095 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use auto-global as lexical variable");
7096 		}
7097 
7098 		value = zend_hash_add(op_array->static_variables, var_name, &EG(uninitialized_zval));
7099 		if (!value) {
7100 			zend_error_noreturn(E_COMPILE_ERROR,
7101 				"Cannot use variable $%s twice", ZSTR_VAL(var_name));
7102 		}
7103 
7104 		CG(zend_lineno) = zend_ast_get_lineno(var_name_ast);
7105 
7106 		opline = zend_emit_op(NULL, ZEND_BIND_LEXICAL, closure, NULL);
7107 		opline->op2_type = IS_CV;
7108 		opline->op2.var = lookup_cv(var_name);
7109 		opline->extended_value =
7110 			(uint32_t)((char*)value - (char*)op_array->static_variables->arData) | mode;
7111 	}
7112 }
7113 /* }}} */
7114 
7115 typedef struct {
7116 	HashTable uses;
7117 	bool varvars_used;
7118 } closure_info;
7119 
find_implicit_binds_recursively(closure_info * info,zend_ast * ast)7120 static void find_implicit_binds_recursively(closure_info *info, zend_ast *ast) {
7121 	if (!ast) {
7122 		return;
7123 	}
7124 
7125 	if (ast->kind == ZEND_AST_VAR) {
7126 		zend_ast *name_ast = ast->child[0];
7127 		if (name_ast->kind == ZEND_AST_ZVAL && Z_TYPE_P(zend_ast_get_zval(name_ast)) == IS_STRING) {
7128 			zend_string *name = zend_ast_get_str(name_ast);
7129 			if (zend_is_auto_global(name)) {
7130 				/* These is no need to explicitly import auto-globals. */
7131 				return;
7132 			}
7133 
7134 			if (zend_string_equals_literal(name, "this")) {
7135 				/* $this does not need to be explicitly imported. */
7136 				return;
7137 			}
7138 
7139 			zend_hash_add_empty_element(&info->uses, name);
7140 		} else {
7141 			info->varvars_used = 1;
7142 			find_implicit_binds_recursively(info, name_ast);
7143 		}
7144 	} else if (zend_ast_is_list(ast)) {
7145 		zend_ast_list *list = zend_ast_get_list(ast);
7146 		uint32_t i;
7147 		for (i = 0; i < list->children; i++) {
7148 			find_implicit_binds_recursively(info, list->child[i]);
7149 		}
7150 	} else if (ast->kind == ZEND_AST_CLOSURE) {
7151 		/* For normal closures add the use() list. */
7152 		zend_ast_decl *closure_ast = (zend_ast_decl *) ast;
7153 		zend_ast *uses_ast = closure_ast->child[1];
7154 		if (uses_ast) {
7155 			zend_ast_list *uses_list = zend_ast_get_list(uses_ast);
7156 			uint32_t i;
7157 			for (i = 0; i < uses_list->children; i++) {
7158 				zend_hash_add_empty_element(&info->uses, zend_ast_get_str(uses_list->child[i]));
7159 			}
7160 		}
7161 	} else if (ast->kind == ZEND_AST_ARROW_FUNC) {
7162 		/* For arrow functions recursively check the expression. */
7163 		zend_ast_decl *closure_ast = (zend_ast_decl *) ast;
7164 		find_implicit_binds_recursively(info, closure_ast->child[2]);
7165 	} else if (!zend_ast_is_special(ast)) {
7166 		uint32_t i, children = zend_ast_get_num_children(ast);
7167 		for (i = 0; i < children; i++) {
7168 			find_implicit_binds_recursively(info, ast->child[i]);
7169 		}
7170 	}
7171 }
7172 
find_implicit_binds(closure_info * info,zend_ast * params_ast,zend_ast * stmt_ast)7173 static void find_implicit_binds(closure_info *info, zend_ast *params_ast, zend_ast *stmt_ast)
7174 {
7175 	zend_ast_list *param_list = zend_ast_get_list(params_ast);
7176 	uint32_t i;
7177 
7178 	zend_hash_init(&info->uses, param_list->children, NULL, NULL, 0);
7179 
7180 	find_implicit_binds_recursively(info, stmt_ast);
7181 
7182 	/* Remove variables that are parameters */
7183 	for (i = 0; i < param_list->children; i++) {
7184 		zend_ast *param_ast = param_list->child[i];
7185 		zend_hash_del(&info->uses, zend_ast_get_str(param_ast->child[1]));
7186 	}
7187 }
7188 
compile_implicit_lexical_binds(closure_info * info,znode * closure,zend_op_array * op_array)7189 static void compile_implicit_lexical_binds(
7190 		closure_info *info, znode *closure, zend_op_array *op_array)
7191 {
7192 	zend_string *var_name;
7193 	zend_op *opline;
7194 
7195 	/* TODO We might want to use a special binding mode if varvars_used is set. */
7196 	if (zend_hash_num_elements(&info->uses) == 0) {
7197 		return;
7198 	}
7199 
7200 	if (!op_array->static_variables) {
7201 		op_array->static_variables = zend_new_array(8);
7202 	}
7203 
7204 	ZEND_HASH_MAP_FOREACH_STR_KEY(&info->uses, var_name)
7205 		zval *value = zend_hash_add(
7206 			op_array->static_variables, var_name, &EG(uninitialized_zval));
7207 		uint32_t offset = (uint32_t)((char*)value - (char*)op_array->static_variables->arData);
7208 
7209 		opline = zend_emit_op(NULL, ZEND_BIND_LEXICAL, closure, NULL);
7210 		opline->op2_type = IS_CV;
7211 		opline->op2.var = lookup_cv(var_name);
7212 		opline->extended_value = offset | ZEND_BIND_IMPLICIT;
7213 	ZEND_HASH_FOREACH_END();
7214 }
7215 
zend_compile_closure_uses(zend_ast * ast)7216 static void zend_compile_closure_uses(zend_ast *ast) /* {{{ */
7217 {
7218 	zend_op_array *op_array = CG(active_op_array);
7219 	zend_ast_list *list = zend_ast_get_list(ast);
7220 	uint32_t i;
7221 
7222 	for (i = 0; i < list->children; ++i) {
7223 		uint32_t mode = ZEND_BIND_EXPLICIT;
7224 		zend_ast *var_ast = list->child[i];
7225 		zend_string *var_name = zend_ast_get_str(var_ast);
7226 		zval zv;
7227 		ZVAL_NULL(&zv);
7228 
7229 		{
7230 			int i;
7231 			for (i = 0; i < op_array->last_var; i++) {
7232 				if (zend_string_equals(op_array->vars[i], var_name)) {
7233 					zend_error_noreturn(E_COMPILE_ERROR,
7234 						"Cannot use lexical variable $%s as a parameter name", ZSTR_VAL(var_name));
7235 				}
7236 			}
7237 		}
7238 
7239 		CG(zend_lineno) = zend_ast_get_lineno(var_ast);
7240 
7241 		if (var_ast->attr) {
7242 			mode |= ZEND_BIND_REF;
7243 		}
7244 
7245 		zend_compile_static_var_common(var_name, &zv, mode);
7246 	}
7247 }
7248 /* }}} */
7249 
zend_compile_implicit_closure_uses(closure_info * info)7250 static void zend_compile_implicit_closure_uses(closure_info *info)
7251 {
7252 	zend_string *var_name;
7253 	ZEND_HASH_MAP_FOREACH_STR_KEY(&info->uses, var_name)
7254 		zval zv;
7255 		ZVAL_NULL(&zv);
7256 		zend_compile_static_var_common(var_name, &zv, ZEND_BIND_IMPLICIT);
7257 	ZEND_HASH_FOREACH_END();
7258 }
7259 
add_stringable_interface(zend_class_entry * ce)7260 static void add_stringable_interface(zend_class_entry *ce) {
7261 	for (uint32_t i = 0; i < ce->num_interfaces; i++) {
7262 		if (zend_string_equals_literal(ce->interface_names[i].lc_name, "stringable")) {
7263 			/* Interface already explicitly implemented */
7264 			return;
7265 		}
7266 	}
7267 
7268 	ce->num_interfaces++;
7269 	ce->interface_names =
7270 		erealloc(ce->interface_names, sizeof(zend_class_name) * ce->num_interfaces);
7271 	// TODO: Add known interned strings instead?
7272 	ce->interface_names[ce->num_interfaces - 1].name =
7273 		zend_string_init("Stringable", sizeof("Stringable") - 1, 0);
7274 	ce->interface_names[ce->num_interfaces - 1].lc_name =
7275 		zend_string_init("stringable", sizeof("stringable") - 1, 0);
7276 }
7277 
zend_begin_method_decl(zend_op_array * op_array,zend_string * name,bool has_body)7278 static zend_string *zend_begin_method_decl(zend_op_array *op_array, zend_string *name, bool has_body) /* {{{ */
7279 {
7280 	zend_class_entry *ce = CG(active_class_entry);
7281 	bool in_interface = (ce->ce_flags & ZEND_ACC_INTERFACE) != 0;
7282 	uint32_t fn_flags = op_array->fn_flags;
7283 
7284 	zend_string *lcname;
7285 
7286 	if (fn_flags & ZEND_ACC_READONLY) {
7287 		zend_error(E_COMPILE_ERROR, "Cannot use 'readonly' as method modifier");
7288 	}
7289 
7290 	if ((fn_flags & ZEND_ACC_PRIVATE) && (fn_flags & ZEND_ACC_FINAL) && !zend_is_constructor(name)) {
7291 		zend_error(E_COMPILE_WARNING, "Private methods cannot be final as they are never overridden by other classes");
7292 	}
7293 
7294 	if (in_interface) {
7295 		if (!(fn_flags & ZEND_ACC_PUBLIC)) {
7296 			zend_error_noreturn(E_COMPILE_ERROR, "Access type for interface method "
7297 				"%s::%s() must be public", ZSTR_VAL(ce->name), ZSTR_VAL(name));
7298 		}
7299 		if (fn_flags & ZEND_ACC_FINAL) {
7300 			zend_error_noreturn(E_COMPILE_ERROR, "Interface method "
7301 				"%s::%s() must not be final", ZSTR_VAL(ce->name), ZSTR_VAL(name));
7302 		}
7303 		if (fn_flags & ZEND_ACC_ABSTRACT) {
7304 			zend_error_noreturn(E_COMPILE_ERROR, "Interface method "
7305 				"%s::%s() must not be abstract", ZSTR_VAL(ce->name), ZSTR_VAL(name));
7306 		}
7307 		op_array->fn_flags |= ZEND_ACC_ABSTRACT;
7308 	}
7309 
7310 	if (op_array->fn_flags & ZEND_ACC_ABSTRACT) {
7311 		if ((op_array->fn_flags & ZEND_ACC_PRIVATE) && !(ce->ce_flags & ZEND_ACC_TRAIT)) {
7312 			zend_error_noreturn(E_COMPILE_ERROR, "%s function %s::%s() cannot be declared private",
7313 				in_interface ? "Interface" : "Abstract", ZSTR_VAL(ce->name), ZSTR_VAL(name));
7314 		}
7315 
7316 		if (has_body) {
7317 			zend_error_noreturn(E_COMPILE_ERROR, "%s function %s::%s() cannot contain body",
7318 				in_interface ? "Interface" : "Abstract", ZSTR_VAL(ce->name), ZSTR_VAL(name));
7319 		}
7320 
7321 		ce->ce_flags |= ZEND_ACC_IMPLICIT_ABSTRACT_CLASS;
7322 	} else if (!has_body) {
7323 		zend_error_noreturn(E_COMPILE_ERROR, "Non-abstract method %s::%s() must contain body",
7324 			ZSTR_VAL(ce->name), ZSTR_VAL(name));
7325 	}
7326 
7327 	op_array->scope = ce;
7328 	op_array->function_name = zend_string_copy(name);
7329 
7330 	lcname = zend_string_tolower(name);
7331 	lcname = zend_new_interned_string(lcname);
7332 
7333 	if (zend_hash_add_ptr(&ce->function_table, lcname, op_array) == NULL) {
7334 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot redeclare %s::%s()",
7335 			ZSTR_VAL(ce->name), ZSTR_VAL(name));
7336 	}
7337 
7338 	zend_add_magic_method(ce, (zend_function *) op_array, lcname);
7339 	if (zend_string_equals_literal(lcname, ZEND_TOSTRING_FUNC_NAME)
7340 			&& !(ce->ce_flags & ZEND_ACC_TRAIT)) {
7341 		add_stringable_interface(ce);
7342 	}
7343 
7344 	return lcname;
7345 }
7346 /* }}} */
7347 
zend_add_dynamic_func_def(zend_op_array * def)7348 static uint32_t zend_add_dynamic_func_def(zend_op_array *def) {
7349 	zend_op_array *op_array = CG(active_op_array);
7350 	uint32_t def_offset = op_array->num_dynamic_func_defs++;
7351 	op_array->dynamic_func_defs = erealloc(
7352 		op_array->dynamic_func_defs, op_array->num_dynamic_func_defs * sizeof(zend_op_array *));
7353 	op_array->dynamic_func_defs[def_offset] = def;
7354 	return def_offset;
7355 }
7356 
zend_begin_func_decl(znode * result,zend_op_array * op_array,zend_ast_decl * decl,bool toplevel)7357 static zend_string *zend_begin_func_decl(znode *result, zend_op_array *op_array, zend_ast_decl *decl, bool toplevel) /* {{{ */
7358 {
7359 	zend_string *unqualified_name, *name, *lcname;
7360 	zend_op *opline;
7361 
7362 	unqualified_name = decl->name;
7363 	op_array->function_name = name = zend_prefix_with_ns(unqualified_name);
7364 	lcname = zend_string_tolower(name);
7365 
7366 	if (FC(imports_function)) {
7367 		zend_string *import_name =
7368 			zend_hash_find_ptr_lc(FC(imports_function), unqualified_name);
7369 		if (import_name && !zend_string_equals_ci(lcname, import_name)) {
7370 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot declare function %s "
7371 				"because the name is already in use", ZSTR_VAL(name));
7372 		}
7373 	}
7374 
7375 	if (zend_string_equals_literal(lcname, "__autoload")) {
7376 		zend_error_noreturn(E_COMPILE_ERROR,
7377 			"__autoload() is no longer supported, use spl_autoload_register() instead");
7378 	}
7379 
7380 	if (zend_string_equals_literal_ci(unqualified_name, "assert")) {
7381 		zend_error(E_COMPILE_ERROR,
7382 			"Defining a custom assert() function is not allowed, "
7383 			"as the function has special semantics");
7384 	}
7385 
7386 	zend_register_seen_symbol(lcname, ZEND_SYMBOL_FUNCTION);
7387 	if (!toplevel) {
7388 		uint32_t func_ref = zend_add_dynamic_func_def(op_array);
7389 		if (op_array->fn_flags & ZEND_ACC_CLOSURE) {
7390 			opline = zend_emit_op_tmp(result, ZEND_DECLARE_LAMBDA_FUNCTION, NULL, NULL);
7391 			opline->op2.num = func_ref;
7392 		} else {
7393 			opline = get_next_op();
7394 			opline->opcode = ZEND_DECLARE_FUNCTION;
7395 			opline->op1_type = IS_CONST;
7396 			LITERAL_STR(opline->op1, zend_string_copy(lcname));
7397 			opline->op2.num = func_ref;
7398 		}
7399 	}
7400 	return lcname;
7401 }
7402 /* }}} */
7403 
zend_compile_func_decl(znode * result,zend_ast * ast,bool toplevel)7404 static void zend_compile_func_decl(znode *result, zend_ast *ast, bool toplevel) /* {{{ */
7405 {
7406 	zend_ast_decl *decl = (zend_ast_decl *) ast;
7407 	zend_ast *params_ast = decl->child[0];
7408 	zend_ast *uses_ast = decl->child[1];
7409 	zend_ast *stmt_ast = decl->child[2];
7410 	zend_ast *return_type_ast = decl->child[3];
7411 	bool is_method = decl->kind == ZEND_AST_METHOD;
7412 	zend_string *lcname;
7413 
7414 	zend_class_entry *orig_class_entry = CG(active_class_entry);
7415 	zend_op_array *orig_op_array = CG(active_op_array);
7416 	zend_op_array *op_array = zend_arena_alloc(&CG(arena), sizeof(zend_op_array));
7417 	zend_oparray_context orig_oparray_context;
7418 	closure_info info;
7419 	memset(&info, 0, sizeof(closure_info));
7420 
7421 	init_op_array(op_array, ZEND_USER_FUNCTION, INITIAL_OP_ARRAY_SIZE);
7422 
7423 	if (CG(compiler_options) & ZEND_COMPILE_PRELOAD) {
7424 		op_array->fn_flags |= ZEND_ACC_PRELOADED;
7425 	}
7426 
7427 	op_array->fn_flags |= (orig_op_array->fn_flags & ZEND_ACC_STRICT_TYPES);
7428 	op_array->fn_flags |= decl->flags;
7429 	op_array->line_start = decl->start_lineno;
7430 	op_array->line_end = decl->end_lineno;
7431 	if (decl->doc_comment) {
7432 		op_array->doc_comment = zend_string_copy(decl->doc_comment);
7433 	}
7434 
7435 	if (decl->kind == ZEND_AST_CLOSURE || decl->kind == ZEND_AST_ARROW_FUNC) {
7436 		op_array->fn_flags |= ZEND_ACC_CLOSURE;
7437 	}
7438 
7439 	if (is_method) {
7440 		bool has_body = stmt_ast != NULL;
7441 		lcname = zend_begin_method_decl(op_array, decl->name, has_body);
7442 	} else {
7443 		lcname = zend_begin_func_decl(result, op_array, decl, toplevel);
7444 		if (decl->kind == ZEND_AST_ARROW_FUNC) {
7445 			find_implicit_binds(&info, params_ast, stmt_ast);
7446 			compile_implicit_lexical_binds(&info, result, op_array);
7447 		} else if (uses_ast) {
7448 			zend_compile_closure_binding(result, op_array, uses_ast);
7449 		}
7450 	}
7451 
7452 	CG(active_op_array) = op_array;
7453 
7454 	if (decl->child[4]) {
7455 		int target = ZEND_ATTRIBUTE_TARGET_FUNCTION;
7456 
7457 		if (is_method) {
7458 			target = ZEND_ATTRIBUTE_TARGET_METHOD;
7459 		}
7460 
7461 		zend_compile_attributes(&op_array->attributes, decl->child[4], 0, target, 0);
7462 	}
7463 
7464 	/* Do not leak the class scope into free standing functions, even if they are dynamically
7465 	 * defined inside a class method. This is necessary for correct handling of magic constants.
7466 	 * For example __CLASS__ should always be "" inside a free standing function. */
7467 	if (decl->kind == ZEND_AST_FUNC_DECL) {
7468 		CG(active_class_entry) = NULL;
7469 	}
7470 
7471 	if (toplevel) {
7472 		op_array->fn_flags |= ZEND_ACC_TOP_LEVEL;
7473 	}
7474 
7475 	zend_oparray_context_begin(&orig_oparray_context);
7476 
7477 	{
7478 		/* Push a separator to the loop variable stack */
7479 		zend_loop_var dummy_var;
7480 		dummy_var.opcode = ZEND_RETURN;
7481 
7482 		zend_stack_push(&CG(loop_var_stack), (void *) &dummy_var);
7483 	}
7484 
7485 	zend_compile_params(params_ast, return_type_ast,
7486 		is_method && zend_string_equals_literal(lcname, ZEND_TOSTRING_FUNC_NAME) ? IS_STRING : 0);
7487 	if (CG(active_op_array)->fn_flags & ZEND_ACC_GENERATOR) {
7488 		zend_mark_function_as_generator();
7489 		zend_emit_op(NULL, ZEND_GENERATOR_CREATE, NULL, NULL);
7490 	}
7491 	if (decl->kind == ZEND_AST_ARROW_FUNC) {
7492 		zend_compile_implicit_closure_uses(&info);
7493 		zend_hash_destroy(&info.uses);
7494 	} else if (uses_ast) {
7495 		zend_compile_closure_uses(uses_ast);
7496 	}
7497 
7498 	if (ast->kind == ZEND_AST_ARROW_FUNC && decl->child[2]->kind != ZEND_AST_RETURN) {
7499 		bool needs_return = true;
7500 		if (op_array->fn_flags & ZEND_ACC_HAS_RETURN_TYPE) {
7501 			zend_arg_info *return_info = CG(active_op_array)->arg_info - 1;
7502 			needs_return = !ZEND_TYPE_CONTAINS_CODE(return_info->type, IS_NEVER);
7503 		}
7504 		if (needs_return) {
7505 			stmt_ast = zend_ast_create(ZEND_AST_RETURN, stmt_ast);
7506 			decl->child[2] = stmt_ast;
7507 		}
7508 	}
7509 
7510 	zend_compile_stmt(stmt_ast);
7511 
7512 	if (is_method) {
7513 		CG(zend_lineno) = decl->start_lineno;
7514 		zend_check_magic_method_implementation(
7515 			CG(active_class_entry), (zend_function *) op_array, lcname, E_COMPILE_ERROR);
7516 	} else if (toplevel) {
7517 		/* Only register the function after a successful compile */
7518 		if (UNEXPECTED(zend_hash_add_ptr(CG(function_table), lcname, op_array) == NULL)) {
7519 			CG(zend_lineno) = decl->start_lineno;
7520 			do_bind_function_error(lcname, op_array, true);
7521 		}
7522 	}
7523 
7524 	/* put the implicit return on the really last line */
7525 	CG(zend_lineno) = decl->end_lineno;
7526 
7527 	zend_do_extended_stmt();
7528 	zend_emit_final_return(0);
7529 
7530 	pass_two(CG(active_op_array));
7531 	zend_oparray_context_end(&orig_oparray_context);
7532 
7533 	/* Pop the loop variable stack separator */
7534 	zend_stack_del_top(&CG(loop_var_stack));
7535 
7536 	if (toplevel) {
7537 		zend_observer_function_declared_notify(op_array, lcname);
7538 	}
7539 
7540 	zend_string_release_ex(lcname, 0);
7541 
7542 	CG(active_op_array) = orig_op_array;
7543 	CG(active_class_entry) = orig_class_entry;
7544 }
7545 /* }}} */
7546 
zend_compile_prop_decl(zend_ast * ast,zend_ast * type_ast,uint32_t flags,zend_ast * attr_ast)7547 static void zend_compile_prop_decl(zend_ast *ast, zend_ast *type_ast, uint32_t flags, zend_ast *attr_ast) /* {{{ */
7548 {
7549 	zend_ast_list *list = zend_ast_get_list(ast);
7550 	zend_class_entry *ce = CG(active_class_entry);
7551 	uint32_t i, children = list->children;
7552 
7553 	if (ce->ce_flags & ZEND_ACC_INTERFACE) {
7554 		zend_error_noreturn(E_COMPILE_ERROR, "Interfaces may not include properties");
7555 	}
7556 
7557 	if (ce->ce_flags & ZEND_ACC_ENUM) {
7558 		zend_error_noreturn(E_COMPILE_ERROR, "Enum %s cannot include properties", ZSTR_VAL(ce->name));
7559 	}
7560 
7561 	if (flags & ZEND_ACC_ABSTRACT) {
7562 		zend_error_noreturn(E_COMPILE_ERROR, "Properties cannot be declared abstract");
7563 	}
7564 
7565 	for (i = 0; i < children; ++i) {
7566 		zend_property_info *info;
7567 		zend_ast *prop_ast = list->child[i];
7568 		zend_ast *name_ast = prop_ast->child[0];
7569 		zend_ast **value_ast_ptr = &prop_ast->child[1];
7570 		zend_ast *doc_comment_ast = prop_ast->child[2];
7571 		zend_string *name = zval_make_interned_string(zend_ast_get_zval(name_ast));
7572 		zend_string *doc_comment = NULL;
7573 		zval value_zv;
7574 		zend_type type = ZEND_TYPE_INIT_NONE(0);
7575 
7576 		if (type_ast) {
7577 			type = zend_compile_typename(type_ast, /* force_allow_null */ 0);
7578 
7579 			if (ZEND_TYPE_FULL_MASK(type) & (MAY_BE_VOID|MAY_BE_NEVER|MAY_BE_CALLABLE)) {
7580 				zend_string *str = zend_type_to_string(type);
7581 				zend_error_noreturn(E_COMPILE_ERROR,
7582 					"Property %s::$%s cannot have type %s",
7583 					ZSTR_VAL(ce->name), ZSTR_VAL(name), ZSTR_VAL(str));
7584 			}
7585 		}
7586 
7587 		/* Doc comment has been appended as last element in ZEND_AST_PROP_ELEM ast */
7588 		if (doc_comment_ast) {
7589 			doc_comment = zend_string_copy(zend_ast_get_str(doc_comment_ast));
7590 		}
7591 
7592 		if (flags & ZEND_ACC_FINAL) {
7593 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot declare property %s::$%s final, "
7594 				"the final modifier is allowed only for methods, classes, and class constants",
7595 				ZSTR_VAL(ce->name), ZSTR_VAL(name));
7596 		}
7597 
7598 		if (zend_hash_exists(&ce->properties_info, name)) {
7599 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot redeclare %s::$%s",
7600 				ZSTR_VAL(ce->name), ZSTR_VAL(name));
7601 		}
7602 
7603 		if (*value_ast_ptr) {
7604 			zend_const_expr_to_zval(&value_zv, value_ast_ptr, /* allow_dynamic */ false);
7605 
7606 			if (ZEND_TYPE_IS_SET(type) && !Z_CONSTANT(value_zv)
7607 					&& !zend_is_valid_default_value(type, &value_zv)) {
7608 				zend_string *str = zend_type_to_string(type);
7609 				if (Z_TYPE(value_zv) == IS_NULL && !ZEND_TYPE_IS_INTERSECTION(type)) {
7610 					ZEND_TYPE_FULL_MASK(type) |= MAY_BE_NULL;
7611 					zend_string *nullable_str = zend_type_to_string(type);
7612 
7613 					zend_error_noreturn(E_COMPILE_ERROR,
7614 						"Default value for property of type %s may not be null. "
7615 						"Use the nullable type %s to allow null default value",
7616 						ZSTR_VAL(str), ZSTR_VAL(nullable_str));
7617 				} else {
7618 					zend_error_noreturn(E_COMPILE_ERROR,
7619 						"Cannot use %s as default value for property %s::$%s of type %s",
7620 						zend_zval_type_name(&value_zv),
7621 						ZSTR_VAL(ce->name), ZSTR_VAL(name), ZSTR_VAL(str));
7622 				}
7623 			}
7624 		} else if (!ZEND_TYPE_IS_SET(type)) {
7625 			ZVAL_NULL(&value_zv);
7626 		} else {
7627 			ZVAL_UNDEF(&value_zv);
7628 		}
7629 
7630 		if ((ce->ce_flags & ZEND_ACC_READONLY_CLASS)) {
7631 			flags |= ZEND_ACC_READONLY;
7632 		}
7633 
7634 		if (flags & ZEND_ACC_READONLY) {
7635 			if (!ZEND_TYPE_IS_SET(type)) {
7636 				zend_error_noreturn(E_COMPILE_ERROR, "Readonly property %s::$%s must have type",
7637 					ZSTR_VAL(ce->name), ZSTR_VAL(name));
7638 			}
7639 			if (!Z_ISUNDEF(value_zv)) {
7640 				zend_error_noreturn(E_COMPILE_ERROR,
7641 					"Readonly property %s::$%s cannot have default value",
7642 					ZSTR_VAL(ce->name), ZSTR_VAL(name));
7643 			}
7644 			if (flags & ZEND_ACC_STATIC) {
7645 				zend_error_noreturn(E_COMPILE_ERROR,
7646 					"Static property %s::$%s cannot be readonly",
7647 					ZSTR_VAL(ce->name), ZSTR_VAL(name));
7648 			}
7649 		}
7650 
7651 		info = zend_declare_typed_property(ce, name, &value_zv, flags, doc_comment, type);
7652 
7653 		if (attr_ast) {
7654 			zend_compile_attributes(&info->attributes, attr_ast, 0, ZEND_ATTRIBUTE_TARGET_PROPERTY, 0);
7655 		}
7656 	}
7657 }
7658 /* }}} */
7659 
zend_compile_prop_group(zend_ast * ast)7660 static void zend_compile_prop_group(zend_ast *ast) /* {{{ */
7661 {
7662 	zend_ast *type_ast = ast->child[0];
7663 	zend_ast *prop_ast = ast->child[1];
7664 	zend_ast *attr_ast = ast->child[2];
7665 
7666 	zend_compile_prop_decl(prop_ast, type_ast, ast->attr, attr_ast);
7667 }
7668 /* }}} */
7669 
zend_check_const_and_trait_alias_attr(uint32_t attr,const char * entity)7670 static void zend_check_const_and_trait_alias_attr(uint32_t attr, const char* entity) /* {{{ */
7671 {
7672 	if (attr & ZEND_ACC_STATIC) {
7673 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use 'static' as %s modifier", entity);
7674 	} else if (attr & ZEND_ACC_ABSTRACT) {
7675 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use 'abstract' as %s modifier", entity);
7676 	} else if (attr & ZEND_ACC_FINAL) {
7677 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use 'final' as %s modifier", entity);
7678 	} else if (attr & ZEND_ACC_READONLY) {
7679 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot use 'readonly' as %s modifier", entity);
7680 	}
7681 }
7682 /* }}} */
7683 
zend_compile_class_const_decl(zend_ast * ast,uint32_t flags,zend_ast * attr_ast)7684 static void zend_compile_class_const_decl(zend_ast *ast, uint32_t flags, zend_ast *attr_ast) /* {{{ */
7685 {
7686 	zend_ast_list *list = zend_ast_get_list(ast);
7687 	zend_class_entry *ce = CG(active_class_entry);
7688 	uint32_t i, children = list->children;
7689 
7690 	for (i = 0; i < children; ++i) {
7691 		zend_class_constant *c;
7692 		zend_ast *const_ast = list->child[i];
7693 		zend_ast *name_ast = const_ast->child[0];
7694 		zend_ast **value_ast_ptr = &const_ast->child[1];
7695 		zend_ast *doc_comment_ast = const_ast->child[2];
7696 		zend_string *name = zval_make_interned_string(zend_ast_get_zval(name_ast));
7697 		zend_string *doc_comment = doc_comment_ast ? zend_string_copy(zend_ast_get_str(doc_comment_ast)) : NULL;
7698 		zval value_zv;
7699 
7700 		if (UNEXPECTED(flags & (ZEND_ACC_STATIC|ZEND_ACC_ABSTRACT|ZEND_ACC_READONLY))) {
7701 			zend_check_const_and_trait_alias_attr(flags, "constant");
7702 		}
7703 
7704 		if (UNEXPECTED((flags & ZEND_ACC_PRIVATE) && (flags & ZEND_ACC_FINAL))) {
7705 			zend_error_noreturn(
7706 				E_COMPILE_ERROR, "Private constant %s::%s cannot be final as it is not visible to other classes",
7707 				ZSTR_VAL(ce->name), ZSTR_VAL(name)
7708 			);
7709 		}
7710 
7711 		zend_const_expr_to_zval(&value_zv, value_ast_ptr, /* allow_dynamic */ false);
7712 		c = zend_declare_class_constant_ex(ce, name, &value_zv, flags, doc_comment);
7713 
7714 		if (attr_ast) {
7715 			zend_compile_attributes(&c->attributes, attr_ast, 0, ZEND_ATTRIBUTE_TARGET_CLASS_CONST, 0);
7716 		}
7717 	}
7718 }
7719 /* }}} */
7720 
zend_compile_class_const_group(zend_ast * ast)7721 static void zend_compile_class_const_group(zend_ast *ast) /* {{{ */
7722 {
7723 	zend_ast *const_ast = ast->child[0];
7724 	zend_ast *attr_ast = ast->child[1];
7725 
7726 	zend_compile_class_const_decl(const_ast, ast->attr, attr_ast);
7727 }
7728 /* }}} */
7729 
zend_compile_method_ref(zend_ast * ast,zend_trait_method_reference * method_ref)7730 static void zend_compile_method_ref(zend_ast *ast, zend_trait_method_reference *method_ref) /* {{{ */
7731 {
7732 	zend_ast *class_ast = ast->child[0];
7733 	zend_ast *method_ast = ast->child[1];
7734 
7735 	method_ref->method_name = zend_string_copy(zend_ast_get_str(method_ast));
7736 
7737 	if (class_ast) {
7738 		method_ref->class_name = zend_resolve_const_class_name_reference(class_ast, "trait name");
7739 	} else {
7740 		method_ref->class_name = NULL;
7741 	}
7742 }
7743 /* }}} */
7744 
zend_compile_trait_precedence(zend_ast * ast)7745 static void zend_compile_trait_precedence(zend_ast *ast) /* {{{ */
7746 {
7747 	zend_ast *method_ref_ast = ast->child[0];
7748 	zend_ast *insteadof_ast = ast->child[1];
7749 	zend_ast_list *insteadof_list = zend_ast_get_list(insteadof_ast);
7750 	uint32_t i;
7751 
7752 	zend_trait_precedence *precedence = emalloc(sizeof(zend_trait_precedence) + (insteadof_list->children - 1) * sizeof(zend_string*));
7753 	zend_compile_method_ref(method_ref_ast, &precedence->trait_method);
7754 	precedence->num_excludes = insteadof_list->children;
7755 
7756 	for (i = 0; i < insteadof_list->children; ++i) {
7757 		zend_ast *name_ast = insteadof_list->child[i];
7758 		precedence->exclude_class_names[i] =
7759 			zend_resolve_const_class_name_reference(name_ast, "trait name");
7760 	}
7761 
7762 	zend_add_to_list(&CG(active_class_entry)->trait_precedences, precedence);
7763 }
7764 /* }}} */
7765 
zend_compile_trait_alias(zend_ast * ast)7766 static void zend_compile_trait_alias(zend_ast *ast) /* {{{ */
7767 {
7768 	zend_ast *method_ref_ast = ast->child[0];
7769 	zend_ast *alias_ast = ast->child[1];
7770 	uint32_t modifiers = ast->attr;
7771 
7772 	zend_trait_alias *alias;
7773 
7774 	zend_check_const_and_trait_alias_attr(modifiers, "method");
7775 
7776 	alias = emalloc(sizeof(zend_trait_alias));
7777 	zend_compile_method_ref(method_ref_ast, &alias->trait_method);
7778 	alias->modifiers = modifiers;
7779 
7780 	if (alias_ast) {
7781 		alias->alias = zend_string_copy(zend_ast_get_str(alias_ast));
7782 	} else {
7783 		alias->alias = NULL;
7784 	}
7785 
7786 	zend_add_to_list(&CG(active_class_entry)->trait_aliases, alias);
7787 }
7788 /* }}} */
7789 
zend_compile_use_trait(zend_ast * ast)7790 static void zend_compile_use_trait(zend_ast *ast) /* {{{ */
7791 {
7792 	zend_ast_list *traits = zend_ast_get_list(ast->child[0]);
7793 	zend_ast_list *adaptations = ast->child[1] ? zend_ast_get_list(ast->child[1]) : NULL;
7794 	zend_class_entry *ce = CG(active_class_entry);
7795 	uint32_t i;
7796 
7797 	ce->trait_names = erealloc(ce->trait_names, sizeof(zend_class_name) * (ce->num_traits + traits->children));
7798 
7799 	for (i = 0; i < traits->children; ++i) {
7800 		zend_ast *trait_ast = traits->child[i];
7801 
7802 		if (ce->ce_flags & ZEND_ACC_INTERFACE) {
7803 			zend_string *name = zend_ast_get_str(trait_ast);
7804 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use traits inside of interfaces. "
7805 				"%s is used in %s", ZSTR_VAL(name), ZSTR_VAL(ce->name));
7806 		}
7807 
7808 		ce->trait_names[ce->num_traits].name =
7809 			zend_resolve_const_class_name_reference(trait_ast, "trait name");
7810 		ce->trait_names[ce->num_traits].lc_name = zend_string_tolower(ce->trait_names[ce->num_traits].name);
7811 		ce->num_traits++;
7812 	}
7813 
7814 	if (!adaptations) {
7815 		return;
7816 	}
7817 
7818 	for (i = 0; i < adaptations->children; ++i) {
7819 		zend_ast *adaptation_ast = adaptations->child[i];
7820 		switch (adaptation_ast->kind) {
7821 			case ZEND_AST_TRAIT_PRECEDENCE:
7822 				zend_compile_trait_precedence(adaptation_ast);
7823 				break;
7824 			case ZEND_AST_TRAIT_ALIAS:
7825 				zend_compile_trait_alias(adaptation_ast);
7826 				break;
7827 			EMPTY_SWITCH_DEFAULT_CASE()
7828 		}
7829 	}
7830 }
7831 /* }}} */
7832 
zend_compile_implements(zend_ast * ast)7833 static void zend_compile_implements(zend_ast *ast) /* {{{ */
7834 {
7835 	zend_ast_list *list = zend_ast_get_list(ast);
7836 	zend_class_entry *ce = CG(active_class_entry);
7837 	zend_class_name *interface_names;
7838 	uint32_t i;
7839 
7840 	interface_names = emalloc(sizeof(zend_class_name) * list->children);
7841 
7842 	for (i = 0; i < list->children; ++i) {
7843 		zend_ast *class_ast = list->child[i];
7844 		interface_names[i].name =
7845 			zend_resolve_const_class_name_reference(class_ast, "interface name");
7846 		interface_names[i].lc_name = zend_string_tolower(interface_names[i].name);
7847 	}
7848 
7849 	ce->num_interfaces = list->children;
7850 	ce->interface_names = interface_names;
7851 }
7852 /* }}} */
7853 
zend_generate_anon_class_name(zend_ast_decl * decl)7854 static zend_string *zend_generate_anon_class_name(zend_ast_decl *decl)
7855 {
7856 	zend_string *filename = CG(active_op_array)->filename;
7857 	uint32_t start_lineno = decl->start_lineno;
7858 
7859 	/* Use parent or first interface as prefix. */
7860 	zend_string *prefix = ZSTR_KNOWN(ZEND_STR_CLASS);
7861 	if (decl->child[0]) {
7862 		prefix = zend_resolve_const_class_name_reference(decl->child[0], "class name");
7863 	} else if (decl->child[1]) {
7864 		zend_ast_list *list = zend_ast_get_list(decl->child[1]);
7865 		prefix = zend_resolve_const_class_name_reference(list->child[0], "interface name");
7866 	}
7867 
7868 	zend_string *result = zend_strpprintf(0, "%s@anonymous%c%s:%" PRIu32 "$%" PRIx32,
7869 		ZSTR_VAL(prefix), '\0', ZSTR_VAL(filename), start_lineno, CG(rtd_key_counter)++);
7870 	zend_string_release(prefix);
7871 	return zend_new_interned_string(result);
7872 }
7873 
zend_compile_enum_backing_type(zend_class_entry * ce,zend_ast * enum_backing_type_ast)7874 static void zend_compile_enum_backing_type(zend_class_entry *ce, zend_ast *enum_backing_type_ast)
7875 {
7876 	ZEND_ASSERT(ce->ce_flags & ZEND_ACC_ENUM);
7877 	zend_type type = zend_compile_typename(enum_backing_type_ast, 0);
7878 	uint32_t type_mask = ZEND_TYPE_PURE_MASK(type);
7879 	if (ZEND_TYPE_IS_COMPLEX(type) || (type_mask != MAY_BE_LONG && type_mask != MAY_BE_STRING)) {
7880 		zend_string *type_string = zend_type_to_string(type);
7881 		zend_error_noreturn(E_COMPILE_ERROR,
7882 			"Enum backing type must be int or string, %s given",
7883 			ZSTR_VAL(type_string));
7884 	}
7885 	if (type_mask == MAY_BE_LONG) {
7886 		ce->enum_backing_type = IS_LONG;
7887 	} else {
7888 		ZEND_ASSERT(type_mask == MAY_BE_STRING);
7889 		ce->enum_backing_type = IS_STRING;
7890 	}
7891 	zend_type_release(type, 0);
7892 }
7893 
zend_compile_class_decl(znode * result,zend_ast * ast,bool toplevel)7894 static void zend_compile_class_decl(znode *result, zend_ast *ast, bool toplevel) /* {{{ */
7895 {
7896 	zend_ast_decl *decl = (zend_ast_decl *) ast;
7897 	zend_ast *extends_ast = decl->child[0];
7898 	zend_ast *implements_ast = decl->child[1];
7899 	zend_ast *stmt_ast = decl->child[2];
7900 	zend_ast *enum_backing_type_ast = decl->child[4];
7901 	zend_string *name, *lcname;
7902 	zend_class_entry *ce = zend_arena_alloc(&CG(arena), sizeof(zend_class_entry));
7903 	zend_op *opline;
7904 
7905 	zend_class_entry *original_ce = CG(active_class_entry);
7906 
7907 	if (EXPECTED((decl->flags & ZEND_ACC_ANON_CLASS) == 0)) {
7908 		zend_string *unqualified_name = decl->name;
7909 
7910 		if (CG(active_class_entry)) {
7911 			zend_error_noreturn(E_COMPILE_ERROR, "Class declarations may not be nested");
7912 		}
7913 
7914 		zend_assert_valid_class_name(unqualified_name);
7915 		name = zend_prefix_with_ns(unqualified_name);
7916 		name = zend_new_interned_string(name);
7917 		lcname = zend_string_tolower(name);
7918 
7919 		if (FC(imports)) {
7920 			zend_string *import_name =
7921 				zend_hash_find_ptr_lc(FC(imports), unqualified_name);
7922 			if (import_name && !zend_string_equals_ci(lcname, import_name)) {
7923 				zend_error_noreturn(E_COMPILE_ERROR, "Cannot declare class %s "
7924 						"because the name is already in use", ZSTR_VAL(name));
7925 			}
7926 		}
7927 
7928 		zend_register_seen_symbol(lcname, ZEND_SYMBOL_CLASS);
7929 	} else {
7930 		/* Find an anon class name that is not in use yet. */
7931 		name = NULL;
7932 		lcname = NULL;
7933 		do {
7934 			zend_tmp_string_release(name);
7935 			zend_tmp_string_release(lcname);
7936 			name = zend_generate_anon_class_name(decl);
7937 			lcname = zend_string_tolower(name);
7938 		} while (zend_hash_exists(CG(class_table), lcname));
7939 	}
7940 	lcname = zend_new_interned_string(lcname);
7941 
7942 	ce->type = ZEND_USER_CLASS;
7943 	ce->name = name;
7944 	zend_initialize_class_data(ce, 1);
7945 	if (!(decl->flags & ZEND_ACC_ANON_CLASS)) {
7946 		zend_alloc_ce_cache(ce->name);
7947 	}
7948 
7949 	if (CG(compiler_options) & ZEND_COMPILE_PRELOAD) {
7950 		ce->ce_flags |= ZEND_ACC_PRELOADED;
7951 		ZEND_MAP_PTR_NEW(ce->static_members_table);
7952 		ZEND_MAP_PTR_NEW(ce->mutable_data);
7953 	}
7954 
7955 	ce->ce_flags |= decl->flags;
7956 	ce->info.user.filename = zend_string_copy(zend_get_compiled_filename());
7957 	ce->info.user.line_start = decl->start_lineno;
7958 	ce->info.user.line_end = decl->end_lineno;
7959 
7960 	if (decl->doc_comment) {
7961 		ce->info.user.doc_comment = zend_string_copy(decl->doc_comment);
7962 	}
7963 
7964 	if (UNEXPECTED((decl->flags & ZEND_ACC_ANON_CLASS))) {
7965 		/* Serialization is not supported for anonymous classes */
7966 		ce->ce_flags |= ZEND_ACC_NOT_SERIALIZABLE;
7967 	}
7968 
7969 	if (extends_ast) {
7970 		ce->parent_name =
7971 			zend_resolve_const_class_name_reference(extends_ast, "class name");
7972 	}
7973 
7974 	CG(active_class_entry) = ce;
7975 
7976 	if (decl->child[3]) {
7977 		zend_compile_attributes(&ce->attributes, decl->child[3], 0, ZEND_ATTRIBUTE_TARGET_CLASS, 0);
7978 	}
7979 
7980 	if (implements_ast) {
7981 		zend_compile_implements(implements_ast);
7982 	}
7983 
7984 	if (ce->ce_flags & ZEND_ACC_ENUM) {
7985 		if (enum_backing_type_ast != NULL) {
7986 			zend_compile_enum_backing_type(ce, enum_backing_type_ast);
7987 		}
7988 		zend_enum_add_interfaces(ce);
7989 		zend_enum_register_props(ce);
7990 	}
7991 
7992 	zend_compile_stmt(stmt_ast);
7993 
7994 	/* Reset lineno for final opcodes and errors */
7995 	CG(zend_lineno) = ast->lineno;
7996 
7997 	if ((ce->ce_flags & (ZEND_ACC_IMPLICIT_ABSTRACT_CLASS|ZEND_ACC_INTERFACE|ZEND_ACC_TRAIT|ZEND_ACC_EXPLICIT_ABSTRACT_CLASS)) == ZEND_ACC_IMPLICIT_ABSTRACT_CLASS) {
7998 		zend_verify_abstract_class(ce);
7999 	}
8000 
8001 	CG(active_class_entry) = original_ce;
8002 
8003 	if (toplevel) {
8004 		ce->ce_flags |= ZEND_ACC_TOP_LEVEL;
8005 	}
8006 
8007 	/* We currently don't early-bind classes that implement interfaces or use traits */
8008 	if (!ce->num_interfaces && !ce->num_traits
8009 	 && !(CG(compiler_options) & ZEND_COMPILE_WITHOUT_EXECUTION)) {
8010 		if (toplevel) {
8011 			if (extends_ast) {
8012 				zend_class_entry *parent_ce = zend_lookup_class_ex(
8013 					ce->parent_name, NULL, ZEND_FETCH_CLASS_NO_AUTOLOAD);
8014 
8015 				if (parent_ce
8016 				 && !zend_compile_ignore_class(parent_ce, ce->info.user.filename)) {
8017 					if (zend_try_early_bind(ce, parent_ce, lcname, NULL)) {
8018 						zend_string_release(lcname);
8019 						return;
8020 					}
8021 				}
8022 			} else if (EXPECTED(zend_hash_add_ptr(CG(class_table), lcname, ce) != NULL)) {
8023 				zend_string_release(lcname);
8024 				zend_build_properties_info_table(ce);
8025 				ce->ce_flags |= ZEND_ACC_LINKED;
8026 				zend_observer_class_linked_notify(ce, lcname);
8027 				return;
8028 			}
8029 		} else if (!extends_ast) {
8030 			/* Link unbound simple class */
8031 			zend_build_properties_info_table(ce);
8032 			ce->ce_flags |= ZEND_ACC_LINKED;
8033 		}
8034 	}
8035 
8036 	opline = get_next_op();
8037 
8038 	if (ce->parent_name) {
8039 		/* Lowercased parent name */
8040 		zend_string *lc_parent_name = zend_string_tolower(ce->parent_name);
8041 		opline->op2_type = IS_CONST;
8042 		LITERAL_STR(opline->op2, lc_parent_name);
8043 	}
8044 
8045 	opline->op1_type = IS_CONST;
8046 	/* It's possible that `lcname` is not an interned string because it was not yet in the interned string table.
8047 	 * However, by this point another thread may have caused `lcname` to be added in the interned string table.
8048 	 * This will cause `lcname` to get freed once it is found in the interned string table. If we were to use
8049 	 * LITERAL_STR() here we would not change the `lcname` pointer to the new value, and it would point to the
8050 	 * now-freed string. This will cause issues when we use `lcname` in the code below. We solve this by using
8051 	 * zend_add_literal_string() which gives us the new value. */
8052 	opline->op1.constant = zend_add_literal_string(&lcname);
8053 
8054 	if (decl->flags & ZEND_ACC_ANON_CLASS) {
8055 		opline->opcode = ZEND_DECLARE_ANON_CLASS;
8056 		opline->extended_value = zend_alloc_cache_slot();
8057 		zend_make_var_result(result, opline);
8058 		if (!zend_hash_add_ptr(CG(class_table), lcname, ce)) {
8059 			/* We checked above that the class name is not used. This really shouldn't happen. */
8060 			zend_error_noreturn(E_ERROR,
8061 				"Runtime definition key collision for %s. This is a bug", ZSTR_VAL(name));
8062 		}
8063 	} else {
8064 		/* Generate RTD keys until we find one that isn't in use yet. */
8065 		zend_string *key = NULL;
8066 		do {
8067 			zend_tmp_string_release(key);
8068 			key = zend_build_runtime_definition_key(lcname, decl->start_lineno);
8069 		} while (!zend_hash_add_ptr(CG(class_table), key, ce));
8070 
8071 		/* RTD key is placed after lcname literal in op1 */
8072 		zend_add_literal_string(&key);
8073 
8074 		opline->opcode = ZEND_DECLARE_CLASS;
8075 		if (extends_ast && toplevel
8076 			 && (CG(compiler_options) & ZEND_COMPILE_DELAYED_BINDING)
8077 				/* We currently don't early-bind classes that implement interfaces or use traits */
8078 			 && !ce->num_interfaces && !ce->num_traits
8079 		) {
8080 			CG(active_op_array)->fn_flags |= ZEND_ACC_EARLY_BINDING;
8081 			opline->opcode = ZEND_DECLARE_CLASS_DELAYED;
8082 			opline->extended_value = zend_alloc_cache_slot();
8083 			opline->result_type = IS_UNUSED;
8084 			opline->result.opline_num = -1;
8085 		}
8086 	}
8087 }
8088 /* }}} */
8089 
zend_compile_enum_case(zend_ast * ast)8090 static void zend_compile_enum_case(zend_ast *ast)
8091 {
8092 	zend_class_entry *enum_class = CG(active_class_entry);
8093 	if (!(enum_class->ce_flags & ZEND_ACC_ENUM)) {
8094 		zend_error_noreturn(E_COMPILE_ERROR, "Case can only be used in enums");
8095 	}
8096 
8097 	zend_string *enum_case_name = zval_make_interned_string(zend_ast_get_zval(ast->child[0]));
8098 	zend_string *enum_class_name = enum_class->name;
8099 
8100 	zval class_name_zval;
8101 	ZVAL_STR_COPY(&class_name_zval, enum_class_name);
8102 	zend_ast *class_name_ast = zend_ast_create_zval(&class_name_zval);
8103 
8104 	zval case_name_zval;
8105 	ZVAL_STR_COPY(&case_name_zval, enum_case_name);
8106 	zend_ast *case_name_ast = zend_ast_create_zval(&case_name_zval);
8107 
8108 	zend_ast *case_value_ast = ast->child[1];
8109 	// Remove case_value_ast from the original AST to avoid freeing it, as it will be freed by zend_const_expr_to_zval
8110 	ast->child[1] = NULL;
8111 	if (enum_class->enum_backing_type != IS_UNDEF && case_value_ast == NULL) {
8112 		zend_error_noreturn(E_COMPILE_ERROR, "Case %s of backed enum %s must have a value",
8113 			ZSTR_VAL(enum_case_name),
8114 			ZSTR_VAL(enum_class_name));
8115 	} else if (enum_class->enum_backing_type == IS_UNDEF && case_value_ast != NULL) {
8116 		zend_error_noreturn(E_COMPILE_ERROR, "Case %s of non-backed enum %s must not have a value",
8117 			ZSTR_VAL(enum_case_name),
8118 			ZSTR_VAL(enum_class_name));
8119 	}
8120 
8121 	zend_ast *const_enum_init_ast = zend_ast_create(ZEND_AST_CONST_ENUM_INIT, class_name_ast, case_name_ast, case_value_ast);
8122 
8123 	zval value_zv;
8124 	zend_const_expr_to_zval(&value_zv, &const_enum_init_ast, /* allow_dynamic */ false);
8125 
8126 	/* Doc comment has been appended as second last element in ZEND_AST_ENUM ast - attributes are conventionally last */
8127 	zend_ast *doc_comment_ast = ast->child[2];
8128 	zend_string *doc_comment = NULL;
8129 	if (doc_comment_ast) {
8130 		doc_comment = zend_string_copy(zend_ast_get_str(doc_comment_ast));
8131 	}
8132 
8133 	zend_class_constant *c = zend_declare_class_constant_ex(enum_class, enum_case_name, &value_zv, ZEND_ACC_PUBLIC, doc_comment);
8134 	ZEND_CLASS_CONST_FLAGS(c) |= ZEND_CLASS_CONST_IS_CASE;
8135 	zend_ast_destroy(const_enum_init_ast);
8136 
8137 	zend_ast *attr_ast = ast->child[3];
8138 	if (attr_ast) {
8139 		zend_compile_attributes(&c->attributes, attr_ast, 0, ZEND_ATTRIBUTE_TARGET_CLASS_CONST, 0);
8140 	}
8141 }
8142 
zend_get_import_ht(uint32_t type)8143 static HashTable *zend_get_import_ht(uint32_t type) /* {{{ */
8144 {
8145 	switch (type) {
8146 		case ZEND_SYMBOL_CLASS:
8147 			if (!FC(imports)) {
8148 				FC(imports) = emalloc(sizeof(HashTable));
8149 				zend_hash_init(FC(imports), 8, NULL, str_dtor, 0);
8150 			}
8151 			return FC(imports);
8152 		case ZEND_SYMBOL_FUNCTION:
8153 			if (!FC(imports_function)) {
8154 				FC(imports_function) = emalloc(sizeof(HashTable));
8155 				zend_hash_init(FC(imports_function), 8, NULL, str_dtor, 0);
8156 			}
8157 			return FC(imports_function);
8158 		case ZEND_SYMBOL_CONST:
8159 			if (!FC(imports_const)) {
8160 				FC(imports_const) = emalloc(sizeof(HashTable));
8161 				zend_hash_init(FC(imports_const), 8, NULL, str_dtor, 0);
8162 			}
8163 			return FC(imports_const);
8164 		EMPTY_SWITCH_DEFAULT_CASE()
8165 	}
8166 
8167 	return NULL;
8168 }
8169 /* }}} */
8170 
zend_get_use_type_str(uint32_t type)8171 static char *zend_get_use_type_str(uint32_t type) /* {{{ */
8172 {
8173 	switch (type) {
8174 		case ZEND_SYMBOL_CLASS:
8175 			return "";
8176 		case ZEND_SYMBOL_FUNCTION:
8177 			return " function";
8178 		case ZEND_SYMBOL_CONST:
8179 			return " const";
8180 		EMPTY_SWITCH_DEFAULT_CASE()
8181 	}
8182 
8183 	return " unknown";
8184 }
8185 /* }}} */
8186 
zend_check_already_in_use(uint32_t type,zend_string * old_name,zend_string * new_name,zend_string * check_name)8187 static void zend_check_already_in_use(uint32_t type, zend_string *old_name, zend_string *new_name, zend_string *check_name) /* {{{ */
8188 {
8189 	if (zend_string_equals_ci(old_name, check_name)) {
8190 		return;
8191 	}
8192 
8193 	zend_error_noreturn(E_COMPILE_ERROR, "Cannot use%s %s as %s because the name "
8194 		"is already in use", zend_get_use_type_str(type), ZSTR_VAL(old_name), ZSTR_VAL(new_name));
8195 }
8196 /* }}} */
8197 
zend_compile_use(zend_ast * ast)8198 static void zend_compile_use(zend_ast *ast) /* {{{ */
8199 {
8200 	zend_ast_list *list = zend_ast_get_list(ast);
8201 	uint32_t i;
8202 	zend_string *current_ns = FC(current_namespace);
8203 	uint32_t type = ast->attr;
8204 	HashTable *current_import = zend_get_import_ht(type);
8205 	bool case_sensitive = type == ZEND_SYMBOL_CONST;
8206 
8207 	for (i = 0; i < list->children; ++i) {
8208 		zend_ast *use_ast = list->child[i];
8209 		zend_ast *old_name_ast = use_ast->child[0];
8210 		zend_ast *new_name_ast = use_ast->child[1];
8211 		zend_string *old_name = zend_ast_get_str(old_name_ast);
8212 		zend_string *new_name, *lookup_name;
8213 
8214 		if (new_name_ast) {
8215 			new_name = zend_string_copy(zend_ast_get_str(new_name_ast));
8216 		} else {
8217 			const char *unqualified_name;
8218 			size_t unqualified_name_len;
8219 			if (zend_get_unqualified_name(old_name, &unqualified_name, &unqualified_name_len)) {
8220 				/* The form "use A\B" is equivalent to "use A\B as B" */
8221 				new_name = zend_string_init(unqualified_name, unqualified_name_len, 0);
8222 			} else {
8223 				new_name = zend_string_copy(old_name);
8224 
8225 				if (!current_ns) {
8226 					zend_error(E_WARNING, "The use statement with non-compound name '%s' "
8227 						"has no effect", ZSTR_VAL(new_name));
8228 				}
8229 			}
8230 		}
8231 
8232 		if (case_sensitive) {
8233 			lookup_name = zend_string_copy(new_name);
8234 		} else {
8235 			lookup_name = zend_string_tolower(new_name);
8236 		}
8237 
8238 		if (type == ZEND_SYMBOL_CLASS && zend_is_reserved_class_name(new_name)) {
8239 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use %s as %s because '%s' "
8240 				"is a special class name", ZSTR_VAL(old_name), ZSTR_VAL(new_name), ZSTR_VAL(new_name));
8241 		}
8242 
8243 		if (current_ns) {
8244 			zend_string *ns_name = zend_string_alloc(ZSTR_LEN(current_ns) + 1 + ZSTR_LEN(new_name), 0);
8245 			zend_str_tolower_copy(ZSTR_VAL(ns_name), ZSTR_VAL(current_ns), ZSTR_LEN(current_ns));
8246 			ZSTR_VAL(ns_name)[ZSTR_LEN(current_ns)] = '\\';
8247 			memcpy(ZSTR_VAL(ns_name) + ZSTR_LEN(current_ns) + 1, ZSTR_VAL(lookup_name), ZSTR_LEN(lookup_name) + 1);
8248 
8249 			if (zend_have_seen_symbol(ns_name, type)) {
8250 				zend_check_already_in_use(type, old_name, new_name, ns_name);
8251 			}
8252 
8253 			zend_string_efree(ns_name);
8254 		} else if (zend_have_seen_symbol(lookup_name, type)) {
8255 			zend_check_already_in_use(type, old_name, new_name, lookup_name);
8256 		}
8257 
8258 		zend_string_addref(old_name);
8259 		old_name = zend_new_interned_string(old_name);
8260 		if (!zend_hash_add_ptr(current_import, lookup_name, old_name)) {
8261 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use%s %s as %s because the name "
8262 				"is already in use", zend_get_use_type_str(type), ZSTR_VAL(old_name), ZSTR_VAL(new_name));
8263 		}
8264 
8265 		zend_string_release_ex(lookup_name, 0);
8266 		zend_string_release_ex(new_name, 0);
8267 	}
8268 }
8269 /* }}} */
8270 
zend_compile_group_use(zend_ast * ast)8271 static void zend_compile_group_use(zend_ast *ast) /* {{{ */
8272 {
8273 	uint32_t i;
8274 	zend_string *ns = zend_ast_get_str(ast->child[0]);
8275 	zend_ast_list *list = zend_ast_get_list(ast->child[1]);
8276 
8277 	for (i = 0; i < list->children; i++) {
8278 		zend_ast *inline_use, *use = list->child[i];
8279 		zval *name_zval = zend_ast_get_zval(use->child[0]);
8280 		zend_string *name = Z_STR_P(name_zval);
8281 		zend_string *compound_ns = zend_concat_names(ZSTR_VAL(ns), ZSTR_LEN(ns), ZSTR_VAL(name), ZSTR_LEN(name));
8282 		zend_string_release_ex(name, 0);
8283 		ZVAL_STR(name_zval, compound_ns);
8284 		inline_use = zend_ast_create_list(1, ZEND_AST_USE, use);
8285 		inline_use->attr = ast->attr ? ast->attr : use->attr;
8286 		zend_compile_use(inline_use);
8287 	}
8288 }
8289 /* }}} */
8290 
zend_compile_const_decl(zend_ast * ast)8291 static void zend_compile_const_decl(zend_ast *ast) /* {{{ */
8292 {
8293 	zend_ast_list *list = zend_ast_get_list(ast);
8294 	uint32_t i;
8295 	for (i = 0; i < list->children; ++i) {
8296 		zend_ast *const_ast = list->child[i];
8297 		zend_ast *name_ast = const_ast->child[0];
8298 		zend_ast **value_ast_ptr = &const_ast->child[1];
8299 		zend_string *unqualified_name = zend_ast_get_str(name_ast);
8300 
8301 		zend_string *name;
8302 		znode name_node, value_node;
8303 		zval *value_zv = &value_node.u.constant;
8304 
8305 		value_node.op_type = IS_CONST;
8306 		zend_const_expr_to_zval(value_zv, value_ast_ptr, /* allow_dynamic */ true);
8307 
8308 		if (zend_get_special_const(ZSTR_VAL(unqualified_name), ZSTR_LEN(unqualified_name))) {
8309 			zend_error_noreturn(E_COMPILE_ERROR,
8310 				"Cannot redeclare constant '%s'", ZSTR_VAL(unqualified_name));
8311 		}
8312 
8313 		name = zend_prefix_with_ns(unqualified_name);
8314 		name = zend_new_interned_string(name);
8315 
8316 		if (FC(imports_const)) {
8317 			zend_string *import_name = zend_hash_find_ptr(FC(imports_const), unqualified_name);
8318 			if (import_name && !zend_string_equals(import_name, name)) {
8319 				zend_error_noreturn(E_COMPILE_ERROR, "Cannot declare const %s because "
8320 					"the name is already in use", ZSTR_VAL(name));
8321 			}
8322 		}
8323 
8324 		name_node.op_type = IS_CONST;
8325 		ZVAL_STR(&name_node.u.constant, name);
8326 
8327 		zend_emit_op(NULL, ZEND_DECLARE_CONST, &name_node, &value_node);
8328 
8329 		zend_register_seen_symbol(name, ZEND_SYMBOL_CONST);
8330 	}
8331 }
8332 /* }}}*/
8333 
zend_compile_namespace(zend_ast * ast)8334 static void zend_compile_namespace(zend_ast *ast) /* {{{ */
8335 {
8336 	zend_ast *name_ast = ast->child[0];
8337 	zend_ast *stmt_ast = ast->child[1];
8338 	zend_string *name;
8339 	bool with_bracket = stmt_ast != NULL;
8340 
8341 	/* handle mixed syntax declaration or nested namespaces */
8342 	if (!FC(has_bracketed_namespaces)) {
8343 		if (FC(current_namespace)) {
8344 			/* previous namespace declarations were unbracketed */
8345 			if (with_bracket) {
8346 				zend_error_noreturn(E_COMPILE_ERROR, "Cannot mix bracketed namespace declarations "
8347 					"with unbracketed namespace declarations");
8348 			}
8349 		}
8350 	} else {
8351 		/* previous namespace declarations were bracketed */
8352 		if (!with_bracket) {
8353 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot mix bracketed namespace declarations "
8354 				"with unbracketed namespace declarations");
8355 		} else if (FC(current_namespace) || FC(in_namespace)) {
8356 			zend_error_noreturn(E_COMPILE_ERROR, "Namespace declarations cannot be nested");
8357 		}
8358 	}
8359 
8360 	bool is_first_namespace = (!with_bracket && !FC(current_namespace))
8361 		|| (with_bracket && !FC(has_bracketed_namespaces));
8362 	if (is_first_namespace && FAILURE == zend_is_first_statement(ast, /* allow_nop */ 1)) {
8363 		zend_error_noreturn(E_COMPILE_ERROR, "Namespace declaration statement has to be "
8364 			"the very first statement or after any declare call in the script");
8365 	}
8366 
8367 	if (FC(current_namespace)) {
8368 		zend_string_release_ex(FC(current_namespace), 0);
8369 	}
8370 
8371 	if (name_ast) {
8372 		name = zend_ast_get_str(name_ast);
8373 
8374 		if (zend_string_equals_literal_ci(name, "namespace")) {
8375 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use '%s' as namespace name", ZSTR_VAL(name));
8376 		}
8377 
8378 		FC(current_namespace) = zend_string_copy(name);
8379 	} else {
8380 		FC(current_namespace) = NULL;
8381 	}
8382 
8383 	zend_reset_import_tables();
8384 
8385 	FC(in_namespace) = 1;
8386 	if (with_bracket) {
8387 		FC(has_bracketed_namespaces) = 1;
8388 	}
8389 
8390 	if (stmt_ast) {
8391 		zend_compile_top_stmt(stmt_ast);
8392 		zend_end_namespace();
8393 	}
8394 }
8395 /* }}} */
8396 
zend_compile_halt_compiler(zend_ast * ast)8397 static void zend_compile_halt_compiler(zend_ast *ast) /* {{{ */
8398 {
8399 	zend_ast *offset_ast = ast->child[0];
8400 	zend_long offset = Z_LVAL_P(zend_ast_get_zval(offset_ast));
8401 
8402 	zend_string *filename, *name;
8403 	const char const_name[] = "__COMPILER_HALT_OFFSET__";
8404 
8405 	if (FC(has_bracketed_namespaces) && FC(in_namespace)) {
8406 		zend_error_noreturn(E_COMPILE_ERROR,
8407 			"__HALT_COMPILER() can only be used from the outermost scope");
8408 	}
8409 
8410 	filename = zend_get_compiled_filename();
8411 	name = zend_mangle_property_name(const_name, sizeof(const_name) - 1,
8412 		ZSTR_VAL(filename), ZSTR_LEN(filename), 0);
8413 
8414 	zend_register_long_constant(ZSTR_VAL(name), ZSTR_LEN(name), offset, CONST_CS, 0);
8415 	zend_string_release_ex(name, 0);
8416 }
8417 /* }}} */
8418 
zend_try_ct_eval_magic_const(zval * zv,zend_ast * ast)8419 static bool zend_try_ct_eval_magic_const(zval *zv, zend_ast *ast) /* {{{ */
8420 {
8421 	zend_op_array *op_array = CG(active_op_array);
8422 	zend_class_entry *ce = CG(active_class_entry);
8423 
8424 	switch (ast->attr) {
8425 		case T_LINE:
8426 			ZVAL_LONG(zv, ast->lineno);
8427 			break;
8428 		case T_FILE:
8429 			ZVAL_STR_COPY(zv, CG(compiled_filename));
8430 			break;
8431 		case T_DIR:
8432 		{
8433 			zend_string *filename = CG(compiled_filename);
8434 			zend_string *dirname = zend_string_init(ZSTR_VAL(filename), ZSTR_LEN(filename), 0);
8435 #ifdef ZEND_WIN32
8436 			ZSTR_LEN(dirname) = php_win32_ioutil_dirname(ZSTR_VAL(dirname), ZSTR_LEN(dirname));
8437 #else
8438 			ZSTR_LEN(dirname) = zend_dirname(ZSTR_VAL(dirname), ZSTR_LEN(dirname));
8439 #endif
8440 
8441 			if (zend_string_equals_literal(dirname, ".")) {
8442 				dirname = zend_string_extend(dirname, MAXPATHLEN, 0);
8443 #if HAVE_GETCWD
8444 				ZEND_IGNORE_VALUE(VCWD_GETCWD(ZSTR_VAL(dirname), MAXPATHLEN));
8445 #elif HAVE_GETWD
8446 				ZEND_IGNORE_VALUE(VCWD_GETWD(ZSTR_VAL(dirname)));
8447 #endif
8448 				ZSTR_LEN(dirname) = strlen(ZSTR_VAL(dirname));
8449 			}
8450 
8451 			ZVAL_STR(zv, dirname);
8452 			break;
8453 		}
8454 		case T_FUNC_C:
8455 			if (op_array && op_array->function_name) {
8456 				ZVAL_STR_COPY(zv, op_array->function_name);
8457 			} else {
8458 				ZVAL_EMPTY_STRING(zv);
8459 			}
8460 			break;
8461 		case T_METHOD_C:
8462 			/* Detect whether we are directly inside a class (e.g. a class constant) and treat
8463 			 * this as not being inside a function. */
8464 			if (op_array && ce && !op_array->scope && !(op_array->fn_flags & ZEND_ACC_CLOSURE)) {
8465 				op_array = NULL;
8466 			}
8467 			if (op_array && op_array->function_name) {
8468 				if (op_array->scope) {
8469 					ZVAL_NEW_STR(zv,
8470 						zend_create_member_string(op_array->scope->name, op_array->function_name));
8471 				} else {
8472 					ZVAL_STR_COPY(zv, op_array->function_name);
8473 				}
8474 			} else {
8475 				ZVAL_EMPTY_STRING(zv);
8476 			}
8477 			break;
8478 		case T_CLASS_C:
8479 			if (ce) {
8480 				if ((ce->ce_flags & ZEND_ACC_TRAIT) != 0) {
8481 					return 0;
8482 				} else {
8483 					ZVAL_STR_COPY(zv, ce->name);
8484 				}
8485 			} else {
8486 				ZVAL_EMPTY_STRING(zv);
8487 			}
8488 			break;
8489 		case T_TRAIT_C:
8490 			if (ce && (ce->ce_flags & ZEND_ACC_TRAIT) != 0) {
8491 				ZVAL_STR_COPY(zv, ce->name);
8492 			} else {
8493 				ZVAL_EMPTY_STRING(zv);
8494 			}
8495 			break;
8496 		case T_NS_C:
8497 			if (FC(current_namespace)) {
8498 				ZVAL_STR_COPY(zv, FC(current_namespace));
8499 			} else {
8500 				ZVAL_EMPTY_STRING(zv);
8501 			}
8502 			break;
8503 		EMPTY_SWITCH_DEFAULT_CASE()
8504 	}
8505 
8506 	return 1;
8507 }
8508 /* }}} */
8509 
zend_is_op_long_compatible(zval * op)8510 ZEND_API bool zend_is_op_long_compatible(zval *op)
8511 {
8512 	if (Z_TYPE_P(op) == IS_ARRAY) {
8513 		return false;
8514 	}
8515 
8516 	if (Z_TYPE_P(op) == IS_DOUBLE
8517 		&& !zend_is_long_compatible(Z_DVAL_P(op), zend_dval_to_lval(Z_DVAL_P(op)))) {
8518 		return false;
8519 	}
8520 
8521 	if (Z_TYPE_P(op) == IS_STRING) {
8522 		double dval = 0;
8523 		zend_uchar is_num = is_numeric_str_function(Z_STR_P(op), NULL, &dval);
8524 		if (is_num == 0 || (is_num == IS_DOUBLE && !zend_is_long_compatible(dval, zend_dval_to_lval(dval)))) {
8525 			return false;
8526 		}
8527 	}
8528 
8529 	return true;
8530 }
8531 
zend_binary_op_produces_error(uint32_t opcode,zval * op1,zval * op2)8532 ZEND_API bool zend_binary_op_produces_error(uint32_t opcode, zval *op1, zval *op2) /* {{{ */
8533 {
8534 	if ((opcode == ZEND_CONCAT || opcode == ZEND_FAST_CONCAT)) {
8535 		/* Array to string warning. */
8536 		return Z_TYPE_P(op1) == IS_ARRAY || Z_TYPE_P(op2) == IS_ARRAY;
8537 	}
8538 
8539 	if (!(opcode == ZEND_ADD || opcode == ZEND_SUB || opcode == ZEND_MUL || opcode == ZEND_DIV
8540                || opcode == ZEND_POW || opcode == ZEND_MOD || opcode == ZEND_SL || opcode == ZEND_SR
8541                || opcode == ZEND_BW_OR || opcode == ZEND_BW_AND || opcode == ZEND_BW_XOR)) {
8542 		/* Only the numeric operations throw errors. */
8543 		return 0;
8544 	}
8545 
8546 	if (Z_TYPE_P(op1) == IS_ARRAY || Z_TYPE_P(op2) == IS_ARRAY) {
8547 		if (opcode == ZEND_ADD && Z_TYPE_P(op1) == IS_ARRAY && Z_TYPE_P(op2) == IS_ARRAY) {
8548 			/* Adding two arrays is allowed. */
8549 			return 0;
8550 		}
8551 
8552 		/* Numeric operators throw when one of the operands is an array. */
8553 		return 1;
8554 	}
8555 
8556 	/* While basic arithmetic operators always produce numeric string errors,
8557 	 * bitwise operators don't produce errors if both operands are strings */
8558 	if ((opcode == ZEND_BW_OR || opcode == ZEND_BW_AND || opcode == ZEND_BW_XOR)
8559 		&& Z_TYPE_P(op1) == IS_STRING && Z_TYPE_P(op2) == IS_STRING) {
8560 		return 0;
8561 	}
8562 
8563 	if (Z_TYPE_P(op1) == IS_STRING
8564 		&& !is_numeric_string(Z_STRVAL_P(op1), Z_STRLEN_P(op1), NULL, NULL, 0)) {
8565 		return 1;
8566 	}
8567 
8568 	if (Z_TYPE_P(op2) == IS_STRING
8569 		&& !is_numeric_string(Z_STRVAL_P(op2), Z_STRLEN_P(op2), NULL, NULL, 0)) {
8570 		return 1;
8571 	}
8572 
8573 	if ((opcode == ZEND_MOD && zval_get_long(op2) == 0)
8574 			|| (opcode == ZEND_DIV && zval_get_double(op2) == 0.0)) {
8575 		/* Division by zero throws an error. */
8576 		return 1;
8577 	}
8578 	if ((opcode == ZEND_SL || opcode == ZEND_SR) && zval_get_long(op2) < 0) {
8579 		/* Shift by negative number throws an error. */
8580 		return 1;
8581 	}
8582 
8583 	/* Operation which cast float/float-strings to integers might produce incompatible float to int errors */
8584 	if (opcode == ZEND_SL || opcode == ZEND_SR || opcode == ZEND_BW_OR
8585 			|| opcode == ZEND_BW_AND || opcode == ZEND_BW_XOR || opcode == ZEND_MOD) {
8586 		return !zend_is_op_long_compatible(op1) || !zend_is_op_long_compatible(op2);
8587 	}
8588 
8589 	return 0;
8590 }
8591 /* }}} */
8592 
zend_try_ct_eval_binary_op(zval * result,uint32_t opcode,zval * op1,zval * op2)8593 static inline bool zend_try_ct_eval_binary_op(zval *result, uint32_t opcode, zval *op1, zval *op2) /* {{{ */
8594 {
8595 	if (zend_binary_op_produces_error(opcode, op1, op2)) {
8596 		return 0;
8597 	}
8598 
8599 	binary_op_type fn = get_binary_op(opcode);
8600 	fn(result, op1, op2);
8601 	return 1;
8602 }
8603 /* }}} */
8604 
zend_unary_op_produces_error(uint32_t opcode,zval * op)8605 ZEND_API bool zend_unary_op_produces_error(uint32_t opcode, zval *op)
8606 {
8607 	if (opcode == ZEND_BW_NOT) {
8608 		/* BW_NOT on string does not convert the string into an integer. */
8609 		if (Z_TYPE_P(op) == IS_STRING) {
8610 			return 0;
8611 		}
8612 		return Z_TYPE_P(op) <= IS_TRUE || !zend_is_op_long_compatible(op);
8613 	}
8614 
8615 	return 0;
8616 }
8617 
zend_try_ct_eval_unary_op(zval * result,uint32_t opcode,zval * op)8618 static inline bool zend_try_ct_eval_unary_op(zval *result, uint32_t opcode, zval *op) /* {{{ */
8619 {
8620 	if (zend_unary_op_produces_error(opcode, op)) {
8621 		return 0;
8622 	}
8623 
8624 	unary_op_type fn = get_unary_op(opcode);
8625 	fn(result, op);
8626 	return 1;
8627 }
8628 /* }}} */
8629 
zend_try_ct_eval_unary_pm(zval * result,zend_ast_kind kind,zval * op)8630 static inline bool zend_try_ct_eval_unary_pm(zval *result, zend_ast_kind kind, zval *op) /* {{{ */
8631 {
8632 	zval right;
8633 	ZVAL_LONG(&right, (kind == ZEND_AST_UNARY_PLUS) ? 1 : -1);
8634 	return zend_try_ct_eval_binary_op(result, ZEND_MUL, op, &right);
8635 }
8636 /* }}} */
8637 
zend_ct_eval_greater(zval * result,zend_ast_kind kind,zval * op1,zval * op2)8638 static inline void zend_ct_eval_greater(zval *result, zend_ast_kind kind, zval *op1, zval *op2) /* {{{ */
8639 {
8640 	binary_op_type fn = kind == ZEND_AST_GREATER
8641 		? is_smaller_function : is_smaller_or_equal_function;
8642 	fn(result, op2, op1);
8643 }
8644 /* }}} */
8645 
zend_try_ct_eval_array(zval * result,zend_ast * ast)8646 static bool zend_try_ct_eval_array(zval *result, zend_ast *ast) /* {{{ */
8647 {
8648 	zend_ast_list *list = zend_ast_get_list(ast);
8649 	zend_ast *last_elem_ast = NULL;
8650 	uint32_t i;
8651 	bool is_constant = 1;
8652 
8653 	if (ast->attr == ZEND_ARRAY_SYNTAX_LIST) {
8654 		zend_error(E_COMPILE_ERROR, "Cannot use list() as standalone expression");
8655 	}
8656 
8657 	/* First ensure that *all* child nodes are constant and by-val */
8658 	for (i = 0; i < list->children; ++i) {
8659 		zend_ast *elem_ast = list->child[i];
8660 
8661 		if (elem_ast == NULL) {
8662 			/* Report error at line of last non-empty element */
8663 			if (last_elem_ast) {
8664 				CG(zend_lineno) = zend_ast_get_lineno(last_elem_ast);
8665 			}
8666 			zend_error(E_COMPILE_ERROR, "Cannot use empty array elements in arrays");
8667 		}
8668 
8669 		if (elem_ast->kind != ZEND_AST_UNPACK) {
8670 			zend_eval_const_expr(&elem_ast->child[0]);
8671 			zend_eval_const_expr(&elem_ast->child[1]);
8672 
8673 			if (elem_ast->attr /* by_ref */ || elem_ast->child[0]->kind != ZEND_AST_ZVAL
8674 				|| (elem_ast->child[1] && elem_ast->child[1]->kind != ZEND_AST_ZVAL)
8675 			) {
8676 				is_constant = 0;
8677 			}
8678 		} else {
8679 			zend_eval_const_expr(&elem_ast->child[0]);
8680 
8681 			if (elem_ast->child[0]->kind != ZEND_AST_ZVAL) {
8682 				is_constant = 0;
8683 			}
8684 		}
8685 
8686 		last_elem_ast = elem_ast;
8687 	}
8688 
8689 	if (!is_constant) {
8690 		return 0;
8691 	}
8692 
8693 	if (!list->children) {
8694 		ZVAL_EMPTY_ARRAY(result);
8695 		return 1;
8696 	}
8697 
8698 	array_init_size(result, list->children);
8699 	for (i = 0; i < list->children; ++i) {
8700 		zend_ast *elem_ast = list->child[i];
8701 		zend_ast *value_ast = elem_ast->child[0];
8702 		zend_ast *key_ast;
8703 
8704 		zval *value = zend_ast_get_zval(value_ast);
8705 		if (elem_ast->kind == ZEND_AST_UNPACK) {
8706 			if (Z_TYPE_P(value) == IS_ARRAY) {
8707 				HashTable *ht = Z_ARRVAL_P(value);
8708 				zval *val;
8709 				zend_string *key;
8710 
8711 				ZEND_HASH_FOREACH_STR_KEY_VAL(ht, key, val) {
8712 					if (key) {
8713 						zend_hash_update(Z_ARRVAL_P(result), key, val);
8714 					} else if (!zend_hash_next_index_insert(Z_ARRVAL_P(result), val)) {
8715 						zval_ptr_dtor(result);
8716 						return 0;
8717 					}
8718 					Z_TRY_ADDREF_P(val);
8719 				} ZEND_HASH_FOREACH_END();
8720 
8721 				continue;
8722 			} else {
8723 				zend_error_noreturn(E_COMPILE_ERROR, "Only arrays and Traversables can be unpacked");
8724 			}
8725 		}
8726 
8727 		Z_TRY_ADDREF_P(value);
8728 
8729 		key_ast = elem_ast->child[1];
8730 		if (key_ast) {
8731 			zval *key = zend_ast_get_zval(key_ast);
8732 			switch (Z_TYPE_P(key)) {
8733 				case IS_LONG:
8734 					zend_hash_index_update(Z_ARRVAL_P(result), Z_LVAL_P(key), value);
8735 					break;
8736 				case IS_STRING:
8737 					zend_symtable_update(Z_ARRVAL_P(result), Z_STR_P(key), value);
8738 					break;
8739 				case IS_DOUBLE: {
8740 					zend_long lval = zend_dval_to_lval(Z_DVAL_P(key));
8741 					/* Incompatible float will generate an error, leave this to run-time */
8742 					if (!zend_is_long_compatible(Z_DVAL_P(key), lval)) {
8743 						zval_ptr_dtor_nogc(value);
8744 						zval_ptr_dtor(result);
8745 						return 0;
8746 					}
8747 					zend_hash_index_update(Z_ARRVAL_P(result), lval, value);
8748 					break;
8749 				}
8750 				case IS_FALSE:
8751 					zend_hash_index_update(Z_ARRVAL_P(result), 0, value);
8752 					break;
8753 				case IS_TRUE:
8754 					zend_hash_index_update(Z_ARRVAL_P(result), 1, value);
8755 					break;
8756 				case IS_NULL:
8757 					zend_hash_update(Z_ARRVAL_P(result), ZSTR_EMPTY_ALLOC(), value);
8758 					break;
8759 				default:
8760 					zend_error_noreturn(E_COMPILE_ERROR, "Illegal offset type");
8761 					break;
8762 			}
8763 		} else if (!zend_hash_next_index_insert(Z_ARRVAL_P(result), value)) {
8764 			zval_ptr_dtor_nogc(value);
8765 			zval_ptr_dtor(result);
8766 			return 0;
8767 		}
8768 	}
8769 
8770 	return 1;
8771 }
8772 /* }}} */
8773 
zend_compile_binary_op(znode * result,zend_ast * ast)8774 static void zend_compile_binary_op(znode *result, zend_ast *ast) /* {{{ */
8775 {
8776 	zend_ast *left_ast = ast->child[0];
8777 	zend_ast *right_ast = ast->child[1];
8778 	uint32_t opcode = ast->attr;
8779 
8780 	znode left_node, right_node;
8781 
8782 	zend_compile_expr(&left_node, left_ast);
8783 	zend_compile_expr(&right_node, right_ast);
8784 
8785 	if (left_node.op_type == IS_CONST && right_node.op_type == IS_CONST) {
8786 		if (zend_try_ct_eval_binary_op(&result->u.constant, opcode,
8787 				&left_node.u.constant, &right_node.u.constant)
8788 		) {
8789 			result->op_type = IS_CONST;
8790 			zval_ptr_dtor(&left_node.u.constant);
8791 			zval_ptr_dtor(&right_node.u.constant);
8792 			return;
8793 		}
8794 	}
8795 
8796 	do {
8797 		if (opcode == ZEND_IS_EQUAL || opcode == ZEND_IS_NOT_EQUAL) {
8798 			if (left_node.op_type == IS_CONST) {
8799 				if (Z_TYPE(left_node.u.constant) == IS_FALSE) {
8800 					opcode = (opcode == ZEND_IS_NOT_EQUAL) ? ZEND_BOOL : ZEND_BOOL_NOT;
8801 					zend_emit_op_tmp(result, opcode, &right_node, NULL);
8802 					break;
8803 				} else if (Z_TYPE(left_node.u.constant) == IS_TRUE) {
8804 					opcode = (opcode == ZEND_IS_EQUAL) ? ZEND_BOOL : ZEND_BOOL_NOT;
8805 					zend_emit_op_tmp(result, opcode, &right_node, NULL);
8806 					break;
8807 				}
8808 			} else if (right_node.op_type == IS_CONST) {
8809 				if (Z_TYPE(right_node.u.constant) == IS_FALSE) {
8810 					opcode = (opcode == ZEND_IS_NOT_EQUAL) ? ZEND_BOOL : ZEND_BOOL_NOT;
8811 					zend_emit_op_tmp(result, opcode, &left_node, NULL);
8812 					break;
8813 				} else if (Z_TYPE(right_node.u.constant) == IS_TRUE) {
8814 					opcode = (opcode == ZEND_IS_EQUAL) ? ZEND_BOOL : ZEND_BOOL_NOT;
8815 					zend_emit_op_tmp(result, opcode, &left_node, NULL);
8816 					break;
8817 				}
8818 			}
8819 		} else if (opcode == ZEND_IS_IDENTICAL || opcode == ZEND_IS_NOT_IDENTICAL) {
8820 			/* convert $x === null to is_null($x) (i.e. ZEND_TYPE_CHECK opcode). Do the same thing for false/true. (covers IS_NULL, IS_FALSE, and IS_TRUE) */
8821 			if (left_node.op_type == IS_CONST) {
8822 				if (Z_TYPE(left_node.u.constant) <= IS_TRUE && Z_TYPE(left_node.u.constant) >= IS_NULL) {
8823 					zend_op *opline = zend_emit_op_tmp(result, ZEND_TYPE_CHECK, &right_node, NULL);
8824 					opline->extended_value =
8825 						(opcode == ZEND_IS_IDENTICAL) ?
8826 							(1 << Z_TYPE(left_node.u.constant)) :
8827 							(MAY_BE_ANY - (1 << Z_TYPE(left_node.u.constant)));
8828 					return;
8829 				}
8830 			} else if (right_node.op_type == IS_CONST) {
8831 				if (Z_TYPE(right_node.u.constant) <= IS_TRUE && Z_TYPE(right_node.u.constant) >= IS_NULL) {
8832 					zend_op *opline = zend_emit_op_tmp(result, ZEND_TYPE_CHECK, &left_node, NULL);
8833 					opline->extended_value =
8834 						(opcode == ZEND_IS_IDENTICAL) ?
8835 							(1 << Z_TYPE(right_node.u.constant)) :
8836 							(MAY_BE_ANY - (1 << Z_TYPE(right_node.u.constant)));
8837 					return;
8838 				}
8839 			}
8840 		} else if (opcode == ZEND_CONCAT) {
8841 			/* convert constant operands to strings at compile-time */
8842 			if (left_node.op_type == IS_CONST) {
8843 				if (Z_TYPE(left_node.u.constant) == IS_ARRAY) {
8844 					zend_emit_op_tmp(&left_node, ZEND_CAST, &left_node, NULL)->extended_value = IS_STRING;
8845 				} else {
8846 					convert_to_string(&left_node.u.constant);
8847 				}
8848 			}
8849 			if (right_node.op_type == IS_CONST) {
8850 				if (Z_TYPE(right_node.u.constant) == IS_ARRAY) {
8851 					zend_emit_op_tmp(&right_node, ZEND_CAST, &right_node, NULL)->extended_value = IS_STRING;
8852 				} else {
8853 					convert_to_string(&right_node.u.constant);
8854 				}
8855 			}
8856 			if (left_node.op_type == IS_CONST && right_node.op_type == IS_CONST) {
8857 				opcode = ZEND_FAST_CONCAT;
8858 			}
8859 		}
8860 		zend_emit_op_tmp(result, opcode, &left_node, &right_node);
8861 	} while (0);
8862 }
8863 /* }}} */
8864 
8865 /* We do not use zend_compile_binary_op for this because we want to retain the left-to-right
8866  * evaluation order. */
zend_compile_greater(znode * result,zend_ast * ast)8867 static void zend_compile_greater(znode *result, zend_ast *ast) /* {{{ */
8868 {
8869 	zend_ast *left_ast = ast->child[0];
8870 	zend_ast *right_ast = ast->child[1];
8871 	znode left_node, right_node;
8872 
8873 	ZEND_ASSERT(ast->kind == ZEND_AST_GREATER || ast->kind == ZEND_AST_GREATER_EQUAL);
8874 
8875 	zend_compile_expr(&left_node, left_ast);
8876 	zend_compile_expr(&right_node, right_ast);
8877 
8878 	if (left_node.op_type == IS_CONST && right_node.op_type == IS_CONST) {
8879 		result->op_type = IS_CONST;
8880 		zend_ct_eval_greater(&result->u.constant, ast->kind,
8881 			&left_node.u.constant, &right_node.u.constant);
8882 		zval_ptr_dtor(&left_node.u.constant);
8883 		zval_ptr_dtor(&right_node.u.constant);
8884 		return;
8885 	}
8886 
8887 	zend_emit_op_tmp(result,
8888 		ast->kind == ZEND_AST_GREATER ? ZEND_IS_SMALLER : ZEND_IS_SMALLER_OR_EQUAL,
8889 		&right_node, &left_node);
8890 }
8891 /* }}} */
8892 
zend_compile_unary_op(znode * result,zend_ast * ast)8893 static void zend_compile_unary_op(znode *result, zend_ast *ast) /* {{{ */
8894 {
8895 	zend_ast *expr_ast = ast->child[0];
8896 	uint32_t opcode = ast->attr;
8897 
8898 	znode expr_node;
8899 	zend_compile_expr(&expr_node, expr_ast);
8900 
8901 	if (expr_node.op_type == IS_CONST
8902 			&& zend_try_ct_eval_unary_op(&result->u.constant, opcode, &expr_node.u.constant)) {
8903 		result->op_type = IS_CONST;
8904 		zval_ptr_dtor(&expr_node.u.constant);
8905 		return;
8906 	}
8907 
8908 	zend_emit_op_tmp(result, opcode, &expr_node, NULL);
8909 }
8910 /* }}} */
8911 
zend_compile_unary_pm(znode * result,zend_ast * ast)8912 static void zend_compile_unary_pm(znode *result, zend_ast *ast) /* {{{ */
8913 {
8914 	zend_ast *expr_ast = ast->child[0];
8915 	znode expr_node, right_node;
8916 
8917 	ZEND_ASSERT(ast->kind == ZEND_AST_UNARY_PLUS || ast->kind == ZEND_AST_UNARY_MINUS);
8918 
8919 	zend_compile_expr(&expr_node, expr_ast);
8920 
8921 	if (expr_node.op_type == IS_CONST
8922 		&& zend_try_ct_eval_unary_pm(&result->u.constant, ast->kind, &expr_node.u.constant)) {
8923 		result->op_type = IS_CONST;
8924 		zval_ptr_dtor(&expr_node.u.constant);
8925 		return;
8926 	}
8927 
8928 	right_node.op_type = IS_CONST;
8929 	ZVAL_LONG(&right_node.u.constant, (ast->kind == ZEND_AST_UNARY_PLUS) ? 1 : -1);
8930 	zend_emit_op_tmp(result, ZEND_MUL, &expr_node, &right_node);
8931 }
8932 /* }}} */
8933 
zend_compile_short_circuiting(znode * result,zend_ast * ast)8934 static void zend_compile_short_circuiting(znode *result, zend_ast *ast) /* {{{ */
8935 {
8936 	zend_ast *left_ast = ast->child[0];
8937 	zend_ast *right_ast = ast->child[1];
8938 
8939 	znode left_node, right_node;
8940 	zend_op *opline_jmpz, *opline_bool;
8941 	uint32_t opnum_jmpz;
8942 
8943 	ZEND_ASSERT(ast->kind == ZEND_AST_AND || ast->kind == ZEND_AST_OR);
8944 
8945 	zend_compile_expr(&left_node, left_ast);
8946 
8947 	if (left_node.op_type == IS_CONST) {
8948 		if ((ast->kind == ZEND_AST_AND && !zend_is_true(&left_node.u.constant))
8949 		 || (ast->kind == ZEND_AST_OR && zend_is_true(&left_node.u.constant))) {
8950 			result->op_type = IS_CONST;
8951 			ZVAL_BOOL(&result->u.constant, zend_is_true(&left_node.u.constant));
8952 		} else {
8953 			zend_compile_expr(&right_node, right_ast);
8954 
8955 			if (right_node.op_type == IS_CONST) {
8956 				result->op_type = IS_CONST;
8957 				ZVAL_BOOL(&result->u.constant, zend_is_true(&right_node.u.constant));
8958 
8959 				zval_ptr_dtor(&right_node.u.constant);
8960 			} else {
8961 				zend_emit_op_tmp(result, ZEND_BOOL, &right_node, NULL);
8962 			}
8963 		}
8964 
8965 		zval_ptr_dtor(&left_node.u.constant);
8966 		return;
8967 	}
8968 
8969 	opnum_jmpz = get_next_op_number();
8970 	opline_jmpz = zend_emit_op(NULL, ast->kind == ZEND_AST_AND ? ZEND_JMPZ_EX : ZEND_JMPNZ_EX,
8971 		&left_node, NULL);
8972 
8973 	if (left_node.op_type == IS_TMP_VAR) {
8974 		SET_NODE(opline_jmpz->result, &left_node);
8975 		GET_NODE(result, opline_jmpz->result);
8976 	} else {
8977 		zend_make_tmp_result(result, opline_jmpz);
8978 	}
8979 
8980 	zend_compile_expr(&right_node, right_ast);
8981 
8982 	opline_bool = zend_emit_op(NULL, ZEND_BOOL, &right_node, NULL);
8983 	SET_NODE(opline_bool->result, result);
8984 
8985 	zend_update_jump_target_to_next(opnum_jmpz);
8986 }
8987 /* }}} */
8988 
zend_compile_post_incdec(znode * result,zend_ast * ast)8989 static void zend_compile_post_incdec(znode *result, zend_ast *ast) /* {{{ */
8990 {
8991 	zend_ast *var_ast = ast->child[0];
8992 	ZEND_ASSERT(ast->kind == ZEND_AST_POST_INC || ast->kind == ZEND_AST_POST_DEC);
8993 
8994 	zend_ensure_writable_variable(var_ast);
8995 
8996 	if (var_ast->kind == ZEND_AST_PROP || var_ast->kind == ZEND_AST_NULLSAFE_PROP) {
8997 		zend_op *opline = zend_compile_prop(NULL, var_ast, BP_VAR_RW, 0);
8998 		opline->opcode = ast->kind == ZEND_AST_POST_INC ? ZEND_POST_INC_OBJ : ZEND_POST_DEC_OBJ;
8999 		zend_make_tmp_result(result, opline);
9000 	} else if (var_ast->kind == ZEND_AST_STATIC_PROP) {
9001 		zend_op *opline = zend_compile_static_prop(NULL, var_ast, BP_VAR_RW, 0, 0);
9002 		opline->opcode = ast->kind == ZEND_AST_POST_INC ? ZEND_POST_INC_STATIC_PROP : ZEND_POST_DEC_STATIC_PROP;
9003 		zend_make_tmp_result(result, opline);
9004 	} else {
9005 		znode var_node;
9006 		zend_op *opline = zend_compile_var(&var_node, var_ast, BP_VAR_RW, 0);
9007 		if (opline && opline->opcode == ZEND_FETCH_DIM_RW) {
9008 			opline->extended_value = ZEND_FETCH_DIM_INCDEC;
9009 		}
9010 		zend_emit_op_tmp(result, ast->kind == ZEND_AST_POST_INC ? ZEND_POST_INC : ZEND_POST_DEC,
9011 			&var_node, NULL);
9012 	}
9013 }
9014 /* }}} */
9015 
zend_compile_pre_incdec(znode * result,zend_ast * ast)9016 static void zend_compile_pre_incdec(znode *result, zend_ast *ast) /* {{{ */
9017 {
9018 	zend_ast *var_ast = ast->child[0];
9019 	ZEND_ASSERT(ast->kind == ZEND_AST_PRE_INC || ast->kind == ZEND_AST_PRE_DEC);
9020 
9021 	zend_ensure_writable_variable(var_ast);
9022 
9023 	if (var_ast->kind == ZEND_AST_PROP || var_ast->kind == ZEND_AST_NULLSAFE_PROP) {
9024 		zend_op *opline = zend_compile_prop(result, var_ast, BP_VAR_RW, 0);
9025 		opline->opcode = ast->kind == ZEND_AST_PRE_INC ? ZEND_PRE_INC_OBJ : ZEND_PRE_DEC_OBJ;
9026 		opline->result_type = IS_TMP_VAR;
9027 		result->op_type = IS_TMP_VAR;
9028 	} else if (var_ast->kind == ZEND_AST_STATIC_PROP) {
9029 		zend_op *opline = zend_compile_static_prop(result, var_ast, BP_VAR_RW, 0, 0);
9030 		opline->opcode = ast->kind == ZEND_AST_PRE_INC ? ZEND_PRE_INC_STATIC_PROP : ZEND_PRE_DEC_STATIC_PROP;
9031 		opline->result_type = IS_TMP_VAR;
9032 		result->op_type = IS_TMP_VAR;
9033 	} else {
9034 		znode var_node;
9035 		zend_op *opline = zend_compile_var(&var_node, var_ast, BP_VAR_RW, 0);
9036 		if (opline && opline->opcode == ZEND_FETCH_DIM_RW) {
9037 			opline->extended_value = ZEND_FETCH_DIM_INCDEC;
9038 		}
9039 		zend_emit_op_tmp(result, ast->kind == ZEND_AST_PRE_INC ? ZEND_PRE_INC : ZEND_PRE_DEC,
9040 			&var_node, NULL);
9041 	}
9042 }
9043 /* }}} */
9044 
zend_compile_cast(znode * result,zend_ast * ast)9045 static void zend_compile_cast(znode *result, zend_ast *ast) /* {{{ */
9046 {
9047 	zend_ast *expr_ast = ast->child[0];
9048 	znode expr_node;
9049 	zend_op *opline;
9050 
9051 	zend_compile_expr(&expr_node, expr_ast);
9052 
9053 	if (ast->attr == _IS_BOOL) {
9054 		opline = zend_emit_op_tmp(result, ZEND_BOOL, &expr_node, NULL);
9055 	} else if (ast->attr == IS_NULL) {
9056 		zend_error(E_COMPILE_ERROR, "The (unset) cast is no longer supported");
9057 	} else {
9058 		opline = zend_emit_op_tmp(result, ZEND_CAST, &expr_node, NULL);
9059 		opline->extended_value = ast->attr;
9060 	}
9061 }
9062 /* }}} */
9063 
zend_compile_shorthand_conditional(znode * result,zend_ast * ast)9064 static void zend_compile_shorthand_conditional(znode *result, zend_ast *ast) /* {{{ */
9065 {
9066 	zend_ast *cond_ast = ast->child[0];
9067 	zend_ast *false_ast = ast->child[2];
9068 
9069 	znode cond_node, false_node;
9070 	zend_op *opline_qm_assign;
9071 	uint32_t opnum_jmp_set;
9072 
9073 	ZEND_ASSERT(ast->child[1] == NULL);
9074 
9075 	zend_compile_expr(&cond_node, cond_ast);
9076 
9077 	opnum_jmp_set = get_next_op_number();
9078 	zend_emit_op_tmp(result, ZEND_JMP_SET, &cond_node, NULL);
9079 
9080 	zend_compile_expr(&false_node, false_ast);
9081 
9082 	opline_qm_assign = zend_emit_op_tmp(NULL, ZEND_QM_ASSIGN, &false_node, NULL);
9083 	SET_NODE(opline_qm_assign->result, result);
9084 
9085 	zend_update_jump_target_to_next(opnum_jmp_set);
9086 }
9087 /* }}} */
9088 
zend_compile_conditional(znode * result,zend_ast * ast)9089 static void zend_compile_conditional(znode *result, zend_ast *ast) /* {{{ */
9090 {
9091 	zend_ast *cond_ast = ast->child[0];
9092 	zend_ast *true_ast = ast->child[1];
9093 	zend_ast *false_ast = ast->child[2];
9094 
9095 	znode cond_node, true_node, false_node;
9096 	zend_op *opline_qm_assign2;
9097 	uint32_t opnum_jmpz, opnum_jmp;
9098 
9099 	if (cond_ast->kind == ZEND_AST_CONDITIONAL
9100 			&& cond_ast->attr != ZEND_PARENTHESIZED_CONDITIONAL) {
9101 		if (cond_ast->child[1]) {
9102 			if (true_ast) {
9103 				zend_error(E_COMPILE_ERROR,
9104 					"Unparenthesized `a ? b : c ? d : e` is not supported. "
9105 					"Use either `(a ? b : c) ? d : e` or `a ? b : (c ? d : e)`");
9106 			} else {
9107 				zend_error(E_COMPILE_ERROR,
9108 					"Unparenthesized `a ? b : c ?: d` is not supported. "
9109 					"Use either `(a ? b : c) ?: d` or `a ? b : (c ?: d)`");
9110 			}
9111 		} else {
9112 			if (true_ast) {
9113 				zend_error(E_COMPILE_ERROR,
9114 					"Unparenthesized `a ?: b ? c : d` is not supported. "
9115 					"Use either `(a ?: b) ? c : d` or `a ?: (b ? c : d)`");
9116 			} else {
9117 				/* This case is harmless:  (a ?: b) ?: c always produces the same result
9118 				 * as a ?: (b ?: c). */
9119 			}
9120 		}
9121 	}
9122 
9123 	if (!true_ast) {
9124 		zend_compile_shorthand_conditional(result, ast);
9125 		return;
9126 	}
9127 
9128 	zend_compile_expr(&cond_node, cond_ast);
9129 
9130 	opnum_jmpz = zend_emit_cond_jump(ZEND_JMPZ, &cond_node, 0);
9131 
9132 	zend_compile_expr(&true_node, true_ast);
9133 
9134 	zend_emit_op_tmp(result, ZEND_QM_ASSIGN, &true_node, NULL);
9135 
9136 	opnum_jmp = zend_emit_jump(0);
9137 
9138 	zend_update_jump_target_to_next(opnum_jmpz);
9139 
9140 	zend_compile_expr(&false_node, false_ast);
9141 
9142 	opline_qm_assign2 = zend_emit_op(NULL, ZEND_QM_ASSIGN, &false_node, NULL);
9143 	SET_NODE(opline_qm_assign2->result, result);
9144 
9145 	zend_update_jump_target_to_next(opnum_jmp);
9146 }
9147 /* }}} */
9148 
zend_compile_coalesce(znode * result,zend_ast * ast)9149 static void zend_compile_coalesce(znode *result, zend_ast *ast) /* {{{ */
9150 {
9151 	zend_ast *expr_ast = ast->child[0];
9152 	zend_ast *default_ast = ast->child[1];
9153 
9154 	znode expr_node, default_node;
9155 	zend_op *opline;
9156 	uint32_t opnum;
9157 
9158 	zend_compile_var(&expr_node, expr_ast, BP_VAR_IS, 0);
9159 
9160 	opnum = get_next_op_number();
9161 	zend_emit_op_tmp(result, ZEND_COALESCE, &expr_node, NULL);
9162 
9163 	zend_compile_expr(&default_node, default_ast);
9164 
9165 	opline = zend_emit_op_tmp(NULL, ZEND_QM_ASSIGN, &default_node, NULL);
9166 	SET_NODE(opline->result, result);
9167 
9168 	opline = &CG(active_op_array)->opcodes[opnum];
9169 	opline->op2.opline_num = get_next_op_number();
9170 }
9171 /* }}} */
9172 
znode_dtor(zval * zv)9173 static void znode_dtor(zval *zv) {
9174 	znode *node = Z_PTR_P(zv);
9175 	if (node->op_type == IS_CONST) {
9176 		zval_ptr_dtor_nogc(&node->u.constant);
9177 	}
9178 	efree(node);
9179 }
9180 
zend_compile_assign_coalesce(znode * result,zend_ast * ast)9181 static void zend_compile_assign_coalesce(znode *result, zend_ast *ast) /* {{{ */
9182 {
9183 	zend_ast *var_ast = ast->child[0];
9184 	zend_ast *default_ast = ast->child[1];
9185 
9186 	znode var_node_is, var_node_w, default_node, assign_node, *node;
9187 	zend_op *opline;
9188 	uint32_t coalesce_opnum;
9189 	bool need_frees = 0;
9190 
9191 	/* Remember expressions compiled during the initial BP_VAR_IS lookup,
9192 	 * to avoid double-evaluation when we compile again with BP_VAR_W. */
9193 	HashTable *orig_memoized_exprs = CG(memoized_exprs);
9194 	int orig_memoize_mode = CG(memoize_mode);
9195 
9196 	zend_ensure_writable_variable(var_ast);
9197 	if (is_this_fetch(var_ast)) {
9198 		zend_error_noreturn(E_COMPILE_ERROR, "Cannot re-assign $this");
9199 	}
9200 
9201 	ALLOC_HASHTABLE(CG(memoized_exprs));
9202 	zend_hash_init(CG(memoized_exprs), 0, NULL, znode_dtor, 0);
9203 
9204 	CG(memoize_mode) = ZEND_MEMOIZE_COMPILE;
9205 	zend_compile_var(&var_node_is, var_ast, BP_VAR_IS, 0);
9206 
9207 	coalesce_opnum = get_next_op_number();
9208 	zend_emit_op_tmp(result, ZEND_COALESCE, &var_node_is, NULL);
9209 
9210 	CG(memoize_mode) = ZEND_MEMOIZE_NONE;
9211 	if (var_ast->kind == ZEND_AST_DIM) {
9212 		zend_compile_expr_with_potential_assign_to_self(&default_node, default_ast, var_ast);
9213 	} else {
9214 		zend_compile_expr(&default_node, default_ast);
9215 	}
9216 
9217 	CG(memoize_mode) = ZEND_MEMOIZE_FETCH;
9218 	zend_compile_var(&var_node_w, var_ast, BP_VAR_W, 0);
9219 
9220 	/* Reproduce some of the zend_compile_assign() opcode fixup logic here. */
9221 	opline = &CG(active_op_array)->opcodes[CG(active_op_array)->last-1];
9222 	/* Treat $GLOBALS['x'] assignment like assignment to variable. */
9223 	zend_ast_kind kind = is_global_var_fetch(var_ast) ? ZEND_AST_VAR : var_ast->kind;
9224 	switch (kind) {
9225 		case ZEND_AST_VAR:
9226 			zend_emit_op_tmp(&assign_node, ZEND_ASSIGN, &var_node_w, &default_node);
9227 			break;
9228 		case ZEND_AST_STATIC_PROP:
9229 			opline->opcode = ZEND_ASSIGN_STATIC_PROP;
9230 			opline->result_type = IS_TMP_VAR;
9231 			var_node_w.op_type = IS_TMP_VAR;
9232 			zend_emit_op_data(&default_node);
9233 			assign_node = var_node_w;
9234 			break;
9235 		case ZEND_AST_DIM:
9236 			opline->opcode = ZEND_ASSIGN_DIM;
9237 			opline->result_type = IS_TMP_VAR;
9238 			var_node_w.op_type = IS_TMP_VAR;
9239 			zend_emit_op_data(&default_node);
9240 			assign_node = var_node_w;
9241 			break;
9242 		case ZEND_AST_PROP:
9243 		case ZEND_AST_NULLSAFE_PROP:
9244 			opline->opcode = ZEND_ASSIGN_OBJ;
9245 			opline->result_type = IS_TMP_VAR;
9246 			var_node_w.op_type = IS_TMP_VAR;
9247 			zend_emit_op_data(&default_node);
9248 			assign_node = var_node_w;
9249 			break;
9250 		EMPTY_SWITCH_DEFAULT_CASE();
9251 	}
9252 
9253 	opline = zend_emit_op_tmp(NULL, ZEND_QM_ASSIGN, &assign_node, NULL);
9254 	SET_NODE(opline->result, result);
9255 
9256 	ZEND_HASH_FOREACH_PTR(CG(memoized_exprs), node) {
9257 		if (node->op_type == IS_TMP_VAR || node->op_type == IS_VAR) {
9258 			need_frees = 1;
9259 			break;
9260 		}
9261 	} ZEND_HASH_FOREACH_END();
9262 
9263 	/* Free DUPed expressions if there are any */
9264 	if (need_frees) {
9265 		uint32_t jump_opnum = zend_emit_jump(0);
9266 		zend_update_jump_target_to_next(coalesce_opnum);
9267 		ZEND_HASH_FOREACH_PTR(CG(memoized_exprs), node) {
9268 			if (node->op_type == IS_TMP_VAR || node->op_type == IS_VAR) {
9269 				zend_emit_op(NULL, ZEND_FREE, node, NULL);
9270 			}
9271 		} ZEND_HASH_FOREACH_END();
9272 		zend_update_jump_target_to_next(jump_opnum);
9273 	} else {
9274 		zend_update_jump_target_to_next(coalesce_opnum);
9275 	}
9276 
9277 	zend_hash_destroy(CG(memoized_exprs));
9278 	FREE_HASHTABLE(CG(memoized_exprs));
9279 	CG(memoized_exprs) = orig_memoized_exprs;
9280 	CG(memoize_mode) = orig_memoize_mode;
9281 }
9282 /* }}} */
9283 
zend_compile_print(znode * result,zend_ast * ast)9284 static void zend_compile_print(znode *result, zend_ast *ast) /* {{{ */
9285 {
9286 	zend_op *opline;
9287 	zend_ast *expr_ast = ast->child[0];
9288 
9289 	znode expr_node;
9290 	zend_compile_expr(&expr_node, expr_ast);
9291 
9292 	opline = zend_emit_op(NULL, ZEND_ECHO, &expr_node, NULL);
9293 	opline->extended_value = 1;
9294 
9295 	result->op_type = IS_CONST;
9296 	ZVAL_LONG(&result->u.constant, 1);
9297 }
9298 /* }}} */
9299 
zend_compile_exit(znode * result,zend_ast * ast)9300 static void zend_compile_exit(znode *result, zend_ast *ast) /* {{{ */
9301 {
9302 	zend_ast *expr_ast = ast->child[0];
9303 	znode expr_node;
9304 
9305 	if (expr_ast) {
9306 		zend_compile_expr(&expr_node, expr_ast);
9307 	} else {
9308 		expr_node.op_type = IS_UNUSED;
9309 	}
9310 
9311 	zend_op *opline = zend_emit_op(NULL, ZEND_EXIT, &expr_node, NULL);
9312 	if (result) {
9313 		/* Mark this as an "expression throw" for opcache. */
9314 		opline->extended_value = ZEND_THROW_IS_EXPR;
9315 		result->op_type = IS_CONST;
9316 		ZVAL_TRUE(&result->u.constant);
9317 	}
9318 }
9319 /* }}} */
9320 
zend_compile_yield(znode * result,zend_ast * ast)9321 static void zend_compile_yield(znode *result, zend_ast *ast) /* {{{ */
9322 {
9323 	zend_ast *value_ast = ast->child[0];
9324 	zend_ast *key_ast = ast->child[1];
9325 
9326 	znode value_node, key_node;
9327 	znode *value_node_ptr = NULL, *key_node_ptr = NULL;
9328 	zend_op *opline;
9329 	bool returns_by_ref = (CG(active_op_array)->fn_flags & ZEND_ACC_RETURN_REFERENCE) != 0;
9330 
9331 	zend_mark_function_as_generator();
9332 
9333 	if (key_ast) {
9334 		zend_compile_expr(&key_node, key_ast);
9335 		key_node_ptr = &key_node;
9336 	}
9337 
9338 	if (value_ast) {
9339 		if (returns_by_ref && zend_is_variable(value_ast)) {
9340 			zend_assert_not_short_circuited(value_ast);
9341 			zend_compile_var(&value_node, value_ast, BP_VAR_W, 1);
9342 		} else {
9343 			zend_compile_expr(&value_node, value_ast);
9344 		}
9345 		value_node_ptr = &value_node;
9346 	}
9347 
9348 	opline = zend_emit_op(result, ZEND_YIELD, value_node_ptr, key_node_ptr);
9349 
9350 	if (value_ast && returns_by_ref && zend_is_call(value_ast)) {
9351 		opline->extended_value = ZEND_RETURNS_FUNCTION;
9352 	}
9353 }
9354 /* }}} */
9355 
zend_compile_yield_from(znode * result,zend_ast * ast)9356 static void zend_compile_yield_from(znode *result, zend_ast *ast) /* {{{ */
9357 {
9358 	zend_ast *expr_ast = ast->child[0];
9359 	znode expr_node;
9360 
9361 	zend_mark_function_as_generator();
9362 
9363 	if (CG(active_op_array)->fn_flags & ZEND_ACC_RETURN_REFERENCE) {
9364 		zend_error_noreturn(E_COMPILE_ERROR,
9365 			"Cannot use \"yield from\" inside a by-reference generator");
9366 	}
9367 
9368 	zend_compile_expr(&expr_node, expr_ast);
9369 	zend_emit_op_tmp(result, ZEND_YIELD_FROM, &expr_node, NULL);
9370 }
9371 /* }}} */
9372 
zend_compile_instanceof(znode * result,zend_ast * ast)9373 static void zend_compile_instanceof(znode *result, zend_ast *ast) /* {{{ */
9374 {
9375 	zend_ast *obj_ast = ast->child[0];
9376 	zend_ast *class_ast = ast->child[1];
9377 
9378 	znode obj_node, class_node;
9379 	zend_op *opline;
9380 
9381 	zend_compile_expr(&obj_node, obj_ast);
9382 	if (obj_node.op_type == IS_CONST) {
9383 		zend_do_free(&obj_node);
9384 		result->op_type = IS_CONST;
9385 		ZVAL_FALSE(&result->u.constant);
9386 		return;
9387 	}
9388 
9389 	zend_compile_class_ref(&class_node, class_ast,
9390 		ZEND_FETCH_CLASS_NO_AUTOLOAD | ZEND_FETCH_CLASS_EXCEPTION | ZEND_FETCH_CLASS_SILENT);
9391 
9392 	opline = zend_emit_op_tmp(result, ZEND_INSTANCEOF, &obj_node, NULL);
9393 
9394 	if (class_node.op_type == IS_CONST) {
9395 		opline->op2_type = IS_CONST;
9396 		opline->op2.constant = zend_add_class_name_literal(
9397 			Z_STR(class_node.u.constant));
9398 		opline->extended_value = zend_alloc_cache_slot();
9399 	} else {
9400 		SET_NODE(opline->op2, &class_node);
9401 	}
9402 }
9403 /* }}} */
9404 
zend_compile_include_or_eval(znode * result,zend_ast * ast)9405 static void zend_compile_include_or_eval(znode *result, zend_ast *ast) /* {{{ */
9406 {
9407 	zend_ast *expr_ast = ast->child[0];
9408 	znode expr_node;
9409 	zend_op *opline;
9410 
9411 	zend_do_extended_fcall_begin();
9412 	zend_compile_expr(&expr_node, expr_ast);
9413 
9414 	opline = zend_emit_op(result, ZEND_INCLUDE_OR_EVAL, &expr_node, NULL);
9415 	opline->extended_value = ast->attr;
9416 
9417 	zend_do_extended_fcall_end();
9418 }
9419 /* }}} */
9420 
zend_compile_isset_or_empty(znode * result,zend_ast * ast)9421 static void zend_compile_isset_or_empty(znode *result, zend_ast *ast) /* {{{ */
9422 {
9423 	zend_ast *var_ast = ast->child[0];
9424 
9425 	znode var_node;
9426 	zend_op *opline = NULL;
9427 
9428 	ZEND_ASSERT(ast->kind == ZEND_AST_ISSET || ast->kind == ZEND_AST_EMPTY);
9429 
9430 	if (!zend_is_variable(var_ast)) {
9431 		if (ast->kind == ZEND_AST_EMPTY) {
9432 			/* empty(expr) can be transformed to !expr */
9433 			zend_ast *not_ast = zend_ast_create_ex(ZEND_AST_UNARY_OP, ZEND_BOOL_NOT, var_ast);
9434 			zend_compile_expr(result, not_ast);
9435 			return;
9436 		} else {
9437 			zend_error_noreturn(E_COMPILE_ERROR,
9438 				"Cannot use isset() on the result of an expression "
9439 				"(you can use \"null !== expression\" instead)");
9440 		}
9441 	}
9442 
9443 	if (is_globals_fetch(var_ast)) {
9444 		result->op_type = IS_CONST;
9445 		ZVAL_BOOL(&result->u.constant, ast->kind == ZEND_AST_ISSET);
9446 		return;
9447 	}
9448 
9449 	if (is_global_var_fetch(var_ast)) {
9450 		if (!var_ast->child[1]) {
9451 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for reading");
9452 		}
9453 
9454 		zend_compile_expr(&var_node, var_ast->child[1]);
9455 		if (var_node.op_type == IS_CONST) {
9456 			convert_to_string(&var_node.u.constant);
9457 		}
9458 
9459 		opline = zend_emit_op_tmp(result, ZEND_ISSET_ISEMPTY_VAR, &var_node, NULL);
9460 		opline->extended_value =
9461 			ZEND_FETCH_GLOBAL | (ast->kind == ZEND_AST_EMPTY ? ZEND_ISEMPTY : 0);
9462 		return;
9463 	}
9464 
9465 	zend_short_circuiting_mark_inner(var_ast);
9466 	switch (var_ast->kind) {
9467 		case ZEND_AST_VAR:
9468 			if (is_this_fetch(var_ast)) {
9469 				opline = zend_emit_op(result, ZEND_ISSET_ISEMPTY_THIS, NULL, NULL);
9470 				CG(active_op_array)->fn_flags |= ZEND_ACC_USES_THIS;
9471 			} else if (zend_try_compile_cv(&var_node, var_ast) == SUCCESS) {
9472 				opline = zend_emit_op(result, ZEND_ISSET_ISEMPTY_CV, &var_node, NULL);
9473 			} else {
9474 				opline = zend_compile_simple_var_no_cv(result, var_ast, BP_VAR_IS, 0);
9475 				opline->opcode = ZEND_ISSET_ISEMPTY_VAR;
9476 			}
9477 			break;
9478 		case ZEND_AST_DIM:
9479 			opline = zend_compile_dim(result, var_ast, BP_VAR_IS, /* by_ref */ false);
9480 			opline->opcode = ZEND_ISSET_ISEMPTY_DIM_OBJ;
9481 			break;
9482 		case ZEND_AST_PROP:
9483 		case ZEND_AST_NULLSAFE_PROP:
9484 			opline = zend_compile_prop(result, var_ast, BP_VAR_IS, 0);
9485 			opline->opcode = ZEND_ISSET_ISEMPTY_PROP_OBJ;
9486 			break;
9487 		case ZEND_AST_STATIC_PROP:
9488 			opline = zend_compile_static_prop(result, var_ast, BP_VAR_IS, 0, 0);
9489 			opline->opcode = ZEND_ISSET_ISEMPTY_STATIC_PROP;
9490 			break;
9491 		EMPTY_SWITCH_DEFAULT_CASE()
9492 	}
9493 
9494 	result->op_type = opline->result_type = IS_TMP_VAR;
9495 	if (!(ast->kind == ZEND_AST_ISSET)) {
9496 		opline->extended_value |= ZEND_ISEMPTY;
9497 	}
9498 }
9499 /* }}} */
9500 
zend_compile_silence(znode * result,zend_ast * ast)9501 static void zend_compile_silence(znode *result, zend_ast *ast) /* {{{ */
9502 {
9503 	zend_ast *expr_ast = ast->child[0];
9504 	znode silence_node;
9505 
9506 	zend_emit_op_tmp(&silence_node, ZEND_BEGIN_SILENCE, NULL, NULL);
9507 
9508 	if (expr_ast->kind == ZEND_AST_VAR) {
9509 		/* For @$var we need to force a FETCH instruction, otherwise the CV access will
9510 		 * happen outside the silenced section. */
9511 		zend_compile_simple_var_no_cv(result, expr_ast, BP_VAR_R, 0 );
9512 	} else {
9513 		zend_compile_expr(result, expr_ast);
9514 	}
9515 
9516 	zend_emit_op(NULL, ZEND_END_SILENCE, &silence_node, NULL);
9517 }
9518 /* }}} */
9519 
zend_compile_shell_exec(znode * result,zend_ast * ast)9520 static void zend_compile_shell_exec(znode *result, zend_ast *ast) /* {{{ */
9521 {
9522 	zend_ast *expr_ast = ast->child[0];
9523 
9524 	zval fn_name;
9525 	zend_ast *name_ast, *args_ast, *call_ast;
9526 
9527 	ZVAL_STRING(&fn_name, "shell_exec");
9528 	name_ast = zend_ast_create_zval(&fn_name);
9529 	args_ast = zend_ast_create_list(1, ZEND_AST_ARG_LIST, expr_ast);
9530 	call_ast = zend_ast_create(ZEND_AST_CALL, name_ast, args_ast);
9531 
9532 	zend_compile_expr(result, call_ast);
9533 
9534 	zval_ptr_dtor(&fn_name);
9535 }
9536 /* }}} */
9537 
zend_compile_array(znode * result,zend_ast * ast)9538 static void zend_compile_array(znode *result, zend_ast *ast) /* {{{ */
9539 {
9540 	zend_ast_list *list = zend_ast_get_list(ast);
9541 	zend_op *opline;
9542 	uint32_t i, opnum_init = -1;
9543 	bool packed = 1;
9544 
9545 	if (zend_try_ct_eval_array(&result->u.constant, ast)) {
9546 		result->op_type = IS_CONST;
9547 		return;
9548 	}
9549 
9550 	/* Empty arrays are handled at compile-time */
9551 	ZEND_ASSERT(list->children > 0);
9552 
9553 	for (i = 0; i < list->children; ++i) {
9554 		zend_ast *elem_ast = list->child[i];
9555 		zend_ast *value_ast, *key_ast;
9556 		bool by_ref;
9557 		znode value_node, key_node, *key_node_ptr = NULL;
9558 
9559 		if (elem_ast == NULL) {
9560 			zend_error(E_COMPILE_ERROR, "Cannot use empty array elements in arrays");
9561 		}
9562 
9563 		value_ast = elem_ast->child[0];
9564 
9565 		if (elem_ast->kind == ZEND_AST_UNPACK) {
9566 			zend_compile_expr(&value_node, value_ast);
9567 			if (i == 0) {
9568 				opnum_init = get_next_op_number();
9569 				opline = zend_emit_op_tmp(result, ZEND_INIT_ARRAY, NULL, NULL);
9570 			}
9571 			opline = zend_emit_op(NULL, ZEND_ADD_ARRAY_UNPACK, &value_node, NULL);
9572 			SET_NODE(opline->result, result);
9573 			continue;
9574 		}
9575 
9576 		key_ast = elem_ast->child[1];
9577 		by_ref = elem_ast->attr;
9578 
9579 		if (key_ast) {
9580 			zend_compile_expr(&key_node, key_ast);
9581 			zend_handle_numeric_op(&key_node);
9582 			key_node_ptr = &key_node;
9583 		}
9584 
9585 		if (by_ref) {
9586 			zend_ensure_writable_variable(value_ast);
9587 			zend_compile_var(&value_node, value_ast, BP_VAR_W, 1);
9588 		} else {
9589 			zend_compile_expr(&value_node, value_ast);
9590 		}
9591 
9592 		if (i == 0) {
9593 			opnum_init = get_next_op_number();
9594 			opline = zend_emit_op_tmp(result, ZEND_INIT_ARRAY, &value_node, key_node_ptr);
9595 			opline->extended_value = list->children << ZEND_ARRAY_SIZE_SHIFT;
9596 		} else {
9597 			opline = zend_emit_op(NULL, ZEND_ADD_ARRAY_ELEMENT,
9598 				&value_node, key_node_ptr);
9599 			SET_NODE(opline->result, result);
9600 		}
9601 		opline->extended_value |= by_ref;
9602 
9603 		if (key_ast && key_node.op_type == IS_CONST && Z_TYPE(key_node.u.constant) == IS_STRING) {
9604 			packed = 0;
9605 		}
9606 	}
9607 
9608 	/* Add a flag to INIT_ARRAY if we know this array cannot be packed */
9609 	if (!packed) {
9610 		ZEND_ASSERT(opnum_init != (uint32_t)-1);
9611 		opline = &CG(active_op_array)->opcodes[opnum_init];
9612 		opline->extended_value |= ZEND_ARRAY_NOT_PACKED;
9613 	}
9614 }
9615 /* }}} */
9616 
zend_compile_const(znode * result,zend_ast * ast)9617 static void zend_compile_const(znode *result, zend_ast *ast) /* {{{ */
9618 {
9619 	zend_ast *name_ast = ast->child[0];
9620 
9621 	zend_op *opline;
9622 
9623 	bool is_fully_qualified;
9624 	zend_string *orig_name = zend_ast_get_str(name_ast);
9625 	zend_string *resolved_name = zend_resolve_const_name(orig_name, name_ast->attr, &is_fully_qualified);
9626 
9627 	if (zend_string_equals_literal(resolved_name, "__COMPILER_HALT_OFFSET__") || (name_ast->attr != ZEND_NAME_RELATIVE && zend_string_equals_literal(orig_name, "__COMPILER_HALT_OFFSET__"))) {
9628 		zend_ast *last = CG(ast);
9629 
9630 		while (last && last->kind == ZEND_AST_STMT_LIST) {
9631 			zend_ast_list *list = zend_ast_get_list(last);
9632 			if (list->children == 0) {
9633 				break;
9634 			}
9635 			last = list->child[list->children-1];
9636 		}
9637 		if (last && last->kind == ZEND_AST_HALT_COMPILER) {
9638 			result->op_type = IS_CONST;
9639 			ZVAL_LONG(&result->u.constant, Z_LVAL_P(zend_ast_get_zval(last->child[0])));
9640 			zend_string_release_ex(resolved_name, 0);
9641 			return;
9642 		}
9643 	}
9644 
9645 	if (zend_try_ct_eval_const(&result->u.constant, resolved_name, is_fully_qualified)) {
9646 		result->op_type = IS_CONST;
9647 		zend_string_release_ex(resolved_name, 0);
9648 		return;
9649 	}
9650 
9651 	opline = zend_emit_op_tmp(result, ZEND_FETCH_CONSTANT, NULL, NULL);
9652 	opline->op2_type = IS_CONST;
9653 
9654 	if (is_fully_qualified || !FC(current_namespace)) {
9655 		opline->op1.num = 0;
9656 		opline->op2.constant = zend_add_const_name_literal(
9657 			resolved_name, 0);
9658 	} else {
9659 		opline->op1.num = IS_CONSTANT_UNQUALIFIED_IN_NAMESPACE;
9660 		opline->op2.constant = zend_add_const_name_literal(
9661 			resolved_name, 1);
9662 	}
9663 	opline->extended_value = zend_alloc_cache_slot();
9664 }
9665 /* }}} */
9666 
zend_compile_class_const(znode * result,zend_ast * ast)9667 static void zend_compile_class_const(znode *result, zend_ast *ast) /* {{{ */
9668 {
9669 	zend_ast *class_ast;
9670 	zend_ast *const_ast;
9671 	znode class_node, const_node;
9672 	zend_op *opline;
9673 
9674 	zend_eval_const_expr(&ast->child[0]);
9675 	zend_eval_const_expr(&ast->child[1]);
9676 
9677 	class_ast = ast->child[0];
9678 	const_ast = ast->child[1];
9679 
9680 	if (class_ast->kind == ZEND_AST_ZVAL) {
9681 		zend_string *resolved_name;
9682 
9683 		resolved_name = zend_resolve_class_name_ast(class_ast);
9684 		if (const_ast->kind == ZEND_AST_ZVAL && zend_try_ct_eval_class_const(&result->u.constant, resolved_name, zend_ast_get_str(const_ast))) {
9685 			result->op_type = IS_CONST;
9686 			zend_string_release_ex(resolved_name, 0);
9687 			return;
9688 		}
9689 		zend_string_release_ex(resolved_name, 0);
9690 	}
9691 
9692 	zend_compile_class_ref(&class_node, class_ast, ZEND_FETCH_CLASS_EXCEPTION);
9693 
9694 	zend_compile_expr(&const_node, const_ast);
9695 
9696 	opline = zend_emit_op_tmp(result, ZEND_FETCH_CLASS_CONSTANT, NULL, &const_node);
9697 
9698 	zend_set_class_name_op1(opline, &class_node);
9699 
9700 	opline->extended_value = zend_alloc_cache_slots(2);
9701 }
9702 /* }}} */
9703 
zend_compile_class_name(znode * result,zend_ast * ast)9704 static void zend_compile_class_name(znode *result, zend_ast *ast) /* {{{ */
9705 {
9706 	zend_ast *class_ast = ast->child[0];
9707 
9708 	if (zend_try_compile_const_expr_resolve_class_name(&result->u.constant, class_ast)) {
9709 		result->op_type = IS_CONST;
9710 		return;
9711 	}
9712 
9713 	if (class_ast->kind == ZEND_AST_ZVAL) {
9714 		zend_op *opline = zend_emit_op_tmp(result, ZEND_FETCH_CLASS_NAME, NULL, NULL);
9715 		opline->op1.num = zend_get_class_fetch_type(zend_ast_get_str(class_ast));
9716 	} else {
9717 		znode expr_node;
9718 		zend_compile_expr(&expr_node, class_ast);
9719 		if (expr_node.op_type == IS_CONST) {
9720 			/* Unlikely case that happen if class_ast is constant folded.
9721 			 * Handle it here, to avoid needing a CONST specialization in the VM. */
9722 			zend_error_noreturn(E_COMPILE_ERROR, "Cannot use \"::class\" on value of type %s",
9723 				zend_zval_type_name(&expr_node.u.constant));
9724 		}
9725 
9726 		zend_emit_op_tmp(result, ZEND_FETCH_CLASS_NAME, &expr_node, NULL);
9727 	}
9728 }
9729 /* }}} */
9730 
zend_compile_rope_add_ex(zend_op * opline,znode * result,uint32_t num,znode * elem_node)9731 static zend_op *zend_compile_rope_add_ex(zend_op *opline, znode *result, uint32_t num, znode *elem_node) /* {{{ */
9732 {
9733 	if (num == 0) {
9734 		result->op_type = IS_TMP_VAR;
9735 		result->u.op.var = -1;
9736 		opline->opcode = ZEND_ROPE_INIT;
9737 	} else {
9738 		opline->opcode = ZEND_ROPE_ADD;
9739 		SET_NODE(opline->op1, result);
9740 	}
9741 	SET_NODE(opline->op2, elem_node);
9742 	SET_NODE(opline->result, result);
9743 	opline->extended_value = num;
9744 	return opline;
9745 }
9746 /* }}} */
9747 
zend_compile_rope_add(znode * result,uint32_t num,znode * elem_node)9748 static zend_op *zend_compile_rope_add(znode *result, uint32_t num, znode *elem_node) /* {{{ */
9749 {
9750 	zend_op *opline = get_next_op();
9751 
9752 	if (num == 0) {
9753 		result->op_type = IS_TMP_VAR;
9754 		result->u.op.var = -1;
9755 		opline->opcode = ZEND_ROPE_INIT;
9756 	} else {
9757 		opline->opcode = ZEND_ROPE_ADD;
9758 		SET_NODE(opline->op1, result);
9759 	}
9760 	SET_NODE(opline->op2, elem_node);
9761 	SET_NODE(opline->result, result);
9762 	opline->extended_value = num;
9763 	return opline;
9764 }
9765 /* }}} */
9766 
zend_compile_encaps_list(znode * result,zend_ast * ast)9767 static void zend_compile_encaps_list(znode *result, zend_ast *ast) /* {{{ */
9768 {
9769 	uint32_t i, j;
9770 	uint32_t rope_init_lineno = -1;
9771 	zend_op *opline = NULL, *init_opline;
9772 	znode elem_node, last_const_node;
9773 	zend_ast_list *list = zend_ast_get_list(ast);
9774 	uint32_t reserved_op_number = -1;
9775 
9776 	ZEND_ASSERT(list->children > 0);
9777 
9778 	j = 0;
9779 	last_const_node.op_type = IS_UNUSED;
9780 	for (i = 0; i < list->children; i++) {
9781 		zend_ast *encaps_var = list->child[i];
9782 
9783 		if (encaps_var->attr & (ZEND_ENCAPS_VAR_DOLLAR_CURLY|ZEND_ENCAPS_VAR_DOLLAR_CURLY_VAR_VAR)) {
9784 			if ((encaps_var->kind == ZEND_AST_VAR || encaps_var->kind == ZEND_AST_DIM) && (encaps_var->attr & ZEND_ENCAPS_VAR_DOLLAR_CURLY)) {
9785 				zend_error(E_DEPRECATED, "Using ${var} in strings is deprecated, use {$var} instead");
9786 			} else if (encaps_var->kind == ZEND_AST_VAR && (encaps_var->attr & ZEND_ENCAPS_VAR_DOLLAR_CURLY_VAR_VAR)) {
9787 				zend_error(E_DEPRECATED, "Using ${expr} (variable variables) in strings is deprecated, use {${expr}} instead");
9788 			}
9789 		}
9790 
9791 		zend_compile_expr(&elem_node, encaps_var);
9792 
9793 		if (elem_node.op_type == IS_CONST) {
9794 			convert_to_string(&elem_node.u.constant);
9795 
9796 			if (Z_STRLEN(elem_node.u.constant) == 0) {
9797 				zval_ptr_dtor(&elem_node.u.constant);
9798 			} else if (last_const_node.op_type == IS_CONST) {
9799 				concat_function(&last_const_node.u.constant, &last_const_node.u.constant, &elem_node.u.constant);
9800 				zval_ptr_dtor(&elem_node.u.constant);
9801 			} else {
9802 				last_const_node.op_type = IS_CONST;
9803 				ZVAL_COPY_VALUE(&last_const_node.u.constant, &elem_node.u.constant);
9804 				/* Reserve place for ZEND_ROPE_ADD instruction */
9805 				reserved_op_number = get_next_op_number();
9806 				opline = get_next_op();
9807 				opline->opcode = ZEND_NOP;
9808 			}
9809 			continue;
9810 		} else {
9811 			if (j == 0) {
9812 				if (last_const_node.op_type == IS_CONST) {
9813 					rope_init_lineno = reserved_op_number;
9814 				} else {
9815 					rope_init_lineno = get_next_op_number();
9816 				}
9817 			}
9818 			if (last_const_node.op_type == IS_CONST) {
9819 				opline = &CG(active_op_array)->opcodes[reserved_op_number];
9820 				zend_compile_rope_add_ex(opline, result, j++, &last_const_node);
9821 				last_const_node.op_type = IS_UNUSED;
9822 			}
9823 			opline = zend_compile_rope_add(result, j++, &elem_node);
9824 		}
9825 	}
9826 
9827 	if (j == 0) {
9828 		result->op_type = IS_CONST;
9829 		if (last_const_node.op_type == IS_CONST) {
9830 			ZVAL_COPY_VALUE(&result->u.constant, &last_const_node.u.constant);
9831 		} else {
9832 			ZVAL_EMPTY_STRING(&result->u.constant);
9833 			/* empty string */
9834 		}
9835 		CG(active_op_array)->last = reserved_op_number - 1;
9836 		return;
9837 	} else if (last_const_node.op_type == IS_CONST) {
9838 		opline = &CG(active_op_array)->opcodes[reserved_op_number];
9839 		opline = zend_compile_rope_add_ex(opline, result, j++, &last_const_node);
9840 	}
9841 	init_opline = CG(active_op_array)->opcodes + rope_init_lineno;
9842 	if (j == 1) {
9843 		if (opline->op2_type == IS_CONST) {
9844 			GET_NODE(result, opline->op2);
9845 			MAKE_NOP(opline);
9846 		} else {
9847 			opline->opcode = ZEND_CAST;
9848 			opline->extended_value = IS_STRING;
9849 			opline->op1_type = opline->op2_type;
9850 			opline->op1 = opline->op2;
9851 			SET_UNUSED(opline->op2);
9852 			zend_make_tmp_result(result, opline);
9853 		}
9854 	} else if (j == 2) {
9855 		opline->opcode = ZEND_FAST_CONCAT;
9856 		opline->extended_value = 0;
9857 		opline->op1_type = init_opline->op2_type;
9858 		opline->op1 = init_opline->op2;
9859 		zend_make_tmp_result(result, opline);
9860 		MAKE_NOP(init_opline);
9861 	} else {
9862 		uint32_t var;
9863 
9864 		init_opline->extended_value = j;
9865 		opline->opcode = ZEND_ROPE_END;
9866 		zend_make_tmp_result(result, opline);
9867 		var = opline->op1.var = get_temporary_variable();
9868 
9869 		/* Allocates the necessary number of zval slots to keep the rope */
9870 		i = ((j * sizeof(zend_string*)) + (sizeof(zval) - 1)) / sizeof(zval);
9871 		while (i > 1) {
9872 			get_temporary_variable();
9873 			i--;
9874 		}
9875 
9876 		/* Update all the previous opcodes to use the same variable */
9877 		while (opline != init_opline) {
9878 			opline--;
9879 			if (opline->opcode == ZEND_ROPE_ADD &&
9880 			    opline->result.var == (uint32_t)-1) {
9881 				opline->op1.var = var;
9882 				opline->result.var = var;
9883 			} else if (opline->opcode == ZEND_ROPE_INIT &&
9884 			           opline->result.var == (uint32_t)-1) {
9885 				opline->result.var = var;
9886 			}
9887 		}
9888 	}
9889 }
9890 /* }}} */
9891 
zend_compile_magic_const(znode * result,zend_ast * ast)9892 static void zend_compile_magic_const(znode *result, zend_ast *ast) /* {{{ */
9893 {
9894 	zend_op *opline;
9895 
9896 	if (zend_try_ct_eval_magic_const(&result->u.constant, ast)) {
9897 		result->op_type = IS_CONST;
9898 		return;
9899 	}
9900 
9901 	ZEND_ASSERT(ast->attr == T_CLASS_C &&
9902 	            CG(active_class_entry) &&
9903 	            (CG(active_class_entry)->ce_flags & ZEND_ACC_TRAIT) != 0);
9904 
9905 	opline = zend_emit_op_tmp(result, ZEND_FETCH_CLASS_NAME, NULL, NULL);
9906 	opline->op1.num = ZEND_FETCH_CLASS_SELF;
9907 }
9908 /* }}} */
9909 
zend_is_allowed_in_const_expr(zend_ast_kind kind)9910 static bool zend_is_allowed_in_const_expr(zend_ast_kind kind) /* {{{ */
9911 {
9912 	return kind == ZEND_AST_ZVAL || kind == ZEND_AST_BINARY_OP
9913 		|| kind == ZEND_AST_GREATER || kind == ZEND_AST_GREATER_EQUAL
9914 		|| kind == ZEND_AST_AND || kind == ZEND_AST_OR
9915 		|| kind == ZEND_AST_UNARY_OP
9916 		|| kind == ZEND_AST_UNARY_PLUS || kind == ZEND_AST_UNARY_MINUS
9917 		|| kind == ZEND_AST_CONDITIONAL || kind == ZEND_AST_DIM
9918 		|| kind == ZEND_AST_ARRAY || kind == ZEND_AST_ARRAY_ELEM
9919 		|| kind == ZEND_AST_UNPACK
9920 		|| kind == ZEND_AST_CONST || kind == ZEND_AST_CLASS_CONST
9921 		|| kind == ZEND_AST_CLASS_NAME
9922 		|| kind == ZEND_AST_MAGIC_CONST || kind == ZEND_AST_COALESCE
9923 		|| kind == ZEND_AST_CONST_ENUM_INIT
9924 		|| kind == ZEND_AST_NEW || kind == ZEND_AST_ARG_LIST
9925 		|| kind == ZEND_AST_NAMED_ARG
9926 		|| kind == ZEND_AST_PROP || kind == ZEND_AST_NULLSAFE_PROP;
9927 }
9928 /* }}} */
9929 
zend_compile_const_expr_class_const(zend_ast ** ast_ptr)9930 static void zend_compile_const_expr_class_const(zend_ast **ast_ptr) /* {{{ */
9931 {
9932 	zend_ast *ast = *ast_ptr;
9933 	zend_ast *class_ast = ast->child[0];
9934 	zend_string *class_name;
9935 	int fetch_type;
9936 
9937 	if (class_ast->kind != ZEND_AST_ZVAL) {
9938 		zend_error_noreturn(E_COMPILE_ERROR,
9939 			"Dynamic class names are not allowed in compile-time class constant references");
9940 	}
9941 
9942 	class_name = zend_ast_get_str(class_ast);
9943 	fetch_type = zend_get_class_fetch_type(class_name);
9944 
9945 	if (ZEND_FETCH_CLASS_STATIC == fetch_type) {
9946 		zend_error_noreturn(E_COMPILE_ERROR,
9947 			"\"static::\" is not allowed in compile-time constants");
9948 	}
9949 
9950 	if (ZEND_FETCH_CLASS_DEFAULT == fetch_type) {
9951 		zend_string *tmp = zend_resolve_class_name_ast(class_ast);
9952 
9953 		zend_string_release_ex(class_name, 0);
9954 		if (tmp != class_name) {
9955 			zval *zv = zend_ast_get_zval(class_ast);
9956 			ZVAL_STR(zv, tmp);
9957 			class_ast->attr = ZEND_NAME_FQ;
9958 		}
9959 	}
9960 
9961 	ast->attr |= ZEND_FETCH_CLASS_EXCEPTION;
9962 }
9963 /* }}} */
9964 
zend_compile_const_expr_class_name(zend_ast ** ast_ptr)9965 static void zend_compile_const_expr_class_name(zend_ast **ast_ptr) /* {{{ */
9966 {
9967 	zend_ast *ast = *ast_ptr;
9968 	zend_ast *class_ast = ast->child[0];
9969 	if (class_ast->kind != ZEND_AST_ZVAL) {
9970 		zend_error_noreturn(E_COMPILE_ERROR,
9971 			"(expression)::class cannot be used in constant expressions");
9972 	}
9973 
9974 	zend_string *class_name = zend_ast_get_str(class_ast);
9975 	uint32_t fetch_type = zend_get_class_fetch_type(class_name);
9976 
9977 	switch (fetch_type) {
9978 		case ZEND_FETCH_CLASS_SELF:
9979 		case ZEND_FETCH_CLASS_PARENT:
9980 			/* For the const-eval representation store the fetch type instead of the name. */
9981 			zend_string_release(class_name);
9982 			ast->child[0] = NULL;
9983 			ast->attr = fetch_type;
9984 			return;
9985 		case ZEND_FETCH_CLASS_STATIC:
9986 			zend_error_noreturn(E_COMPILE_ERROR,
9987 				"static::class cannot be used for compile-time class name resolution");
9988 			return;
9989 		EMPTY_SWITCH_DEFAULT_CASE()
9990 	}
9991 }
9992 
zend_compile_const_expr_const(zend_ast ** ast_ptr)9993 static void zend_compile_const_expr_const(zend_ast **ast_ptr) /* {{{ */
9994 {
9995 	zend_ast *ast = *ast_ptr;
9996 	zend_ast *name_ast = ast->child[0];
9997 	zend_string *orig_name = zend_ast_get_str(name_ast);
9998 	bool is_fully_qualified;
9999 	zval result;
10000 	zend_string *resolved_name;
10001 
10002 	resolved_name = zend_resolve_const_name(
10003 		orig_name, name_ast->attr, &is_fully_qualified);
10004 
10005 	if (zend_try_ct_eval_const(&result, resolved_name, is_fully_qualified)) {
10006 		zend_string_release_ex(resolved_name, 0);
10007 		zend_ast_destroy(ast);
10008 		*ast_ptr = zend_ast_create_zval(&result);
10009 		return;
10010 	}
10011 
10012 	zend_ast_destroy(ast);
10013 	*ast_ptr = zend_ast_create_constant(resolved_name,
10014 		!is_fully_qualified && FC(current_namespace) ? IS_CONSTANT_UNQUALIFIED_IN_NAMESPACE : 0);
10015 }
10016 /* }}} */
10017 
zend_compile_const_expr_magic_const(zend_ast ** ast_ptr)10018 static void zend_compile_const_expr_magic_const(zend_ast **ast_ptr) /* {{{ */
10019 {
10020 	zend_ast *ast = *ast_ptr;
10021 
10022 	/* Other cases already resolved by constant folding */
10023 	ZEND_ASSERT(ast->attr == T_CLASS_C);
10024 
10025 	zend_ast_destroy(ast);
10026 	*ast_ptr = zend_ast_create(ZEND_AST_CONSTANT_CLASS);
10027 }
10028 /* }}} */
10029 
zend_compile_const_expr_new(zend_ast ** ast_ptr)10030 static void zend_compile_const_expr_new(zend_ast **ast_ptr)
10031 {
10032 	zend_ast *class_ast = (*ast_ptr)->child[0];
10033 	if (class_ast->kind == ZEND_AST_CLASS) {
10034 		zend_error_noreturn(E_COMPILE_ERROR,
10035 			"Cannot use anonymous class in constant expression");
10036 	}
10037 	if (class_ast->kind != ZEND_AST_ZVAL) {
10038 		zend_error_noreturn(E_COMPILE_ERROR,
10039 			"Cannot use dynamic class name in constant expression");
10040 	}
10041 
10042 	zend_string *class_name = zend_resolve_class_name_ast(class_ast);
10043 	int fetch_type = zend_get_class_fetch_type(class_name);
10044 	if (ZEND_FETCH_CLASS_STATIC == fetch_type) {
10045 		zend_error_noreturn(E_COMPILE_ERROR,
10046 			"\"static\" is not allowed in compile-time constants");
10047 	}
10048 
10049 	zval *class_ast_zv = zend_ast_get_zval(class_ast);
10050 	zval_ptr_dtor_nogc(class_ast_zv);
10051 	ZVAL_STR(class_ast_zv, class_name);
10052 	class_ast->attr = fetch_type << ZEND_CONST_EXPR_NEW_FETCH_TYPE_SHIFT;
10053 }
10054 
zend_compile_const_expr_args(zend_ast ** ast_ptr)10055 static void zend_compile_const_expr_args(zend_ast **ast_ptr)
10056 {
10057 	zend_ast_list *list = zend_ast_get_list(*ast_ptr);
10058 	bool uses_named_args = false;
10059 	for (uint32_t i = 0; i < list->children; i++) {
10060 		zend_ast *arg = list->child[i];
10061 		if (arg->kind == ZEND_AST_UNPACK) {
10062 			zend_error_noreturn(E_COMPILE_ERROR,
10063 				"Argument unpacking in constant expressions is not supported");
10064 		}
10065 		if (arg->kind == ZEND_AST_NAMED_ARG) {
10066 			uses_named_args = true;
10067 		} else if (uses_named_args) {
10068 			zend_error_noreturn(E_COMPILE_ERROR,
10069 				"Cannot use positional argument after named argument");
10070 		}
10071 	}
10072 	if (uses_named_args) {
10073 		list->attr = 1;
10074 	}
10075 }
10076 
10077 typedef struct {
10078 	/* Whether the value of this expression may differ on each evaluation. */
10079 	bool allow_dynamic;
10080 } const_expr_context;
10081 
zend_compile_const_expr(zend_ast ** ast_ptr,void * context)10082 static void zend_compile_const_expr(zend_ast **ast_ptr, void *context) /* {{{ */
10083 {
10084 	const_expr_context *ctx = (const_expr_context *) context;
10085 	zend_ast *ast = *ast_ptr;
10086 	if (ast == NULL || ast->kind == ZEND_AST_ZVAL) {
10087 		return;
10088 	}
10089 
10090 	if (!zend_is_allowed_in_const_expr(ast->kind)) {
10091 		zend_error_noreturn(E_COMPILE_ERROR, "Constant expression contains invalid operations");
10092 	}
10093 
10094 	switch (ast->kind) {
10095 		case ZEND_AST_CLASS_CONST:
10096 			zend_compile_const_expr_class_const(ast_ptr);
10097 			break;
10098 		case ZEND_AST_CLASS_NAME:
10099 			zend_compile_const_expr_class_name(ast_ptr);
10100 			break;
10101 		case ZEND_AST_CONST:
10102 			zend_compile_const_expr_const(ast_ptr);
10103 			break;
10104 		case ZEND_AST_MAGIC_CONST:
10105 			zend_compile_const_expr_magic_const(ast_ptr);
10106 			break;
10107 		case ZEND_AST_NEW:
10108 			if (!ctx->allow_dynamic) {
10109 				zend_error_noreturn(E_COMPILE_ERROR,
10110 					"New expressions are not supported in this context");
10111 			}
10112 			zend_compile_const_expr_new(ast_ptr);
10113 			break;
10114 		case ZEND_AST_ARG_LIST:
10115 			zend_compile_const_expr_args(ast_ptr);
10116 			break;
10117 	}
10118 
10119 	zend_ast_apply(ast, zend_compile_const_expr, context);
10120 }
10121 /* }}} */
10122 
zend_const_expr_to_zval(zval * result,zend_ast ** ast_ptr,bool allow_dynamic)10123 void zend_const_expr_to_zval(zval *result, zend_ast **ast_ptr, bool allow_dynamic) /* {{{ */
10124 {
10125 	const_expr_context context;
10126 	context.allow_dynamic = allow_dynamic;
10127 
10128 	zend_eval_const_expr(ast_ptr);
10129 	zend_compile_const_expr(ast_ptr, &context);
10130 	if ((*ast_ptr)->kind != ZEND_AST_ZVAL) {
10131 		/* Replace with compiled AST zval representation. */
10132 		zval ast_zv;
10133 		ZVAL_AST(&ast_zv, zend_ast_copy(*ast_ptr));
10134 		zend_ast_destroy(*ast_ptr);
10135 		*ast_ptr = zend_ast_create_zval(&ast_zv);
10136 	}
10137 	ZVAL_COPY(result, zend_ast_get_zval(*ast_ptr));
10138 }
10139 /* }}} */
10140 
10141 /* Same as compile_stmt, but with early binding */
zend_compile_top_stmt(zend_ast * ast)10142 void zend_compile_top_stmt(zend_ast *ast) /* {{{ */
10143 {
10144 	if (!ast) {
10145 		return;
10146 	}
10147 
10148 	if (ast->kind == ZEND_AST_STMT_LIST) {
10149 		zend_ast_list *list = zend_ast_get_list(ast);
10150 		uint32_t i;
10151 		for (i = 0; i < list->children; ++i) {
10152 			zend_compile_top_stmt(list->child[i]);
10153 		}
10154 		return;
10155 	}
10156 
10157 	if (ast->kind == ZEND_AST_FUNC_DECL) {
10158 		CG(zend_lineno) = ast->lineno;
10159 		zend_compile_func_decl(NULL, ast, 1);
10160 		CG(zend_lineno) = ((zend_ast_decl *) ast)->end_lineno;
10161 	} else if (ast->kind == ZEND_AST_CLASS) {
10162 		CG(zend_lineno) = ast->lineno;
10163 		zend_compile_class_decl(NULL, ast, 1);
10164 		CG(zend_lineno) = ((zend_ast_decl *) ast)->end_lineno;
10165 	} else {
10166 		zend_compile_stmt(ast);
10167 	}
10168 	if (ast->kind != ZEND_AST_NAMESPACE && ast->kind != ZEND_AST_HALT_COMPILER) {
10169 		zend_verify_namespace();
10170 	}
10171 }
10172 /* }}} */
10173 
zend_compile_stmt(zend_ast * ast)10174 static void zend_compile_stmt(zend_ast *ast) /* {{{ */
10175 {
10176 	if (!ast) {
10177 		return;
10178 	}
10179 
10180 	CG(zend_lineno) = ast->lineno;
10181 
10182 	if ((CG(compiler_options) & ZEND_COMPILE_EXTENDED_STMT) && !zend_is_unticked_stmt(ast)) {
10183 		zend_do_extended_stmt();
10184 	}
10185 
10186 	switch (ast->kind) {
10187 		case ZEND_AST_STMT_LIST:
10188 			zend_compile_stmt_list(ast);
10189 			break;
10190 		case ZEND_AST_GLOBAL:
10191 			zend_compile_global_var(ast);
10192 			break;
10193 		case ZEND_AST_STATIC:
10194 			zend_compile_static_var(ast);
10195 			break;
10196 		case ZEND_AST_UNSET:
10197 			zend_compile_unset(ast);
10198 			break;
10199 		case ZEND_AST_RETURN:
10200 			zend_compile_return(ast);
10201 			break;
10202 		case ZEND_AST_ECHO:
10203 			zend_compile_echo(ast);
10204 			break;
10205 		case ZEND_AST_BREAK:
10206 		case ZEND_AST_CONTINUE:
10207 			zend_compile_break_continue(ast);
10208 			break;
10209 		case ZEND_AST_GOTO:
10210 			zend_compile_goto(ast);
10211 			break;
10212 		case ZEND_AST_LABEL:
10213 			zend_compile_label(ast);
10214 			break;
10215 		case ZEND_AST_WHILE:
10216 			zend_compile_while(ast);
10217 			break;
10218 		case ZEND_AST_DO_WHILE:
10219 			zend_compile_do_while(ast);
10220 			break;
10221 		case ZEND_AST_FOR:
10222 			zend_compile_for(ast);
10223 			break;
10224 		case ZEND_AST_FOREACH:
10225 			zend_compile_foreach(ast);
10226 			break;
10227 		case ZEND_AST_IF:
10228 			zend_compile_if(ast);
10229 			break;
10230 		case ZEND_AST_SWITCH:
10231 			zend_compile_switch(ast);
10232 			break;
10233 		case ZEND_AST_TRY:
10234 			zend_compile_try(ast);
10235 			break;
10236 		case ZEND_AST_DECLARE:
10237 			zend_compile_declare(ast);
10238 			break;
10239 		case ZEND_AST_FUNC_DECL:
10240 		case ZEND_AST_METHOD:
10241 			zend_compile_func_decl(NULL, ast, 0);
10242 			break;
10243 		case ZEND_AST_ENUM_CASE:
10244 			zend_compile_enum_case(ast);
10245 			break;
10246 		case ZEND_AST_PROP_GROUP:
10247 			zend_compile_prop_group(ast);
10248 			break;
10249 		case ZEND_AST_CLASS_CONST_GROUP:
10250 			zend_compile_class_const_group(ast);
10251 			break;
10252 		case ZEND_AST_USE_TRAIT:
10253 			zend_compile_use_trait(ast);
10254 			break;
10255 		case ZEND_AST_CLASS:
10256 			zend_compile_class_decl(NULL, ast, 0);
10257 			break;
10258 		case ZEND_AST_GROUP_USE:
10259 			zend_compile_group_use(ast);
10260 			break;
10261 		case ZEND_AST_USE:
10262 			zend_compile_use(ast);
10263 			break;
10264 		case ZEND_AST_CONST_DECL:
10265 			zend_compile_const_decl(ast);
10266 			break;
10267 		case ZEND_AST_NAMESPACE:
10268 			zend_compile_namespace(ast);
10269 			break;
10270 		case ZEND_AST_HALT_COMPILER:
10271 			zend_compile_halt_compiler(ast);
10272 			break;
10273 		case ZEND_AST_THROW:
10274 		case ZEND_AST_EXIT:
10275 			zend_compile_expr(NULL, ast);
10276 			break;
10277 		default:
10278 		{
10279 			znode result;
10280 			zend_compile_expr(&result, ast);
10281 			zend_do_free(&result);
10282 		}
10283 	}
10284 
10285 	if (FC(declarables).ticks && !zend_is_unticked_stmt(ast)) {
10286 		zend_emit_tick();
10287 	}
10288 }
10289 /* }}} */
10290 
zend_compile_expr_inner(znode * result,zend_ast * ast)10291 static void zend_compile_expr_inner(znode *result, zend_ast *ast) /* {{{ */
10292 {
10293 	/* CG(zend_lineno) = ast->lineno; */
10294 	CG(zend_lineno) = zend_ast_get_lineno(ast);
10295 
10296 	if (CG(memoize_mode) != ZEND_MEMOIZE_NONE) {
10297 		zend_compile_memoized_expr(result, ast);
10298 		return;
10299 	}
10300 
10301 	switch (ast->kind) {
10302 		case ZEND_AST_ZVAL:
10303 			ZVAL_COPY(&result->u.constant, zend_ast_get_zval(ast));
10304 			result->op_type = IS_CONST;
10305 			return;
10306 		case ZEND_AST_ZNODE:
10307 			*result = *zend_ast_get_znode(ast);
10308 			return;
10309 		case ZEND_AST_VAR:
10310 		case ZEND_AST_DIM:
10311 		case ZEND_AST_PROP:
10312 		case ZEND_AST_NULLSAFE_PROP:
10313 		case ZEND_AST_STATIC_PROP:
10314 		case ZEND_AST_CALL:
10315 		case ZEND_AST_METHOD_CALL:
10316 		case ZEND_AST_NULLSAFE_METHOD_CALL:
10317 		case ZEND_AST_STATIC_CALL:
10318 			zend_compile_var(result, ast, BP_VAR_R, 0);
10319 			return;
10320 		case ZEND_AST_ASSIGN:
10321 			zend_compile_assign(result, ast);
10322 			return;
10323 		case ZEND_AST_ASSIGN_REF:
10324 			zend_compile_assign_ref(result, ast);
10325 			return;
10326 		case ZEND_AST_NEW:
10327 			zend_compile_new(result, ast);
10328 			return;
10329 		case ZEND_AST_CLONE:
10330 			zend_compile_clone(result, ast);
10331 			return;
10332 		case ZEND_AST_ASSIGN_OP:
10333 			zend_compile_compound_assign(result, ast);
10334 			return;
10335 		case ZEND_AST_BINARY_OP:
10336 			zend_compile_binary_op(result, ast);
10337 			return;
10338 		case ZEND_AST_GREATER:
10339 		case ZEND_AST_GREATER_EQUAL:
10340 			zend_compile_greater(result, ast);
10341 			return;
10342 		case ZEND_AST_UNARY_OP:
10343 			zend_compile_unary_op(result, ast);
10344 			return;
10345 		case ZEND_AST_UNARY_PLUS:
10346 		case ZEND_AST_UNARY_MINUS:
10347 			zend_compile_unary_pm(result, ast);
10348 			return;
10349 		case ZEND_AST_AND:
10350 		case ZEND_AST_OR:
10351 			zend_compile_short_circuiting(result, ast);
10352 			return;
10353 		case ZEND_AST_POST_INC:
10354 		case ZEND_AST_POST_DEC:
10355 			zend_compile_post_incdec(result, ast);
10356 			return;
10357 		case ZEND_AST_PRE_INC:
10358 		case ZEND_AST_PRE_DEC:
10359 			zend_compile_pre_incdec(result, ast);
10360 			return;
10361 		case ZEND_AST_CAST:
10362 			zend_compile_cast(result, ast);
10363 			return;
10364 		case ZEND_AST_CONDITIONAL:
10365 			zend_compile_conditional(result, ast);
10366 			return;
10367 		case ZEND_AST_COALESCE:
10368 			zend_compile_coalesce(result, ast);
10369 			return;
10370 		case ZEND_AST_ASSIGN_COALESCE:
10371 			zend_compile_assign_coalesce(result, ast);
10372 			return;
10373 		case ZEND_AST_PRINT:
10374 			zend_compile_print(result, ast);
10375 			return;
10376 		case ZEND_AST_EXIT:
10377 			zend_compile_exit(result, ast);
10378 			return;
10379 		case ZEND_AST_YIELD:
10380 			zend_compile_yield(result, ast);
10381 			return;
10382 		case ZEND_AST_YIELD_FROM:
10383 			zend_compile_yield_from(result, ast);
10384 			return;
10385 		case ZEND_AST_INSTANCEOF:
10386 			zend_compile_instanceof(result, ast);
10387 			return;
10388 		case ZEND_AST_INCLUDE_OR_EVAL:
10389 			zend_compile_include_or_eval(result, ast);
10390 			return;
10391 		case ZEND_AST_ISSET:
10392 		case ZEND_AST_EMPTY:
10393 			zend_compile_isset_or_empty(result, ast);
10394 			return;
10395 		case ZEND_AST_SILENCE:
10396 			zend_compile_silence(result, ast);
10397 			return;
10398 		case ZEND_AST_SHELL_EXEC:
10399 			zend_compile_shell_exec(result, ast);
10400 			return;
10401 		case ZEND_AST_ARRAY:
10402 			zend_compile_array(result, ast);
10403 			return;
10404 		case ZEND_AST_CONST:
10405 			zend_compile_const(result, ast);
10406 			return;
10407 		case ZEND_AST_CLASS_CONST:
10408 			zend_compile_class_const(result, ast);
10409 			return;
10410 		case ZEND_AST_CLASS_NAME:
10411 			zend_compile_class_name(result, ast);
10412 			return;
10413 		case ZEND_AST_ENCAPS_LIST:
10414 			zend_compile_encaps_list(result, ast);
10415 			return;
10416 		case ZEND_AST_MAGIC_CONST:
10417 			zend_compile_magic_const(result, ast);
10418 			return;
10419 		case ZEND_AST_CLOSURE:
10420 		case ZEND_AST_ARROW_FUNC:
10421 			zend_compile_func_decl(result, ast, 0);
10422 			return;
10423 		case ZEND_AST_THROW:
10424 			zend_compile_throw(result, ast);
10425 			return;
10426 		case ZEND_AST_MATCH:
10427 			zend_compile_match(result, ast);
10428 			return;
10429 		default:
10430 			ZEND_ASSERT(0 /* not supported */);
10431 	}
10432 }
10433 /* }}} */
10434 
zend_compile_expr(znode * result,zend_ast * ast)10435 static void zend_compile_expr(znode *result, zend_ast *ast)
10436 {
10437 	uint32_t checkpoint = zend_short_circuiting_checkpoint();
10438 	zend_compile_expr_inner(result, ast);
10439 	zend_short_circuiting_commit(checkpoint, result, ast);
10440 }
10441 
zend_compile_var_inner(znode * result,zend_ast * ast,uint32_t type,bool by_ref)10442 static zend_op *zend_compile_var_inner(znode *result, zend_ast *ast, uint32_t type, bool by_ref)
10443 {
10444 	CG(zend_lineno) = zend_ast_get_lineno(ast);
10445 
10446 	switch (ast->kind) {
10447 		case ZEND_AST_VAR:
10448 			return zend_compile_simple_var(result, ast, type, 0);
10449 		case ZEND_AST_DIM:
10450 			return zend_compile_dim(result, ast, type, by_ref);
10451 		case ZEND_AST_PROP:
10452 		case ZEND_AST_NULLSAFE_PROP:
10453 			return zend_compile_prop(result, ast, type, by_ref);
10454 		case ZEND_AST_STATIC_PROP:
10455 			return zend_compile_static_prop(result, ast, type, by_ref, 0);
10456 		case ZEND_AST_CALL:
10457 			zend_compile_call(result, ast, type);
10458 			return NULL;
10459 		case ZEND_AST_METHOD_CALL:
10460 		case ZEND_AST_NULLSAFE_METHOD_CALL:
10461 			zend_compile_method_call(result, ast, type);
10462 			return NULL;
10463 		case ZEND_AST_STATIC_CALL:
10464 			zend_compile_static_call(result, ast, type);
10465 			return NULL;
10466 		case ZEND_AST_ZNODE:
10467 			*result = *zend_ast_get_znode(ast);
10468 			return NULL;
10469 		default:
10470 			if (type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET) {
10471 				zend_error_noreturn(E_COMPILE_ERROR,
10472 					"Cannot use temporary expression in write context");
10473 			}
10474 
10475 			zend_compile_expr(result, ast);
10476 			return NULL;
10477 	}
10478 }
10479 
zend_compile_var(znode * result,zend_ast * ast,uint32_t type,bool by_ref)10480 static zend_op *zend_compile_var(znode *result, zend_ast *ast, uint32_t type, bool by_ref) /* {{{ */
10481 {
10482 	uint32_t checkpoint = zend_short_circuiting_checkpoint();
10483 	zend_op *opcode = zend_compile_var_inner(result, ast, type, by_ref);
10484 	zend_short_circuiting_commit(checkpoint, result, ast);
10485 	return opcode;
10486 }
10487 
zend_delayed_compile_var(znode * result,zend_ast * ast,uint32_t type,bool by_ref)10488 static zend_op *zend_delayed_compile_var(znode *result, zend_ast *ast, uint32_t type, bool by_ref) /* {{{ */
10489 {
10490 	switch (ast->kind) {
10491 		case ZEND_AST_VAR:
10492 			return zend_compile_simple_var(result, ast, type, 1);
10493 		case ZEND_AST_DIM:
10494 			return zend_delayed_compile_dim(result, ast, type, by_ref);
10495 		case ZEND_AST_PROP:
10496 		case ZEND_AST_NULLSAFE_PROP:
10497 		{
10498 			zend_op *opline = zend_delayed_compile_prop(result, ast, type);
10499 			if (by_ref) {
10500 				opline->extended_value |= ZEND_FETCH_REF;
10501 			}
10502 			return opline;
10503 		}
10504 		case ZEND_AST_STATIC_PROP:
10505 			return zend_compile_static_prop(result, ast, type, by_ref, 1);
10506 		default:
10507 			return zend_compile_var(result, ast, type, 0);
10508 	}
10509 }
10510 /* }}} */
10511 
zend_eval_const_expr(zend_ast ** ast_ptr)10512 static void zend_eval_const_expr(zend_ast **ast_ptr) /* {{{ */
10513 {
10514 	zend_ast *ast = *ast_ptr;
10515 	zval result;
10516 
10517 	if (!ast) {
10518 		return;
10519 	}
10520 
10521 	switch (ast->kind) {
10522 		case ZEND_AST_BINARY_OP:
10523 			zend_eval_const_expr(&ast->child[0]);
10524 			zend_eval_const_expr(&ast->child[1]);
10525 			if (ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
10526 				return;
10527 			}
10528 
10529 			if (!zend_try_ct_eval_binary_op(&result, ast->attr,
10530 					zend_ast_get_zval(ast->child[0]), zend_ast_get_zval(ast->child[1]))
10531 			) {
10532 				return;
10533 			}
10534 			break;
10535 		case ZEND_AST_GREATER:
10536 		case ZEND_AST_GREATER_EQUAL:
10537 			zend_eval_const_expr(&ast->child[0]);
10538 			zend_eval_const_expr(&ast->child[1]);
10539 			if (ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
10540 				return;
10541 			}
10542 
10543 			zend_ct_eval_greater(&result, ast->kind,
10544 				zend_ast_get_zval(ast->child[0]), zend_ast_get_zval(ast->child[1]));
10545 			break;
10546 		case ZEND_AST_AND:
10547 		case ZEND_AST_OR:
10548 		{
10549 			bool child0_is_true, child1_is_true;
10550 			zend_eval_const_expr(&ast->child[0]);
10551 			zend_eval_const_expr(&ast->child[1]);
10552 			if (ast->child[0]->kind != ZEND_AST_ZVAL) {
10553 				return;
10554 			}
10555 
10556 			child0_is_true = zend_is_true(zend_ast_get_zval(ast->child[0]));
10557 			if (child0_is_true == (ast->kind == ZEND_AST_OR)) {
10558 				ZVAL_BOOL(&result, ast->kind == ZEND_AST_OR);
10559 				break;
10560 			}
10561 
10562 			if (ast->child[1]->kind != ZEND_AST_ZVAL) {
10563 				return;
10564 			}
10565 
10566 			child1_is_true = zend_is_true(zend_ast_get_zval(ast->child[1]));
10567 			if (ast->kind == ZEND_AST_OR) {
10568 				ZVAL_BOOL(&result, child0_is_true || child1_is_true);
10569 			} else {
10570 				ZVAL_BOOL(&result, child0_is_true && child1_is_true);
10571 			}
10572 			break;
10573 		}
10574 		case ZEND_AST_UNARY_OP:
10575 			zend_eval_const_expr(&ast->child[0]);
10576 			if (ast->child[0]->kind != ZEND_AST_ZVAL) {
10577 				return;
10578 			}
10579 
10580 			if (!zend_try_ct_eval_unary_op(&result, ast->attr, zend_ast_get_zval(ast->child[0]))) {
10581 				return;
10582 			}
10583 			break;
10584 		case ZEND_AST_UNARY_PLUS:
10585 		case ZEND_AST_UNARY_MINUS:
10586 			zend_eval_const_expr(&ast->child[0]);
10587 			if (ast->child[0]->kind != ZEND_AST_ZVAL) {
10588 				return;
10589 			}
10590 
10591 			if (!zend_try_ct_eval_unary_pm(&result, ast->kind, zend_ast_get_zval(ast->child[0]))) {
10592 				return;
10593 			}
10594 			break;
10595 		case ZEND_AST_COALESCE:
10596 			/* Set isset fetch indicator here, opcache disallows runtime altering of the AST */
10597 			if (ast->child[0]->kind == ZEND_AST_DIM) {
10598 				ast->child[0]->attr |= ZEND_DIM_IS;
10599 			}
10600 			zend_eval_const_expr(&ast->child[0]);
10601 
10602 			if (ast->child[0]->kind != ZEND_AST_ZVAL) {
10603 				/* ensure everything was compile-time evaluated at least once */
10604 				zend_eval_const_expr(&ast->child[1]);
10605 				return;
10606 			}
10607 
10608 			if (Z_TYPE_P(zend_ast_get_zval(ast->child[0])) == IS_NULL) {
10609 				zend_eval_const_expr(&ast->child[1]);
10610 				*ast_ptr = ast->child[1];
10611 				ast->child[1] = NULL;
10612 				zend_ast_destroy(ast);
10613 			} else {
10614 				*ast_ptr = ast->child[0];
10615 				ast->child[0] = NULL;
10616 				zend_ast_destroy(ast);
10617 			}
10618 			return;
10619 		case ZEND_AST_CONDITIONAL:
10620 		{
10621 			zend_ast **child, *child_ast;
10622 			zend_eval_const_expr(&ast->child[0]);
10623 			if (ast->child[0]->kind != ZEND_AST_ZVAL) {
10624 				/* ensure everything was compile-time evaluated at least once */
10625 				if (ast->child[1]) {
10626 					zend_eval_const_expr(&ast->child[1]);
10627 				}
10628 				zend_eval_const_expr(&ast->child[2]);
10629 				return;
10630 			}
10631 
10632 			child = &ast->child[2 - zend_is_true(zend_ast_get_zval(ast->child[0]))];
10633 			if (*child == NULL) {
10634 				child--;
10635 			}
10636 			child_ast = *child;
10637 			*child = NULL;
10638 			zend_ast_destroy(ast);
10639 			*ast_ptr = child_ast;
10640 			zend_eval_const_expr(ast_ptr);
10641 			return;
10642 		}
10643 		case ZEND_AST_DIM:
10644 		{
10645 			/* constant expression should be always read context ... */
10646 			zval *container, *dim;
10647 
10648 			if (ast->child[1] == NULL) {
10649 				zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for reading");
10650 			}
10651 
10652 			if (ast->attr & ZEND_DIM_ALTERNATIVE_SYNTAX) {
10653 				ast->attr &= ~ZEND_DIM_ALTERNATIVE_SYNTAX; /* remove flag to avoid duplicate warning */
10654 				zend_error(E_COMPILE_ERROR, "Array and string offset access syntax with curly braces is no longer supported");
10655 			}
10656 
10657 			/* Set isset fetch indicator here, opcache disallows runtime altering of the AST */
10658 			if ((ast->attr & ZEND_DIM_IS) && ast->child[0]->kind == ZEND_AST_DIM) {
10659 				ast->child[0]->attr |= ZEND_DIM_IS;
10660 			}
10661 
10662 			zend_eval_const_expr(&ast->child[0]);
10663 			zend_eval_const_expr(&ast->child[1]);
10664 			if (ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
10665 				return;
10666 			}
10667 
10668 			container = zend_ast_get_zval(ast->child[0]);
10669 			dim = zend_ast_get_zval(ast->child[1]);
10670 
10671 			if (Z_TYPE_P(container) == IS_ARRAY) {
10672 				zval *el;
10673 				if (Z_TYPE_P(dim) == IS_LONG) {
10674 					el = zend_hash_index_find(Z_ARR_P(container), Z_LVAL_P(dim));
10675 					if (el) {
10676 						ZVAL_COPY(&result, el);
10677 					} else {
10678 						return;
10679 					}
10680 				} else if (Z_TYPE_P(dim) == IS_STRING) {
10681 					el = zend_symtable_find(Z_ARR_P(container), Z_STR_P(dim));
10682 					if (el) {
10683 						ZVAL_COPY(&result, el);
10684 					} else {
10685 						return;
10686 					}
10687 				} else {
10688 					return; /* warning... handle at runtime */
10689 				}
10690 			} else if (Z_TYPE_P(container) == IS_STRING) {
10691 				zend_long offset;
10692 				zend_uchar c;
10693 				if (Z_TYPE_P(dim) == IS_LONG) {
10694 					offset = Z_LVAL_P(dim);
10695 				} else if (Z_TYPE_P(dim) != IS_STRING || is_numeric_string(Z_STRVAL_P(dim), Z_STRLEN_P(dim), &offset, NULL, 1) != IS_LONG) {
10696 					return;
10697 				}
10698 				if (offset < 0 || (size_t)offset >= Z_STRLEN_P(container)) {
10699 					return;
10700 				}
10701 				c = (zend_uchar) Z_STRVAL_P(container)[offset];
10702 				ZVAL_CHAR(&result, c);
10703 			} else if (Z_TYPE_P(container) <= IS_FALSE) {
10704 				return; /* warning... handle at runtime */
10705 			} else {
10706 				return;
10707 			}
10708 			break;
10709 		}
10710 		case ZEND_AST_ARRAY:
10711 			if (!zend_try_ct_eval_array(&result, ast)) {
10712 				return;
10713 			}
10714 			break;
10715 		case ZEND_AST_MAGIC_CONST:
10716 			if (!zend_try_ct_eval_magic_const(&result, ast)) {
10717 				return;
10718 			}
10719 			break;
10720 		case ZEND_AST_CONST:
10721 		{
10722 			zend_ast *name_ast = ast->child[0];
10723 			bool is_fully_qualified;
10724 			zend_string *resolved_name = zend_resolve_const_name(
10725 				zend_ast_get_str(name_ast), name_ast->attr, &is_fully_qualified);
10726 
10727 			if (!zend_try_ct_eval_const(&result, resolved_name, is_fully_qualified)) {
10728 				zend_string_release_ex(resolved_name, 0);
10729 				return;
10730 			}
10731 
10732 			zend_string_release_ex(resolved_name, 0);
10733 			break;
10734 		}
10735 		case ZEND_AST_CLASS_CONST:
10736 		{
10737 			zend_ast *class_ast;
10738 			zend_ast *name_ast;
10739 			zend_string *resolved_name;
10740 
10741 			zend_eval_const_expr(&ast->child[0]);
10742 			zend_eval_const_expr(&ast->child[1]);
10743 
10744 			class_ast = ast->child[0];
10745 			name_ast = ast->child[1];
10746 
10747 			if (class_ast->kind != ZEND_AST_ZVAL || name_ast->kind != ZEND_AST_ZVAL) {
10748 				return;
10749 			}
10750 
10751 			resolved_name = zend_resolve_class_name_ast(class_ast);
10752 			if (!zend_try_ct_eval_class_const(&result, resolved_name, zend_ast_get_str(name_ast))) {
10753 				zend_string_release_ex(resolved_name, 0);
10754 				return;
10755 			}
10756 
10757 			zend_string_release_ex(resolved_name, 0);
10758 			break;
10759 		}
10760 		case ZEND_AST_CLASS_NAME:
10761 		{
10762 			zend_ast *class_ast = ast->child[0];
10763 			if (!zend_try_compile_const_expr_resolve_class_name(&result, class_ast)) {
10764 				return;
10765 			}
10766 			break;
10767 		}
10768 		// TODO: We should probably use zend_ast_apply to recursively walk nodes without
10769 		// special handling. It is required that all nodes that are part of a const expr
10770 		// are visited. Probably we should be distinguishing evaluation of const expr and
10771 		// normal exprs here.
10772 		case ZEND_AST_ARG_LIST:
10773 		{
10774 			zend_ast_list *list = zend_ast_get_list(ast);
10775 			for (uint32_t i = 0; i < list->children; i++) {
10776 				zend_eval_const_expr(&list->child[i]);
10777 			}
10778 			return;
10779 		}
10780 		case ZEND_AST_NEW:
10781 			zend_eval_const_expr(&ast->child[0]);
10782 			zend_eval_const_expr(&ast->child[1]);
10783 			return;
10784 		case ZEND_AST_NAMED_ARG:
10785 			zend_eval_const_expr(&ast->child[1]);
10786 			return;
10787 		case ZEND_AST_CONST_ENUM_INIT:
10788 			zend_eval_const_expr(&ast->child[2]);
10789 			return;
10790 		case ZEND_AST_PROP:
10791 		case ZEND_AST_NULLSAFE_PROP:
10792 			zend_eval_const_expr(&ast->child[0]);
10793 			zend_eval_const_expr(&ast->child[1]);
10794 			return;
10795 		default:
10796 			return;
10797 	}
10798 
10799 	zend_ast_destroy(ast);
10800 	*ast_ptr = zend_ast_create_zval(&result);
10801 }
10802 /* }}} */
10803