1 /*
2 +----------------------------------------------------------------------+
3 | Zend Engine, Call Graph |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | https://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Dmitry Stogov <dmitry@php.net> |
16 +----------------------------------------------------------------------+
17 */
18
19 #include "zend_compile.h"
20 #include "zend_extensions.h"
21 #include "Optimizer/zend_optimizer.h"
22 #include "zend_optimizer_internal.h"
23 #include "zend_inference.h"
24 #include "zend_call_graph.h"
25 #include "zend_func_info.h"
26 #include "zend_inference.h"
27 #include "zend_call_graph.h"
28
zend_op_array_calc(zend_op_array * op_array,void * context)29 static void zend_op_array_calc(zend_op_array *op_array, void *context)
30 {
31 zend_call_graph *call_graph = context;
32 call_graph->op_arrays_count++;
33 }
34
zend_op_array_collect(zend_op_array * op_array,void * context)35 static void zend_op_array_collect(zend_op_array *op_array, void *context)
36 {
37 zend_call_graph *call_graph = context;
38 zend_func_info *func_info = call_graph->func_infos + call_graph->op_arrays_count;
39
40 ZEND_SET_FUNC_INFO(op_array, func_info);
41 call_graph->op_arrays[call_graph->op_arrays_count] = op_array;
42 func_info->num = call_graph->op_arrays_count;
43 call_graph->op_arrays_count++;
44 }
45
zend_analyze_calls(zend_arena ** arena,zend_script * script,uint32_t build_flags,zend_op_array * op_array,zend_func_info * func_info)46 ZEND_API void zend_analyze_calls(zend_arena **arena, zend_script *script, uint32_t build_flags, zend_op_array *op_array, zend_func_info *func_info)
47 {
48 zend_op *opline = op_array->opcodes;
49 zend_op *end = opline + op_array->last;
50 zend_function *func;
51 zend_call_info *call_info;
52 int call = 0;
53 zend_call_info **call_stack;
54 ALLOCA_FLAG(use_heap);
55 bool is_prototype;
56
57 call_stack = do_alloca((op_array->last / 2) * sizeof(zend_call_info*), use_heap);
58 call_info = NULL;
59 while (opline != end) {
60 switch (opline->opcode) {
61 case ZEND_INIT_FCALL:
62 case ZEND_INIT_METHOD_CALL:
63 case ZEND_INIT_STATIC_METHOD_CALL:
64 call_stack[call] = call_info;
65 func = zend_optimizer_get_called_func(
66 script, op_array, opline, &is_prototype);
67 if (func) {
68 call_info = zend_arena_calloc(arena, 1, sizeof(zend_call_info) + (sizeof(zend_send_arg_info) * ((int)opline->extended_value - 1)));
69 call_info->caller_op_array = op_array;
70 call_info->caller_init_opline = opline;
71 call_info->caller_call_opline = NULL;
72 call_info->callee_func = func;
73 call_info->num_args = opline->extended_value;
74 call_info->next_callee = func_info->callee_info;
75 call_info->is_prototype = is_prototype;
76 call_info->is_frameless = false;
77 func_info->callee_info = call_info;
78
79 if (build_flags & ZEND_CALL_TREE) {
80 call_info->next_caller = NULL;
81 } else if (func->type == ZEND_INTERNAL_FUNCTION) {
82 call_info->next_caller = NULL;
83 } else {
84 zend_func_info *callee_func_info = ZEND_FUNC_INFO(&func->op_array);
85 if (callee_func_info) {
86 call_info->next_caller = callee_func_info->caller_info;
87 callee_func_info->caller_info = call_info;
88 } else {
89 call_info->next_caller = NULL;
90 }
91 }
92 } else {
93 call_info = NULL;
94 }
95 call++;
96 break;
97 case ZEND_INIT_FCALL_BY_NAME:
98 case ZEND_INIT_NS_FCALL_BY_NAME:
99 case ZEND_INIT_DYNAMIC_CALL:
100 case ZEND_NEW:
101 case ZEND_INIT_USER_CALL:
102 call_stack[call] = call_info;
103 call_info = NULL;
104 call++;
105 break;
106 case ZEND_FRAMELESS_ICALL_0:
107 case ZEND_FRAMELESS_ICALL_1:
108 case ZEND_FRAMELESS_ICALL_2:
109 case ZEND_FRAMELESS_ICALL_3: {
110 func = ZEND_FLF_FUNC(opline);
111 zend_call_info *call_info = zend_arena_calloc(arena, 1, sizeof(zend_call_info));
112 call_info->caller_op_array = op_array;
113 call_info->caller_init_opline = opline;
114 call_info->caller_call_opline = NULL;
115 call_info->callee_func = func;
116 call_info->num_args = ZEND_FLF_NUM_ARGS(opline->opcode);
117 call_info->next_callee = func_info->callee_info;
118 call_info->is_prototype = false;
119 call_info->is_frameless = true;
120 call_info->next_caller = NULL;
121 func_info->callee_info = call_info;
122 break;
123 }
124 case ZEND_DO_FCALL:
125 case ZEND_DO_ICALL:
126 case ZEND_DO_UCALL:
127 case ZEND_DO_FCALL_BY_NAME:
128 case ZEND_CALLABLE_CONVERT:
129 func_info->flags |= ZEND_FUNC_HAS_CALLS;
130 if (call_info) {
131 call_info->caller_call_opline = opline;
132 }
133 call--;
134 call_info = call_stack[call];
135 break;
136 case ZEND_SEND_VAL:
137 case ZEND_SEND_VAR:
138 case ZEND_SEND_VAL_EX:
139 case ZEND_SEND_VAR_EX:
140 case ZEND_SEND_FUNC_ARG:
141 case ZEND_SEND_REF:
142 case ZEND_SEND_VAR_NO_REF:
143 case ZEND_SEND_VAR_NO_REF_EX:
144 case ZEND_SEND_USER:
145 if (call_info) {
146 if (opline->op2_type == IS_CONST) {
147 call_info->named_args = 1;
148 break;
149 }
150
151 uint32_t num = opline->op2.num;
152 if (num > 0) {
153 num--;
154 }
155 call_info->arg_info[num].opline = opline;
156 }
157 break;
158 case ZEND_SEND_ARRAY:
159 case ZEND_SEND_UNPACK:
160 if (call_info) {
161 call_info->send_unpack = 1;
162 }
163 break;
164 case ZEND_EXIT:
165 /* In this case the DO_CALL opcode may have been dropped
166 * and caller_call_opline will be NULL. */
167 break;
168 }
169 opline++;
170 }
171 free_alloca(call_stack, use_heap);
172 }
173
zend_is_indirectly_recursive(zend_op_array * root,zend_op_array * op_array,zend_bitset visited)174 static bool zend_is_indirectly_recursive(zend_op_array *root, zend_op_array *op_array, zend_bitset visited)
175 {
176 zend_func_info *func_info;
177 zend_call_info *call_info;
178 bool ret = 0;
179
180 if (op_array == root) {
181 return 1;
182 }
183
184 func_info = ZEND_FUNC_INFO(op_array);
185 if (zend_bitset_in(visited, func_info->num)) {
186 return 0;
187 }
188 zend_bitset_incl(visited, func_info->num);
189 call_info = func_info->caller_info;
190 while (call_info) {
191 if (zend_is_indirectly_recursive(root, call_info->caller_op_array, visited)) {
192 call_info->recursive = 1;
193 ret = 1;
194 }
195 call_info = call_info->next_caller;
196 }
197 return ret;
198 }
199
zend_analyze_recursion(zend_call_graph * call_graph)200 static void zend_analyze_recursion(zend_call_graph *call_graph)
201 {
202 zend_op_array *op_array;
203 zend_func_info *func_info;
204 zend_call_info *call_info;
205 int i;
206 int set_len = zend_bitset_len(call_graph->op_arrays_count);
207 zend_bitset visited;
208 ALLOCA_FLAG(use_heap);
209
210 visited = ZEND_BITSET_ALLOCA(set_len, use_heap);
211 for (i = 0; i < call_graph->op_arrays_count; i++) {
212 op_array = call_graph->op_arrays[i];
213 func_info = call_graph->func_infos + i;
214 call_info = func_info->caller_info;
215 for (; call_info; call_info = call_info->next_caller) {
216 if (call_info->is_prototype) {
217 /* Might be calling an overridden child method and not actually recursive. */
218 continue;
219 }
220 if (call_info->caller_op_array == op_array) {
221 call_info->recursive = 1;
222 func_info->flags |= ZEND_FUNC_RECURSIVE | ZEND_FUNC_RECURSIVE_DIRECTLY;
223 } else {
224 memset(visited, 0, sizeof(zend_ulong) * set_len);
225 if (zend_is_indirectly_recursive(op_array, call_info->caller_op_array, visited)) {
226 call_info->recursive = 1;
227 func_info->flags |= ZEND_FUNC_RECURSIVE | ZEND_FUNC_RECURSIVE_INDIRECTLY;
228 }
229 }
230 }
231 }
232
233 free_alloca(visited, use_heap);
234 }
235
zend_sort_op_arrays(zend_call_graph * call_graph)236 static void zend_sort_op_arrays(zend_call_graph *call_graph)
237 {
238 (void) call_graph;
239
240 // TODO: perform topological sort of cyclic call graph
241 }
242
zend_build_call_graph(zend_arena ** arena,zend_script * script,zend_call_graph * call_graph)243 ZEND_API void zend_build_call_graph(zend_arena **arena, zend_script *script, zend_call_graph *call_graph) /* {{{ */
244 {
245 call_graph->op_arrays_count = 0;
246 zend_foreach_op_array(script, zend_op_array_calc, call_graph);
247
248 call_graph->op_arrays = (zend_op_array**)zend_arena_calloc(arena, call_graph->op_arrays_count, sizeof(zend_op_array*));
249 call_graph->func_infos = (zend_func_info*)zend_arena_calloc(arena, call_graph->op_arrays_count, sizeof(zend_func_info));
250 call_graph->op_arrays_count = 0;
251 zend_foreach_op_array(script, zend_op_array_collect, call_graph);
252 }
253 /* }}} */
254
zend_analyze_call_graph(zend_arena ** arena,zend_script * script,zend_call_graph * call_graph)255 ZEND_API void zend_analyze_call_graph(zend_arena **arena, zend_script *script, zend_call_graph *call_graph) /* {{{ */
256 {
257 int i;
258
259 for (i = 0; i < call_graph->op_arrays_count; i++) {
260 zend_analyze_calls(arena, script, 0, call_graph->op_arrays[i], call_graph->func_infos + i);
261 }
262 zend_analyze_recursion(call_graph);
263 zend_sort_op_arrays(call_graph);
264 }
265 /* }}} */
266
zend_build_call_map(zend_arena ** arena,zend_func_info * info,const zend_op_array * op_array)267 ZEND_API zend_call_info **zend_build_call_map(zend_arena **arena, zend_func_info *info, const zend_op_array *op_array) /* {{{ */
268 {
269 zend_call_info **map, *call;
270 if (!info->callee_info) {
271 /* Don't build call map if function contains no calls */
272 return NULL;
273 }
274
275 map = zend_arena_calloc(arena, sizeof(zend_call_info *), op_array->last);
276 for (call = info->callee_info; call; call = call->next_callee) {
277 int i;
278 map[call->caller_init_opline - op_array->opcodes] = call;
279 if (call->caller_call_opline) {
280 map[call->caller_call_opline - op_array->opcodes] = call;
281 }
282 if (!call->is_frameless) {
283 for (i = 0; i < call->num_args; i++) {
284 if (call->arg_info[i].opline) {
285 map[call->arg_info[i].opline - op_array->opcodes] = call;
286 }
287 }
288 }
289 }
290 return map;
291 }
292 /* }}} */
293
