1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Stanislav Malyshev <stas@zend.com> |
18 | Dmitry Stogov <dmitry@php.net> |
19 +----------------------------------------------------------------------+
20 */
21
22 #include "php.h"
23 #include "Optimizer/zend_optimizer.h"
24 #include "Optimizer/zend_optimizer_internal.h"
25 #include "zend_API.h"
26 #include "zend_constants.h"
27 #include "zend_execute.h"
28 #include "zend_vm.h"
29 #include "zend_bitset.h"
30 #include "zend_cfg.h"
31 #include "zend_dump.h"
32
33 /* Checks if a constant (like "true") may be replaced by its value */
zend_optimizer_get_persistent_constant(zend_string * name,zval * result,int copy)34 int zend_optimizer_get_persistent_constant(zend_string *name, zval *result, int copy)
35 {
36 zend_constant *c;
37 char *lookup_name;
38 int retval = 1;
39 ALLOCA_FLAG(use_heap);
40
41 if ((c = zend_hash_find_ptr(EG(zend_constants), name)) == NULL) {
42 lookup_name = do_alloca(ZSTR_LEN(name) + 1, use_heap);
43 memcpy(lookup_name, ZSTR_VAL(name), ZSTR_LEN(name) + 1);
44 zend_str_tolower(lookup_name, ZSTR_LEN(name));
45
46 if ((c = zend_hash_str_find_ptr(EG(zend_constants), lookup_name, ZSTR_LEN(name))) != NULL) {
47 if (!(ZEND_CONSTANT_FLAGS(c) & CONST_CT_SUBST) || (ZEND_CONSTANT_FLAGS(c) & CONST_CS)) {
48 retval = 0;
49 }
50 } else {
51 retval = 0;
52 }
53 free_alloca(lookup_name, use_heap);
54 }
55
56 if (retval) {
57 if ((ZEND_CONSTANT_FLAGS(c) & CONST_PERSISTENT)
58 && (!(ZEND_CONSTANT_FLAGS(c) & CONST_NO_FILE_CACHE)
59 || !(CG(compiler_options) & ZEND_COMPILE_WITH_FILE_CACHE))) {
60 ZVAL_COPY_VALUE(result, &c->value);
61 if (copy) {
62 Z_TRY_ADDREF_P(result);
63 }
64 } else {
65 retval = 0;
66 }
67 }
68
69 return retval;
70 }
71
72 /* CFG back references management */
73
74 #define DEL_SOURCE(from, to)
75 #define ADD_SOURCE(from, to)
76
77 /* Data dependencies macros */
78
79 #define VAR_NUM_EX(op) VAR_NUM((op).var)
80
81 #define VAR_SOURCE(op) Tsource[VAR_NUM(op.var)]
82 #define SET_VAR_SOURCE(opline) Tsource[VAR_NUM(opline->result.var)] = opline
83
strip_leading_nops(zend_op_array * op_array,zend_basic_block * b)84 static void strip_leading_nops(zend_op_array *op_array, zend_basic_block *b)
85 {
86 zend_op *opcodes = op_array->opcodes;
87
88 do {
89 /* check if NOP breaks incorrect smart branch */
90 if (b->len == 2
91 && (opcodes[b->start + 1].opcode == ZEND_JMPZ
92 || opcodes[b->start + 1].opcode == ZEND_JMPNZ)
93 && (opcodes[b->start + 1].op1_type & (IS_CV|IS_CONST))
94 && b->start > 0
95 && zend_is_smart_branch(opcodes + b->start - 1)) {
96 break;
97 }
98 b->start++;
99 b->len--;
100 } while (b->len > 0 && opcodes[b->start].opcode == ZEND_NOP);
101 }
102
strip_nops(zend_op_array * op_array,zend_basic_block * b)103 static void strip_nops(zend_op_array *op_array, zend_basic_block *b)
104 {
105 uint32_t i, j;
106
107 if (b->len == 0) {
108 return;
109 }
110
111 if (op_array->opcodes[b->start].opcode == ZEND_NOP) {
112 strip_leading_nops(op_array, b);
113 }
114
115 if (b->len == 0) {
116 return;
117 }
118
119 /* strip the inside NOPs */
120 i = j = b->start + 1;
121 while (i < b->start + b->len) {
122 if (op_array->opcodes[i].opcode != ZEND_NOP) {
123 if (i != j) {
124 op_array->opcodes[j] = op_array->opcodes[i];
125 }
126 j++;
127 }
128 if (i + 1 < b->start + b->len
129 && (op_array->opcodes[i+1].opcode == ZEND_JMPZ
130 || op_array->opcodes[i+1].opcode == ZEND_JMPNZ)
131 && op_array->opcodes[i+1].op1_type & (IS_CV|IS_CONST)
132 && zend_is_smart_branch(op_array->opcodes + j - 1)) {
133 /* don't remove NOP, that splits incorrect smart branch */
134 j++;
135 }
136 i++;
137 }
138 b->len = j - b->start;
139 while (j < i) {
140 MAKE_NOP(op_array->opcodes + j);
141 j++;
142 }
143 }
144
get_const_switch_target(zend_cfg * cfg,zend_op_array * op_array,zend_basic_block * block,zend_op * opline,zval * val)145 static int get_const_switch_target(zend_cfg *cfg, zend_op_array *op_array, zend_basic_block *block, zend_op *opline, zval *val) {
146 HashTable *jumptable = Z_ARRVAL(ZEND_OP2_LITERAL(opline));
147 zval *zv;
148 if ((opline->opcode == ZEND_SWITCH_LONG && Z_TYPE_P(val) != IS_LONG)
149 || (opline->opcode == ZEND_SWITCH_STRING && Z_TYPE_P(val) != IS_STRING)) {
150 /* fallback to next block */
151 return block->successors[block->successors_count - 1];
152 }
153 if (Z_TYPE_P(val) == IS_LONG) {
154 zv = zend_hash_index_find(jumptable, Z_LVAL_P(val));
155 } else {
156 ZEND_ASSERT(Z_TYPE_P(val) == IS_STRING);
157 zv = zend_hash_find(jumptable, Z_STR_P(val));
158 }
159 if (!zv) {
160 /* default */
161 return block->successors[block->successors_count - 2];
162 }
163 return cfg->map[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv))];
164 }
165
zend_optimize_block(zend_basic_block * block,zend_op_array * op_array,zend_bitset used_ext,zend_cfg * cfg,zend_op ** Tsource,uint32_t * opt_count)166 static void zend_optimize_block(zend_basic_block *block, zend_op_array *op_array, zend_bitset used_ext, zend_cfg *cfg, zend_op **Tsource, uint32_t *opt_count)
167 {
168 zend_op *opline, *src;
169 zend_op *end, *last_op = NULL;
170
171 if (block->len == 0) {
172 return;
173 }
174
175 if (op_array->opcodes[block->start].opcode == ZEND_NOP) {
176 /* remove leading NOPs */
177 strip_leading_nops(op_array, block);
178 }
179
180 opline = op_array->opcodes + block->start;
181 end = opline + block->len;
182 while (opline < end) {
183 /* Constant Propagation: strip X = QM_ASSIGN(const) */
184 if (opline->op1_type == IS_TMP_VAR &&
185 opline->opcode != ZEND_FREE) {
186 src = VAR_SOURCE(opline->op1);
187 if (src &&
188 src->opcode == ZEND_QM_ASSIGN &&
189 src->op1_type == IS_CONST
190 ) {
191 znode_op op1 = opline->op1;
192 if (opline->opcode == ZEND_VERIFY_RETURN_TYPE) {
193 COPY_NODE(opline->result, opline->op1);
194 COPY_NODE(opline->op1, src->op1);
195 VAR_SOURCE(op1) = NULL;
196 MAKE_NOP(src);
197 ++(*opt_count);
198 } else {
199 zval c;
200 ZVAL_COPY(&c, &ZEND_OP1_LITERAL(src));
201 if (zend_optimizer_update_op1_const(op_array, opline, &c)) {
202 VAR_SOURCE(op1) = NULL;
203 literal_dtor(&ZEND_OP1_LITERAL(src));
204 MAKE_NOP(src);
205 ++(*opt_count);
206 switch (opline->opcode) {
207 case ZEND_JMPZ:
208 if (zend_is_true(&ZEND_OP1_LITERAL(opline))) {
209 MAKE_NOP(opline);
210 DEL_SOURCE(block, block->successors[0]);
211 block->successors_count = 1;
212 block->successors[0] = block->successors[1];
213 } else {
214 opline->opcode = ZEND_JMP;
215 COPY_NODE(opline->op1, opline->op2);
216 DEL_SOURCE(block, block->successors[1]);
217 block->successors_count = 1;
218 }
219 break;
220 case ZEND_JMPNZ:
221 if (zend_is_true(&ZEND_OP1_LITERAL(opline))) {
222 opline->opcode = ZEND_JMP;
223 COPY_NODE(opline->op1, opline->op2);
224 DEL_SOURCE(block, block->successors[1]);
225 block->successors_count = 1;
226 } else {
227 MAKE_NOP(opline);
228 DEL_SOURCE(block, block->successors[0]);
229 block->successors_count = 1;
230 block->successors[0] = block->successors[1];
231 }
232 break;
233 case ZEND_JMPZNZ:
234 if (zend_is_true(&ZEND_OP1_LITERAL(opline))) {
235 zend_op *target_opline = ZEND_OFFSET_TO_OPLINE(opline, opline->extended_value);
236 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target_opline);
237 DEL_SOURCE(block, block->successors[0]);
238 block->successors[0] = block->successors[1];
239 } else {
240 zend_op *target_opline = ZEND_OP2_JMP_ADDR(opline);
241 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target_opline);
242 DEL_SOURCE(block, block->successors[0]);
243 }
244 block->successors_count = 1;
245 opline->op1_type = IS_UNUSED;
246 opline->extended_value = 0;
247 opline->opcode = ZEND_JMP;
248 break;
249 default:
250 break;
251 }
252 } else {
253 zval_ptr_dtor_nogc(&c);
254 }
255 }
256 }
257 }
258
259 /* Constant Propagation: strip X = QM_ASSIGN(const) */
260 if (opline->op2_type == IS_TMP_VAR) {
261 src = VAR_SOURCE(opline->op2);
262 if (src &&
263 src->opcode == ZEND_QM_ASSIGN &&
264 src->op1_type == IS_CONST) {
265
266 znode_op op2 = opline->op2;
267 zval c;
268
269 ZVAL_COPY(&c, &ZEND_OP1_LITERAL(src));
270 if (zend_optimizer_update_op2_const(op_array, opline, &c)) {
271 VAR_SOURCE(op2) = NULL;
272 literal_dtor(&ZEND_OP1_LITERAL(src));
273 MAKE_NOP(src);
274 ++(*opt_count);
275 } else {
276 zval_ptr_dtor_nogc(&c);
277 }
278 }
279 }
280
281 if (opline->opcode == ZEND_ECHO) {
282 if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
283 src = VAR_SOURCE(opline->op1);
284 if (src &&
285 src->opcode == ZEND_CAST &&
286 src->extended_value == IS_STRING) {
287 /* T = CAST(X, String), ECHO(T) => NOP, ECHO(X) */
288 VAR_SOURCE(opline->op1) = NULL;
289 COPY_NODE(opline->op1, src->op1);
290 MAKE_NOP(src);
291 ++(*opt_count);
292 }
293 }
294
295 if (opline->op1_type == IS_CONST) {
296 if (last_op && last_op->opcode == ZEND_ECHO &&
297 last_op->op1_type == IS_CONST &&
298 Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_DOUBLE &&
299 Z_TYPE(ZEND_OP1_LITERAL(last_op)) != IS_DOUBLE) {
300 /* compress consecutive ECHO's.
301 * Float to string conversion may be affected by current
302 * locale setting.
303 */
304 int l, old_len;
305
306 if (Z_TYPE(ZEND_OP1_LITERAL(opline)) != IS_STRING) {
307 convert_to_string(&ZEND_OP1_LITERAL(opline));
308 }
309 if (Z_TYPE(ZEND_OP1_LITERAL(last_op)) != IS_STRING) {
310 convert_to_string(&ZEND_OP1_LITERAL(last_op));
311 }
312 old_len = Z_STRLEN(ZEND_OP1_LITERAL(last_op));
313 l = old_len + Z_STRLEN(ZEND_OP1_LITERAL(opline));
314 if (!Z_REFCOUNTED(ZEND_OP1_LITERAL(last_op))) {
315 zend_string *tmp = zend_string_alloc(l, 0);
316 memcpy(ZSTR_VAL(tmp), Z_STRVAL(ZEND_OP1_LITERAL(last_op)), old_len);
317 Z_STR(ZEND_OP1_LITERAL(last_op)) = tmp;
318 } else {
319 Z_STR(ZEND_OP1_LITERAL(last_op)) = zend_string_extend(Z_STR(ZEND_OP1_LITERAL(last_op)), l, 0);
320 }
321 Z_TYPE_INFO(ZEND_OP1_LITERAL(last_op)) = IS_STRING_EX;
322 memcpy(Z_STRVAL(ZEND_OP1_LITERAL(last_op)) + old_len, Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)));
323 Z_STRVAL(ZEND_OP1_LITERAL(last_op))[l] = '\0';
324 zval_ptr_dtor_nogc(&ZEND_OP1_LITERAL(opline));
325 ZVAL_STR(&ZEND_OP1_LITERAL(opline), zend_new_interned_string(Z_STR(ZEND_OP1_LITERAL(last_op))));
326 ZVAL_NULL(&ZEND_OP1_LITERAL(last_op));
327 MAKE_NOP(last_op);
328 ++(*opt_count);
329 }
330 last_op = opline;
331 } else {
332 last_op = NULL;
333 }
334 } else {
335 last_op = NULL;
336 }
337
338 switch (opline->opcode) {
339
340 case ZEND_FREE:
341 if (opline->op1_type == IS_TMP_VAR) {
342 src = VAR_SOURCE(opline->op1);
343 if (src &&
344 (src->opcode == ZEND_BOOL || src->opcode == ZEND_BOOL_NOT)) {
345 /* T = BOOL(X), FREE(T) => T = BOOL(X) */
346 /* The remaining BOOL is removed by a separate optimization */
347 VAR_SOURCE(opline->op1) = NULL;
348 MAKE_NOP(opline);
349 ++(*opt_count);
350 }
351 } else if (opline->op1_type == IS_VAR) {
352 src = VAR_SOURCE(opline->op1);
353 /* V = OP, FREE(V) => OP. NOP */
354 if (src &&
355 src->opcode != ZEND_FETCH_R &&
356 src->opcode != ZEND_FETCH_STATIC_PROP_R &&
357 src->opcode != ZEND_FETCH_DIM_R &&
358 src->opcode != ZEND_FETCH_OBJ_R &&
359 src->opcode != ZEND_NEW) {
360 src->result_type = IS_UNUSED;
361 MAKE_NOP(opline);
362 ++(*opt_count);
363 }
364 }
365 break;
366
367 #if 0
368 /* pre-evaluate functions:
369 constant(x)
370 function_exists(x)
371 extension_loaded(x)
372 BAD: interacts badly with Accelerator
373 */
374 if((opline->op1_type & IS_VAR) &&
375 VAR_SOURCE(opline->op1) && VAR_SOURCE(opline->op1)->opcode == ZEND_DO_CF_FCALL &&
376 VAR_SOURCE(opline->op1)->extended_value == 1) {
377 zend_op *fcall = VAR_SOURCE(opline->op1);
378 zend_op *sv = fcall-1;
379 if(sv >= block->start_opline && sv->opcode == ZEND_SEND_VAL &&
380 sv->op1_type == IS_CONST && Z_TYPE(OPLINE_OP1_LITERAL(sv)) == IS_STRING &&
381 Z_LVAL(OPLINE_OP2_LITERAL(sv)) == 1
382 ) {
383 zval *arg = &OPLINE_OP1_LITERAL(sv);
384 char *fname = FUNCTION_CACHE->funcs[Z_LVAL(ZEND_OP1_LITERAL(fcall))].function_name;
385 int flen = FUNCTION_CACHE->funcs[Z_LVAL(ZEND_OP1_LITERAL(fcall))].name_len;
386 if((flen == sizeof("function_exists")-1 && zend_binary_strcasecmp(fname, flen, "function_exists", sizeof("function_exists")-1) == 0) ||
387 (flen == sizeof("is_callable")-1 && zend_binary_strcasecmp(fname, flen, "is_callable", sizeof("is_callable")-1) == 0)
388 ) {
389 zend_function *function;
390 if((function = zend_hash_find_ptr(EG(function_table), Z_STR_P(arg))) != NULL) {
391 literal_dtor(arg);
392 MAKE_NOP(sv);
393 MAKE_NOP(fcall);
394 LITERAL_BOOL(opline->op1, 1);
395 opline->op1_type = IS_CONST;
396 }
397 } else if(flen == sizeof("constant")-1 && zend_binary_strcasecmp(fname, flen, "constant", sizeof("constant")-1) == 0) {
398 zval c;
399 if(zend_optimizer_get_persistent_constant(Z_STR_P(arg), &c, 1 ELS_CC) != 0) {
400 literal_dtor(arg);
401 MAKE_NOP(sv);
402 MAKE_NOP(fcall);
403 ZEND_OP1_LITERAL(opline) = zend_optimizer_add_literal(op_array, &c);
404 /* no copy ctor - get already copied it */
405 opline->op1_type = IS_CONST;
406 }
407 } else if(flen == sizeof("extension_loaded")-1 && zend_binary_strcasecmp(fname, flen, "extension_loaded", sizeof("extension_loaded")-1) == 0) {
408 if(zend_hash_exists(&module_registry, Z_STR_P(arg))) {
409 literal_dtor(arg);
410 MAKE_NOP(sv);
411 MAKE_NOP(fcall);
412 LITERAL_BOOL(opline->op1, 1);
413 opline->op1_type = IS_CONST;
414 }
415 }
416 }
417 }
418 #endif
419
420 case ZEND_FETCH_LIST_R:
421 case ZEND_FETCH_LIST_W:
422 if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
423 /* LIST variable will be deleted later by FREE */
424 Tsource[VAR_NUM(opline->op1.var)] = NULL;
425 }
426 break;
427
428 case ZEND_SWITCH_LONG:
429 case ZEND_SWITCH_STRING:
430 if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
431 /* SWITCH variable will be deleted later by FREE, so we can't optimize it */
432 Tsource[VAR_NUM(opline->op1.var)] = NULL;
433 break;
434 }
435 if (opline->op1_type == IS_CONST) {
436 int target = get_const_switch_target(cfg, op_array, block, opline, &ZEND_OP1_LITERAL(opline));
437 literal_dtor(&ZEND_OP1_LITERAL(opline));
438 literal_dtor(&ZEND_OP2_LITERAL(opline));
439 opline->opcode = ZEND_JMP;
440 opline->op1_type = IS_UNUSED;
441 opline->op2_type = IS_UNUSED;
442 block->successors_count = 1;
443 block->successors[0] = target;
444 }
445 break;
446
447 case ZEND_CASE:
448 case ZEND_COPY_TMP:
449 if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
450 /* Variable will be deleted later by FREE, so we can't optimize it */
451 Tsource[VAR_NUM(opline->op1.var)] = NULL;
452 break;
453 }
454 /* break missing intentionally */
455
456 case ZEND_IS_EQUAL:
457 case ZEND_IS_NOT_EQUAL:
458 if (opline->op1_type == IS_CONST &&
459 opline->op2_type == IS_CONST) {
460 goto optimize_constant_binary_op;
461 }
462 /* IS_EQ(TRUE, X) => BOOL(X)
463 * IS_EQ(FALSE, X) => BOOL_NOT(X)
464 * IS_NOT_EQ(TRUE, X) => BOOL_NOT(X)
465 * IS_NOT_EQ(FALSE, X) => BOOL(X)
466 * CASE(TRUE, X) => BOOL(X)
467 * CASE(FALSE, X) => BOOL_NOT(X)
468 */
469 if (opline->op1_type == IS_CONST &&
470 (Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_FALSE ||
471 Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_TRUE)) {
472 /* Optimization of comparison with "null" is not safe,
473 * because ("0" == null) is not equal to !("0")
474 */
475 opline->opcode =
476 ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP1_LITERAL(opline))) == IS_TRUE)) ?
477 ZEND_BOOL : ZEND_BOOL_NOT;
478 COPY_NODE(opline->op1, opline->op2);
479 SET_UNUSED(opline->op2);
480 ++(*opt_count);
481 goto optimize_bool;
482 } else if (opline->op2_type == IS_CONST &&
483 (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_FALSE ||
484 Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_TRUE)) {
485 /* Optimization of comparison with "null" is not safe,
486 * because ("0" == null) is not equal to !("0")
487 */
488 opline->opcode =
489 ((opline->opcode != ZEND_IS_NOT_EQUAL) == ((Z_TYPE(ZEND_OP2_LITERAL(opline))) == IS_TRUE)) ?
490 ZEND_BOOL : ZEND_BOOL_NOT;
491 SET_UNUSED(opline->op2);
492 ++(*opt_count);
493 goto optimize_bool;
494 }
495 break;
496
497 case ZEND_BOOL:
498 case ZEND_BOOL_NOT:
499 optimize_bool:
500 if (opline->op1_type == IS_CONST) {
501 goto optimize_const_unary_op;
502 }
503 if (opline->op1_type == IS_TMP_VAR &&
504 !zend_bitset_in(used_ext, VAR_NUM(opline->op1.var))) {
505 src = VAR_SOURCE(opline->op1);
506 if (src) {
507 switch (src->opcode) {
508 case ZEND_BOOL_NOT:
509 /* T = BOOL_NOT(X) + BOOL(T) -> NOP, BOOL_NOT(X) */
510 VAR_SOURCE(opline->op1) = NULL;
511 COPY_NODE(opline->op1, src->op1);
512 opline->opcode = (opline->opcode == ZEND_BOOL) ? ZEND_BOOL_NOT : ZEND_BOOL;
513 MAKE_NOP(src);
514 ++(*opt_count);
515 goto optimize_bool;
516 case ZEND_BOOL:
517 /* T = BOOL(X) + BOOL(T) -> NOP, BOOL(X) */
518 VAR_SOURCE(opline->op1) = NULL;
519 COPY_NODE(opline->op1, src->op1);
520 MAKE_NOP(src);
521 ++(*opt_count);
522 goto optimize_bool;
523 case ZEND_IS_EQUAL:
524 if (opline->opcode == ZEND_BOOL_NOT) {
525 src->opcode = ZEND_IS_NOT_EQUAL;
526 }
527 COPY_NODE(src->result, opline->result);
528 SET_VAR_SOURCE(src);
529 MAKE_NOP(opline);
530 ++(*opt_count);
531 break;
532 case ZEND_IS_NOT_EQUAL:
533 if (opline->opcode == ZEND_BOOL_NOT) {
534 src->opcode = ZEND_IS_EQUAL;
535 }
536 COPY_NODE(src->result, opline->result);
537 SET_VAR_SOURCE(src);
538 MAKE_NOP(opline);
539 ++(*opt_count);
540 break;
541 case ZEND_IS_IDENTICAL:
542 if (opline->opcode == ZEND_BOOL_NOT) {
543 src->opcode = ZEND_IS_NOT_IDENTICAL;
544 }
545 COPY_NODE(src->result, opline->result);
546 SET_VAR_SOURCE(src);
547 MAKE_NOP(opline);
548 ++(*opt_count);
549 break;
550 case ZEND_IS_NOT_IDENTICAL:
551 if (opline->opcode == ZEND_BOOL_NOT) {
552 src->opcode = ZEND_IS_IDENTICAL;
553 }
554 COPY_NODE(src->result, opline->result);
555 SET_VAR_SOURCE(src);
556 MAKE_NOP(opline);
557 ++(*opt_count);
558 break;
559 case ZEND_IS_SMALLER:
560 if (opline->opcode == ZEND_BOOL_NOT) {
561 zend_uchar tmp_type;
562 uint32_t tmp;
563
564 src->opcode = ZEND_IS_SMALLER_OR_EQUAL;
565 tmp_type = src->op1_type;
566 src->op1_type = src->op2_type;
567 src->op2_type = tmp_type;
568 tmp = src->op1.num;
569 src->op1.num = src->op2.num;
570 src->op2.num = tmp;
571 }
572 COPY_NODE(src->result, opline->result);
573 SET_VAR_SOURCE(src);
574 MAKE_NOP(opline);
575 ++(*opt_count);
576 break;
577 case ZEND_IS_SMALLER_OR_EQUAL:
578 if (opline->opcode == ZEND_BOOL_NOT) {
579 zend_uchar tmp_type;
580 uint32_t tmp;
581
582 src->opcode = ZEND_IS_SMALLER;
583 tmp_type = src->op1_type;
584 src->op1_type = src->op2_type;
585 src->op2_type = tmp_type;
586 tmp = src->op1.num;
587 src->op1.num = src->op2.num;
588 src->op2.num = tmp;
589 }
590 COPY_NODE(src->result, opline->result);
591 SET_VAR_SOURCE(src);
592 MAKE_NOP(opline);
593 ++(*opt_count);
594 break;
595 case ZEND_ISSET_ISEMPTY_VAR:
596 case ZEND_ISSET_ISEMPTY_DIM_OBJ:
597 case ZEND_ISSET_ISEMPTY_PROP_OBJ:
598 case ZEND_ISSET_ISEMPTY_STATIC_PROP:
599 case ZEND_INSTANCEOF:
600 case ZEND_TYPE_CHECK:
601 case ZEND_DEFINED:
602 case ZEND_IN_ARRAY:
603 if (opline->opcode == ZEND_BOOL_NOT) {
604 break;
605 }
606 COPY_NODE(src->result, opline->result);
607 SET_VAR_SOURCE(src);
608 MAKE_NOP(opline);
609 ++(*opt_count);
610 break;
611 }
612 }
613 }
614 break;
615
616 case ZEND_JMPZ:
617 case ZEND_JMPNZ:
618 case ZEND_JMPZ_EX:
619 case ZEND_JMPNZ_EX:
620 case ZEND_JMPZNZ:
621 optimize_jmpznz:
622 if (opline->op1_type == IS_TMP_VAR &&
623 (!zend_bitset_in(used_ext, VAR_NUM(opline->op1.var)) ||
624 (opline->result_type == opline->op1_type &&
625 opline->result.var == opline->op1.var))) {
626 src = VAR_SOURCE(opline->op1);
627 if (src) {
628 if (src->opcode == ZEND_BOOL_NOT &&
629 opline->opcode != ZEND_JMPZ_EX &&
630 opline->opcode != ZEND_JMPNZ_EX) {
631 VAR_SOURCE(opline->op1) = NULL;
632 COPY_NODE(opline->op1, src->op1);
633 if (opline->opcode == ZEND_JMPZ) {
634 /* T = BOOL_NOT(X) + JMPZ(T) -> NOP, JMPNZ(X) */
635 opline->opcode = ZEND_JMPNZ;
636 } else if (opline->opcode == ZEND_JMPNZ) {
637 /* T = BOOL_NOT(X) + JMPNZ(T) -> NOP, JMPZ(X) */
638 opline->opcode = ZEND_JMPZ;
639 #if 0
640 } else if (opline->opcode == ZEND_JMPZ_EX) {
641 /* T = BOOL_NOT(X) + JMPZ_EX(T) -> NOP, JMPNZ_EX(X) */
642 opline->opcode = ZEND_JMPNZ_EX;
643 } else if (opline->opcode == ZEND_JMPNZ_EX) {
644 /* T = BOOL_NOT(X) + JMPNZ_EX(T) -> NOP, JMPZ_EX(X) */
645 opline->opcode = ZEND_JMPZ;
646 #endif
647 } else {
648 /* T = BOOL_NOT(X) + JMPZNZ(T,L1,L2) -> NOP, JMPZNZ(X,L2,L1) */
649 uint32_t tmp;
650
651 ZEND_ASSERT(opline->opcode == ZEND_JMPZNZ);
652 tmp = block->successors[0];
653 block->successors[0] = block->successors[1];
654 block->successors[1] = tmp;
655 }
656 MAKE_NOP(src);
657 ++(*opt_count);
658 goto optimize_jmpznz;
659 } else if (src->opcode == ZEND_BOOL ||
660 src->opcode == ZEND_QM_ASSIGN) {
661 VAR_SOURCE(opline->op1) = NULL;
662 COPY_NODE(opline->op1, src->op1);
663 MAKE_NOP(src);
664 ++(*opt_count);
665 goto optimize_jmpznz;
666 }
667 }
668 }
669 break;
670
671 case ZEND_CONCAT:
672 case ZEND_FAST_CONCAT:
673 if (opline->op1_type == IS_CONST &&
674 opline->op2_type == IS_CONST) {
675 goto optimize_constant_binary_op;
676 }
677
678 if (opline->op2_type == IS_CONST &&
679 opline->op1_type == IS_TMP_VAR) {
680
681 src = VAR_SOURCE(opline->op1);
682 if (src &&
683 (src->opcode == ZEND_CONCAT ||
684 src->opcode == ZEND_FAST_CONCAT) &&
685 src->op2_type == IS_CONST) {
686 /* compress consecutive CONCATs */
687 int l, old_len;
688
689 if (Z_TYPE(ZEND_OP2_LITERAL(opline)) != IS_STRING) {
690 convert_to_string(&ZEND_OP2_LITERAL(opline));
691 }
692 if (Z_TYPE(ZEND_OP2_LITERAL(src)) != IS_STRING) {
693 convert_to_string(&ZEND_OP2_LITERAL(src));
694 }
695
696 VAR_SOURCE(opline->op1) = NULL;
697 COPY_NODE(opline->op1, src->op1);
698 old_len = Z_STRLEN(ZEND_OP2_LITERAL(src));
699 l = old_len + Z_STRLEN(ZEND_OP2_LITERAL(opline));
700 if (!Z_REFCOUNTED(ZEND_OP2_LITERAL(src))) {
701 zend_string *tmp = zend_string_alloc(l, 0);
702 memcpy(ZSTR_VAL(tmp), Z_STRVAL(ZEND_OP2_LITERAL(src)), old_len);
703 Z_STR(ZEND_OP2_LITERAL(src)) = tmp;
704 } else {
705 Z_STR(ZEND_OP2_LITERAL(src)) = zend_string_extend(Z_STR(ZEND_OP2_LITERAL(src)), l, 0);
706 }
707 Z_TYPE_INFO(ZEND_OP2_LITERAL(src)) = IS_STRING_EX;
708 memcpy(Z_STRVAL(ZEND_OP2_LITERAL(src)) + old_len, Z_STRVAL(ZEND_OP2_LITERAL(opline)), Z_STRLEN(ZEND_OP2_LITERAL(opline)));
709 Z_STRVAL(ZEND_OP2_LITERAL(src))[l] = '\0';
710 zval_ptr_dtor_str(&ZEND_OP2_LITERAL(opline));
711 ZVAL_STR(&ZEND_OP2_LITERAL(opline), zend_new_interned_string(Z_STR(ZEND_OP2_LITERAL(src))));
712 ZVAL_NULL(&ZEND_OP2_LITERAL(src));
713 MAKE_NOP(src);
714 ++(*opt_count);
715 }
716 }
717
718 if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
719 src = VAR_SOURCE(opline->op1);
720 if (src &&
721 src->opcode == ZEND_CAST &&
722 src->extended_value == IS_STRING &&
723 src->op1_type != IS_CONST) {
724 /* convert T1 = CAST(STRING, X), T2 = CONCAT(T1, Y) to T2 = CONCAT(X,Y) */
725 VAR_SOURCE(opline->op1) = NULL;
726 COPY_NODE(opline->op1, src->op1);
727 MAKE_NOP(src);
728 ++(*opt_count);
729 }
730 }
731 if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) {
732 src = VAR_SOURCE(opline->op2);
733 if (src &&
734 src->opcode == ZEND_CAST &&
735 src->extended_value == IS_STRING &&
736 src->op1_type != IS_CONST) {
737 /* convert T1 = CAST(STRING, X), T2 = CONCAT(Y, T1) to T2 = CONCAT(Y,X) */
738 zend_op *src = VAR_SOURCE(opline->op2);
739 VAR_SOURCE(opline->op2) = NULL;
740 COPY_NODE(opline->op2, src->op1);
741 MAKE_NOP(src);
742 ++(*opt_count);
743 }
744 }
745 if (opline->op1_type == IS_CONST &&
746 Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_STRING &&
747 Z_STRLEN(ZEND_OP1_LITERAL(opline)) == 0) {
748 /* convert CONCAT('', X) => CAST(STRING, X) */
749 literal_dtor(&ZEND_OP1_LITERAL(opline));
750 opline->opcode = ZEND_CAST;
751 opline->extended_value = IS_STRING;
752 COPY_NODE(opline->op1, opline->op2);
753 opline->op2_type = IS_UNUSED;
754 opline->op2.var = 0;
755 ++(*opt_count);
756 } else if (opline->op2_type == IS_CONST &&
757 Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_STRING &&
758 Z_STRLEN(ZEND_OP2_LITERAL(opline)) == 0) {
759 /* convert CONCAT(X, '') => CAST(STRING, X) */
760 literal_dtor(&ZEND_OP2_LITERAL(opline));
761 opline->opcode = ZEND_CAST;
762 opline->extended_value = IS_STRING;
763 opline->op2_type = IS_UNUSED;
764 opline->op2.var = 0;
765 ++(*opt_count);
766 } else if (opline->opcode == ZEND_CONCAT &&
767 (opline->op1_type == IS_CONST ||
768 (opline->op1_type == IS_TMP_VAR &&
769 VAR_SOURCE(opline->op1) &&
770 (VAR_SOURCE(opline->op1)->opcode == ZEND_FAST_CONCAT ||
771 VAR_SOURCE(opline->op1)->opcode == ZEND_ROPE_END ||
772 VAR_SOURCE(opline->op1)->opcode == ZEND_FETCH_CONSTANT ||
773 VAR_SOURCE(opline->op1)->opcode == ZEND_FETCH_CLASS_CONSTANT))) &&
774 (opline->op2_type == IS_CONST ||
775 (opline->op2_type == IS_TMP_VAR &&
776 VAR_SOURCE(opline->op2) &&
777 (VAR_SOURCE(opline->op2)->opcode == ZEND_FAST_CONCAT ||
778 VAR_SOURCE(opline->op2)->opcode == ZEND_ROPE_END ||
779 VAR_SOURCE(opline->op2)->opcode == ZEND_FETCH_CONSTANT ||
780 VAR_SOURCE(opline->op2)->opcode == ZEND_FETCH_CLASS_CONSTANT)))) {
781 opline->opcode = ZEND_FAST_CONCAT;
782 ++(*opt_count);
783 }
784 break;
785
786 case ZEND_ADD:
787 case ZEND_SUB:
788 case ZEND_MUL:
789 case ZEND_DIV:
790 case ZEND_MOD:
791 case ZEND_SL:
792 case ZEND_SR:
793 case ZEND_IS_SMALLER:
794 case ZEND_IS_SMALLER_OR_EQUAL:
795 case ZEND_IS_IDENTICAL:
796 case ZEND_IS_NOT_IDENTICAL:
797 case ZEND_BOOL_XOR:
798 case ZEND_BW_OR:
799 case ZEND_BW_AND:
800 case ZEND_BW_XOR:
801 if (opline->op1_type == IS_CONST &&
802 opline->op2_type == IS_CONST) {
803 /* evaluate constant expressions */
804 zval result;
805
806 optimize_constant_binary_op:
807 if (zend_optimizer_eval_binary_op(&result, opline->opcode, &ZEND_OP1_LITERAL(opline), &ZEND_OP2_LITERAL(opline)) == SUCCESS) {
808 literal_dtor(&ZEND_OP1_LITERAL(opline));
809 literal_dtor(&ZEND_OP2_LITERAL(opline));
810 opline->opcode = ZEND_QM_ASSIGN;
811 SET_UNUSED(opline->op2);
812 zend_optimizer_update_op1_const(op_array, opline, &result);
813 ++(*opt_count);
814 }
815 }
816 break;
817
818 case ZEND_BW_NOT:
819 if (opline->op1_type == IS_CONST) {
820 /* evaluate constant unary ops */
821 zval result;
822
823 optimize_const_unary_op:
824 if (zend_optimizer_eval_unary_op(&result, opline->opcode, &ZEND_OP1_LITERAL(opline)) == SUCCESS) {
825 literal_dtor(&ZEND_OP1_LITERAL(opline));
826 opline->opcode = ZEND_QM_ASSIGN;
827 zend_optimizer_update_op1_const(op_array, opline, &result);
828 ++(*opt_count);
829 }
830 }
831 break;
832
833 case ZEND_CAST:
834 if (opline->op1_type == IS_CONST) {
835 /* cast of constant operand */
836 zval result;
837
838 if (zend_optimizer_eval_cast(&result, opline->extended_value, &ZEND_OP1_LITERAL(opline)) == SUCCESS) {
839 literal_dtor(&ZEND_OP1_LITERAL(opline));
840 opline->opcode = ZEND_QM_ASSIGN;
841 opline->extended_value = 0;
842 zend_optimizer_update_op1_const(op_array, opline, &result);
843 ++(*opt_count);
844 }
845 }
846 break;
847
848 case ZEND_STRLEN:
849 if (opline->op1_type == IS_CONST) {
850 zval result;
851
852 if (zend_optimizer_eval_strlen(&result, &ZEND_OP1_LITERAL(opline)) == SUCCESS) {
853 literal_dtor(&ZEND_OP1_LITERAL(opline));
854 opline->opcode = ZEND_QM_ASSIGN;
855 zend_optimizer_update_op1_const(op_array, opline, &result);
856 ++(*opt_count);
857 }
858 }
859 break;
860
861 case ZEND_RETURN:
862 case ZEND_EXIT:
863 if (opline->op1_type == IS_TMP_VAR) {
864 src = VAR_SOURCE(opline->op1);
865 if (src && src->opcode == ZEND_QM_ASSIGN) {
866 zend_op *op = src + 1;
867 zend_bool optimize = 1;
868
869 while (op < opline) {
870 if ((op->op1_type == opline->op1_type
871 && op->op1.var == opline->op1.var)
872 || (op->op2_type == opline->op1_type
873 && op->op2.var == opline->op1.var)) {
874 optimize = 0;
875 break;
876 }
877 op++;
878 }
879
880 if (optimize) {
881 /* T = QM_ASSIGN(X), RETURN(T) to NOP, RETURN(X) */
882 VAR_SOURCE(opline->op1) = NULL;
883 COPY_NODE(opline->op1, src->op1);
884 MAKE_NOP(src);
885 ++(*opt_count);
886 }
887 }
888 }
889 break;
890
891 case ZEND_QM_ASSIGN:
892 if (opline->op1_type == opline->result_type &&
893 opline->op1.var == opline->result.var) {
894 /* strip T = QM_ASSIGN(T) */
895 MAKE_NOP(opline);
896 ++(*opt_count);
897 }
898 break;
899 }
900
901 /* get variable source */
902 if (opline->result_type & (IS_VAR|IS_TMP_VAR)) {
903 SET_VAR_SOURCE(opline);
904 }
905 opline++;
906 }
907 }
908
909 /* Rebuild plain (optimized) op_array from CFG */
assemble_code_blocks(zend_cfg * cfg,zend_op_array * op_array,zend_optimizer_ctx * ctx)910 static void assemble_code_blocks(zend_cfg *cfg, zend_op_array *op_array, zend_optimizer_ctx *ctx)
911 {
912 zend_basic_block *blocks = cfg->blocks;
913 zend_basic_block *end = blocks + cfg->blocks_count;
914 zend_basic_block *b;
915 zend_op *new_opcodes;
916 zend_op *opline;
917 uint32_t len = 0;
918 int n;
919
920 for (b = blocks; b < end; b++) {
921 if (b->len == 0) {
922 continue;
923 }
924 if (b->flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
925 if (b->flags & ZEND_BB_UNREACHABLE_FREE) {
926 /* Only keep the FREE for the loop var */
927 ZEND_ASSERT(op_array->opcodes[b->start].opcode == ZEND_FREE
928 || op_array->opcodes[b->start].opcode == ZEND_FE_FREE);
929 len += b->len = 1;
930 continue;
931 }
932
933 opline = op_array->opcodes + b->start + b->len - 1;
934 if (opline->opcode == ZEND_JMP) {
935 zend_basic_block *next = b + 1;
936
937 while (next < end && !(next->flags & ZEND_BB_REACHABLE)) {
938 next++;
939 }
940 if (next < end && next == blocks + b->successors[0]) {
941 /* JMP to the next block - strip it */
942 MAKE_NOP(opline);
943 b->len--;
944 }
945 } else if (b->len == 1 && opline->opcode == ZEND_NOP) {
946 /* skip empty block */
947 b->len--;
948 }
949 len += b->len;
950 } else {
951 /* this block will not be used, delete all constants there */
952 zend_op *op = op_array->opcodes + b->start;
953 zend_op *end = op + b->len;
954 for (; op < end; op++) {
955 if (op->op1_type == IS_CONST) {
956 literal_dtor(&ZEND_OP1_LITERAL(op));
957 }
958 if (op->op2_type == IS_CONST) {
959 literal_dtor(&ZEND_OP2_LITERAL(op));
960 }
961 }
962 }
963 }
964
965 new_opcodes = emalloc(len * sizeof(zend_op));
966 opline = new_opcodes;
967
968 /* Copy code of reachable blocks into a single buffer */
969 for (b = blocks; b < end; b++) {
970 if (b->flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
971 memcpy(opline, op_array->opcodes + b->start, b->len * sizeof(zend_op));
972 b->start = opline - new_opcodes;
973 opline += b->len;
974 }
975 }
976
977 /* adjust jump targets */
978 efree(op_array->opcodes);
979 op_array->opcodes = new_opcodes;
980 op_array->last = len;
981
982 for (b = blocks; b < end; b++) {
983 if (!(b->flags & ZEND_BB_REACHABLE) || b->len == 0) {
984 continue;
985 }
986 opline = op_array->opcodes + b->start + b->len - 1;
987 switch (opline->opcode) {
988 case ZEND_FAST_CALL:
989 case ZEND_JMP:
990 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, new_opcodes + blocks[b->successors[0]].start);
991 break;
992 case ZEND_JMPZNZ:
993 opline->extended_value = ZEND_OPLINE_TO_OFFSET(opline, new_opcodes + blocks[b->successors[1]].start);
994 /* break missing intentionally */
995 case ZEND_JMPZ:
996 case ZEND_JMPNZ:
997 case ZEND_JMPZ_EX:
998 case ZEND_JMPNZ_EX:
999 case ZEND_FE_RESET_R:
1000 case ZEND_FE_RESET_RW:
1001 case ZEND_JMP_SET:
1002 case ZEND_COALESCE:
1003 case ZEND_ASSERT_CHECK:
1004 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, new_opcodes + blocks[b->successors[0]].start);
1005 break;
1006 case ZEND_CATCH:
1007 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
1008 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, new_opcodes + blocks[b->successors[0]].start);
1009 }
1010 break;
1011 case ZEND_FE_FETCH_R:
1012 case ZEND_FE_FETCH_RW:
1013 opline->extended_value = ZEND_OPLINE_TO_OFFSET(opline, new_opcodes + blocks[b->successors[0]].start);
1014 break;
1015 case ZEND_SWITCH_LONG:
1016 case ZEND_SWITCH_STRING:
1017 {
1018 HashTable *jumptable = Z_ARRVAL(ZEND_OP2_LITERAL(opline));
1019 zval *zv;
1020 uint32_t s = 0;
1021 ZEND_ASSERT(b->successors_count == 2 + zend_hash_num_elements(jumptable));
1022
1023 ZEND_HASH_FOREACH_VAL(jumptable, zv) {
1024 Z_LVAL_P(zv) = ZEND_OPLINE_TO_OFFSET(opline, new_opcodes + blocks[b->successors[s++]].start);
1025 } ZEND_HASH_FOREACH_END();
1026 opline->extended_value = ZEND_OPLINE_TO_OFFSET(opline, new_opcodes + blocks[b->successors[s++]].start);
1027 break;
1028 }
1029 }
1030 }
1031
1032 /* adjust exception jump targets & remove unused try_catch_array entries */
1033 if (op_array->last_try_catch) {
1034 int i, j;
1035 uint32_t *map;
1036 ALLOCA_FLAG(use_heap);
1037
1038 map = (uint32_t *)do_alloca(sizeof(uint32_t) * op_array->last_try_catch, use_heap);
1039 for (i = 0, j = 0; i< op_array->last_try_catch; i++) {
1040 if (blocks[cfg->map[op_array->try_catch_array[i].try_op]].flags & ZEND_BB_REACHABLE) {
1041 map[i] = j;
1042 op_array->try_catch_array[j].try_op = blocks[cfg->map[op_array->try_catch_array[i].try_op]].start;
1043 if (op_array->try_catch_array[i].catch_op) {
1044 op_array->try_catch_array[j].catch_op = blocks[cfg->map[op_array->try_catch_array[i].catch_op]].start;
1045 } else {
1046 op_array->try_catch_array[j].catch_op = 0;
1047 }
1048 if (op_array->try_catch_array[i].finally_op) {
1049 op_array->try_catch_array[j].finally_op = blocks[cfg->map[op_array->try_catch_array[i].finally_op]].start;
1050 } else {
1051 op_array->try_catch_array[j].finally_op = 0;
1052 }
1053 if (!op_array->try_catch_array[i].finally_end) {
1054 op_array->try_catch_array[j].finally_end = 0;
1055 } else {
1056 op_array->try_catch_array[j].finally_end = blocks[cfg->map[op_array->try_catch_array[i].finally_end]].start;
1057 }
1058 j++;
1059 }
1060 }
1061 if (i != j) {
1062 op_array->last_try_catch = j;
1063 if (j == 0) {
1064 efree(op_array->try_catch_array);
1065 op_array->try_catch_array = NULL;
1066 }
1067
1068 if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) {
1069 zend_op *opline = new_opcodes;
1070 zend_op *end = opline + len;
1071 while (opline < end) {
1072 if (opline->opcode == ZEND_FAST_RET &&
1073 opline->op2.num != (uint32_t)-1 &&
1074 opline->op2.num < (uint32_t)j) {
1075 opline->op2.num = map[opline->op2.num];
1076 }
1077 opline++;
1078 }
1079 }
1080 }
1081 free_alloca(map, use_heap);
1082 }
1083
1084 /* adjust early binding list */
1085 if (op_array->fn_flags & ZEND_ACC_EARLY_BINDING) {
1086 ZEND_ASSERT(op_array == &ctx->script->main_op_array);
1087 ctx->script->first_early_binding_opline =
1088 zend_build_delayed_early_binding_list(op_array);
1089 }
1090
1091 /* rebuild map (just for printing) */
1092 memset(cfg->map, -1, sizeof(int) * op_array->last);
1093 for (n = 0; n < cfg->blocks_count; n++) {
1094 if (cfg->blocks[n].flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
1095 cfg->map[cfg->blocks[n].start] = n;
1096 }
1097 }
1098 }
1099
zend_jmp_optimization(zend_basic_block * block,zend_op_array * op_array,zend_cfg * cfg,zend_uchar * same_t,uint32_t * opt_count)1100 static void zend_jmp_optimization(zend_basic_block *block, zend_op_array *op_array, zend_cfg *cfg, zend_uchar *same_t, uint32_t *opt_count)
1101 {
1102 /* last_op is the last opcode of the current block */
1103 zend_basic_block *blocks = cfg->blocks;
1104 zend_op *last_op;
1105
1106 if (block->len == 0) {
1107 return;
1108 }
1109
1110 last_op = op_array->opcodes + block->start + block->len - 1;
1111 switch (last_op->opcode) {
1112 case ZEND_JMP:
1113 {
1114 zend_basic_block *target_block = blocks + block->successors[0];
1115 zend_op *target = op_array->opcodes + target_block->start;
1116 int next = (block - blocks) + 1;
1117
1118 while (next < cfg->blocks_count && !(blocks[next].flags & ZEND_BB_REACHABLE)) {
1119 /* find used one */
1120 next++;
1121 }
1122
1123 /* JMP(next) -> NOP */
1124 if (block->successors[0] == next) {
1125 MAKE_NOP(last_op);
1126 ++(*opt_count);
1127 block->len--;
1128 break;
1129 }
1130
1131 if (target->opcode == ZEND_JMP &&
1132 block->successors[0] != target_block->successors[0] &&
1133 !(target_block->flags & ZEND_BB_PROTECTED)) {
1134 /* JMP L, L: JMP L1 -> JMP L1 */
1135 *last_op = *target;
1136 DEL_SOURCE(block, block->successors[0]);
1137 block->successors[0] = target_block->successors[0];
1138 ADD_SOURCE(block, block->successors[0]);
1139 ++(*opt_count);
1140 } else if (target->opcode == ZEND_JMPZNZ &&
1141 !(target_block->flags & ZEND_BB_PROTECTED)) {
1142 /* JMP L, L: JMPZNZ L1,L2 -> JMPZNZ L1,L2 */
1143 *last_op = *target;
1144 if (last_op->op1_type == IS_CONST) {
1145 zval zv;
1146 ZVAL_COPY(&zv, &ZEND_OP1_LITERAL(last_op));
1147 last_op->op1.constant = zend_optimizer_add_literal(op_array, &zv);
1148 }
1149 DEL_SOURCE(block, block->successors[0]);
1150 block->successors_count = 2;
1151 block->successors[0] = target_block->successors[0];
1152 block->successors[1] = target_block->successors[1];
1153 ADD_SOURCE(block, block->successors[0]);
1154 ADD_SOURCE(block, block->successors[1]);
1155 ++(*opt_count);
1156 } else if ((target->opcode == ZEND_RETURN ||
1157 target->opcode == ZEND_RETURN_BY_REF ||
1158 target->opcode == ZEND_EXIT) &&
1159 !(op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK)) {
1160 /* JMP L, L: RETURN to immediate RETURN */
1161 *last_op = *target;
1162 if (last_op->op1_type == IS_CONST) {
1163 zval zv;
1164 ZVAL_COPY(&zv, &ZEND_OP1_LITERAL(last_op));
1165 last_op->op1.constant = zend_optimizer_add_literal(op_array, &zv);
1166 }
1167 DEL_SOURCE(block, block->successors[0]);
1168 block->successors_count = 0;
1169 ++(*opt_count);
1170 #if 0
1171 /* Temporarily disabled - see bug #0025274 */
1172 } else if (0&& block->op1_to != block &&
1173 block->op1_to != blocks &&
1174 op_array->last_try_catch == 0 &&
1175 target->opcode != ZEND_FREE) {
1176 /* Block Reordering (saves one JMP on each "for" loop iteration)
1177 * It is disabled for some cases (ZEND_FREE)
1178 * which may break register allocation.
1179 */
1180 zend_bool can_reorder = 0;
1181 zend_block_source *cs = block->op1_to->sources;
1182
1183 /* the "target" block doesn't had any followed block */
1184 while(cs) {
1185 if (cs->from->follow_to == block->op1_to) {
1186 can_reorder = 0;
1187 break;
1188 }
1189 cs = cs->next;
1190 }
1191 if (can_reorder) {
1192 next = block->op1_to;
1193 /* the "target" block is not followed by current "block" */
1194 while (next->follow_to != NULL) {
1195 if (next->follow_to == block) {
1196 can_reorder = 0;
1197 break;
1198 }
1199 next = next->follow_to;
1200 }
1201 if (can_reorder) {
1202 zend_basic_block *prev = blocks;
1203
1204 while (prev->next != block->op1_to) {
1205 prev = prev->next;
1206 }
1207 prev->next = next->next;
1208 next->next = block->next;
1209 block->next = block->op1_to;
1210
1211 block->follow_to = block->op1_to;
1212 block->op1_to = NULL;
1213 MAKE_NOP(last_op);
1214 block->len--;
1215 if(block->len == 0) {
1216 /* this block is nothing but NOP now */
1217 delete_code_block(block, ctx);
1218 }
1219 break;
1220 }
1221 }
1222 #endif
1223 }
1224 }
1225 break;
1226
1227 case ZEND_JMPZ:
1228 case ZEND_JMPNZ:
1229 /* constant conditional JMPs */
1230 if (last_op->op1_type == IS_CONST) {
1231 int should_jmp = zend_is_true(&ZEND_OP1_LITERAL(last_op));
1232
1233 if (last_op->opcode == ZEND_JMPZ) {
1234 should_jmp = !should_jmp;
1235 }
1236 literal_dtor(&ZEND_OP1_LITERAL(last_op));
1237 last_op->op1_type = IS_UNUSED;
1238 if (should_jmp) {
1239 /* JMPNZ(true) -> JMP */
1240 last_op->opcode = ZEND_JMP;
1241 DEL_SOURCE(block, block->successors[1]);
1242 block->successors_count = 1;
1243 } else {
1244 /* JMPNZ(false) -> NOP */
1245 MAKE_NOP(last_op);
1246 DEL_SOURCE(block, block->successors[0]);
1247 block->successors_count = 1;
1248 block->successors[0] = block->successors[1];
1249 }
1250 ++(*opt_count);
1251 break;
1252 }
1253
1254 if (block->successors[0] == block->successors[1]) {
1255 /* L: JMP[N]Z(X, L+1) -> NOP or FREE(X) */
1256
1257 if (last_op->op1_type == IS_CV) {
1258 last_op->opcode = ZEND_CHECK_VAR;
1259 last_op->op2.num = 0;
1260 } else if (last_op->op1_type & (IS_VAR|IS_TMP_VAR)) {
1261 last_op->opcode = ZEND_FREE;
1262 last_op->op2.num = 0;
1263 } else {
1264 MAKE_NOP(last_op);
1265 }
1266 block->successors_count = 1;
1267 ++(*opt_count);
1268 break;
1269 }
1270
1271 if (1) {
1272 zend_uchar same_type = last_op->op1_type;
1273 uint32_t same_var = VAR_NUM_EX(last_op->op1);
1274 zend_op *target;
1275 zend_op *target_end;
1276 zend_basic_block *target_block = blocks + block->successors[0];
1277
1278 next_target:
1279 target = op_array->opcodes + target_block->start;
1280 target_end = target + target_block->len;
1281 while (target < target_end && target->opcode == ZEND_NOP) {
1282 target++;
1283 }
1284
1285 /* next block is only NOP's */
1286 if (target == target_end) {
1287 target_block = blocks + target_block->successors[0];
1288 ++(*opt_count);
1289 goto next_target;
1290 } else if (target->opcode == INV_COND(last_op->opcode) &&
1291 /* JMPZ(X, L), L: JMPNZ(X, L2) -> JMPZ(X, L+1) */
1292 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1293 same_type == target->op1_type &&
1294 same_var == VAR_NUM_EX(target->op1) &&
1295 !(target_block->flags & ZEND_BB_PROTECTED)
1296 ) {
1297 DEL_SOURCE(block, block->successors[0]);
1298 block->successors[0] = target_block->successors[1];
1299 ADD_SOURCE(block, block->successors[0]);
1300 ++(*opt_count);
1301 } else if (target->opcode == INV_COND_EX(last_op->opcode) &&
1302 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1303 same_type == target->op1_type &&
1304 same_var == VAR_NUM_EX(target->op1) &&
1305 !(target_block->flags & ZEND_BB_PROTECTED)) {
1306 /* JMPZ(X, L), L: T = JMPNZ_EX(X, L2) -> T = JMPZ_EX(X, L+1) */
1307 last_op->opcode += 3;
1308 COPY_NODE(last_op->result, target->result);
1309 DEL_SOURCE(block, block->successors[0]);
1310 block->successors[0] = target_block->successors[1];
1311 ADD_SOURCE(block, block->successors[0]);
1312 ++(*opt_count);
1313 } else if (target->opcode == last_op->opcode &&
1314 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1315 same_type == target->op1_type &&
1316 same_var == VAR_NUM_EX(target->op1) &&
1317 !(target_block->flags & ZEND_BB_PROTECTED)) {
1318 /* JMPZ(X, L), L: JMPZ(X, L2) -> JMPZ(X, L2) */
1319 DEL_SOURCE(block, block->successors[0]);
1320 block->successors[0] = target_block->successors[0];
1321 ADD_SOURCE(block, block->successors[0]);
1322 ++(*opt_count);
1323 } else if (target->opcode == ZEND_JMP &&
1324 !(target_block->flags & ZEND_BB_PROTECTED)) {
1325 /* JMPZ(X, L), L: JMP(L2) -> JMPZ(X, L2) */
1326 DEL_SOURCE(block, block->successors[0]);
1327 block->successors[0] = target_block->successors[0];
1328 ADD_SOURCE(block, block->successors[0]);
1329 ++(*opt_count);
1330 } else if (target->opcode == ZEND_JMPZNZ &&
1331 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1332 same_type == target->op1_type &&
1333 same_var == VAR_NUM_EX(target->op1) &&
1334 !(target_block->flags & ZEND_BB_PROTECTED)) {
1335 /* JMPZ(X, L), L: JMPZNZ(X, L2, L3) -> JMPZ(X, L2) */
1336 DEL_SOURCE(block, block->successors[0]);
1337 if (last_op->opcode == ZEND_JMPZ) {
1338 block->successors[0] = target_block->successors[0];
1339 } else {
1340 block->successors[0] = target_block->successors[1];
1341 }
1342 ADD_SOURCE(block, block->successors[0]);
1343 ++(*opt_count);
1344 }
1345 }
1346
1347 if (last_op->opcode == ZEND_JMPZ || last_op->opcode == ZEND_JMPNZ) {
1348 zend_op *target;
1349 zend_op *target_end;
1350 zend_basic_block *target_block;
1351
1352 while (1) {
1353 target_block = blocks + block->successors[1];
1354 target = op_array->opcodes + target_block->start;
1355 target_end = op_array->opcodes + target_block->start + 1;
1356 while (target < target_end && target->opcode == ZEND_NOP) {
1357 target++;
1358 }
1359
1360 /* next block is only NOP's */
1361 if (target == target_end && !(target_block->flags & ZEND_BB_PROTECTED)) {
1362 DEL_SOURCE(block, block->successors[1]);
1363 block->successors[1] = target_block->successors[0];
1364 ADD_SOURCE(block, block->successors[1]);
1365 ++(*opt_count);
1366 } else {
1367 break;
1368 }
1369 }
1370 /* JMPZ(X,L1), JMP(L2) -> JMPZNZ(X,L1,L2) */
1371 if (target->opcode == ZEND_JMP &&
1372 !(target_block->flags & ZEND_BB_PROTECTED)) {
1373 DEL_SOURCE(block, block->successors[1]);
1374 if (last_op->opcode == ZEND_JMPZ) {
1375 block->successors[1] = target_block->successors[0];
1376 ADD_SOURCE(block, block->successors[1]);
1377 } else {
1378 block->successors[1] = block->successors[0];
1379 block->successors[0] = target_block->successors[0];
1380 ADD_SOURCE(block, block->successors[0]);
1381 }
1382 last_op->opcode = ZEND_JMPZNZ;
1383 ++(*opt_count);
1384 }
1385 }
1386 break;
1387
1388 case ZEND_JMPNZ_EX:
1389 case ZEND_JMPZ_EX:
1390 /* constant conditional JMPs */
1391 if (last_op->op1_type == IS_CONST) {
1392 int should_jmp = zend_is_true(&ZEND_OP1_LITERAL(last_op));
1393
1394 if (last_op->opcode == ZEND_JMPZ_EX) {
1395 should_jmp = !should_jmp;
1396 }
1397 if (!should_jmp) {
1398 /* T = JMPZ_EX(true,L) -> T = QM_ASSIGN(true)
1399 * T = JMPNZ_EX(false,L) -> T = QM_ASSIGN(false)
1400 */
1401 last_op->opcode = ZEND_QM_ASSIGN;
1402 SET_UNUSED(last_op->op2);
1403 DEL_SOURCE(block, block->successors[0]);
1404 block->successors_count = 1;
1405 block->successors[0] = block->successors[1];
1406 ++(*opt_count);
1407 }
1408 break;
1409 }
1410
1411 if (1) {
1412 zend_op *target, *target_end;
1413 zend_basic_block *target_block;
1414 int var_num = op_array->last_var + op_array->T;
1415
1416 if (var_num <= 0) {
1417 return;
1418 }
1419 memset(same_t, 0, var_num);
1420 same_t[VAR_NUM_EX(last_op->op1)] |= last_op->op1_type;
1421 same_t[VAR_NUM_EX(last_op->result)] |= last_op->result_type;
1422 target_block = blocks + block->successors[0];
1423 next_target_ex:
1424 target = op_array->opcodes + target_block->start;
1425 target_end = target + target_block->len;
1426 while (target < target_end && target->opcode == ZEND_NOP) {
1427 target++;
1428 }
1429 /* next block is only NOP's */
1430 if (target == target_end) {
1431 target_block = blocks + target_block->successors[0];
1432 ++(*opt_count);
1433 goto next_target_ex;
1434 } else if (target->opcode == last_op->opcode-3 &&
1435 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1436 (same_t[VAR_NUM_EX(target->op1)] & target->op1_type) != 0 &&
1437 !(target_block->flags & ZEND_BB_PROTECTED)) {
1438 /* T = JMPZ_EX(X, L1), L1: JMPZ({X|T}, L2) -> T = JMPZ_EX(X, L2) */
1439 DEL_SOURCE(block, block->successors[0]);
1440 block->successors[0] = target_block->successors[0];
1441 ADD_SOURCE(block, block->successors[0]);
1442 ++(*opt_count);
1443 } else if (target->opcode == INV_EX_COND(last_op->opcode) &&
1444 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1445 (same_t[VAR_NUM_EX(target->op1)] & target->op1_type) != 0 &&
1446 !(target_block->flags & ZEND_BB_PROTECTED)) {
1447 /* T = JMPZ_EX(X, L1), L1: JMPNZ({X|T1}, L2) -> T = JMPZ_EX(X, L1+1) */
1448 DEL_SOURCE(block, block->successors[0]);
1449 block->successors[0] = target_block->successors[1];
1450 ADD_SOURCE(block, block->successors[0]);
1451 ++(*opt_count);
1452 } else if (target->opcode == INV_EX_COND_EX(last_op->opcode) &&
1453 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1454 (same_t[VAR_NUM_EX(target->op1)] & target->op1_type) != 0 &&
1455 (same_t[VAR_NUM_EX(target->result)] & target->result_type) != 0 &&
1456 !(target_block->flags & ZEND_BB_PROTECTED)) {
1457 /* T = JMPZ_EX(X, L1), L1: T = JMPNZ_EX(T, L2) -> T = JMPZ_EX(X, L1+1) */
1458 DEL_SOURCE(block, block->successors[0]);
1459 block->successors[0] = target_block->successors[1];
1460 ADD_SOURCE(block, block->successors[0]);
1461 ++(*opt_count);
1462 } else if (target->opcode == last_op->opcode &&
1463 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1464 (same_t[VAR_NUM_EX(target->op1)] & target->op1_type) != 0 &&
1465 (same_t[VAR_NUM_EX(target->result)] & target->result_type) != 0 &&
1466 !(target_block->flags & ZEND_BB_PROTECTED)) {
1467 /* T = JMPZ_EX(X, L1), L1: T = JMPZ({X|T}, L2) -> T = JMPZ_EX(X, L2) */
1468 DEL_SOURCE(block, block->successors[0]);
1469 block->successors[0] = target_block->successors[0];
1470 ADD_SOURCE(block, block->successors[0]);
1471 ++(*opt_count);
1472 } else if (target->opcode == ZEND_JMP &&
1473 !(target_block->flags & ZEND_BB_PROTECTED)) {
1474 /* T = JMPZ_EX(X, L), L: JMP(L2) -> T = JMPZ(X, L2) */
1475 DEL_SOURCE(block, block->successors[0]);
1476 block->successors[0] = target_block->successors[0];
1477 ADD_SOURCE(block, block->successors[0]);
1478 ++(*opt_count);
1479 } else if (target->opcode == ZEND_JMPZNZ &&
1480 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1481 (same_t[VAR_NUM_EX(target->op1)] & target->op1_type) != 0 &&
1482 !(target_block->flags & ZEND_BB_PROTECTED)) {
1483 /* T = JMPZ_EX(X, L), L: JMPZNZ({X|T}, L2, L3) -> T = JMPZ_EX(X, L2) */
1484 DEL_SOURCE(block, block->successors[0]);
1485 if (last_op->opcode == ZEND_JMPZ_EX) {
1486 block->successors[0] = target_block->successors[0];
1487 } else {
1488 block->successors[0] = target_block->successors[1];
1489 }
1490 ADD_SOURCE(block, block->successors[0]);
1491 ++(*opt_count);
1492 }
1493 }
1494 break;
1495
1496 case ZEND_JMPZNZ: {
1497 int next = (block - blocks) + 1;
1498
1499 while (next < cfg->blocks_count && !(blocks[next].flags & ZEND_BB_REACHABLE)) {
1500 /* find first accessed one */
1501 next++;
1502 }
1503
1504 if (last_op->op1_type == IS_CONST) {
1505 if (!zend_is_true(&ZEND_OP1_LITERAL(last_op))) {
1506 /* JMPZNZ(false,L1,L2) -> JMP(L1) */
1507 literal_dtor(&ZEND_OP1_LITERAL(last_op));
1508 last_op->opcode = ZEND_JMP;
1509 SET_UNUSED(last_op->op1);
1510 SET_UNUSED(last_op->op2);
1511 DEL_SOURCE(block, block->successors[1]);
1512 block->successors_count = 1;
1513 } else {
1514 /* JMPZNZ(true,L1,L2) -> JMP(L2) */
1515 literal_dtor(&ZEND_OP1_LITERAL(last_op));
1516 last_op->opcode = ZEND_JMP;
1517 SET_UNUSED(last_op->op1);
1518 SET_UNUSED(last_op->op2);
1519 DEL_SOURCE(block, block->successors[0]);
1520 block->successors_count = 1;
1521 block->successors[0] = block->successors[1];
1522 }
1523 ++(*opt_count);
1524 } else if (block->successors[0] == block->successors[1]) {
1525 /* both goto the same one - it's JMP */
1526 if (!(last_op->op1_type & (IS_VAR|IS_TMP_VAR))) {
1527 /* JMPZNZ(?,L,L) -> JMP(L) */
1528 last_op->opcode = ZEND_JMP;
1529 SET_UNUSED(last_op->op1);
1530 SET_UNUSED(last_op->op2);
1531 block->successors_count = 1;
1532 ++(*opt_count);
1533 }
1534 } else if (block->successors[0] == next) {
1535 /* jumping to next on Z - can follow to it and jump only on NZ */
1536 /* JMPZNZ(X,L1,L2) L1: -> JMPNZ(X,L2) */
1537 last_op->opcode = ZEND_JMPNZ;
1538 block->successors[0] = block->successors[1];
1539 block->successors[1] = next;
1540 ++(*opt_count);
1541 /* no need to add source */
1542 } else if (block->successors[1] == next) {
1543 /* jumping to next on NZ - can follow to it and jump only on Z */
1544 /* JMPZNZ(X,L1,L2) L2: -> JMPZ(X,L1) */
1545 last_op->opcode = ZEND_JMPZ;
1546 ++(*opt_count);
1547 /* no need to add source */
1548 }
1549
1550 if (last_op->opcode == ZEND_JMPZNZ) {
1551 zend_uchar same_type = last_op->op1_type;
1552 zend_uchar same_var = VAR_NUM_EX(last_op->op1);
1553 zend_op *target;
1554 zend_op *target_end;
1555 zend_basic_block *target_block = blocks + block->successors[0];
1556
1557 next_target_znz:
1558 target = op_array->opcodes + target_block->start;
1559 target_end = target + target_block->len;
1560 while (target < target_end && target->opcode == ZEND_NOP) {
1561 target++;
1562 }
1563 /* next block is only NOP's */
1564 if (target == target_end) {
1565 target_block = blocks + target_block->successors[0];
1566 ++(*opt_count);
1567 goto next_target_znz;
1568 } else if ((target->opcode == ZEND_JMPZ || target->opcode == ZEND_JMPZNZ) &&
1569 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1570 same_type == target->op1_type &&
1571 same_var == VAR_NUM_EX(target->op1) &&
1572 !(target_block->flags & ZEND_BB_PROTECTED)) {
1573 /* JMPZNZ(X, L1, L2), L1: JMPZ(X, L3) -> JMPZNZ(X, L3, L2) */
1574 DEL_SOURCE(block, block->successors[0]);
1575 block->successors[0] = target_block->successors[0];
1576 ADD_SOURCE(block, block->successors[0]);
1577 ++(*opt_count);
1578 } else if (target->opcode == ZEND_JMPNZ &&
1579 (target->op1_type & (IS_TMP_VAR|IS_CV)) &&
1580 same_type == target->op1_type &&
1581 same_var == VAR_NUM_EX(target->op1) &&
1582 !(target_block->flags & ZEND_BB_PROTECTED)) {
1583 /* JMPZNZ(X, L1, L2), L1: X = JMPNZ(X, L3) -> JMPZNZ(X, L1+1, L2) */
1584 DEL_SOURCE(block, block->successors[0]);
1585 block->successors[0] = target_block->successors[1];
1586 ADD_SOURCE(block, block->successors[0]);
1587 ++(*opt_count);
1588 } else if (target->opcode == ZEND_JMP &&
1589 !(target_block->flags & ZEND_BB_PROTECTED)) {
1590 /* JMPZNZ(X, L1, L2), L1: JMP(L3) -> JMPZNZ(X, L3, L2) */
1591 DEL_SOURCE(block, block->successors[0]);
1592 block->successors[0] = target_block->successors[0];
1593 ADD_SOURCE(block, block->successors[0]);
1594 ++(*opt_count);
1595 }
1596 }
1597 break;
1598 }
1599 }
1600 }
1601
1602 /* Global data dependencies */
1603
1604 /* Find a set of variables which are used outside of the block where they are
1605 * defined. We won't apply some optimization patterns for such variables. */
zend_t_usage(zend_cfg * cfg,zend_op_array * op_array,zend_bitset used_ext,zend_optimizer_ctx * ctx)1606 static void zend_t_usage(zend_cfg *cfg, zend_op_array *op_array, zend_bitset used_ext, zend_optimizer_ctx *ctx)
1607 {
1608 int n;
1609 zend_basic_block *block, *next_block;
1610 uint32_t var_num;
1611 uint32_t bitset_len;
1612 zend_bitset usage;
1613 zend_bitset defined_here;
1614 void *checkpoint;
1615 zend_op *opline, *end;
1616
1617
1618 if (op_array->T == 0) {
1619 /* shortcut - if no Ts, nothing to do */
1620 return;
1621 }
1622
1623 checkpoint = zend_arena_checkpoint(ctx->arena);
1624 bitset_len = zend_bitset_len(op_array->last_var + op_array->T);
1625 defined_here = zend_arena_alloc(&ctx->arena, bitset_len * ZEND_BITSET_ELM_SIZE);
1626
1627 zend_bitset_clear(defined_here, bitset_len);
1628 for (n = 1; n < cfg->blocks_count; n++) {
1629 block = cfg->blocks + n;
1630
1631 if (!(block->flags & ZEND_BB_REACHABLE)) {
1632 continue;
1633 }
1634
1635 opline = op_array->opcodes + block->start;
1636 end = opline + block->len;
1637 if (!(block->flags & ZEND_BB_FOLLOW) ||
1638 (block->flags & ZEND_BB_TARGET)) {
1639 /* Skip continuation of "extended" BB */
1640 zend_bitset_clear(defined_here, bitset_len);
1641 }
1642
1643 while (opline<end) {
1644 if (opline->op1_type & (IS_VAR|IS_TMP_VAR)) {
1645 var_num = VAR_NUM(opline->op1.var);
1646 if (!zend_bitset_in(defined_here, var_num)) {
1647 zend_bitset_incl(used_ext, var_num);
1648 }
1649 }
1650 if (opline->op2_type == IS_VAR) {
1651 var_num = VAR_NUM(opline->op2.var);
1652 if (opline->opcode == ZEND_FE_FETCH_R ||
1653 opline->opcode == ZEND_FE_FETCH_RW) {
1654 /* these opcode use the op2 as result */
1655 zend_bitset_incl(defined_here, var_num);
1656 } else if (!zend_bitset_in(defined_here, var_num)) {
1657 zend_bitset_incl(used_ext, var_num);
1658 }
1659 } else if (opline->op2_type == IS_TMP_VAR) {
1660 var_num = VAR_NUM(opline->op2.var);
1661 if (!zend_bitset_in(defined_here, var_num)) {
1662 zend_bitset_incl(used_ext, var_num);
1663 }
1664 }
1665
1666 if (opline->result_type == IS_VAR) {
1667 var_num = VAR_NUM(opline->result.var);
1668 zend_bitset_incl(defined_here, var_num);
1669 } else if (opline->result_type == IS_TMP_VAR) {
1670 var_num = VAR_NUM(opline->result.var);
1671 switch (opline->opcode) {
1672 case ZEND_ADD_ARRAY_ELEMENT:
1673 case ZEND_ADD_ARRAY_UNPACK:
1674 case ZEND_ROPE_ADD:
1675 /* these opcodes use the result as argument */
1676 if (!zend_bitset_in(defined_here, var_num)) {
1677 zend_bitset_incl(used_ext, var_num);
1678 }
1679 break;
1680 default :
1681 zend_bitset_incl(defined_here, var_num);
1682 }
1683 }
1684 opline++;
1685 }
1686 }
1687
1688 if (ctx->debug_level & ZEND_DUMP_BLOCK_PASS_VARS) {
1689 int printed = 0;
1690 uint32_t i;
1691
1692 for (i = op_array->last_var; i< op_array->T; i++) {
1693 if (zend_bitset_in(used_ext, i)) {
1694 if (!printed) {
1695 fprintf(stderr, "NON-LOCAL-VARS: %d", i);
1696 printed = 1;
1697 } else {
1698 fprintf(stderr, ", %d", i);
1699 }
1700 }
1701 }
1702 if (printed) {
1703 fprintf(stderr, "\n");
1704 }
1705 }
1706
1707 usage = defined_here;
1708 next_block = NULL;
1709 for (n = cfg->blocks_count; n > 0;) {
1710 block = cfg->blocks + (--n);
1711
1712 if (!(block->flags & ZEND_BB_REACHABLE) || block->len == 0) {
1713 continue;
1714 }
1715
1716 end = op_array->opcodes + block->start;
1717 opline = end + block->len - 1;
1718 if (!next_block ||
1719 !(next_block->flags & ZEND_BB_FOLLOW) ||
1720 (next_block->flags & ZEND_BB_TARGET)) {
1721 /* Skip continuation of "extended" BB */
1722 zend_bitset_copy(usage, used_ext, bitset_len);
1723 } else if (block->successors_count > 1) {
1724 zend_bitset_union(usage, used_ext, bitset_len);
1725 }
1726 next_block = block;
1727
1728 while (opline >= end) {
1729 /* usage checks */
1730 if (opline->result_type == IS_VAR) {
1731 if (!zend_bitset_in(usage, VAR_NUM(opline->result.var))) {
1732 switch (opline->opcode) {
1733 case ZEND_ASSIGN_OP:
1734 case ZEND_ASSIGN_DIM_OP:
1735 case ZEND_ASSIGN_OBJ_OP:
1736 case ZEND_ASSIGN_STATIC_PROP_OP:
1737 case ZEND_PRE_INC:
1738 case ZEND_PRE_DEC:
1739 case ZEND_ASSIGN:
1740 case ZEND_ASSIGN_REF:
1741 case ZEND_DO_FCALL:
1742 case ZEND_DO_ICALL:
1743 case ZEND_DO_UCALL:
1744 case ZEND_DO_FCALL_BY_NAME:
1745 opline->result_type = IS_UNUSED;
1746 break;
1747 }
1748 } else {
1749 zend_bitset_excl(usage, VAR_NUM(opline->result.var));
1750 }
1751 } else if (opline->result_type == IS_TMP_VAR) {
1752 if (!zend_bitset_in(usage, VAR_NUM(opline->result.var))) {
1753 switch (opline->opcode) {
1754 case ZEND_POST_INC:
1755 case ZEND_POST_DEC:
1756 case ZEND_POST_INC_OBJ:
1757 case ZEND_POST_DEC_OBJ:
1758 opline->opcode -= 2;
1759 opline->result_type = IS_UNUSED;
1760 break;
1761 case ZEND_QM_ASSIGN:
1762 case ZEND_BOOL:
1763 case ZEND_BOOL_NOT:
1764 if (opline->op1_type == IS_CV) {
1765 opline->opcode = ZEND_CHECK_VAR;
1766 SET_UNUSED(opline->result);
1767 } else if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
1768 opline->opcode = ZEND_FREE;
1769 SET_UNUSED(opline->result);
1770 } else {
1771 if (opline->op1_type == IS_CONST) {
1772 literal_dtor(&ZEND_OP1_LITERAL(opline));
1773 }
1774 MAKE_NOP(opline);
1775 }
1776 break;
1777 case ZEND_JMPZ_EX:
1778 case ZEND_JMPNZ_EX:
1779 opline->opcode -= 3;
1780 SET_UNUSED(opline->result);
1781 break;
1782 case ZEND_ADD_ARRAY_ELEMENT:
1783 case ZEND_ADD_ARRAY_UNPACK:
1784 case ZEND_ROPE_ADD:
1785 zend_bitset_incl(usage, VAR_NUM(opline->result.var));
1786 break;
1787 }
1788 } else {
1789 switch (opline->opcode) {
1790 case ZEND_ADD_ARRAY_ELEMENT:
1791 case ZEND_ADD_ARRAY_UNPACK:
1792 case ZEND_ROPE_ADD:
1793 break;
1794 default:
1795 zend_bitset_excl(usage, VAR_NUM(opline->result.var));
1796 break;
1797 }
1798 }
1799 }
1800
1801 if (opline->op2_type == IS_VAR) {
1802 switch (opline->opcode) {
1803 case ZEND_FE_FETCH_R:
1804 case ZEND_FE_FETCH_RW:
1805 zend_bitset_excl(usage, VAR_NUM(opline->op2.var));
1806 break;
1807 default:
1808 zend_bitset_incl(usage, VAR_NUM(opline->op2.var));
1809 break;
1810 }
1811 } else if (opline->op2_type == IS_TMP_VAR) {
1812 zend_bitset_incl(usage, VAR_NUM(opline->op2.var));
1813 }
1814
1815 if (opline->op1_type & (IS_VAR|IS_TMP_VAR)) {
1816 zend_bitset_incl(usage, VAR_NUM(opline->op1.var));
1817 }
1818
1819 opline--;
1820 }
1821 }
1822
1823 zend_arena_release(&ctx->arena, checkpoint);
1824 }
1825
zend_merge_blocks(zend_op_array * op_array,zend_cfg * cfg,uint32_t * opt_count)1826 static void zend_merge_blocks(zend_op_array *op_array, zend_cfg *cfg, uint32_t *opt_count)
1827 {
1828 int i;
1829 zend_basic_block *b, *bb;
1830 zend_basic_block *prev = NULL;
1831
1832 for (i = 0; i < cfg->blocks_count; i++) {
1833 b = cfg->blocks + i;
1834 if (b->flags & ZEND_BB_REACHABLE) {
1835 if ((b->flags & ZEND_BB_FOLLOW) &&
1836 !(b->flags & (ZEND_BB_TARGET | ZEND_BB_PROTECTED)) &&
1837 prev && prev->successors_count == 1 && prev->successors[0] == i)
1838 {
1839 zend_op *last_op = op_array->opcodes + prev->start + prev->len - 1;
1840 if (prev->len != 0 && last_op->opcode == ZEND_JMP) {
1841 MAKE_NOP(last_op);
1842 }
1843
1844 for (bb = prev + 1; bb != b; bb++) {
1845 zend_op *op = op_array->opcodes + bb->start;
1846 zend_op *end = op + bb->len;
1847 while (op < end) {
1848 if (op->op1_type == IS_CONST) {
1849 literal_dtor(&ZEND_OP1_LITERAL(op));
1850 }
1851 if (op->op2_type == IS_CONST) {
1852 literal_dtor(&ZEND_OP2_LITERAL(op));
1853 }
1854 MAKE_NOP(op);
1855 op++;
1856 }
1857 /* make block empty */
1858 bb->len = 0;
1859 }
1860
1861 /* re-link */
1862 prev->flags |= (b->flags & ZEND_BB_EXIT);
1863 prev->len = b->start + b->len - prev->start;
1864 prev->successors_count = b->successors_count;
1865 if (b->successors != b->successors_storage) {
1866 prev->successors = b->successors;
1867 b->successors = b->successors_storage;
1868 } else {
1869 memcpy(prev->successors, b->successors, b->successors_count * sizeof(int));
1870 }
1871
1872 /* unlink & make block empty and unreachable */
1873 b->flags = 0;
1874 b->len = 0;
1875 b->successors_count = 0;
1876 ++(*opt_count);
1877 } else {
1878 prev = b;
1879 }
1880 }
1881 }
1882 }
1883
1884 #define PASSES 3
1885
zend_optimize_cfg(zend_op_array * op_array,zend_optimizer_ctx * ctx)1886 void zend_optimize_cfg(zend_op_array *op_array, zend_optimizer_ctx *ctx)
1887 {
1888 zend_cfg cfg;
1889 zend_basic_block *blocks, *end, *b;
1890 int pass;
1891 uint32_t bitset_len;
1892 zend_bitset usage;
1893 void *checkpoint;
1894 zend_op **Tsource;
1895 zend_uchar *same_t;
1896 uint32_t opt_count;
1897
1898 /* Build CFG */
1899 checkpoint = zend_arena_checkpoint(ctx->arena);
1900 if (zend_build_cfg(&ctx->arena, op_array, 0, &cfg) != SUCCESS) {
1901 zend_arena_release(&ctx->arena, checkpoint);
1902 return;
1903 }
1904
1905 if (cfg.blocks_count * (op_array->last_var + op_array->T) > 64 * 1024 * 1024) {
1906 zend_arena_release(&ctx->arena, checkpoint);
1907 return;
1908 }
1909
1910 if (ctx->debug_level & ZEND_DUMP_BEFORE_BLOCK_PASS) {
1911 zend_dump_op_array(op_array, ZEND_DUMP_CFG, "before block pass", &cfg);
1912 }
1913
1914 bitset_len = zend_bitset_len(op_array->last_var + op_array->T);
1915 Tsource = zend_arena_calloc(&ctx->arena, op_array->last_var + op_array->T, sizeof(zend_op *));
1916 same_t = zend_arena_alloc(&ctx->arena, op_array->last_var + op_array->T);
1917 usage = zend_arena_alloc(&ctx->arena, bitset_len * ZEND_BITSET_ELM_SIZE);
1918
1919 blocks = cfg.blocks;
1920 end = blocks + cfg.blocks_count;
1921 for (pass = 0; pass < PASSES; pass++) {
1922 opt_count = 0;
1923
1924 /* Compute data dependencies */
1925 zend_bitset_clear(usage, bitset_len);
1926 zend_t_usage(&cfg, op_array, usage, ctx);
1927
1928 /* optimize each basic block separately */
1929 for (b = blocks; b < end; b++) {
1930 if (!(b->flags & ZEND_BB_REACHABLE)) {
1931 continue;
1932 }
1933 /* we track data dependencies only insight a single basic block */
1934 if (!(b->flags & ZEND_BB_FOLLOW) ||
1935 (b->flags & ZEND_BB_TARGET)) {
1936 /* Skip continuation of "extended" BB */
1937 memset(Tsource, 0, (op_array->last_var + op_array->T) * sizeof(zend_op *));
1938 }
1939 zend_optimize_block(b, op_array, usage, &cfg, Tsource, &opt_count);
1940 }
1941
1942 /* Eliminate NOPs */
1943 for (b = blocks; b < end; b++) {
1944 if (b->flags & (ZEND_BB_REACHABLE|ZEND_BB_UNREACHABLE_FREE)) {
1945 strip_nops(op_array, b);
1946 }
1947 }
1948
1949 /* Jump optimization for each block */
1950 for (b = blocks; b < end; b++) {
1951 if (b->flags & ZEND_BB_REACHABLE) {
1952 zend_jmp_optimization(b, op_array, &cfg, same_t, &opt_count);
1953 }
1954 }
1955
1956 /* Eliminate unreachable basic blocks */
1957 zend_cfg_remark_reachable_blocks(op_array, &cfg);
1958
1959 /* Merge Blocks */
1960 zend_merge_blocks(op_array, &cfg, &opt_count);
1961
1962 if (opt_count == 0) {
1963 break;
1964 }
1965 }
1966
1967 zend_bitset_clear(usage, bitset_len);
1968 zend_t_usage(&cfg, op_array, usage, ctx);
1969 assemble_code_blocks(&cfg, op_array, ctx);
1970
1971 if (ctx->debug_level & ZEND_DUMP_AFTER_BLOCK_PASS) {
1972 zend_dump_op_array(op_array, ZEND_DUMP_CFG | ZEND_DUMP_HIDE_UNREACHABLE, "after block pass", &cfg);
1973 }
1974
1975 /* Destroy CFG */
1976 zend_arena_release(&ctx->arena, checkpoint);
1977 }
1978