1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | https://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Stanislav Malyshev <stas@zend.com> |
18 | Dmitry Stogov <dmitry@php.net> |
19 +----------------------------------------------------------------------+
20 */
21
22 #include "Optimizer/zend_optimizer.h"
23 #include "Optimizer/zend_optimizer_internal.h"
24 #include "zend_API.h"
25 #include "zend_constants.h"
26 #include "zend_execute.h"
27 #include "zend_vm.h"
28 #include "zend_cfg.h"
29 #include "zend_func_info.h"
30 #include "zend_call_graph.h"
31 #include "zend_inference.h"
32 #include "zend_dump.h"
33 #include "php.h"
34 #include "zend_observer.h"
35
36 #ifndef ZEND_OPTIMIZER_MAX_REGISTERED_PASSES
37 # define ZEND_OPTIMIZER_MAX_REGISTERED_PASSES 32
38 #endif
39
40 struct {
41 zend_optimizer_pass_t pass[ZEND_OPTIMIZER_MAX_REGISTERED_PASSES];
42 int last;
43 } zend_optimizer_registered_passes = {{NULL}, 0};
44
zend_optimizer_collect_constant(zend_optimizer_ctx * ctx,zval * name,zval * value)45 void zend_optimizer_collect_constant(zend_optimizer_ctx *ctx, zval *name, zval* value)
46 {
47 if (!ctx->constants) {
48 ctx->constants = zend_arena_alloc(&ctx->arena, sizeof(HashTable));
49 zend_hash_init(ctx->constants, 16, NULL, zval_ptr_dtor_nogc, 0);
50 }
51
52 if (zend_hash_add(ctx->constants, Z_STR_P(name), value)) {
53 Z_TRY_ADDREF_P(value);
54 }
55 }
56
zend_optimizer_eval_binary_op(zval * result,uint8_t opcode,zval * op1,zval * op2)57 zend_result zend_optimizer_eval_binary_op(zval *result, uint8_t opcode, zval *op1, zval *op2) /* {{{ */
58 {
59 if (zend_binary_op_produces_error(opcode, op1, op2)) {
60 return FAILURE;
61 }
62
63 binary_op_type binary_op = get_binary_op(opcode);
64 return binary_op(result, op1, op2);
65 }
66 /* }}} */
67
zend_optimizer_eval_unary_op(zval * result,uint8_t opcode,zval * op1)68 zend_result zend_optimizer_eval_unary_op(zval *result, uint8_t opcode, zval *op1) /* {{{ */
69 {
70 unary_op_type unary_op = get_unary_op(opcode);
71
72 if (unary_op) {
73 if (zend_unary_op_produces_error(opcode, op1)) {
74 return FAILURE;
75 }
76 return unary_op(result, op1);
77 } else { /* ZEND_BOOL */
78 ZVAL_BOOL(result, zend_is_true(op1));
79 return SUCCESS;
80 }
81 }
82 /* }}} */
83
zend_optimizer_eval_cast(zval * result,uint32_t type,zval * op1)84 zend_result zend_optimizer_eval_cast(zval *result, uint32_t type, zval *op1) /* {{{ */
85 {
86 switch (type) {
87 case IS_NULL:
88 ZVAL_NULL(result);
89 return SUCCESS;
90 case _IS_BOOL:
91 ZVAL_BOOL(result, zval_is_true(op1));
92 return SUCCESS;
93 case IS_LONG:
94 ZVAL_LONG(result, zval_get_long(op1));
95 return SUCCESS;
96 case IS_DOUBLE:
97 ZVAL_DOUBLE(result, zval_get_double(op1));
98 return SUCCESS;
99 case IS_STRING:
100 /* Conversion from double to string takes into account run-time
101 'precision' setting and cannot be evaluated at compile-time */
102 if (Z_TYPE_P(op1) != IS_ARRAY && Z_TYPE_P(op1) != IS_DOUBLE) {
103 ZVAL_STR(result, zval_get_string(op1));
104 return SUCCESS;
105 }
106 break;
107 case IS_ARRAY:
108 ZVAL_COPY(result, op1);
109 convert_to_array(result);
110 return SUCCESS;
111 }
112 return FAILURE;
113 }
114 /* }}} */
115
zend_optimizer_eval_strlen(zval * result,const zval * op1)116 zend_result zend_optimizer_eval_strlen(zval *result, const zval *op1) /* {{{ */
117 {
118 if (Z_TYPE_P(op1) != IS_STRING) {
119 return FAILURE;
120 }
121 ZVAL_LONG(result, Z_STRLEN_P(op1));
122 return SUCCESS;
123 }
124 /* }}} */
125
zend_optimizer_eval_special_func_call(zval * result,zend_string * name,zend_string * arg)126 zend_result zend_optimizer_eval_special_func_call(
127 zval *result, zend_string *name, zend_string *arg) {
128 if (zend_string_equals_literal(name, "function_exists") ||
129 zend_string_equals_literal(name, "is_callable")) {
130 zend_string *lc_name = zend_string_tolower(arg);
131 zend_internal_function *func = zend_hash_find_ptr(EG(function_table), lc_name);
132 zend_string_release_ex(lc_name, 0);
133
134 if (func && func->type == ZEND_INTERNAL_FUNCTION
135 && func->module->type == MODULE_PERSISTENT
136 #ifdef ZEND_WIN32
137 && func->module->handle == NULL
138 #endif
139 ) {
140 ZVAL_TRUE(result);
141 return SUCCESS;
142 }
143 return FAILURE;
144 }
145 if (zend_string_equals_literal(name, "extension_loaded")) {
146 zend_string *lc_name = zend_string_tolower(arg);
147 zend_module_entry *m = zend_hash_find_ptr(&module_registry, lc_name);
148 zend_string_release_ex(lc_name, 0);
149
150 if (!m) {
151 if (PG(enable_dl)) {
152 return FAILURE;
153 }
154 ZVAL_FALSE(result);
155 return SUCCESS;
156 }
157
158 if (m->type == MODULE_PERSISTENT
159 #ifdef ZEND_WIN32
160 && m->handle == NULL
161 #endif
162 ) {
163 ZVAL_TRUE(result);
164 return SUCCESS;
165 }
166 return FAILURE;
167 }
168 if (zend_string_equals_literal(name, "constant")) {
169 return zend_optimizer_get_persistent_constant(arg, result, 1) ? SUCCESS : FAILURE;
170 }
171 if (zend_string_equals_literal(name, "dirname")) {
172 if (!IS_ABSOLUTE_PATH(ZSTR_VAL(arg), ZSTR_LEN(arg))) {
173 return FAILURE;
174 }
175
176 zend_string *dirname = zend_string_init(ZSTR_VAL(arg), ZSTR_LEN(arg), 0);
177 ZSTR_LEN(dirname) = zend_dirname(ZSTR_VAL(dirname), ZSTR_LEN(dirname));
178 if (IS_ABSOLUTE_PATH(ZSTR_VAL(dirname), ZSTR_LEN(dirname))) {
179 ZVAL_STR(result, dirname);
180 return SUCCESS;
181 }
182 zend_string_release_ex(dirname, 0);
183 return FAILURE;
184 }
185 if (zend_string_equals_literal(name, "ini_get")) {
186 zend_ini_entry *ini_entry = zend_hash_find_ptr(EG(ini_directives), arg);
187 if (!ini_entry) {
188 if (PG(enable_dl)) {
189 return FAILURE;
190 }
191 ZVAL_FALSE(result);
192 } else if (ini_entry->modifiable != ZEND_INI_SYSTEM) {
193 return FAILURE;
194 } else if (ini_entry->value) {
195 ZVAL_STR_COPY(result, ini_entry->value);
196 } else {
197 ZVAL_EMPTY_STRING(result);
198 }
199 return SUCCESS;
200 }
201 return FAILURE;
202 }
203
zend_optimizer_get_collected_constant(HashTable * constants,zval * name,zval * value)204 bool zend_optimizer_get_collected_constant(HashTable *constants, zval *name, zval* value)
205 {
206 zval *val;
207
208 if ((val = zend_hash_find(constants, Z_STR_P(name))) != NULL) {
209 ZVAL_COPY(value, val);
210 return 1;
211 }
212 return 0;
213 }
214
zend_optimizer_convert_to_free_op1(zend_op_array * op_array,zend_op * opline)215 void zend_optimizer_convert_to_free_op1(zend_op_array *op_array, zend_op *opline)
216 {
217 if (opline->op1_type == IS_CV) {
218 opline->opcode = ZEND_CHECK_VAR;
219 SET_UNUSED(opline->op2);
220 SET_UNUSED(opline->result);
221 opline->extended_value = 0;
222 } else if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
223 opline->opcode = ZEND_FREE;
224 SET_UNUSED(opline->op2);
225 SET_UNUSED(opline->result);
226 opline->extended_value = 0;
227 } else {
228 ZEND_ASSERT(opline->op1_type == IS_CONST);
229 literal_dtor(&ZEND_OP1_LITERAL(opline));
230 MAKE_NOP(opline);
231 }
232 }
233
zend_optimizer_add_literal(zend_op_array * op_array,const zval * zv)234 int zend_optimizer_add_literal(zend_op_array *op_array, const zval *zv)
235 {
236 int i = op_array->last_literal;
237 op_array->last_literal++;
238 op_array->literals = (zval*)erealloc(op_array->literals, op_array->last_literal * sizeof(zval));
239 ZVAL_COPY_VALUE(&op_array->literals[i], zv);
240 Z_EXTRA(op_array->literals[i]) = 0;
241 return i;
242 }
243
zend_optimizer_add_literal_string(zend_op_array * op_array,zend_string * str)244 static inline int zend_optimizer_add_literal_string(zend_op_array *op_array, zend_string *str) {
245 zval zv;
246 ZVAL_STR(&zv, str);
247 zend_string_hash_val(str);
248 return zend_optimizer_add_literal(op_array, &zv);
249 }
250
drop_leading_backslash(zval * val)251 static inline void drop_leading_backslash(zval *val) {
252 if (Z_STRVAL_P(val)[0] == '\\') {
253 zend_string *str = zend_string_init(Z_STRVAL_P(val) + 1, Z_STRLEN_P(val) - 1, 0);
254 zval_ptr_dtor_nogc(val);
255 ZVAL_STR(val, str);
256 }
257 }
258
alloc_cache_slots(zend_op_array * op_array,uint32_t num)259 static inline uint32_t alloc_cache_slots(zend_op_array *op_array, uint32_t num) {
260 uint32_t ret = op_array->cache_size;
261 op_array->cache_size += num * sizeof(void *);
262 return ret;
263 }
264
265 #define REQUIRES_STRING(val) do { \
266 if (Z_TYPE_P(val) != IS_STRING) { \
267 return 0; \
268 } \
269 } while (0)
270
271 #define TO_STRING_NOWARN(val) do { \
272 if (Z_TYPE_P(val) >= IS_ARRAY) { \
273 return 0; \
274 } \
275 convert_to_string(val); \
276 } while (0)
277
zend_optimizer_update_op1_const(zend_op_array * op_array,zend_op * opline,zval * val)278 bool zend_optimizer_update_op1_const(zend_op_array *op_array,
279 zend_op *opline,
280 zval *val)
281 {
282 switch (opline->opcode) {
283 case ZEND_OP_DATA:
284 switch ((opline-1)->opcode) {
285 case ZEND_ASSIGN_OBJ_REF:
286 case ZEND_ASSIGN_STATIC_PROP_REF:
287 return 0;
288 }
289 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
290 break;
291 case ZEND_FREE:
292 case ZEND_CHECK_VAR:
293 MAKE_NOP(opline);
294 zval_ptr_dtor_nogc(val);
295 return 1;
296 case ZEND_SEND_VAR_EX:
297 case ZEND_SEND_FUNC_ARG:
298 case ZEND_FETCH_DIM_W:
299 case ZEND_FETCH_DIM_RW:
300 case ZEND_FETCH_DIM_FUNC_ARG:
301 case ZEND_FETCH_DIM_UNSET:
302 case ZEND_FETCH_LIST_W:
303 case ZEND_ASSIGN_DIM:
304 case ZEND_RETURN_BY_REF:
305 case ZEND_INSTANCEOF:
306 case ZEND_MAKE_REF:
307 case ZEND_SEPARATE:
308 case ZEND_SEND_VAR_NO_REF:
309 case ZEND_SEND_VAR_NO_REF_EX:
310 return 0;
311 case ZEND_CATCH:
312 REQUIRES_STRING(val);
313 drop_leading_backslash(val);
314 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
315 opline->extended_value = alloc_cache_slots(op_array, 1) | (opline->extended_value & ZEND_LAST_CATCH);
316 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
317 break;
318 case ZEND_DEFINED:
319 REQUIRES_STRING(val);
320 drop_leading_backslash(val);
321 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
322 opline->extended_value = alloc_cache_slots(op_array, 1);
323 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
324 break;
325 case ZEND_NEW:
326 REQUIRES_STRING(val);
327 drop_leading_backslash(val);
328 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
329 opline->op2.num = alloc_cache_slots(op_array, 1);
330 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
331 break;
332 case ZEND_INIT_STATIC_METHOD_CALL:
333 REQUIRES_STRING(val);
334 drop_leading_backslash(val);
335 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
336 if (opline->op2_type != IS_CONST) {
337 opline->result.num = alloc_cache_slots(op_array, 1);
338 }
339 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
340 break;
341 case ZEND_FETCH_CLASS_CONSTANT:
342 REQUIRES_STRING(val);
343 drop_leading_backslash(val);
344 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
345 if (opline->op2_type != IS_CONST) {
346 opline->extended_value = alloc_cache_slots(op_array, 1);
347 }
348 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
349 break;
350 case ZEND_ASSIGN_OP:
351 case ZEND_ASSIGN_DIM_OP:
352 case ZEND_ASSIGN_OBJ_OP:
353 break;
354 case ZEND_ASSIGN_STATIC_PROP_OP:
355 case ZEND_ASSIGN_STATIC_PROP:
356 case ZEND_ASSIGN_STATIC_PROP_REF:
357 case ZEND_FETCH_STATIC_PROP_R:
358 case ZEND_FETCH_STATIC_PROP_W:
359 case ZEND_FETCH_STATIC_PROP_RW:
360 case ZEND_FETCH_STATIC_PROP_IS:
361 case ZEND_FETCH_STATIC_PROP_UNSET:
362 case ZEND_FETCH_STATIC_PROP_FUNC_ARG:
363 case ZEND_UNSET_STATIC_PROP:
364 case ZEND_ISSET_ISEMPTY_STATIC_PROP:
365 case ZEND_PRE_INC_STATIC_PROP:
366 case ZEND_PRE_DEC_STATIC_PROP:
367 case ZEND_POST_INC_STATIC_PROP:
368 case ZEND_POST_DEC_STATIC_PROP:
369 TO_STRING_NOWARN(val);
370 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
371 if (opline->op2_type == IS_CONST && (opline->extended_value & ~ZEND_FETCH_OBJ_FLAGS) + sizeof(void*) == op_array->cache_size) {
372 op_array->cache_size += sizeof(void *);
373 } else {
374 opline->extended_value = alloc_cache_slots(op_array, 3) | (opline->extended_value & ZEND_FETCH_OBJ_FLAGS);
375 }
376 break;
377 case ZEND_SEND_VAR:
378 opline->opcode = ZEND_SEND_VAL;
379 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
380 break;
381 case ZEND_CASE:
382 opline->opcode = ZEND_IS_EQUAL;
383 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
384 break;
385 case ZEND_CASE_STRICT:
386 opline->opcode = ZEND_IS_IDENTICAL;
387 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
388 break;
389 case ZEND_VERIFY_RETURN_TYPE:
390 /* This would require a non-local change.
391 * zend_optimizer_replace_by_const() supports this. */
392 return 0;
393 case ZEND_COPY_TMP:
394 case ZEND_FETCH_CLASS_NAME:
395 return 0;
396 case ZEND_ECHO:
397 {
398 zval zv;
399 if (Z_TYPE_P(val) != IS_STRING && zend_optimizer_eval_cast(&zv, IS_STRING, val) == SUCCESS) {
400 zval_ptr_dtor_nogc(val);
401 val = &zv;
402 }
403 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
404 if (Z_TYPE_P(val) == IS_STRING && Z_STRLEN_P(val) == 0) {
405 MAKE_NOP(opline);
406 return 1;
407 }
408 /* TODO: In a subsequent pass, *after* this step and compacting nops, combine consecutive ZEND_ECHOs using the block information from ssa->cfg */
409 /* (e.g. for ext/opcache/tests/opt/sccp_010.phpt) */
410 break;
411 }
412 case ZEND_CONCAT:
413 case ZEND_FAST_CONCAT:
414 case ZEND_FETCH_R:
415 case ZEND_FETCH_W:
416 case ZEND_FETCH_RW:
417 case ZEND_FETCH_IS:
418 case ZEND_FETCH_UNSET:
419 case ZEND_FETCH_FUNC_ARG:
420 case ZEND_ISSET_ISEMPTY_VAR:
421 case ZEND_UNSET_VAR:
422 TO_STRING_NOWARN(val);
423 if (opline->opcode == ZEND_CONCAT && opline->op2_type == IS_CONST) {
424 opline->opcode = ZEND_FAST_CONCAT;
425 }
426 ZEND_FALLTHROUGH;
427 default:
428 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
429 break;
430 }
431
432 opline->op1_type = IS_CONST;
433 if (Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_STRING) {
434 zend_string_hash_val(Z_STR(ZEND_OP1_LITERAL(opline)));
435 }
436 return 1;
437 }
438
zend_optimizer_update_op2_const(zend_op_array * op_array,zend_op * opline,zval * val)439 bool zend_optimizer_update_op2_const(zend_op_array *op_array,
440 zend_op *opline,
441 zval *val)
442 {
443 zval tmp;
444
445 switch (opline->opcode) {
446 case ZEND_ASSIGN_REF:
447 case ZEND_FAST_CALL:
448 return 0;
449 case ZEND_FETCH_CLASS:
450 case ZEND_INSTANCEOF:
451 REQUIRES_STRING(val);
452 drop_leading_backslash(val);
453 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
454 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
455 opline->extended_value = alloc_cache_slots(op_array, 1);
456 break;
457 case ZEND_INIT_FCALL_BY_NAME:
458 REQUIRES_STRING(val);
459 drop_leading_backslash(val);
460 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
461 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
462 opline->result.num = alloc_cache_slots(op_array, 1);
463 break;
464 case ZEND_ASSIGN_STATIC_PROP:
465 case ZEND_ASSIGN_STATIC_PROP_REF:
466 case ZEND_FETCH_STATIC_PROP_R:
467 case ZEND_FETCH_STATIC_PROP_W:
468 case ZEND_FETCH_STATIC_PROP_RW:
469 case ZEND_FETCH_STATIC_PROP_IS:
470 case ZEND_FETCH_STATIC_PROP_UNSET:
471 case ZEND_FETCH_STATIC_PROP_FUNC_ARG:
472 case ZEND_UNSET_STATIC_PROP:
473 case ZEND_ISSET_ISEMPTY_STATIC_PROP:
474 case ZEND_PRE_INC_STATIC_PROP:
475 case ZEND_PRE_DEC_STATIC_PROP:
476 case ZEND_POST_INC_STATIC_PROP:
477 case ZEND_POST_DEC_STATIC_PROP:
478 case ZEND_ASSIGN_STATIC_PROP_OP:
479 REQUIRES_STRING(val);
480 drop_leading_backslash(val);
481 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
482 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
483 if (opline->op1_type != IS_CONST) {
484 opline->extended_value = alloc_cache_slots(op_array, 1) | (opline->extended_value & (ZEND_RETURNS_FUNCTION|ZEND_ISEMPTY|ZEND_FETCH_OBJ_FLAGS));
485 }
486 break;
487 case ZEND_INIT_FCALL:
488 REQUIRES_STRING(val);
489 if (Z_REFCOUNT_P(val) == 1) {
490 zend_str_tolower(Z_STRVAL_P(val), Z_STRLEN_P(val));
491 } else {
492 ZVAL_STR(&tmp, zend_string_tolower(Z_STR_P(val)));
493 zval_ptr_dtor_nogc(val);
494 val = &tmp;
495 }
496 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
497 opline->result.num = alloc_cache_slots(op_array, 1);
498 break;
499 case ZEND_INIT_DYNAMIC_CALL:
500 if (Z_TYPE_P(val) == IS_STRING) {
501 if (zend_memrchr(Z_STRVAL_P(val), ':', Z_STRLEN_P(val))) {
502 return 0;
503 }
504
505 if (zend_optimizer_classify_function(Z_STR_P(val), opline->extended_value)) {
506 /* Dynamic call to various special functions must stay dynamic,
507 * otherwise would drop a warning */
508 return 0;
509 }
510
511 opline->opcode = ZEND_INIT_FCALL_BY_NAME;
512 drop_leading_backslash(val);
513 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
514 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
515 opline->result.num = alloc_cache_slots(op_array, 1);
516 } else {
517 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
518 }
519 break;
520 case ZEND_INIT_METHOD_CALL:
521 REQUIRES_STRING(val);
522 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
523 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
524 opline->result.num = alloc_cache_slots(op_array, 2);
525 break;
526 case ZEND_INIT_STATIC_METHOD_CALL:
527 REQUIRES_STRING(val);
528 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
529 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
530 if (opline->op1_type != IS_CONST) {
531 opline->result.num = alloc_cache_slots(op_array, 2);
532 }
533 break;
534 case ZEND_ASSIGN_OBJ:
535 case ZEND_ASSIGN_OBJ_REF:
536 case ZEND_FETCH_OBJ_R:
537 case ZEND_FETCH_OBJ_W:
538 case ZEND_FETCH_OBJ_RW:
539 case ZEND_FETCH_OBJ_IS:
540 case ZEND_FETCH_OBJ_UNSET:
541 case ZEND_FETCH_OBJ_FUNC_ARG:
542 case ZEND_UNSET_OBJ:
543 case ZEND_PRE_INC_OBJ:
544 case ZEND_PRE_DEC_OBJ:
545 case ZEND_POST_INC_OBJ:
546 case ZEND_POST_DEC_OBJ:
547 TO_STRING_NOWARN(val);
548 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
549 opline->extended_value = alloc_cache_slots(op_array, 3);
550 break;
551 case ZEND_ASSIGN_OBJ_OP:
552 TO_STRING_NOWARN(val);
553 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
554 ZEND_ASSERT((opline + 1)->opcode == ZEND_OP_DATA);
555 (opline + 1)->extended_value = alloc_cache_slots(op_array, 3);
556 break;
557 case ZEND_ISSET_ISEMPTY_PROP_OBJ:
558 TO_STRING_NOWARN(val);
559 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
560 opline->extended_value = alloc_cache_slots(op_array, 3) | (opline->extended_value & ZEND_ISEMPTY);
561 break;
562 case ZEND_ASSIGN_DIM_OP:
563 case ZEND_ISSET_ISEMPTY_DIM_OBJ:
564 case ZEND_ASSIGN_DIM:
565 case ZEND_UNSET_DIM:
566 case ZEND_FETCH_DIM_R:
567 case ZEND_FETCH_DIM_W:
568 case ZEND_FETCH_DIM_RW:
569 case ZEND_FETCH_DIM_IS:
570 case ZEND_FETCH_DIM_FUNC_ARG:
571 case ZEND_FETCH_DIM_UNSET:
572 case ZEND_FETCH_LIST_R:
573 case ZEND_FETCH_LIST_W:
574 if (Z_TYPE_P(val) == IS_STRING) {
575 zend_ulong index;
576
577 if (ZEND_HANDLE_NUMERIC(Z_STR_P(val), index)) {
578 ZVAL_LONG(&tmp, index);
579 opline->op2.constant = zend_optimizer_add_literal(op_array, &tmp);
580 zend_string_hash_val(Z_STR_P(val));
581 zend_optimizer_add_literal(op_array, val);
582 Z_EXTRA(op_array->literals[opline->op2.constant]) = ZEND_EXTRA_VALUE;
583 break;
584 }
585 }
586 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
587 break;
588 case ZEND_ADD_ARRAY_ELEMENT:
589 case ZEND_INIT_ARRAY:
590 if (Z_TYPE_P(val) == IS_STRING) {
591 zend_ulong index;
592 if (ZEND_HANDLE_NUMERIC(Z_STR_P(val), index)) {
593 zval_ptr_dtor_nogc(val);
594 ZVAL_LONG(val, index);
595 }
596 }
597 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
598 break;
599 case ZEND_ROPE_INIT:
600 case ZEND_ROPE_ADD:
601 case ZEND_ROPE_END:
602 case ZEND_CONCAT:
603 case ZEND_FAST_CONCAT:
604 TO_STRING_NOWARN(val);
605 if (opline->opcode == ZEND_CONCAT && opline->op1_type == IS_CONST) {
606 opline->opcode = ZEND_FAST_CONCAT;
607 }
608 ZEND_FALLTHROUGH;
609 default:
610 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
611 break;
612 }
613
614 opline->op2_type = IS_CONST;
615 if (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_STRING) {
616 zend_string_hash_val(Z_STR(ZEND_OP2_LITERAL(opline)));
617 }
618 return 1;
619 }
620
zend_optimizer_replace_by_const(zend_op_array * op_array,zend_op * opline,uint8_t type,uint32_t var,zval * val)621 bool zend_optimizer_replace_by_const(zend_op_array *op_array,
622 zend_op *opline,
623 uint8_t type,
624 uint32_t var,
625 zval *val)
626 {
627 zend_op *end = op_array->opcodes + op_array->last;
628
629 while (opline < end) {
630 if (opline->op1_type == type &&
631 opline->op1.var == var) {
632 switch (opline->opcode) {
633 /* In most cases IS_TMP_VAR operand may be used only once.
634 * The operands are usually destroyed by the opcode handler.
635 * However, there are some exception which keep the operand alive. In that case
636 * we want to try to replace all uses of the temporary.
637 */
638 case ZEND_FETCH_LIST_R:
639 case ZEND_CASE:
640 case ZEND_CASE_STRICT:
641 case ZEND_SWITCH_LONG:
642 case ZEND_SWITCH_STRING:
643 case ZEND_MATCH:
644 case ZEND_JMP_NULL: {
645 zend_op *end = op_array->opcodes + op_array->last;
646 while (opline < end) {
647 if (opline->op1_type == type && opline->op1.var == var) {
648 /* If this opcode doesn't keep the operand alive, we're done. Check
649 * this early, because op replacement may modify the opline. */
650 bool is_last = opline->opcode != ZEND_FETCH_LIST_R
651 && opline->opcode != ZEND_CASE
652 && opline->opcode != ZEND_CASE_STRICT
653 && opline->opcode != ZEND_SWITCH_LONG
654 && opline->opcode != ZEND_SWITCH_STRING
655 && opline->opcode != ZEND_MATCH
656 && opline->opcode != ZEND_JMP_NULL
657 && (opline->opcode != ZEND_FREE
658 || opline->extended_value != ZEND_FREE_ON_RETURN);
659
660 Z_TRY_ADDREF_P(val);
661 if (!zend_optimizer_update_op1_const(op_array, opline, val)) {
662 zval_ptr_dtor(val);
663 return 0;
664 }
665 if (is_last) {
666 break;
667 }
668 }
669 opline++;
670 }
671 zval_ptr_dtor_nogc(val);
672 return 1;
673 }
674 case ZEND_VERIFY_RETURN_TYPE: {
675 zend_arg_info *ret_info = op_array->arg_info - 1;
676 if (!ZEND_TYPE_CONTAINS_CODE(ret_info->type, Z_TYPE_P(val))
677 || (op_array->fn_flags & ZEND_ACC_RETURN_REFERENCE)) {
678 return 0;
679 }
680 MAKE_NOP(opline);
681
682 /* zend_handle_loops_and_finally may inserts other oplines */
683 do {
684 ++opline;
685 } while (opline->opcode != ZEND_RETURN && opline->opcode != ZEND_RETURN_BY_REF);
686 ZEND_ASSERT(opline->op1.var == var);
687
688 break;
689 }
690 default:
691 break;
692 }
693 return zend_optimizer_update_op1_const(op_array, opline, val);
694 }
695
696 if (opline->op2_type == type &&
697 opline->op2.var == var) {
698 return zend_optimizer_update_op2_const(op_array, opline, val);
699 }
700 opline++;
701 }
702
703 return 1;
704 }
705
706 /* Update jump offsets after a jump was migrated to another opline */
zend_optimizer_migrate_jump(zend_op_array * op_array,zend_op * new_opline,zend_op * opline)707 void zend_optimizer_migrate_jump(zend_op_array *op_array, zend_op *new_opline, zend_op *opline) {
708 switch (new_opline->opcode) {
709 case ZEND_JMP:
710 case ZEND_FAST_CALL:
711 ZEND_SET_OP_JMP_ADDR(new_opline, new_opline->op1, ZEND_OP1_JMP_ADDR(opline));
712 break;
713 case ZEND_JMPZ:
714 case ZEND_JMPNZ:
715 case ZEND_JMPZ_EX:
716 case ZEND_JMPNZ_EX:
717 case ZEND_FE_RESET_R:
718 case ZEND_FE_RESET_RW:
719 case ZEND_JMP_SET:
720 case ZEND_COALESCE:
721 case ZEND_ASSERT_CHECK:
722 case ZEND_JMP_NULL:
723 case ZEND_BIND_INIT_STATIC_OR_JMP:
724 case ZEND_JMP_FRAMELESS:
725 ZEND_SET_OP_JMP_ADDR(new_opline, new_opline->op2, ZEND_OP2_JMP_ADDR(opline));
726 break;
727 case ZEND_FE_FETCH_R:
728 case ZEND_FE_FETCH_RW:
729 new_opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, new_opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value));
730 break;
731 case ZEND_CATCH:
732 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
733 ZEND_SET_OP_JMP_ADDR(new_opline, new_opline->op2, ZEND_OP2_JMP_ADDR(opline));
734 }
735 break;
736 case ZEND_SWITCH_LONG:
737 case ZEND_SWITCH_STRING:
738 case ZEND_MATCH:
739 {
740 HashTable *jumptable = Z_ARRVAL(ZEND_OP2_LITERAL(opline));
741 zval *zv;
742 ZEND_HASH_FOREACH_VAL(jumptable, zv) {
743 Z_LVAL_P(zv) = ZEND_OPLINE_NUM_TO_OFFSET(op_array, new_opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv)));
744 } ZEND_HASH_FOREACH_END();
745 new_opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, new_opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value));
746 break;
747 }
748 }
749 }
750
751 /* Shift jump offsets based on shiftlist */
zend_optimizer_shift_jump(zend_op_array * op_array,zend_op * opline,uint32_t * shiftlist)752 void zend_optimizer_shift_jump(zend_op_array *op_array, zend_op *opline, uint32_t *shiftlist) {
753 switch (opline->opcode) {
754 case ZEND_JMP:
755 case ZEND_FAST_CALL:
756 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, ZEND_OP1_JMP_ADDR(opline) - shiftlist[ZEND_OP1_JMP_ADDR(opline) - op_array->opcodes]);
757 break;
758 case ZEND_JMPZ:
759 case ZEND_JMPNZ:
760 case ZEND_JMPZ_EX:
761 case ZEND_JMPNZ_EX:
762 case ZEND_FE_RESET_R:
763 case ZEND_FE_RESET_RW:
764 case ZEND_JMP_SET:
765 case ZEND_COALESCE:
766 case ZEND_ASSERT_CHECK:
767 case ZEND_JMP_NULL:
768 case ZEND_BIND_INIT_STATIC_OR_JMP:
769 case ZEND_JMP_FRAMELESS:
770 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP2_JMP_ADDR(opline) - shiftlist[ZEND_OP2_JMP_ADDR(opline) - op_array->opcodes]);
771 break;
772 case ZEND_CATCH:
773 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
774 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP2_JMP_ADDR(opline) - shiftlist[ZEND_OP2_JMP_ADDR(opline) - op_array->opcodes]);
775 }
776 break;
777 case ZEND_FE_FETCH_R:
778 case ZEND_FE_FETCH_RW:
779 opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) - shiftlist[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value)]);
780 break;
781 case ZEND_SWITCH_LONG:
782 case ZEND_SWITCH_STRING:
783 case ZEND_MATCH:
784 {
785 HashTable *jumptable = Z_ARRVAL(ZEND_OP2_LITERAL(opline));
786 zval *zv;
787 ZEND_HASH_FOREACH_VAL(jumptable, zv) {
788 Z_LVAL_P(zv) = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv)) - shiftlist[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv))]);
789 } ZEND_HASH_FOREACH_END();
790 opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) - shiftlist[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value)]);
791 break;
792 }
793 }
794 }
795
zend_optimizer_get_class_entry(const zend_script * script,const zend_op_array * op_array,zend_string * lcname)796 zend_class_entry *zend_optimizer_get_class_entry(
797 const zend_script *script, const zend_op_array *op_array, zend_string *lcname) {
798 zend_class_entry *ce = script ? zend_hash_find_ptr(&script->class_table, lcname) : NULL;
799 if (ce) {
800 return ce;
801 }
802
803 ce = zend_hash_find_ptr(CG(class_table), lcname);
804 if (ce
805 && (ce->type == ZEND_INTERNAL_CLASS
806 || (op_array && ce->info.user.filename == op_array->filename))) {
807 return ce;
808 }
809
810 if (op_array && op_array->scope && zend_string_equals_ci(op_array->scope->name, lcname)) {
811 return op_array->scope;
812 }
813
814 return NULL;
815 }
816
zend_optimizer_get_class_entry_from_op1(const zend_script * script,const zend_op_array * op_array,const zend_op * opline)817 zend_class_entry *zend_optimizer_get_class_entry_from_op1(
818 const zend_script *script, const zend_op_array *op_array, const zend_op *opline) {
819 if (opline->op1_type == IS_CONST) {
820 zval *op1 = CRT_CONSTANT(opline->op1);
821 if (Z_TYPE_P(op1) == IS_STRING) {
822 return zend_optimizer_get_class_entry(script, op_array, Z_STR_P(op1 + 1));
823 }
824 } else if (opline->op1_type == IS_UNUSED && op_array->scope
825 && !(op_array->scope->ce_flags & ZEND_ACC_TRAIT)
826 && ((opline->op1.num & ZEND_FETCH_CLASS_MASK) == ZEND_FETCH_CLASS_SELF
827 || ((opline->op1.num & ZEND_FETCH_CLASS_MASK) == ZEND_FETCH_CLASS_STATIC
828 && (op_array->scope->ce_flags & ZEND_ACC_FINAL)))) {
829 return op_array->scope;
830 }
831 return NULL;
832 }
833
zend_optimizer_get_called_func(zend_script * script,zend_op_array * op_array,zend_op * opline,bool * is_prototype)834 zend_function *zend_optimizer_get_called_func(
835 zend_script *script, zend_op_array *op_array, zend_op *opline, bool *is_prototype)
836 {
837 *is_prototype = 0;
838 switch (opline->opcode) {
839 case ZEND_INIT_FCALL:
840 {
841 zend_string *function_name = Z_STR_P(CRT_CONSTANT(opline->op2));
842 zend_function *func;
843 if (script && (func = zend_hash_find_ptr(&script->function_table, function_name)) != NULL) {
844 return func;
845 } else if ((func = zend_hash_find_ptr(EG(function_table), function_name)) != NULL) {
846 if (func->type == ZEND_INTERNAL_FUNCTION) {
847 return func;
848 } else if (func->type == ZEND_USER_FUNCTION &&
849 func->op_array.filename &&
850 func->op_array.filename == op_array->filename) {
851 return func;
852 }
853 }
854 break;
855 }
856 case ZEND_INIT_FCALL_BY_NAME:
857 case ZEND_INIT_NS_FCALL_BY_NAME:
858 if (opline->op2_type == IS_CONST && Z_TYPE_P(CRT_CONSTANT(opline->op2)) == IS_STRING) {
859 zval *function_name = CRT_CONSTANT(opline->op2) + 1;
860 zend_function *func;
861 if (script && (func = zend_hash_find_ptr(&script->function_table, Z_STR_P(function_name)))) {
862 return func;
863 } else if ((func = zend_hash_find_ptr(EG(function_table), Z_STR_P(function_name))) != NULL) {
864 if (func->type == ZEND_INTERNAL_FUNCTION) {
865 return func;
866 } else if (func->type == ZEND_USER_FUNCTION &&
867 func->op_array.filename &&
868 func->op_array.filename == op_array->filename) {
869 return func;
870 }
871 }
872 }
873 break;
874 case ZEND_INIT_STATIC_METHOD_CALL:
875 if (opline->op2_type == IS_CONST && Z_TYPE_P(CRT_CONSTANT(opline->op2)) == IS_STRING) {
876 zend_class_entry *ce = zend_optimizer_get_class_entry_from_op1(
877 script, op_array, opline);
878 if (ce) {
879 zend_string *func_name = Z_STR_P(CRT_CONSTANT(opline->op2) + 1);
880 zend_function *fbc = zend_hash_find_ptr(&ce->function_table, func_name);
881 if (fbc) {
882 bool is_public = (fbc->common.fn_flags & ZEND_ACC_PUBLIC) != 0;
883 bool same_scope = fbc->common.scope == op_array->scope;
884 if (is_public || same_scope) {
885 return fbc;
886 }
887 }
888 }
889 }
890 break;
891 case ZEND_INIT_METHOD_CALL:
892 if (opline->op1_type == IS_UNUSED
893 && opline->op2_type == IS_CONST && Z_TYPE_P(CRT_CONSTANT(opline->op2)) == IS_STRING
894 && op_array->scope
895 && !(op_array->fn_flags & ZEND_ACC_TRAIT_CLONE)
896 && !(op_array->scope->ce_flags & ZEND_ACC_TRAIT)) {
897 zend_string *method_name = Z_STR_P(CRT_CONSTANT(opline->op2) + 1);
898 zend_function *fbc = zend_hash_find_ptr(
899 &op_array->scope->function_table, method_name);
900 if (fbc) {
901 bool is_private = (fbc->common.fn_flags & ZEND_ACC_PRIVATE) != 0;
902 if (is_private) {
903 /* Only use private method if in the same scope. We can't even use it
904 * as a prototype, as it may be overridden with changed signature. */
905 bool same_scope = fbc->common.scope == op_array->scope;
906 return same_scope ? fbc : NULL;
907 }
908 /* Prototype methods are potentially overridden. fbc still contains useful type information.
909 * Some optimizations may not be applied, like inlining or inferring the send-mode of superfluous args.
910 * A method cannot be overridden if the class or method is final. */
911 if ((fbc->common.fn_flags & ZEND_ACC_FINAL) == 0 &&
912 (fbc->common.scope->ce_flags & ZEND_ACC_FINAL) == 0) {
913 *is_prototype = true;
914 }
915 return fbc;
916 }
917 }
918 break;
919 case ZEND_NEW:
920 {
921 zend_class_entry *ce = zend_optimizer_get_class_entry_from_op1(
922 script, op_array, opline);
923 if (ce && ce->type == ZEND_USER_CLASS) {
924 return ce->constructor;
925 }
926 break;
927 }
928 }
929 return NULL;
930 }
931
zend_optimizer_classify_function(zend_string * name,uint32_t num_args)932 uint32_t zend_optimizer_classify_function(zend_string *name, uint32_t num_args) {
933 if (zend_string_equals_literal(name, "extract")) {
934 return ZEND_FUNC_INDIRECT_VAR_ACCESS;
935 } else if (zend_string_equals_literal(name, "compact")) {
936 return ZEND_FUNC_INDIRECT_VAR_ACCESS;
937 } else if (zend_string_equals_literal(name, "get_defined_vars")) {
938 return ZEND_FUNC_INDIRECT_VAR_ACCESS;
939 } else if (zend_string_equals_literal(name, "db2_execute")) {
940 return ZEND_FUNC_INDIRECT_VAR_ACCESS;
941 } else if (zend_string_equals_literal(name, "func_num_args")) {
942 return ZEND_FUNC_VARARG;
943 } else if (zend_string_equals_literal(name, "func_get_arg")) {
944 return ZEND_FUNC_VARARG;
945 } else if (zend_string_equals_literal(name, "func_get_args")) {
946 return ZEND_FUNC_VARARG;
947 } else {
948 return 0;
949 }
950 }
951
zend_optimizer_get_loop_var_def(const zend_op_array * op_array,zend_op * free_opline)952 zend_op *zend_optimizer_get_loop_var_def(const zend_op_array *op_array, zend_op *free_opline) {
953 uint32_t var = free_opline->op1.var;
954 ZEND_ASSERT(zend_optimizer_is_loop_var_free(free_opline));
955
956 while (--free_opline >= op_array->opcodes) {
957 if ((free_opline->result_type & (IS_TMP_VAR|IS_VAR)) && free_opline->result.var == var) {
958 return free_opline;
959 }
960 }
961 return NULL;
962 }
963
zend_optimize(zend_op_array * op_array,zend_optimizer_ctx * ctx)964 static void zend_optimize(zend_op_array *op_array,
965 zend_optimizer_ctx *ctx)
966 {
967 if (op_array->type == ZEND_EVAL_CODE) {
968 return;
969 }
970
971 if (ctx->debug_level & ZEND_DUMP_BEFORE_OPTIMIZER) {
972 zend_dump_op_array(op_array, ZEND_DUMP_LIVE_RANGES, "before optimizer", NULL);
973 }
974
975 /* pass 1 (Simple local optimizations)
976 * - persistent constant substitution (true, false, null, etc)
977 * - constant casting (ADD expects numbers, CONCAT strings, etc)
978 * - constant expression evaluation
979 * - optimize constant conditional JMPs
980 * - pre-evaluate constant function calls
981 * - eliminate FETCH $GLOBALS followed by FETCH_DIM/UNSET_DIM/ISSET_ISEMPTY_DIM
982 */
983 if (ZEND_OPTIMIZER_PASS_1 & ctx->optimization_level) {
984 zend_optimizer_pass1(op_array, ctx);
985 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_1) {
986 zend_dump_op_array(op_array, 0, "after pass 1", NULL);
987 }
988 }
989
990 /* pass 3: (Jump optimization)
991 * - optimize series of JMPs
992 */
993 if (ZEND_OPTIMIZER_PASS_3 & ctx->optimization_level) {
994 zend_optimizer_pass3(op_array, ctx);
995 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_3) {
996 zend_dump_op_array(op_array, 0, "after pass 3", NULL);
997 }
998 }
999
1000 /* pass 4:
1001 * - INIT_FCALL_BY_NAME -> DO_FCALL
1002 */
1003 if (ZEND_OPTIMIZER_PASS_4 & ctx->optimization_level) {
1004 zend_optimize_func_calls(op_array, ctx);
1005 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_4) {
1006 zend_dump_op_array(op_array, 0, "after pass 4", NULL);
1007 }
1008 }
1009
1010 /* pass 5:
1011 * - CFG optimization
1012 */
1013 if (ZEND_OPTIMIZER_PASS_5 & ctx->optimization_level) {
1014 zend_optimize_cfg(op_array, ctx);
1015 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_5) {
1016 zend_dump_op_array(op_array, 0, "after pass 5", NULL);
1017 }
1018 }
1019
1020 /* pass 6:
1021 * - DFA optimization
1022 */
1023 if ((ZEND_OPTIMIZER_PASS_6 & ctx->optimization_level) &&
1024 !(ZEND_OPTIMIZER_PASS_7 & ctx->optimization_level)) {
1025 zend_optimize_dfa(op_array, ctx);
1026 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_6) {
1027 zend_dump_op_array(op_array, 0, "after pass 6", NULL);
1028 }
1029 }
1030
1031 /* pass 9:
1032 * - Optimize temp variables usage
1033 */
1034 if ((ZEND_OPTIMIZER_PASS_9 & ctx->optimization_level) &&
1035 !(ZEND_OPTIMIZER_PASS_7 & ctx->optimization_level)) {
1036 zend_optimize_temporary_variables(op_array, ctx);
1037 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_9) {
1038 zend_dump_op_array(op_array, 0, "after pass 9", NULL);
1039 }
1040 }
1041
1042 /* pass 10:
1043 * - remove NOPs
1044 */
1045 if (((ZEND_OPTIMIZER_PASS_10|ZEND_OPTIMIZER_PASS_5) & ctx->optimization_level) == ZEND_OPTIMIZER_PASS_10) {
1046 zend_optimizer_nop_removal(op_array, ctx);
1047 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_10) {
1048 zend_dump_op_array(op_array, 0, "after pass 10", NULL);
1049 }
1050 }
1051
1052 /* pass 11:
1053 * - Compact literals table
1054 */
1055 if ((ZEND_OPTIMIZER_PASS_11 & ctx->optimization_level) &&
1056 (!(ZEND_OPTIMIZER_PASS_6 & ctx->optimization_level) ||
1057 !(ZEND_OPTIMIZER_PASS_7 & ctx->optimization_level))) {
1058 zend_optimizer_compact_literals(op_array, ctx);
1059 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_11) {
1060 zend_dump_op_array(op_array, 0, "after pass 11", NULL);
1061 }
1062 }
1063
1064 if ((ZEND_OPTIMIZER_PASS_13 & ctx->optimization_level) &&
1065 (!(ZEND_OPTIMIZER_PASS_6 & ctx->optimization_level) ||
1066 !(ZEND_OPTIMIZER_PASS_7 & ctx->optimization_level))) {
1067 zend_optimizer_compact_vars(op_array);
1068 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_13) {
1069 zend_dump_op_array(op_array, 0, "after pass 13", NULL);
1070 }
1071 }
1072
1073 if (ZEND_OPTIMIZER_PASS_7 & ctx->optimization_level) {
1074 return;
1075 }
1076
1077 if (ctx->debug_level & ZEND_DUMP_AFTER_OPTIMIZER) {
1078 zend_dump_op_array(op_array, 0, "after optimizer", NULL);
1079 }
1080 }
1081
zend_revert_pass_two(zend_op_array * op_array)1082 static void zend_revert_pass_two(zend_op_array *op_array)
1083 {
1084 zend_op *opline, *end;
1085
1086 ZEND_ASSERT((op_array->fn_flags & ZEND_ACC_DONE_PASS_TWO) != 0);
1087
1088 opline = op_array->opcodes;
1089 end = opline + op_array->last;
1090 while (opline < end) {
1091 if (opline->op1_type == IS_CONST) {
1092 ZEND_PASS_TWO_UNDO_CONSTANT(op_array, opline, opline->op1);
1093 }
1094 if (opline->op2_type == IS_CONST) {
1095 ZEND_PASS_TWO_UNDO_CONSTANT(op_array, opline, opline->op2);
1096 }
1097 /* reset smart branch flags IS_SMART_BRANCH_JMP[N]Z */
1098 opline->result_type &= (IS_TMP_VAR|IS_VAR|IS_CV|IS_CONST);
1099 opline++;
1100 }
1101 #if !ZEND_USE_ABS_CONST_ADDR
1102 if (op_array->literals) {
1103 zval *literals = emalloc(sizeof(zval) * op_array->last_literal);
1104 memcpy(literals, op_array->literals, sizeof(zval) * op_array->last_literal);
1105 op_array->literals = literals;
1106 }
1107 #endif
1108
1109 op_array->T -= ZEND_OBSERVER_ENABLED;
1110
1111 op_array->fn_flags &= ~ZEND_ACC_DONE_PASS_TWO;
1112 }
1113
zend_redo_pass_two(zend_op_array * op_array)1114 static void zend_redo_pass_two(zend_op_array *op_array)
1115 {
1116 zend_op *opline, *end;
1117 #if ZEND_USE_ABS_JMP_ADDR && !ZEND_USE_ABS_CONST_ADDR
1118 zend_op *old_opcodes = op_array->opcodes;
1119 #endif
1120
1121 ZEND_ASSERT((op_array->fn_flags & ZEND_ACC_DONE_PASS_TWO) == 0);
1122
1123 #if !ZEND_USE_ABS_CONST_ADDR
1124 if (op_array->last_literal) {
1125 op_array->opcodes = (zend_op *) erealloc(op_array->opcodes,
1126 ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16) +
1127 sizeof(zval) * op_array->last_literal);
1128 memcpy(((char*)op_array->opcodes) + ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16),
1129 op_array->literals, sizeof(zval) * op_array->last_literal);
1130 efree(op_array->literals);
1131 op_array->literals = (zval*)(((char*)op_array->opcodes) + ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16));
1132 } else {
1133 if (op_array->literals) {
1134 efree(op_array->literals);
1135 }
1136 op_array->literals = NULL;
1137 }
1138 #endif
1139
1140 op_array->T += ZEND_OBSERVER_ENABLED; // reserve last temporary for observers if enabled
1141
1142 opline = op_array->opcodes;
1143 end = opline + op_array->last;
1144 while (opline < end) {
1145 if (opline->op1_type == IS_CONST) {
1146 ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op1);
1147 }
1148 if (opline->op2_type == IS_CONST) {
1149 ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op2);
1150 }
1151 /* fix jumps to point to new array */
1152 switch (opline->opcode) {
1153 #if ZEND_USE_ABS_JMP_ADDR && !ZEND_USE_ABS_CONST_ADDR
1154 case ZEND_JMP:
1155 case ZEND_FAST_CALL:
1156 opline->op1.jmp_addr = &op_array->opcodes[opline->op1.jmp_addr - old_opcodes];
1157 break;
1158 case ZEND_JMPZ:
1159 case ZEND_JMPNZ:
1160 case ZEND_JMPZ_EX:
1161 case ZEND_JMPNZ_EX:
1162 case ZEND_JMP_SET:
1163 case ZEND_COALESCE:
1164 case ZEND_FE_RESET_R:
1165 case ZEND_FE_RESET_RW:
1166 case ZEND_ASSERT_CHECK:
1167 case ZEND_JMP_NULL:
1168 case ZEND_BIND_INIT_STATIC_OR_JMP:
1169 case ZEND_JMP_FRAMELESS:
1170 opline->op2.jmp_addr = &op_array->opcodes[opline->op2.jmp_addr - old_opcodes];
1171 break;
1172 case ZEND_CATCH:
1173 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
1174 opline->op2.jmp_addr = &op_array->opcodes[opline->op2.jmp_addr - old_opcodes];
1175 }
1176 break;
1177 case ZEND_FE_FETCH_R:
1178 case ZEND_FE_FETCH_RW:
1179 case ZEND_SWITCH_LONG:
1180 case ZEND_SWITCH_STRING:
1181 case ZEND_MATCH:
1182 /* relative extended_value don't have to be changed */
1183 break;
1184 #endif
1185 case ZEND_IS_IDENTICAL:
1186 case ZEND_IS_NOT_IDENTICAL:
1187 case ZEND_IS_EQUAL:
1188 case ZEND_IS_NOT_EQUAL:
1189 case ZEND_IS_SMALLER:
1190 case ZEND_IS_SMALLER_OR_EQUAL:
1191 case ZEND_CASE:
1192 case ZEND_CASE_STRICT:
1193 case ZEND_ISSET_ISEMPTY_CV:
1194 case ZEND_ISSET_ISEMPTY_VAR:
1195 case ZEND_ISSET_ISEMPTY_DIM_OBJ:
1196 case ZEND_ISSET_ISEMPTY_PROP_OBJ:
1197 case ZEND_ISSET_ISEMPTY_STATIC_PROP:
1198 case ZEND_INSTANCEOF:
1199 case ZEND_TYPE_CHECK:
1200 case ZEND_DEFINED:
1201 case ZEND_IN_ARRAY:
1202 case ZEND_ARRAY_KEY_EXISTS:
1203 if (opline->result_type & IS_TMP_VAR) {
1204 /* reinitialize result_type of smart branch instructions */
1205 if (opline + 1 < end) {
1206 if ((opline+1)->opcode == ZEND_JMPZ
1207 && (opline+1)->op1_type == IS_TMP_VAR
1208 && (opline+1)->op1.var == opline->result.var) {
1209 opline->result_type = IS_SMART_BRANCH_JMPZ | IS_TMP_VAR;
1210 } else if ((opline+1)->opcode == ZEND_JMPNZ
1211 && (opline+1)->op1_type == IS_TMP_VAR
1212 && (opline+1)->op1.var == opline->result.var) {
1213 opline->result_type = IS_SMART_BRANCH_JMPNZ | IS_TMP_VAR;
1214 }
1215 }
1216 }
1217 break;
1218 }
1219 ZEND_VM_SET_OPCODE_HANDLER(opline);
1220 opline++;
1221 }
1222
1223 op_array->fn_flags |= ZEND_ACC_DONE_PASS_TWO;
1224 }
1225
zend_redo_pass_two_ex(zend_op_array * op_array,zend_ssa * ssa)1226 static void zend_redo_pass_two_ex(zend_op_array *op_array, zend_ssa *ssa)
1227 {
1228 zend_op *opline, *end;
1229 #if ZEND_USE_ABS_JMP_ADDR && !ZEND_USE_ABS_CONST_ADDR
1230 zend_op *old_opcodes = op_array->opcodes;
1231 #endif
1232
1233 ZEND_ASSERT((op_array->fn_flags & ZEND_ACC_DONE_PASS_TWO) == 0);
1234
1235 #if !ZEND_USE_ABS_CONST_ADDR
1236 if (op_array->last_literal) {
1237 op_array->opcodes = (zend_op *) erealloc(op_array->opcodes,
1238 ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16) +
1239 sizeof(zval) * op_array->last_literal);
1240 memcpy(((char*)op_array->opcodes) + ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16),
1241 op_array->literals, sizeof(zval) * op_array->last_literal);
1242 efree(op_array->literals);
1243 op_array->literals = (zval*)(((char*)op_array->opcodes) + ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16));
1244 } else {
1245 if (op_array->literals) {
1246 efree(op_array->literals);
1247 }
1248 op_array->literals = NULL;
1249 }
1250 #endif
1251
1252 opline = op_array->opcodes;
1253 end = opline + op_array->last;
1254 while (opline < end) {
1255 zend_ssa_op *ssa_op = &ssa->ops[opline - op_array->opcodes];
1256 uint32_t op1_info = opline->op1_type == IS_UNUSED ? 0 : (OP1_INFO() & (MAY_BE_UNDEF|MAY_BE_ANY|MAY_BE_REF|MAY_BE_ARRAY_OF_ANY|MAY_BE_ARRAY_KEY_ANY));
1257 uint32_t op2_info = opline->op1_type == IS_UNUSED ? 0 : (OP2_INFO() & (MAY_BE_UNDEF|MAY_BE_ANY|MAY_BE_REF|MAY_BE_ARRAY_OF_ANY|MAY_BE_ARRAY_KEY_ANY));
1258 uint32_t res_info =
1259 (opline->opcode == ZEND_PRE_INC ||
1260 opline->opcode == ZEND_PRE_DEC ||
1261 opline->opcode == ZEND_POST_INC ||
1262 opline->opcode == ZEND_POST_DEC) ?
1263 ((ssa->ops[opline - op_array->opcodes].op1_def >= 0) ? (OP1_DEF_INFO() & (MAY_BE_UNDEF|MAY_BE_ANY|MAY_BE_REF|MAY_BE_ARRAY_OF_ANY|MAY_BE_ARRAY_KEY_ANY)) : MAY_BE_ANY) :
1264 (opline->result_type == IS_UNUSED ? 0 : (RES_INFO() & (MAY_BE_UNDEF|MAY_BE_ANY|MAY_BE_REF|MAY_BE_ARRAY_OF_ANY|MAY_BE_ARRAY_KEY_ANY)));
1265
1266 if (opline->op1_type == IS_CONST) {
1267 ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op1);
1268 }
1269 if (opline->op2_type == IS_CONST) {
1270 ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op2);
1271 }
1272
1273 /* fix jumps to point to new array */
1274 switch (opline->opcode) {
1275 #if ZEND_USE_ABS_JMP_ADDR && !ZEND_USE_ABS_CONST_ADDR
1276 case ZEND_JMP:
1277 case ZEND_FAST_CALL:
1278 opline->op1.jmp_addr = &op_array->opcodes[opline->op1.jmp_addr - old_opcodes];
1279 break;
1280 case ZEND_JMPZ:
1281 case ZEND_JMPNZ:
1282 case ZEND_JMPZ_EX:
1283 case ZEND_JMPNZ_EX:
1284 case ZEND_JMP_SET:
1285 case ZEND_COALESCE:
1286 case ZEND_FE_RESET_R:
1287 case ZEND_FE_RESET_RW:
1288 case ZEND_ASSERT_CHECK:
1289 case ZEND_JMP_NULL:
1290 case ZEND_BIND_INIT_STATIC_OR_JMP:
1291 case ZEND_JMP_FRAMELESS:
1292 opline->op2.jmp_addr = &op_array->opcodes[opline->op2.jmp_addr - old_opcodes];
1293 break;
1294 case ZEND_CATCH:
1295 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
1296 opline->op2.jmp_addr = &op_array->opcodes[opline->op2.jmp_addr - old_opcodes];
1297 }
1298 break;
1299 case ZEND_FE_FETCH_R:
1300 case ZEND_FE_FETCH_RW:
1301 case ZEND_SWITCH_LONG:
1302 case ZEND_SWITCH_STRING:
1303 case ZEND_MATCH:
1304 /* relative extended_value don't have to be changed */
1305 break;
1306 #endif
1307 case ZEND_IS_IDENTICAL:
1308 case ZEND_IS_NOT_IDENTICAL:
1309 case ZEND_IS_EQUAL:
1310 case ZEND_IS_NOT_EQUAL:
1311 case ZEND_IS_SMALLER:
1312 case ZEND_IS_SMALLER_OR_EQUAL:
1313 case ZEND_CASE:
1314 case ZEND_CASE_STRICT:
1315 case ZEND_ISSET_ISEMPTY_CV:
1316 case ZEND_ISSET_ISEMPTY_VAR:
1317 case ZEND_ISSET_ISEMPTY_DIM_OBJ:
1318 case ZEND_ISSET_ISEMPTY_PROP_OBJ:
1319 case ZEND_ISSET_ISEMPTY_STATIC_PROP:
1320 case ZEND_INSTANCEOF:
1321 case ZEND_TYPE_CHECK:
1322 case ZEND_DEFINED:
1323 case ZEND_IN_ARRAY:
1324 case ZEND_ARRAY_KEY_EXISTS:
1325 if (opline->result_type & IS_TMP_VAR) {
1326 /* reinitialize result_type of smart branch instructions */
1327 if (opline + 1 < end) {
1328 if ((opline+1)->opcode == ZEND_JMPZ
1329 && (opline+1)->op1_type == IS_TMP_VAR
1330 && (opline+1)->op1.var == opline->result.var) {
1331 opline->result_type = IS_SMART_BRANCH_JMPZ | IS_TMP_VAR;
1332 } else if ((opline+1)->opcode == ZEND_JMPNZ
1333 && (opline+1)->op1_type == IS_TMP_VAR
1334 && (opline+1)->op1.var == opline->result.var) {
1335 opline->result_type = IS_SMART_BRANCH_JMPNZ | IS_TMP_VAR;
1336 }
1337 }
1338 }
1339 break;
1340 }
1341 #ifdef ZEND_VERIFY_TYPE_INFERENCE
1342 if (ssa_op->op1_use >= 0) {
1343 opline->op1_use_type = ssa->var_info[ssa_op->op1_use].type;
1344 }
1345 if (ssa_op->op2_use >= 0) {
1346 opline->op2_use_type = ssa->var_info[ssa_op->op2_use].type;
1347 }
1348 if (ssa_op->result_use >= 0) {
1349 opline->result_use_type = ssa->var_info[ssa_op->result_use].type;
1350 }
1351 if (ssa_op->op1_def >= 0) {
1352 opline->op1_def_type = ssa->var_info[ssa_op->op1_def].type;
1353 }
1354 if (ssa_op->op2_def >= 0) {
1355 opline->op2_def_type = ssa->var_info[ssa_op->op2_def].type;
1356 }
1357 if (ssa_op->result_def >= 0) {
1358 opline->result_def_type = ssa->var_info[ssa_op->result_def].type;
1359 }
1360 #endif
1361 zend_vm_set_opcode_handler_ex(opline, op1_info, op2_info, res_info);
1362 opline++;
1363 }
1364
1365 op_array->fn_flags |= ZEND_ACC_DONE_PASS_TWO;
1366 }
1367
zend_optimize_op_array(zend_op_array * op_array,zend_optimizer_ctx * ctx)1368 static void zend_optimize_op_array(zend_op_array *op_array,
1369 zend_optimizer_ctx *ctx)
1370 {
1371 /* Revert pass_two() */
1372 zend_revert_pass_two(op_array);
1373
1374 /* Do actual optimizations */
1375 zend_optimize(op_array, ctx);
1376
1377 /* Redo pass_two() */
1378 zend_redo_pass_two(op_array);
1379
1380 if (op_array->live_range) {
1381 zend_recalc_live_ranges(op_array, NULL);
1382 }
1383 }
1384
zend_adjust_fcall_stack_size(zend_op_array * op_array,zend_optimizer_ctx * ctx)1385 static void zend_adjust_fcall_stack_size(zend_op_array *op_array, zend_optimizer_ctx *ctx)
1386 {
1387 zend_function *func;
1388 zend_op *opline, *end;
1389
1390 opline = op_array->opcodes;
1391 end = opline + op_array->last;
1392 while (opline < end) {
1393 if (opline->opcode == ZEND_INIT_FCALL) {
1394 func = zend_hash_find_ptr(
1395 &ctx->script->function_table,
1396 Z_STR_P(RT_CONSTANT(opline, opline->op2)));
1397 if (func) {
1398 opline->op1.num = zend_vm_calc_used_stack(opline->extended_value, func);
1399 }
1400 }
1401 opline++;
1402 }
1403 }
1404
zend_adjust_fcall_stack_size_graph(zend_op_array * op_array)1405 static void zend_adjust_fcall_stack_size_graph(zend_op_array *op_array)
1406 {
1407 zend_func_info *func_info = ZEND_FUNC_INFO(op_array);
1408
1409 if (func_info) {
1410 zend_call_info *call_info =func_info->callee_info;
1411
1412 while (call_info) {
1413 zend_op *opline = call_info->caller_init_opline;
1414
1415 if (opline && call_info->callee_func && opline->opcode == ZEND_INIT_FCALL) {
1416 ZEND_ASSERT(!call_info->is_prototype);
1417 opline->op1.num = zend_vm_calc_used_stack(opline->extended_value, call_info->callee_func);
1418 }
1419 call_info = call_info->next_callee;
1420 }
1421 }
1422 }
1423
needs_live_range(zend_op_array * op_array,zend_op * def_opline)1424 static bool needs_live_range(zend_op_array *op_array, zend_op *def_opline) {
1425 zend_func_info *func_info = ZEND_FUNC_INFO(op_array);
1426 zend_ssa_op *ssa_op = &func_info->ssa.ops[def_opline - op_array->opcodes];
1427 int ssa_var = ssa_op->result_def;
1428 if (ssa_var < 0) {
1429 /* Be conservative. */
1430 return 1;
1431 }
1432
1433 /* If the variable is used by a PHI, this may be the assignment of the final branch of a
1434 * ternary/etc structure. While this is where the live range starts, the value from the other
1435 * branch may also be used. As such, use the type of the PHI node for the following check. */
1436 if (func_info->ssa.vars[ssa_var].phi_use_chain) {
1437 ssa_var = func_info->ssa.vars[ssa_var].phi_use_chain->ssa_var;
1438 }
1439
1440 uint32_t type = func_info->ssa.var_info[ssa_var].type;
1441 return (type & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF)) != 0;
1442 }
1443
zend_foreach_op_array_helper(zend_op_array * op_array,zend_op_array_func_t func,void * context)1444 static void zend_foreach_op_array_helper(
1445 zend_op_array *op_array, zend_op_array_func_t func, void *context) {
1446 func(op_array, context);
1447 for (uint32_t i = 0; i < op_array->num_dynamic_func_defs; i++) {
1448 zend_foreach_op_array_helper(op_array->dynamic_func_defs[i], func, context);
1449 }
1450 }
1451
zend_foreach_op_array(zend_script * script,zend_op_array_func_t func,void * context)1452 void zend_foreach_op_array(zend_script *script, zend_op_array_func_t func, void *context)
1453 {
1454 zval *zv;
1455 zend_op_array *op_array;
1456
1457 zend_foreach_op_array_helper(&script->main_op_array, func, context);
1458
1459 ZEND_HASH_MAP_FOREACH_PTR(&script->function_table, op_array) {
1460 zend_foreach_op_array_helper(op_array, func, context);
1461 } ZEND_HASH_FOREACH_END();
1462
1463 ZEND_HASH_MAP_FOREACH_VAL(&script->class_table, zv) {
1464 if (Z_TYPE_P(zv) == IS_ALIAS_PTR) {
1465 continue;
1466 }
1467 zend_class_entry *ce = Z_CE_P(zv);
1468 ZEND_HASH_MAP_FOREACH_PTR(&ce->function_table, op_array) {
1469 if (op_array->scope == ce
1470 && op_array->type == ZEND_USER_FUNCTION
1471 && !(op_array->fn_flags & ZEND_ACC_ABSTRACT)
1472 && !(op_array->fn_flags & ZEND_ACC_TRAIT_CLONE)) {
1473 zend_foreach_op_array_helper(op_array, func, context);
1474 }
1475 } ZEND_HASH_FOREACH_END();
1476 } ZEND_HASH_FOREACH_END();
1477 }
1478
step_optimize_op_array(zend_op_array * op_array,void * context)1479 static void step_optimize_op_array(zend_op_array *op_array, void *context) {
1480 zend_optimize_op_array(op_array, (zend_optimizer_ctx *) context);
1481 }
1482
step_adjust_fcall_stack_size(zend_op_array * op_array,void * context)1483 static void step_adjust_fcall_stack_size(zend_op_array *op_array, void *context) {
1484 zend_adjust_fcall_stack_size(op_array, (zend_optimizer_ctx *) context);
1485 }
1486
step_dump_after_optimizer(zend_op_array * op_array,void * context)1487 static void step_dump_after_optimizer(zend_op_array *op_array, void *context) {
1488 zend_dump_op_array(op_array, ZEND_DUMP_LIVE_RANGES, "after optimizer", NULL);
1489 }
1490
zend_optimizer_call_registered_passes(zend_script * script,void * ctx)1491 static void zend_optimizer_call_registered_passes(zend_script *script, void *ctx) {
1492 for (int i = 0; i < zend_optimizer_registered_passes.last; i++) {
1493 if (!zend_optimizer_registered_passes.pass[i]) {
1494 continue;
1495 }
1496
1497 zend_optimizer_registered_passes.pass[i](script, ctx);
1498 }
1499 }
1500
zend_optimize_script(zend_script * script,zend_long optimization_level,zend_long debug_level)1501 ZEND_API void zend_optimize_script(zend_script *script, zend_long optimization_level, zend_long debug_level)
1502 {
1503 zend_op_array *op_array;
1504 zend_string *name;
1505 zend_optimizer_ctx ctx;
1506 zval *zv;
1507
1508 ctx.arena = zend_arena_create(64 * 1024);
1509 ctx.script = script;
1510 ctx.constants = NULL;
1511 ctx.optimization_level = optimization_level;
1512 ctx.debug_level = debug_level;
1513
1514 if ((ZEND_OPTIMIZER_PASS_6 & optimization_level) &&
1515 (ZEND_OPTIMIZER_PASS_7 & optimization_level)) {
1516 /* Optimize using call-graph */
1517 zend_call_graph call_graph;
1518 zend_build_call_graph(&ctx.arena, script, &call_graph);
1519
1520 int i;
1521 zend_func_info *func_info;
1522
1523 for (i = 0; i < call_graph.op_arrays_count; i++) {
1524 zend_revert_pass_two(call_graph.op_arrays[i]);
1525 zend_optimize(call_graph.op_arrays[i], &ctx);
1526 }
1527
1528 zend_analyze_call_graph(&ctx.arena, script, &call_graph);
1529
1530 for (i = 0; i < call_graph.op_arrays_count; i++) {
1531 func_info = ZEND_FUNC_INFO(call_graph.op_arrays[i]);
1532 if (func_info) {
1533 func_info->call_map = zend_build_call_map(&ctx.arena, func_info, call_graph.op_arrays[i]);
1534 if (call_graph.op_arrays[i]->fn_flags & ZEND_ACC_HAS_RETURN_TYPE) {
1535 zend_init_func_return_info(call_graph.op_arrays[i], script, &func_info->return_info);
1536 }
1537 }
1538 }
1539
1540 for (i = 0; i < call_graph.op_arrays_count; i++) {
1541 func_info = ZEND_FUNC_INFO(call_graph.op_arrays[i]);
1542 if (func_info) {
1543 if (zend_dfa_analyze_op_array(call_graph.op_arrays[i], &ctx, &func_info->ssa) == SUCCESS) {
1544 func_info->flags = func_info->ssa.cfg.flags;
1545 } else {
1546 ZEND_SET_FUNC_INFO(call_graph.op_arrays[i], NULL);
1547 }
1548 }
1549 }
1550
1551 //TODO: perform inner-script inference???
1552 for (i = 0; i < call_graph.op_arrays_count; i++) {
1553 func_info = ZEND_FUNC_INFO(call_graph.op_arrays[i]);
1554 if (func_info) {
1555 zend_dfa_optimize_op_array(call_graph.op_arrays[i], &ctx, &func_info->ssa, func_info->call_map);
1556 }
1557 }
1558
1559 if (debug_level & ZEND_DUMP_AFTER_PASS_7) {
1560 for (i = 0; i < call_graph.op_arrays_count; i++) {
1561 zend_dump_op_array(call_graph.op_arrays[i], 0, "after pass 7", NULL);
1562 }
1563 }
1564
1565 if (ZEND_OPTIMIZER_PASS_9 & optimization_level) {
1566 for (i = 0; i < call_graph.op_arrays_count; i++) {
1567 zend_optimize_temporary_variables(call_graph.op_arrays[i], &ctx);
1568 if (debug_level & ZEND_DUMP_AFTER_PASS_9) {
1569 zend_dump_op_array(call_graph.op_arrays[i], 0, "after pass 9", NULL);
1570 }
1571 }
1572 }
1573
1574 if (ZEND_OPTIMIZER_PASS_11 & optimization_level) {
1575 for (i = 0; i < call_graph.op_arrays_count; i++) {
1576 zend_optimizer_compact_literals(call_graph.op_arrays[i], &ctx);
1577 if (debug_level & ZEND_DUMP_AFTER_PASS_11) {
1578 zend_dump_op_array(call_graph.op_arrays[i], 0, "after pass 11", NULL);
1579 }
1580 }
1581 }
1582
1583 if (ZEND_OPTIMIZER_PASS_13 & optimization_level) {
1584 for (i = 0; i < call_graph.op_arrays_count; i++) {
1585 zend_optimizer_compact_vars(call_graph.op_arrays[i]);
1586 if (debug_level & ZEND_DUMP_AFTER_PASS_13) {
1587 zend_dump_op_array(call_graph.op_arrays[i], 0, "after pass 13", NULL);
1588 }
1589 }
1590 }
1591
1592 if (ZEND_OBSERVER_ENABLED) {
1593 for (i = 0; i < call_graph.op_arrays_count; i++) {
1594 ++call_graph.op_arrays[i]->T; // ensure accurate temporary count for stack size precalculation
1595 }
1596 }
1597
1598 if (ZEND_OPTIMIZER_PASS_12 & optimization_level) {
1599 for (i = 0; i < call_graph.op_arrays_count; i++) {
1600 zend_adjust_fcall_stack_size_graph(call_graph.op_arrays[i]);
1601 }
1602 }
1603
1604 for (i = 0; i < call_graph.op_arrays_count; i++) {
1605 op_array = call_graph.op_arrays[i];
1606 func_info = ZEND_FUNC_INFO(op_array);
1607 if (func_info && func_info->ssa.var_info) {
1608 zend_redo_pass_two_ex(op_array, &func_info->ssa);
1609 if (op_array->live_range) {
1610 zend_recalc_live_ranges(op_array, needs_live_range);
1611 }
1612 } else {
1613 op_array->T -= ZEND_OBSERVER_ENABLED; // redo_pass_two will re-increment it
1614
1615 zend_redo_pass_two(op_array);
1616 if (op_array->live_range) {
1617 zend_recalc_live_ranges(op_array, NULL);
1618 }
1619 }
1620 }
1621
1622 for (i = 0; i < call_graph.op_arrays_count; i++) {
1623 ZEND_SET_FUNC_INFO(call_graph.op_arrays[i], NULL);
1624 }
1625 } else {
1626 zend_foreach_op_array(script, step_optimize_op_array, &ctx);
1627
1628 if (ZEND_OPTIMIZER_PASS_12 & optimization_level) {
1629 zend_foreach_op_array(script, step_adjust_fcall_stack_size, &ctx);
1630 }
1631 }
1632
1633 ZEND_HASH_MAP_FOREACH_VAL(&script->class_table, zv) {
1634 if (Z_TYPE_P(zv) == IS_ALIAS_PTR) {
1635 continue;
1636 }
1637 zend_class_entry *ce = Z_CE_P(zv);
1638 ZEND_HASH_MAP_FOREACH_STR_KEY_PTR(&ce->function_table, name, op_array) {
1639 if (op_array->scope != ce && op_array->type == ZEND_USER_FUNCTION) {
1640 zend_op_array *orig_op_array =
1641 zend_hash_find_ptr(&op_array->scope->function_table, name);
1642
1643 ZEND_ASSERT(orig_op_array != NULL);
1644 if (orig_op_array != op_array) {
1645 uint32_t fn_flags = op_array->fn_flags;
1646 zend_function *prototype = op_array->prototype;
1647 HashTable *ht = op_array->static_variables;
1648
1649 *op_array = *orig_op_array;
1650 op_array->fn_flags = fn_flags;
1651 op_array->prototype = prototype;
1652 op_array->static_variables = ht;
1653 }
1654 }
1655 } ZEND_HASH_FOREACH_END();
1656 } ZEND_HASH_FOREACH_END();
1657
1658 zend_optimizer_call_registered_passes(script, &ctx);
1659
1660 if ((debug_level & ZEND_DUMP_AFTER_OPTIMIZER) &&
1661 (ZEND_OPTIMIZER_PASS_7 & optimization_level)) {
1662 zend_foreach_op_array(script, step_dump_after_optimizer, NULL);
1663 }
1664
1665 if (ctx.constants) {
1666 zend_hash_destroy(ctx.constants);
1667 }
1668 zend_arena_destroy(ctx.arena);
1669 }
1670
zend_optimizer_register_pass(zend_optimizer_pass_t pass)1671 ZEND_API int zend_optimizer_register_pass(zend_optimizer_pass_t pass)
1672 {
1673 if (!pass) {
1674 return -1;
1675 }
1676
1677 if (zend_optimizer_registered_passes.last == ZEND_OPTIMIZER_MAX_REGISTERED_PASSES) {
1678 return -1;
1679 }
1680
1681 zend_optimizer_registered_passes.pass[
1682 zend_optimizer_registered_passes.last++] = pass;
1683
1684 return zend_optimizer_registered_passes.last;
1685 }
1686
zend_optimizer_unregister_pass(int idx)1687 ZEND_API void zend_optimizer_unregister_pass(int idx)
1688 {
1689 zend_optimizer_registered_passes.pass[idx-1] = NULL;
1690 }
1691
zend_optimizer_startup(void)1692 zend_result zend_optimizer_startup(void)
1693 {
1694 return zend_func_info_startup();
1695 }
1696
zend_optimizer_shutdown(void)1697 zend_result zend_optimizer_shutdown(void)
1698 {
1699 return zend_func_info_shutdown();
1700 }
1701
