1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1998-2018 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Dmitry Stogov <dmitry@php.net> |
16 +----------------------------------------------------------------------+
17 */
18
19 #include "php.h"
20 #include "Optimizer/zend_optimizer.h"
21 #include "Optimizer/zend_optimizer_internal.h"
22 #include "zend_API.h"
23 #include "zend_constants.h"
24 #include "zend_execute.h"
25 #include "zend_vm.h"
26 #include "zend_bitset.h"
27 #include "zend_cfg.h"
28 #include "zend_ssa.h"
29 #include "zend_func_info.h"
30 #include "zend_call_graph.h"
31 #include "zend_inference.h"
32 #include "zend_dump.h"
33
34 #ifndef ZEND_DEBUG_DFA
35 # define ZEND_DEBUG_DFA ZEND_DEBUG
36 #endif
37
38 #if ZEND_DEBUG_DFA
39 # include "ssa_integrity.c"
40 #endif
41
zend_dfa_analyze_op_array(zend_op_array * op_array,zend_optimizer_ctx * ctx,zend_ssa * ssa)42 int zend_dfa_analyze_op_array(zend_op_array *op_array, zend_optimizer_ctx *ctx, zend_ssa *ssa)
43 {
44 uint32_t build_flags;
45
46 if (op_array->last_try_catch) {
47 /* TODO: we can't analyze functions with try/catch/finally ??? */
48 return FAILURE;
49 }
50
51 /* Build SSA */
52 memset(ssa, 0, sizeof(zend_ssa));
53
54 if (zend_build_cfg(&ctx->arena, op_array, ZEND_CFG_NO_ENTRY_PREDECESSORS, &ssa->cfg) != SUCCESS) {
55 return FAILURE;
56 }
57
58 if ((ssa->cfg.flags & ZEND_FUNC_INDIRECT_VAR_ACCESS)) {
59 /* TODO: we can't analyze functions with indirect variable access ??? */
60 return FAILURE;
61 }
62
63 if (zend_cfg_build_predecessors(&ctx->arena, &ssa->cfg) != SUCCESS) {
64 return FAILURE;
65 }
66
67 if (ctx->debug_level & ZEND_DUMP_DFA_CFG) {
68 zend_dump_op_array(op_array, ZEND_DUMP_CFG, "dfa cfg", &ssa->cfg);
69 }
70
71 /* Compute Dominators Tree */
72 if (zend_cfg_compute_dominators_tree(op_array, &ssa->cfg) != SUCCESS) {
73 return FAILURE;
74 }
75
76 /* Identify reducible and irreducible loops */
77 if (zend_cfg_identify_loops(op_array, &ssa->cfg) != SUCCESS) {
78 return FAILURE;
79 }
80
81 if (ctx->debug_level & ZEND_DUMP_DFA_DOMINATORS) {
82 zend_dump_dominators(op_array, &ssa->cfg);
83 }
84
85 build_flags = 0;
86 if (ctx->debug_level & ZEND_DUMP_DFA_LIVENESS) {
87 build_flags |= ZEND_SSA_DEBUG_LIVENESS;
88 }
89 if (ctx->debug_level & ZEND_DUMP_DFA_PHI) {
90 build_flags |= ZEND_SSA_DEBUG_PHI_PLACEMENT;
91 }
92 if (zend_build_ssa(&ctx->arena, ctx->script, op_array, build_flags, ssa) != SUCCESS) {
93 return FAILURE;
94 }
95
96 if (ctx->debug_level & ZEND_DUMP_DFA_SSA) {
97 zend_dump_op_array(op_array, ZEND_DUMP_SSA, "dfa ssa", ssa);
98 }
99
100
101 if (zend_ssa_compute_use_def_chains(&ctx->arena, op_array, ssa) != SUCCESS){
102 return FAILURE;
103 }
104
105 if (zend_ssa_find_false_dependencies(op_array, ssa) != SUCCESS) {
106 return FAILURE;
107 }
108
109 if (zend_ssa_find_sccs(op_array, ssa) != SUCCESS){
110 return FAILURE;
111 }
112
113 if (zend_ssa_inference(&ctx->arena, op_array, ctx->script, ssa, ctx->optimization_level) != SUCCESS) {
114 return FAILURE;
115 }
116
117 if (zend_ssa_escape_analysis(ctx->script, op_array, ssa) != SUCCESS) {
118 return FAILURE;
119 }
120
121 if (ctx->debug_level & ZEND_DUMP_DFA_SSA_VARS) {
122 zend_dump_ssa_variables(op_array, ssa, 0);
123 }
124
125 return SUCCESS;
126 }
127
is_smart_branch_inhibiting_nop(zend_op_array * op_array,uint32_t target,uint32_t current,zend_basic_block * b,zend_basic_block * blocks_end)128 static zend_bool is_smart_branch_inhibiting_nop(
129 zend_op_array *op_array, uint32_t target, uint32_t current,
130 zend_basic_block *b, zend_basic_block *blocks_end)
131 {
132 uint32_t next;
133 /* Target points one past the last non-nop instruction. Make sure there is one. */
134 if (target == 0) {
135 return 0;
136 }
137
138 /* Find the next instruction, skipping unreachable or empty blocks. */
139 next = current + 1;
140 if (next >= b->start + b->len) {
141 do {
142 b++;
143 if (b == blocks_end) {
144 return 0;
145 }
146 } while (!(b->flags & ZEND_BB_REACHABLE) || b->len == 0);
147 next = b->start;
148 }
149
150 return (op_array->opcodes[next].opcode == ZEND_JMPZ ||
151 op_array->opcodes[next].opcode == ZEND_JMPNZ) &&
152 zend_is_smart_branch(op_array->opcodes + target - 1);
153 }
154
zend_ssa_remove_nops(zend_op_array * op_array,zend_ssa * ssa,zend_optimizer_ctx * ctx)155 static void zend_ssa_remove_nops(zend_op_array *op_array, zend_ssa *ssa, zend_optimizer_ctx *ctx)
156 {
157 zend_basic_block *blocks = ssa->cfg.blocks;
158 zend_basic_block *blocks_end = blocks + ssa->cfg.blocks_count;
159 zend_basic_block *b;
160 zend_func_info *func_info;
161 int j;
162 uint32_t i = 0;
163 uint32_t target = 0;
164 uint32_t *shiftlist;
165 ALLOCA_FLAG(use_heap);
166
167 shiftlist = (uint32_t *)do_alloca(sizeof(uint32_t) * op_array->last, use_heap);
168 memset(shiftlist, 0, sizeof(uint32_t) * op_array->last);
169 /* remove empty callee_info */
170 func_info = ZEND_FUNC_INFO(op_array);
171 if (func_info) {
172 zend_call_info **call_info = &func_info->callee_info;
173 while ((*call_info)) {
174 if ((*call_info)->caller_init_opline->opcode == ZEND_NOP) {
175 *call_info = (*call_info)->next_callee;
176 } else {
177 call_info = &(*call_info)->next_callee;
178 }
179 }
180 }
181
182 for (b = blocks; b < blocks_end; b++) {
183 if (b->flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
184 if (b->len) {
185 uint32_t new_start, old_end;
186 while (i < b->start) {
187 shiftlist[i] = i - target;
188 i++;
189 }
190
191 if (b->flags & ZEND_BB_UNREACHABLE_FREE) {
192 /* Only keep the FREE for the loop var */
193 ZEND_ASSERT(op_array->opcodes[b->start].opcode == ZEND_FREE
194 || op_array->opcodes[b->start].opcode == ZEND_FE_FREE);
195 b->len = 1;
196 }
197
198 new_start = target;
199 old_end = b->start + b->len;
200 while (i < old_end) {
201 shiftlist[i] = i - target;
202 if (EXPECTED(op_array->opcodes[i].opcode != ZEND_NOP) ||
203 is_smart_branch_inhibiting_nop(op_array, target, i, b, blocks_end)) {
204 if (i != target) {
205 op_array->opcodes[target] = op_array->opcodes[i];
206 ssa->ops[target] = ssa->ops[i];
207 ssa->cfg.map[target] = b - blocks;
208 }
209 target++;
210 }
211 i++;
212 }
213 b->start = new_start;
214 if (target != old_end) {
215 zend_op *opline;
216 zend_op *new_opline;
217
218 b->len = target - b->start;
219 opline = op_array->opcodes + old_end - 1;
220 if (opline->opcode == ZEND_NOP) {
221 continue;
222 }
223
224 new_opline = op_array->opcodes + target - 1;
225 zend_optimizer_migrate_jump(op_array, new_opline, opline);
226 }
227 } else {
228 b->start = target;
229 }
230 } else {
231 b->start = target;
232 b->len = 0;
233 }
234 }
235
236 if (target != op_array->last) {
237 /* reset rest opcodes */
238 for (i = target; i < op_array->last; i++) {
239 MAKE_NOP(op_array->opcodes + i);
240 }
241
242 /* update SSA variables */
243 for (j = 0; j < ssa->vars_count; j++) {
244 if (ssa->vars[j].definition >= 0) {
245 ssa->vars[j].definition -= shiftlist[ssa->vars[j].definition];
246 }
247 if (ssa->vars[j].use_chain >= 0) {
248 ssa->vars[j].use_chain -= shiftlist[ssa->vars[j].use_chain];
249 }
250 }
251 for (i = 0; i < op_array->last; i++) {
252 if (ssa->ops[i].op1_use_chain >= 0) {
253 ssa->ops[i].op1_use_chain -= shiftlist[ssa->ops[i].op1_use_chain];
254 }
255 if (ssa->ops[i].op2_use_chain >= 0) {
256 ssa->ops[i].op2_use_chain -= shiftlist[ssa->ops[i].op2_use_chain];
257 }
258 if (ssa->ops[i].res_use_chain >= 0) {
259 ssa->ops[i].res_use_chain -= shiftlist[ssa->ops[i].res_use_chain];
260 }
261 }
262
263 /* update branch targets */
264 for (b = blocks; b < blocks_end; b++) {
265 if ((b->flags & ZEND_BB_REACHABLE) && b->len != 0) {
266 zend_op *opline = op_array->opcodes + b->start + b->len - 1;
267 zend_optimizer_shift_jump(op_array, opline, shiftlist);
268 }
269 }
270
271 /* update brk/cont array */
272 for (j = 0; j < op_array->last_live_range; j++) {
273 op_array->live_range[j].start -= shiftlist[op_array->live_range[j].start];
274 op_array->live_range[j].end -= shiftlist[op_array->live_range[j].end];
275 }
276
277 /* update try/catch array */
278 for (j = 0; j < op_array->last_try_catch; j++) {
279 op_array->try_catch_array[j].try_op -= shiftlist[op_array->try_catch_array[j].try_op];
280 op_array->try_catch_array[j].catch_op -= shiftlist[op_array->try_catch_array[j].catch_op];
281 if (op_array->try_catch_array[j].finally_op) {
282 op_array->try_catch_array[j].finally_op -= shiftlist[op_array->try_catch_array[j].finally_op];
283 op_array->try_catch_array[j].finally_end -= shiftlist[op_array->try_catch_array[j].finally_end];
284 }
285 }
286
287 /* update early binding list */
288 if (op_array->fn_flags & ZEND_ACC_EARLY_BINDING) {
289 uint32_t *opline_num = &ctx->script->first_early_binding_opline;
290
291 ZEND_ASSERT(op_array == &ctx->script->main_op_array);
292 do {
293 *opline_num -= shiftlist[*opline_num];
294 opline_num = &op_array->opcodes[*opline_num].result.opline_num;
295 } while (*opline_num != (uint32_t)-1);
296 }
297
298 /* update call graph */
299 if (func_info) {
300 zend_call_info *call_info = func_info->callee_info;
301 while (call_info) {
302 call_info->caller_init_opline -=
303 shiftlist[call_info->caller_init_opline - op_array->opcodes];
304 if (call_info->caller_call_opline) {
305 call_info->caller_call_opline -=
306 shiftlist[call_info->caller_call_opline - op_array->opcodes];
307 }
308 call_info = call_info->next_callee;
309 }
310 }
311
312 op_array->last = target;
313 }
314 free_alloca(shiftlist, use_heap);
315 }
316
can_elide_return_type_check(zend_op_array * op_array,zend_ssa * ssa,zend_ssa_op * ssa_op)317 static inline zend_bool can_elide_return_type_check(
318 zend_op_array *op_array, zend_ssa *ssa, zend_ssa_op *ssa_op) {
319 zend_arg_info *info = &op_array->arg_info[-1];
320 zend_ssa_var_info *use_info = &ssa->var_info[ssa_op->op1_use];
321 zend_ssa_var_info *def_info = &ssa->var_info[ssa_op->op1_def];
322
323 if (use_info->type & MAY_BE_REF) {
324 return 0;
325 }
326
327 /* A type is possible that is not in the allowed types */
328 if ((use_info->type & (MAY_BE_ANY|MAY_BE_UNDEF)) & ~(def_info->type & MAY_BE_ANY)) {
329 return 0;
330 }
331
332 /* These types are not represented exactly */
333 if (ZEND_TYPE_CODE(info->type) == IS_CALLABLE || ZEND_TYPE_CODE(info->type) == IS_ITERABLE) {
334 return 0;
335 }
336
337 if (ZEND_TYPE_IS_CLASS(info->type)) {
338 if (!use_info->ce || !def_info->ce || !instanceof_function(use_info->ce, def_info->ce)) {
339 return 0;
340 }
341 }
342
343 return 1;
344 }
345
opline_supports_assign_contraction(zend_ssa * ssa,zend_op * opline,int src_var,uint32_t cv_var)346 static zend_bool opline_supports_assign_contraction(
347 zend_ssa *ssa, zend_op *opline, int src_var, uint32_t cv_var) {
348 if (opline->opcode == ZEND_NEW) {
349 /* see Zend/tests/generators/aborted_yield_during_new.phpt */
350 return 0;
351 }
352
353 if (opline->opcode == ZEND_DO_ICALL || opline->opcode == ZEND_DO_UCALL
354 || opline->opcode == ZEND_DO_FCALL || opline->opcode == ZEND_DO_FCALL_BY_NAME) {
355 /* Function calls may dtor the return value after it has already been written -- allow
356 * direct assignment only for types where a double-dtor does not matter. */
357 uint32_t type = ssa->var_info[src_var].type;
358 uint32_t simple = MAY_BE_NULL|MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_LONG|MAY_BE_DOUBLE;
359 return !((type & MAY_BE_ANY) & ~simple);
360 }
361
362 if (opline->opcode == ZEND_POST_INC || opline->opcode == ZEND_POST_DEC) {
363 /* POST_INC/DEC write the result variable before performing the inc/dec. For $i = $i++
364 * eliding the temporary variable would thus yield an incorrect result. */
365 return opline->op1_type != IS_CV || opline->op1.var != cv_var;
366 }
367
368 if (opline->opcode == ZEND_INIT_ARRAY) {
369 /* INIT_ARRAY initializes the result array before reading key/value. */
370 return (opline->op1_type != IS_CV || opline->op1.var != cv_var)
371 && (opline->op2_type != IS_CV || opline->op2.var != cv_var);
372 }
373
374 if (opline->opcode == ZEND_CAST
375 && (opline->extended_value == IS_ARRAY || opline->extended_value == IS_OBJECT)) {
376 /* CAST to array/object may initialize the result to an empty array/object before
377 * reading the expression. */
378 return opline->op1_type != IS_CV || opline->op1.var != cv_var;
379 }
380
381 return 1;
382 }
383
zend_dfa_optimize_calls(zend_op_array * op_array,zend_ssa * ssa)384 int zend_dfa_optimize_calls(zend_op_array *op_array, zend_ssa *ssa)
385 {
386 zend_func_info *func_info = ZEND_FUNC_INFO(op_array);
387 int removed_ops = 0;
388
389 if (func_info->callee_info) {
390 zend_call_info *call_info = func_info->callee_info;
391
392 do {
393 if (call_info->caller_call_opline
394 && call_info->caller_call_opline->opcode == ZEND_DO_ICALL
395 && call_info->callee_func
396 && ZSTR_LEN(call_info->callee_func->common.function_name) == sizeof("in_array")-1
397 && memcmp(ZSTR_VAL(call_info->callee_func->common.function_name), "in_array", sizeof("in_array")-1) == 0
398 && (call_info->caller_init_opline->extended_value == 2
399 || (call_info->caller_init_opline->extended_value == 3
400 && (call_info->caller_call_opline - 1)->opcode == ZEND_SEND_VAL
401 && (call_info->caller_call_opline - 1)->op1_type == IS_CONST))) {
402
403 zend_op *send_array;
404 zend_op *send_needly;
405 zend_bool strict = 0;
406
407 if (call_info->caller_init_opline->extended_value == 2) {
408 send_array = call_info->caller_call_opline - 1;
409 send_needly = call_info->caller_call_opline - 2;
410 } else {
411 if (zend_is_true(CT_CONSTANT_EX(op_array, (call_info->caller_call_opline - 1)->op1.constant))) {
412 strict = 1;
413 }
414 send_array = call_info->caller_call_opline - 2;
415 send_needly = call_info->caller_call_opline - 3;
416 }
417
418 if (send_array->opcode == ZEND_SEND_VAL
419 && send_array->op1_type == IS_CONST
420 && Z_TYPE_P(CT_CONSTANT_EX(op_array, send_array->op1.constant)) == IS_ARRAY
421 && (send_needly->opcode == ZEND_SEND_VAL
422 || send_needly->opcode == ZEND_SEND_VAR)
423 ) {
424 int ok = 1;
425
426 HashTable *src = Z_ARRVAL_P(CT_CONSTANT_EX(op_array, send_array->op1.constant));
427 HashTable *dst;
428 zval *val, tmp;
429 zend_ulong idx;
430
431 ZVAL_TRUE(&tmp);
432 dst = zend_new_array(zend_hash_num_elements(src));
433 if (strict) {
434 ZEND_HASH_FOREACH_VAL(src, val) {
435 if (Z_TYPE_P(val) == IS_STRING) {
436 zend_hash_add(dst, Z_STR_P(val), &tmp);
437 } else if (Z_TYPE_P(val) == IS_LONG) {
438 zend_hash_index_add(dst, Z_LVAL_P(val), &tmp);
439 } else {
440 zend_array_destroy(dst);
441 ok = 0;
442 break;
443 }
444 } ZEND_HASH_FOREACH_END();
445 } else {
446 ZEND_HASH_FOREACH_VAL(src, val) {
447 if (Z_TYPE_P(val) != IS_STRING || ZEND_HANDLE_NUMERIC(Z_STR_P(val), idx)) {
448 zend_array_destroy(dst);
449 ok = 0;
450 break;
451 }
452 zend_hash_add(dst, Z_STR_P(val), &tmp);
453 } ZEND_HASH_FOREACH_END();
454 }
455
456 if (ok) {
457 uint32_t op_num = send_needly - op_array->opcodes;
458 zend_ssa_op *ssa_op = ssa->ops + op_num;
459
460 if (ssa_op->op1_use >= 0) {
461 /* Reconstruct SSA */
462 int var_num = ssa_op->op1_use;
463 zend_ssa_var *var = ssa->vars + var_num;
464
465 ZEND_ASSERT(ssa_op->op1_def < 0);
466 zend_ssa_unlink_use_chain(ssa, op_num, ssa_op->op1_use);
467 ssa_op->op1_use = -1;
468 ssa_op->op1_use_chain = -1;
469 op_num = call_info->caller_call_opline - op_array->opcodes;
470 ssa_op = ssa->ops + op_num;
471 ssa_op->op1_use = var_num;
472 ssa_op->op1_use_chain = var->use_chain;
473 var->use_chain = op_num;
474 }
475
476 ZVAL_ARR(&tmp, dst);
477
478 /* Update opcode */
479 call_info->caller_call_opline->opcode = ZEND_IN_ARRAY;
480 call_info->caller_call_opline->extended_value = strict;
481 call_info->caller_call_opline->op1_type = send_needly->op1_type;
482 call_info->caller_call_opline->op1.num = send_needly->op1.num;
483 call_info->caller_call_opline->op2_type = IS_CONST;
484 call_info->caller_call_opline->op2.constant = zend_optimizer_add_literal(op_array, &tmp);
485 if (call_info->caller_init_opline->extended_value == 3) {
486 MAKE_NOP(call_info->caller_call_opline - 1);
487 }
488 MAKE_NOP(call_info->caller_init_opline);
489 MAKE_NOP(send_needly);
490 MAKE_NOP(send_array);
491 removed_ops++;
492
493 }
494 }
495 }
496 call_info = call_info->next_callee;
497 } while (call_info);
498 }
499
500 return removed_ops;
501 }
502
take_successor_0(zend_ssa * ssa,int block_num,zend_basic_block * block)503 static zend_always_inline void take_successor_0(zend_ssa *ssa, int block_num, zend_basic_block *block)
504 {
505 if (block->successors_count == 2) {
506 if (block->successors[1] != block->successors[0]) {
507 zend_ssa_remove_predecessor(ssa, block_num, block->successors[1]);
508 }
509 block->successors_count = 1;
510 }
511 }
512
take_successor_1(zend_ssa * ssa,int block_num,zend_basic_block * block)513 static zend_always_inline void take_successor_1(zend_ssa *ssa, int block_num, zend_basic_block *block)
514 {
515 if (block->successors_count == 2) {
516 if (block->successors[1] != block->successors[0]) {
517 zend_ssa_remove_predecessor(ssa, block_num, block->successors[0]);
518 block->successors[0] = block->successors[1];
519 }
520 block->successors_count = 1;
521 }
522 }
523
compress_block(zend_op_array * op_array,zend_basic_block * block)524 static void compress_block(zend_op_array *op_array, zend_basic_block *block)
525 {
526 while (block->len > 0) {
527 zend_op *opline = &op_array->opcodes[block->start + block->len - 1];
528
529 if (opline->opcode == ZEND_NOP
530 && (block->len == 1 || !zend_is_smart_branch(opline - 1))) {
531 block->len--;
532 } else {
533 break;
534 }
535 }
536 }
537
replace_predecessor(zend_ssa * ssa,int block_id,int old_pred,int new_pred)538 static void replace_predecessor(zend_ssa *ssa, int block_id, int old_pred, int new_pred) {
539 zend_basic_block *block = &ssa->cfg.blocks[block_id];
540 int *predecessors = &ssa->cfg.predecessors[block->predecessor_offset];
541 zend_ssa_phi *phi;
542
543 int i;
544 int old_pred_idx = -1;
545 int new_pred_idx = -1;
546 for (i = 0; i < block->predecessors_count; i++) {
547 if (predecessors[i] == old_pred) {
548 old_pred_idx = i;
549 }
550 if (predecessors[i] == new_pred) {
551 new_pred_idx = i;
552 }
553 }
554
555 ZEND_ASSERT(old_pred_idx != -1);
556 if (new_pred_idx == -1) {
557 /* If the new predecessor doesn't exist yet, simply rewire the old one */
558 predecessors[old_pred_idx] = new_pred;
559 } else {
560 /* Otherwise, rewiring the old predecessor would make the new predecessor appear
561 * twice, which violates our CFG invariants. Remove the old predecessor instead. */
562 memmove(
563 predecessors + old_pred_idx,
564 predecessors + old_pred_idx + 1,
565 sizeof(int) * (block->predecessors_count - old_pred_idx - 1)
566 );
567
568 /* Also remove the corresponding phi node entries */
569 for (phi = ssa->blocks[block_id].phis; phi; phi = phi->next) {
570 memmove(
571 phi->sources + old_pred_idx,
572 phi->sources + old_pred_idx + 1,
573 sizeof(int) * (block->predecessors_count - old_pred_idx - 1)
574 );
575 }
576
577 block->predecessors_count--;
578 }
579 }
580
zend_ssa_replace_control_link(zend_op_array * op_array,zend_ssa * ssa,int from,int to,int new_to)581 static void zend_ssa_replace_control_link(zend_op_array *op_array, zend_ssa *ssa, int from, int to, int new_to)
582 {
583 zend_basic_block *src = &ssa->cfg.blocks[from];
584 zend_basic_block *old = &ssa->cfg.blocks[to];
585 zend_basic_block *dst = &ssa->cfg.blocks[new_to];
586 int i;
587 zend_op *opline;
588
589 for (i = 0; i < src->successors_count; i++) {
590 if (src->successors[i] == to) {
591 src->successors[i] = new_to;
592 }
593 }
594
595 if (src->len > 0) {
596 opline = op_array->opcodes + src->start + src->len - 1;
597 switch (opline->opcode) {
598 case ZEND_JMP:
599 case ZEND_FAST_CALL:
600 ZEND_ASSERT(ZEND_OP1_JMP_ADDR(opline) == op_array->opcodes + old->start);
601 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, op_array->opcodes + dst->start);
602 break;
603 case ZEND_JMPZNZ:
604 if (ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) == old->start) {
605 opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, dst->start);
606 }
607 /* break missing intentionally */
608 case ZEND_JMPZ:
609 case ZEND_JMPNZ:
610 case ZEND_JMPZ_EX:
611 case ZEND_JMPNZ_EX:
612 case ZEND_FE_RESET_R:
613 case ZEND_FE_RESET_RW:
614 case ZEND_JMP_SET:
615 case ZEND_COALESCE:
616 case ZEND_ASSERT_CHECK:
617 if (ZEND_OP2_JMP_ADDR(opline) == op_array->opcodes + old->start) {
618 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, op_array->opcodes + dst->start);
619 }
620 break;
621 case ZEND_CATCH:
622 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
623 if (ZEND_OP2_JMP_ADDR(opline) == op_array->opcodes + old->start) {
624 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, op_array->opcodes + dst->start);
625 }
626 }
627 break;
628 case ZEND_DECLARE_ANON_CLASS:
629 case ZEND_DECLARE_ANON_INHERITED_CLASS:
630 case ZEND_FE_FETCH_R:
631 case ZEND_FE_FETCH_RW:
632 if (ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) == old->start) {
633 opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, dst->start);
634 }
635 break;
636 case ZEND_SWITCH_LONG:
637 case ZEND_SWITCH_STRING:
638 {
639 HashTable *jumptable = Z_ARRVAL(ZEND_OP2_LITERAL(opline));
640 zval *zv;
641 ZEND_HASH_FOREACH_VAL(jumptable, zv) {
642 if (ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv)) == old->start) {
643 Z_LVAL_P(zv) = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, dst->start);
644 }
645 } ZEND_HASH_FOREACH_END();
646 if (ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) == old->start) {
647 opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, dst->start);
648 }
649 break;
650 }
651 }
652 }
653
654 replace_predecessor(ssa, new_to, to, from);
655 }
656
zend_ssa_unlink_block(zend_op_array * op_array,zend_ssa * ssa,zend_basic_block * block,int block_num)657 static void zend_ssa_unlink_block(zend_op_array *op_array, zend_ssa *ssa, zend_basic_block *block, int block_num)
658 {
659 if (block->predecessors_count == 1 && ssa->blocks[block_num].phis == NULL) {
660 int *predecessors, i;
661
662 ZEND_ASSERT(block->successors_count == 1);
663 predecessors = &ssa->cfg.predecessors[block->predecessor_offset];
664 for (i = 0; i < block->predecessors_count; i++) {
665 zend_ssa_replace_control_link(op_array, ssa, predecessors[i], block_num, block->successors[0]);
666 }
667 zend_ssa_remove_block(op_array, ssa, block_num);
668 }
669 }
670
zend_dfa_optimize_jmps(zend_op_array * op_array,zend_ssa * ssa)671 static int zend_dfa_optimize_jmps(zend_op_array *op_array, zend_ssa *ssa)
672 {
673 int removed_ops = 0;
674 int block_num = 0;
675
676 for (block_num = 1; block_num < ssa->cfg.blocks_count; block_num++) {
677 zend_basic_block *block = &ssa->cfg.blocks[block_num];
678
679 if (!(block->flags & ZEND_BB_REACHABLE)) {
680 continue;
681 }
682 compress_block(op_array, block);
683 if (block->len == 0) {
684 zend_ssa_unlink_block(op_array, ssa, block, block_num);
685 }
686 }
687
688 block_num = 0;
689 while (block_num < ssa->cfg.blocks_count
690 && !(ssa->cfg.blocks[block_num].flags & ZEND_BB_REACHABLE)) {
691 block_num++;
692 }
693 while (block_num < ssa->cfg.blocks_count) {
694 int next_block_num = block_num + 1;
695 zend_basic_block *block = &ssa->cfg.blocks[block_num];
696 uint32_t op_num;
697 zend_op *opline;
698 zend_ssa_op *ssa_op;
699
700 while (next_block_num < ssa->cfg.blocks_count
701 && !(ssa->cfg.blocks[next_block_num].flags & ZEND_BB_REACHABLE)) {
702 next_block_num++;
703 }
704
705 if (block->len) {
706 op_num = block->start + block->len - 1;
707 opline = op_array->opcodes + op_num;
708 ssa_op = ssa->ops + op_num;
709
710 switch (opline->opcode) {
711 case ZEND_JMP:
712 optimize_jmp:
713 if (block->successors[0] == next_block_num) {
714 MAKE_NOP(opline);
715 removed_ops++;
716 goto optimize_nop;
717 }
718 break;
719 case ZEND_JMPZ:
720 optimize_jmpz:
721 if (opline->op1_type == IS_CONST) {
722 if (zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
723 MAKE_NOP(opline);
724 removed_ops++;
725 take_successor_1(ssa, block_num, block);
726 goto optimize_nop;
727 } else {
728 opline->opcode = ZEND_JMP;
729 COPY_NODE(opline->op1, opline->op2);
730 take_successor_0(ssa, block_num, block);
731 goto optimize_jmp;
732 }
733 } else {
734 if (block->successors[0] == next_block_num) {
735 take_successor_0(ssa, block_num, block);
736 if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_UNDEF)) {
737 opline->opcode = ZEND_CHECK_VAR;
738 opline->op2.num = 0;
739 } else if (opline->op1_type == IS_CV || !(OP1_INFO() & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
740 zend_ssa_remove_instr(ssa, opline, ssa_op);
741 removed_ops++;
742 goto optimize_nop;
743 } else {
744 opline->opcode = ZEND_FREE;
745 opline->op2.num = 0;
746 }
747 }
748 }
749 break;
750 case ZEND_JMPNZ:
751 optimize_jmpnz:
752 if (opline->op1_type == IS_CONST) {
753 if (zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
754 opline->opcode = ZEND_JMP;
755 COPY_NODE(opline->op1, opline->op2);
756 take_successor_0(ssa, block_num, block);
757 goto optimize_jmp;
758 } else {
759 MAKE_NOP(opline);
760 removed_ops++;
761 take_successor_1(ssa, block_num, block);
762 goto optimize_nop;
763 }
764 } else if (block->successors_count == 2) {
765 if (block->successors[0] == next_block_num) {
766 take_successor_0(ssa, block_num, block);
767 if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_UNDEF)) {
768 opline->opcode = ZEND_CHECK_VAR;
769 opline->op2.num = 0;
770 } else if (opline->op1_type == IS_CV || !(OP1_INFO() & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
771 zend_ssa_remove_instr(ssa, opline, ssa_op);
772 removed_ops++;
773 goto optimize_nop;
774 } else {
775 opline->opcode = ZEND_FREE;
776 opline->op2.num = 0;
777 }
778 }
779 }
780 break;
781 case ZEND_JMPZNZ:
782 if (opline->op1_type == IS_CONST) {
783 if (zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
784 zend_op *target_opline = ZEND_OFFSET_TO_OPLINE(opline, opline->extended_value);
785 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target_opline);
786 take_successor_1(ssa, block_num, block);
787 } else {
788 zend_op *target_opline = ZEND_OP2_JMP_ADDR(opline);
789 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target_opline);
790 take_successor_0(ssa, block_num, block);
791 }
792 opline->op1_type = IS_UNUSED;
793 opline->extended_value = 0;
794 opline->opcode = ZEND_JMP;
795 goto optimize_jmp;
796 } else if (block->successors_count == 2) {
797 if (block->successors[0] == block->successors[1]) {
798 take_successor_0(ssa, block_num, block);
799 if (block->successors[0] == next_block_num) {
800 if (opline->op1_type == IS_CV && (OP1_INFO() & MAY_BE_UNDEF)) {
801 opline->opcode = ZEND_CHECK_VAR;
802 opline->op2.num = 0;
803 } else if (opline->op1_type == IS_CV || !(OP1_INFO() & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
804 zend_ssa_remove_instr(ssa, opline, ssa_op);
805 removed_ops++;
806 goto optimize_nop;
807 } else {
808 opline->opcode = ZEND_FREE;
809 opline->op2.num = 0;
810 }
811 } else if ((opline->op1_type == IS_CV && !(OP1_INFO() & MAY_BE_UNDEF)) || !(OP1_INFO() & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
812 ZEND_ASSERT(ssa_op->op1_use >= 0);
813 zend_ssa_unlink_use_chain(ssa, op_num, ssa_op->op1_use);
814 ssa_op->op1_use = -1;
815 ssa_op->op1_use_chain = -1;
816 opline->opcode = ZEND_JMP;
817 opline->op1_type = IS_UNUSED;
818 opline->op1.num = opline->op2.num;
819 goto optimize_jmp;
820 }
821 }
822 }
823 break;
824 case ZEND_JMPZ_EX:
825 if (ssa->vars[ssa_op->result_def].use_chain < 0
826 && ssa->vars[ssa_op->result_def].phi_use_chain == NULL) {
827 opline->opcode = ZEND_JMPZ;
828 opline->result_type = IS_UNUSED;
829 zend_ssa_remove_result_def(ssa, ssa_op);
830 goto optimize_jmpz;
831 } else if (opline->op1_type == IS_CONST) {
832 if (zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
833 opline->opcode = ZEND_QM_ASSIGN;
834 take_successor_1(ssa, block_num, block);
835 }
836 }
837 break;
838 case ZEND_JMPNZ_EX:
839 if (ssa->vars[ssa_op->result_def].use_chain < 0
840 && ssa->vars[ssa_op->result_def].phi_use_chain == NULL) {
841 opline->opcode = ZEND_JMPNZ;
842 opline->result_type = IS_UNUSED;
843 zend_ssa_remove_result_def(ssa, ssa_op);
844 goto optimize_jmpnz;
845 } else if (opline->op1_type == IS_CONST) {
846 if (!zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
847 opline->opcode = ZEND_QM_ASSIGN;
848 take_successor_1(ssa, block_num, block);
849 }
850 }
851 break;
852 case ZEND_JMP_SET:
853 if (ssa->vars[ssa_op->result_def].use_chain < 0
854 && ssa->vars[ssa_op->result_def].phi_use_chain == NULL) {
855 opline->opcode = ZEND_JMPNZ;
856 opline->result_type = IS_UNUSED;
857 zend_ssa_remove_result_def(ssa, ssa_op);
858 goto optimize_jmpnz;
859 } else if (opline->op1_type == IS_CONST) {
860 if (!zend_is_true(CT_CONSTANT_EX(op_array, opline->op1.constant))) {
861 MAKE_NOP(opline);
862 removed_ops++;
863 take_successor_1(ssa, block_num, block);
864 zend_ssa_remove_result_def(ssa, ssa_op);
865 goto optimize_nop;
866 }
867 }
868 break;
869 case ZEND_COALESCE:
870 {
871 zend_ssa_var *var = &ssa->vars[ssa_op->result_def];
872 if (opline->op1_type == IS_CONST
873 && var->use_chain < 0 && var->phi_use_chain == NULL) {
874 if (Z_TYPE_P(CT_CONSTANT_EX(op_array, opline->op1.constant)) == IS_NULL) {
875 zend_ssa_remove_result_def(ssa, ssa_op);
876 MAKE_NOP(opline);
877 removed_ops++;
878 take_successor_1(ssa, block_num, block);
879 goto optimize_nop;
880 } else {
881 if (opline->result_type & (IS_TMP_VAR|IS_VAR)) {
882 zend_optimizer_remove_live_range_ex(op_array, opline->result.var, var->definition);
883 }
884 opline->opcode = ZEND_JMP;
885 opline->result_type = IS_UNUSED;
886 zend_ssa_remove_result_def(ssa, ssa_op);
887 COPY_NODE(opline->op1, opline->op2);
888 take_successor_0(ssa, block_num, block);
889 goto optimize_jmp;
890 }
891 }
892 break;
893 }
894 case ZEND_NOP:
895 optimize_nop:
896 compress_block(op_array, block);
897 if (block->len == 0) {
898 if (block_num > 0) {
899 zend_ssa_unlink_block(op_array, ssa, block, block_num);
900 /* backtrack to previous basic block */
901 do {
902 block_num--;
903 } while (block_num >= 0
904 && !(ssa->cfg.blocks[block_num].flags & ZEND_BB_REACHABLE));
905 if (block_num >= 0) {
906 continue;
907 }
908 }
909 }
910 break;
911 default:
912 break;
913 }
914 }
915
916 block_num = next_block_num;
917 }
918
919 return removed_ops;
920 }
921
zend_dfa_optimize_op_array(zend_op_array * op_array,zend_optimizer_ctx * ctx,zend_ssa * ssa,zend_call_info ** call_map)922 void zend_dfa_optimize_op_array(zend_op_array *op_array, zend_optimizer_ctx *ctx, zend_ssa *ssa, zend_call_info **call_map)
923 {
924 if (ctx->debug_level & ZEND_DUMP_BEFORE_DFA_PASS) {
925 zend_dump_op_array(op_array, ZEND_DUMP_SSA, "before dfa pass", ssa);
926 }
927
928 if (ssa->var_info) {
929 int op_1;
930 int v;
931 int remove_nops = 0;
932 zend_op *opline;
933 zval tmp;
934
935 #if ZEND_DEBUG_DFA
936 ssa_verify_integrity(op_array, ssa, "before dfa");
937 #endif
938
939 if (ZEND_OPTIMIZER_PASS_8 & ctx->optimization_level) {
940 if (sccp_optimize_op_array(ctx, op_array, ssa, call_map)) {
941 remove_nops = 1;
942 }
943
944 if (zend_dfa_optimize_jmps(op_array, ssa)) {
945 remove_nops = 1;
946 }
947
948 #if ZEND_DEBUG_DFA
949 ssa_verify_integrity(op_array, ssa, "after sccp");
950 #endif
951 if (ZEND_FUNC_INFO(op_array)) {
952 if (zend_dfa_optimize_calls(op_array, ssa)) {
953 remove_nops = 1;
954 }
955 }
956 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_8) {
957 zend_dump_op_array(op_array, ZEND_DUMP_SSA, "after sccp pass", ssa);
958 }
959 #if ZEND_DEBUG_DFA
960 ssa_verify_integrity(op_array, ssa, "after calls");
961 #endif
962 }
963
964 if (ZEND_OPTIMIZER_PASS_14 & ctx->optimization_level) {
965 if (dce_optimize_op_array(op_array, ssa, 0)) {
966 remove_nops = 1;
967 }
968 if (zend_dfa_optimize_jmps(op_array, ssa)) {
969 remove_nops = 1;
970 }
971 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_14) {
972 zend_dump_op_array(op_array, ZEND_DUMP_SSA, "after dce pass", ssa);
973 }
974 #if ZEND_DEBUG_DFA
975 ssa_verify_integrity(op_array, ssa, "after dce");
976 #endif
977 }
978
979 for (v = op_array->last_var; v < ssa->vars_count; v++) {
980
981 op_1 = ssa->vars[v].definition;
982
983 if (op_1 < 0) {
984 continue;
985 }
986
987 opline = op_array->opcodes + op_1;
988
989 /* Convert LONG constants to DOUBLE */
990 if (ssa->var_info[v].use_as_double) {
991 if (opline->opcode == ZEND_ASSIGN
992 && opline->op2_type == IS_CONST
993 && ssa->ops[op_1].op1_def == v
994 && !RETURN_VALUE_USED(opline)
995 ) {
996
997 // op_1: ASSIGN ? -> #v [use_as_double], long(?) => ASSIGN ? -> #v, double(?)
998
999 zval *zv = CT_CONSTANT_EX(op_array, opline->op2.constant);
1000 ZEND_ASSERT(Z_TYPE_INFO_P(zv) == IS_LONG);
1001 ZVAL_DOUBLE(&tmp, zval_get_double(zv));
1002 opline->op2.constant = zend_optimizer_add_literal(op_array, &tmp);
1003
1004 } else if (opline->opcode == ZEND_QM_ASSIGN
1005 && opline->op1_type == IS_CONST
1006 ) {
1007
1008 // op_1: QM_ASSIGN #v [use_as_double], long(?) => QM_ASSIGN #v, double(?)
1009
1010 zval *zv = CT_CONSTANT_EX(op_array, opline->op1.constant);
1011 ZEND_ASSERT(Z_TYPE_INFO_P(zv) == IS_LONG);
1012 ZVAL_DOUBLE(&tmp, zval_get_double(zv));
1013 opline->op1.constant = zend_optimizer_add_literal(op_array, &tmp);
1014 }
1015
1016 } else {
1017 if (opline->opcode == ZEND_ADD
1018 || opline->opcode == ZEND_SUB
1019 || opline->opcode == ZEND_MUL
1020 || opline->opcode == ZEND_IS_EQUAL
1021 || opline->opcode == ZEND_IS_NOT_EQUAL
1022 || opline->opcode == ZEND_IS_SMALLER
1023 || opline->opcode == ZEND_IS_SMALLER_OR_EQUAL
1024 ) {
1025
1026 if (opline->op1_type == IS_CONST
1027 && opline->op2_type != IS_CONST
1028 && (OP2_INFO() & MAY_BE_ANY) == MAY_BE_DOUBLE
1029 && Z_TYPE_INFO_P(CT_CONSTANT_EX(op_array, opline->op1.constant)) == IS_LONG
1030 ) {
1031
1032 // op_1: #v.? = ADD long(?), #?.? [double] => #v.? = ADD double(?), #?.? [double]
1033
1034 zval *zv = CT_CONSTANT_EX(op_array, opline->op1.constant);
1035 ZVAL_DOUBLE(&tmp, zval_get_double(zv));
1036 opline->op1.constant = zend_optimizer_add_literal(op_array, &tmp);
1037
1038 } else if (opline->op1_type != IS_CONST
1039 && opline->op2_type == IS_CONST
1040 && (OP1_INFO() & MAY_BE_ANY) == MAY_BE_DOUBLE
1041 && Z_TYPE_INFO_P(CT_CONSTANT_EX(op_array, opline->op2.constant)) == IS_LONG
1042 ) {
1043
1044 // op_1: #v.? = ADD #?.? [double], long(?) => #v.? = ADD #?.? [double], double(?)
1045
1046 zval *zv = CT_CONSTANT_EX(op_array, opline->op2.constant);
1047 ZVAL_DOUBLE(&tmp, zval_get_double(zv));
1048 opline->op2.constant = zend_optimizer_add_literal(op_array, &tmp);
1049 }
1050 } else if (opline->opcode == ZEND_CONCAT) {
1051 if (!(OP1_INFO() & MAY_BE_OBJECT)
1052 && !(OP2_INFO() & MAY_BE_OBJECT)) {
1053 opline->opcode = ZEND_FAST_CONCAT;
1054 }
1055 }
1056 }
1057
1058 if (ssa->vars[v].var >= op_array->last_var) {
1059 /* skip TMP and VAR */
1060 continue;
1061 }
1062
1063 if (opline->opcode == ZEND_ASSIGN
1064 && ssa->ops[op_1].op1_def == v
1065 && !RETURN_VALUE_USED(opline)
1066 ) {
1067 int orig_var = ssa->ops[op_1].op1_use;
1068
1069 if (orig_var >= 0
1070 && !(ssa->var_info[orig_var].type & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))
1071 ) {
1072
1073 int src_var = ssa->ops[op_1].op2_use;
1074
1075 if ((opline->op2_type & (IS_TMP_VAR|IS_VAR))
1076 && src_var >= 0
1077 && !(ssa->var_info[src_var].type & MAY_BE_REF)
1078 && ssa->vars[src_var].definition >= 0
1079 && ssa->ops[ssa->vars[src_var].definition].result_def == src_var
1080 && ssa->ops[ssa->vars[src_var].definition].result_use < 0
1081 && ssa->vars[src_var].use_chain == op_1
1082 && ssa->ops[op_1].op2_use_chain < 0
1083 && !ssa->vars[src_var].phi_use_chain
1084 && !ssa->vars[src_var].sym_use_chain
1085 && opline_supports_assign_contraction(
1086 ssa, &op_array->opcodes[ssa->vars[src_var].definition],
1087 src_var, opline->op1.var)
1088 ) {
1089
1090 int op_2 = ssa->vars[src_var].definition;
1091
1092 // op_2: #src_var.T = OP ... => #v.CV = OP ...
1093 // op_1: ASSIGN #orig_var.CV [undef,scalar] -> #v.CV, #src_var.T NOP
1094
1095 if (zend_ssa_unlink_use_chain(ssa, op_1, orig_var)) {
1096 /* Reconstruct SSA */
1097 ssa->vars[v].definition = op_2;
1098 ssa->ops[op_2].result_def = v;
1099
1100 ssa->vars[src_var].definition = -1;
1101 ssa->vars[src_var].use_chain = -1;
1102
1103 ssa->ops[op_1].op1_use = -1;
1104 ssa->ops[op_1].op2_use = -1;
1105 ssa->ops[op_1].op1_def = -1;
1106 ssa->ops[op_1].op1_use_chain = -1;
1107
1108 /* Update opcodes */
1109 op_array->opcodes[op_2].result_type = opline->op1_type;
1110 op_array->opcodes[op_2].result.var = opline->op1.var;
1111 MAKE_NOP(opline);
1112 remove_nops = 1;
1113 }
1114 } else if (opline->op2_type == IS_CONST
1115 || ((opline->op2_type & (IS_TMP_VAR|IS_VAR|IS_CV))
1116 && ssa->ops[op_1].op2_use >= 0
1117 && ssa->ops[op_1].op2_def < 0)
1118 ) {
1119
1120 // op_1: ASSIGN #orig_var.CV [undef,scalar] -> #v.CV, CONST|TMPVAR => QM_ASSIGN v.CV, CONST|TMPVAR
1121
1122 if (ssa->ops[op_1].op1_use != ssa->ops[op_1].op2_use) {
1123 zend_ssa_unlink_use_chain(ssa, op_1, orig_var);
1124 } else {
1125 ssa->ops[op_1].op2_use_chain = ssa->ops[op_1].op1_use_chain;
1126 }
1127
1128 /* Reconstruct SSA */
1129 ssa->ops[op_1].result_def = v;
1130 ssa->ops[op_1].op1_def = -1;
1131 ssa->ops[op_1].op1_use = ssa->ops[op_1].op2_use;
1132 ssa->ops[op_1].op1_use_chain = ssa->ops[op_1].op2_use_chain;
1133 ssa->ops[op_1].op2_use = -1;
1134 ssa->ops[op_1].op2_use_chain = -1;
1135
1136 /* Update opcode */
1137 opline->result_type = opline->op1_type;
1138 opline->result.var = opline->op1.var;
1139 opline->op1_type = opline->op2_type;
1140 opline->op1.var = opline->op2.var;
1141 opline->op2_type = IS_UNUSED;
1142 opline->op2.var = 0;
1143 opline->opcode = ZEND_QM_ASSIGN;
1144 }
1145 }
1146
1147 } else if (opline->opcode == ZEND_ASSIGN_ADD
1148 && opline->extended_value == 0
1149 && ssa->ops[op_1].op1_def == v
1150 && opline->op2_type == IS_CONST
1151 && Z_TYPE_P(CT_CONSTANT_EX(op_array, opline->op2.constant)) == IS_LONG
1152 && Z_LVAL_P(CT_CONSTANT_EX(op_array, opline->op2.constant)) == 1
1153 && ssa->ops[op_1].op1_use >= 0
1154 && !(ssa->var_info[ssa->ops[op_1].op1_use].type & (MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
1155
1156 // op_1: ASSIGN_ADD #?.CV [undef,null,int,foat] ->#v.CV, int(1) => PRE_INC #?.CV ->#v.CV
1157
1158 opline->opcode = ZEND_PRE_INC;
1159 SET_UNUSED(opline->op2);
1160
1161 } else if (opline->opcode == ZEND_ASSIGN_SUB
1162 && opline->extended_value == 0
1163 && ssa->ops[op_1].op1_def == v
1164 && opline->op2_type == IS_CONST
1165 && Z_TYPE_P(CT_CONSTANT_EX(op_array, opline->op2.constant)) == IS_LONG
1166 && Z_LVAL_P(CT_CONSTANT_EX(op_array, opline->op2.constant)) == 1
1167 && ssa->ops[op_1].op1_use >= 0
1168 && !(ssa->var_info[ssa->ops[op_1].op1_use].type & (MAY_BE_FALSE|MAY_BE_TRUE|MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))) {
1169
1170 // op_1: ASSIGN_SUB #?.CV [undef,null,int,foat] -> #v.CV, int(1) => PRE_DEC #?.CV ->#v.CV
1171
1172 opline->opcode = ZEND_PRE_DEC;
1173 SET_UNUSED(opline->op2);
1174
1175 } else if (opline->opcode == ZEND_VERIFY_RETURN_TYPE
1176 && ssa->ops[op_1].op1_def == v
1177 && ssa->ops[op_1].op1_use >= 0
1178 && ssa->ops[op_1].op1_use_chain == -1
1179 && ssa->vars[v].use_chain >= 0
1180 && can_elide_return_type_check(op_array, ssa, &ssa->ops[op_1])) {
1181
1182 // op_1: VERIFY_RETURN_TYPE #orig_var.CV [T] -> #v.CV [T] => NOP
1183
1184 int orig_var = ssa->ops[op_1].op1_use;
1185 if (zend_ssa_unlink_use_chain(ssa, op_1, orig_var)) {
1186
1187 int ret = ssa->vars[v].use_chain;
1188
1189 ssa->ops[ret].op1_use = orig_var;
1190 ssa->ops[ret].op1_use_chain = ssa->vars[orig_var].use_chain;
1191 ssa->vars[orig_var].use_chain = ret;
1192
1193 ssa->vars[v].definition = -1;
1194 ssa->vars[v].use_chain = -1;
1195
1196 ssa->ops[op_1].op1_def = -1;
1197 ssa->ops[op_1].op1_use = -1;
1198
1199 MAKE_NOP(opline);
1200 remove_nops = 1;
1201 }
1202
1203 } else if (ssa->ops[op_1].op1_def == v
1204 && !RETURN_VALUE_USED(opline)
1205 && ssa->ops[op_1].op1_use >= 0
1206 && !(ssa->var_info[ssa->ops[op_1].op1_use].type & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF))
1207 && (opline->opcode == ZEND_ASSIGN_ADD
1208 || opline->opcode == ZEND_ASSIGN_SUB
1209 || opline->opcode == ZEND_ASSIGN_MUL
1210 || opline->opcode == ZEND_ASSIGN_DIV
1211 || opline->opcode == ZEND_ASSIGN_MOD
1212 || opline->opcode == ZEND_ASSIGN_SL
1213 || opline->opcode == ZEND_ASSIGN_SR
1214 || opline->opcode == ZEND_ASSIGN_BW_OR
1215 || opline->opcode == ZEND_ASSIGN_BW_AND
1216 || opline->opcode == ZEND_ASSIGN_BW_XOR)
1217 && opline->extended_value == 0) {
1218
1219 // op_1: ASSIGN_ADD #orig_var.CV [undef,null,bool,int,double] -> #v.CV, ? => #v.CV = ADD #orig_var.CV, ?
1220
1221 /* Reconstruct SSA */
1222 ssa->ops[op_1].result_def = ssa->ops[op_1].op1_def;
1223 ssa->ops[op_1].op1_def = -1;
1224
1225 /* Update opcode */
1226 opline->opcode -= (ZEND_ASSIGN_ADD - ZEND_ADD);
1227 opline->result_type = opline->op1_type;
1228 opline->result.var = opline->op1.var;
1229
1230 }
1231 }
1232
1233 #if ZEND_DEBUG_DFA
1234 ssa_verify_integrity(op_array, ssa, "after dfa");
1235 #endif
1236
1237 if (remove_nops) {
1238 zend_ssa_remove_nops(op_array, ssa, ctx);
1239 #if ZEND_DEBUG_DFA
1240 ssa_verify_integrity(op_array, ssa, "after nop");
1241 #endif
1242 }
1243 }
1244
1245 if (ctx->debug_level & ZEND_DUMP_AFTER_DFA_PASS) {
1246 zend_dump_op_array(op_array, ZEND_DUMP_SSA, "after dfa pass", ssa);
1247 }
1248 }
1249
zend_optimize_dfa(zend_op_array * op_array,zend_optimizer_ctx * ctx)1250 void zend_optimize_dfa(zend_op_array *op_array, zend_optimizer_ctx *ctx)
1251 {
1252 void *checkpoint = zend_arena_checkpoint(ctx->arena);
1253 zend_ssa ssa;
1254
1255 if (zend_dfa_analyze_op_array(op_array, ctx, &ssa) != SUCCESS) {
1256 zend_arena_release(&ctx->arena, checkpoint);
1257 return;
1258 }
1259
1260 zend_dfa_optimize_op_array(op_array, ctx, &ssa, NULL);
1261
1262 /* Destroy SSA */
1263 zend_arena_release(&ctx->arena, checkpoint);
1264 }
1265
1266 /*
1267 * Local variables:
1268 * tab-width: 4
1269 * c-basic-offset: 4
1270 * indent-tabs-mode: t
1271 * End:
1272 */
1273