1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | https://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Stanislav Malyshev <stas@zend.com> |
18 | Dmitry Stogov <dmitry@php.net> |
19 +----------------------------------------------------------------------+
20 */
21
22 #include "Optimizer/zend_optimizer.h"
23 #include "Optimizer/zend_optimizer_internal.h"
24 #include "zend_API.h"
25 #include "zend_constants.h"
26 #include "zend_execute.h"
27 #include "zend_vm.h"
28 #include "zend_cfg.h"
29 #include "zend_func_info.h"
30 #include "zend_call_graph.h"
31 #include "zend_inference.h"
32 #include "zend_dump.h"
33 #include "php.h"
34 #include "zend_observer.h"
35
36 #ifndef ZEND_OPTIMIZER_MAX_REGISTERED_PASSES
37 # define ZEND_OPTIMIZER_MAX_REGISTERED_PASSES 32
38 #endif
39
40 struct {
41 zend_optimizer_pass_t pass[ZEND_OPTIMIZER_MAX_REGISTERED_PASSES];
42 int last;
43 } zend_optimizer_registered_passes = {{NULL}, 0};
44
zend_optimizer_collect_constant(zend_optimizer_ctx * ctx,zval * name,zval * value)45 void zend_optimizer_collect_constant(zend_optimizer_ctx *ctx, zval *name, zval* value)
46 {
47 if (!ctx->constants) {
48 ctx->constants = zend_arena_alloc(&ctx->arena, sizeof(HashTable));
49 zend_hash_init(ctx->constants, 16, NULL, zval_ptr_dtor_nogc, 0);
50 }
51
52 if (zend_hash_add(ctx->constants, Z_STR_P(name), value)) {
53 Z_TRY_ADDREF_P(value);
54 }
55 }
56
zend_optimizer_eval_binary_op(zval * result,uint8_t opcode,zval * op1,zval * op2)57 zend_result zend_optimizer_eval_binary_op(zval *result, uint8_t opcode, zval *op1, zval *op2) /* {{{ */
58 {
59 if (zend_binary_op_produces_error(opcode, op1, op2)) {
60 return FAILURE;
61 }
62
63 binary_op_type binary_op = get_binary_op(opcode);
64 return binary_op(result, op1, op2);
65 }
66 /* }}} */
67
zend_optimizer_eval_unary_op(zval * result,uint8_t opcode,zval * op1)68 zend_result zend_optimizer_eval_unary_op(zval *result, uint8_t opcode, zval *op1) /* {{{ */
69 {
70 unary_op_type unary_op = get_unary_op(opcode);
71
72 if (unary_op) {
73 if (zend_unary_op_produces_error(opcode, op1)) {
74 return FAILURE;
75 }
76 return unary_op(result, op1);
77 } else { /* ZEND_BOOL */
78 ZVAL_BOOL(result, zend_is_true(op1));
79 return SUCCESS;
80 }
81 }
82 /* }}} */
83
zend_optimizer_eval_cast(zval * result,uint32_t type,zval * op1)84 zend_result zend_optimizer_eval_cast(zval *result, uint32_t type, zval *op1) /* {{{ */
85 {
86 switch (type) {
87 case IS_NULL:
88 ZVAL_NULL(result);
89 return SUCCESS;
90 case _IS_BOOL:
91 ZVAL_BOOL(result, zval_is_true(op1));
92 return SUCCESS;
93 case IS_LONG:
94 ZVAL_LONG(result, zval_get_long(op1));
95 return SUCCESS;
96 case IS_DOUBLE:
97 ZVAL_DOUBLE(result, zval_get_double(op1));
98 return SUCCESS;
99 case IS_STRING:
100 /* Conversion from double to string takes into account run-time
101 'precision' setting and cannot be evaluated at compile-time */
102 if (Z_TYPE_P(op1) != IS_ARRAY && Z_TYPE_P(op1) != IS_DOUBLE) {
103 ZVAL_STR(result, zval_get_string(op1));
104 return SUCCESS;
105 }
106 break;
107 case IS_ARRAY:
108 ZVAL_COPY(result, op1);
109 convert_to_array(result);
110 return SUCCESS;
111 }
112 return FAILURE;
113 }
114 /* }}} */
115
zend_optimizer_eval_strlen(zval * result,const zval * op1)116 zend_result zend_optimizer_eval_strlen(zval *result, const zval *op1) /* {{{ */
117 {
118 if (Z_TYPE_P(op1) != IS_STRING) {
119 return FAILURE;
120 }
121 ZVAL_LONG(result, Z_STRLEN_P(op1));
122 return SUCCESS;
123 }
124 /* }}} */
125
zend_optimizer_eval_special_func_call(zval * result,zend_string * name,zend_string * arg)126 zend_result zend_optimizer_eval_special_func_call(
127 zval *result, zend_string *name, zend_string *arg) {
128 if (zend_string_equals_literal(name, "function_exists") ||
129 zend_string_equals_literal(name, "is_callable")) {
130 zend_string *lc_name = zend_string_tolower(arg);
131 zend_internal_function *func = zend_hash_find_ptr(EG(function_table), lc_name);
132 zend_string_release_ex(lc_name, 0);
133
134 if (func && func->type == ZEND_INTERNAL_FUNCTION
135 && func->module->type == MODULE_PERSISTENT
136 #ifdef ZEND_WIN32
137 && func->module->handle == NULL
138 #endif
139 ) {
140 ZVAL_TRUE(result);
141 return SUCCESS;
142 }
143 return FAILURE;
144 }
145 if (zend_string_equals_literal(name, "extension_loaded")) {
146 zend_string *lc_name = zend_string_tolower(arg);
147 zend_module_entry *m = zend_hash_find_ptr(&module_registry, lc_name);
148 zend_string_release_ex(lc_name, 0);
149
150 if (!m) {
151 if (PG(enable_dl)) {
152 return FAILURE;
153 }
154 ZVAL_FALSE(result);
155 return SUCCESS;
156 }
157
158 if (m->type == MODULE_PERSISTENT
159 #ifdef ZEND_WIN32
160 && m->handle == NULL
161 #endif
162 ) {
163 ZVAL_TRUE(result);
164 return SUCCESS;
165 }
166 return FAILURE;
167 }
168 if (zend_string_equals_literal(name, "constant")) {
169 return zend_optimizer_get_persistent_constant(arg, result, 1) ? SUCCESS : FAILURE;
170 }
171 if (zend_string_equals_literal(name, "dirname")) {
172 if (!IS_ABSOLUTE_PATH(ZSTR_VAL(arg), ZSTR_LEN(arg))) {
173 return FAILURE;
174 }
175
176 zend_string *dirname = zend_string_init(ZSTR_VAL(arg), ZSTR_LEN(arg), 0);
177 ZSTR_LEN(dirname) = zend_dirname(ZSTR_VAL(dirname), ZSTR_LEN(dirname));
178 if (IS_ABSOLUTE_PATH(ZSTR_VAL(dirname), ZSTR_LEN(dirname))) {
179 ZVAL_STR(result, dirname);
180 return SUCCESS;
181 }
182 zend_string_release_ex(dirname, 0);
183 return FAILURE;
184 }
185 if (zend_string_equals_literal(name, "ini_get")) {
186 zend_ini_entry *ini_entry = zend_hash_find_ptr(EG(ini_directives), arg);
187 if (!ini_entry) {
188 if (PG(enable_dl)) {
189 return FAILURE;
190 }
191 ZVAL_FALSE(result);
192 } else if (ini_entry->modifiable != ZEND_INI_SYSTEM) {
193 return FAILURE;
194 } else if (ini_entry->value) {
195 ZVAL_STR_COPY(result, ini_entry->value);
196 } else {
197 ZVAL_EMPTY_STRING(result);
198 }
199 return SUCCESS;
200 }
201 return FAILURE;
202 }
203
zend_optimizer_get_collected_constant(HashTable * constants,zval * name,zval * value)204 bool zend_optimizer_get_collected_constant(HashTable *constants, zval *name, zval* value)
205 {
206 zval *val;
207
208 if ((val = zend_hash_find(constants, Z_STR_P(name))) != NULL) {
209 ZVAL_COPY(value, val);
210 return 1;
211 }
212 return 0;
213 }
214
zend_optimizer_convert_to_free_op1(zend_op_array * op_array,zend_op * opline)215 void zend_optimizer_convert_to_free_op1(zend_op_array *op_array, zend_op *opline)
216 {
217 if (opline->op1_type == IS_CV) {
218 opline->opcode = ZEND_CHECK_VAR;
219 SET_UNUSED(opline->op2);
220 SET_UNUSED(opline->result);
221 opline->extended_value = 0;
222 } else if (opline->op1_type & (IS_TMP_VAR|IS_VAR)) {
223 opline->opcode = ZEND_FREE;
224 SET_UNUSED(opline->op2);
225 SET_UNUSED(opline->result);
226 opline->extended_value = 0;
227 } else {
228 ZEND_ASSERT(opline->op1_type == IS_CONST);
229 literal_dtor(&ZEND_OP1_LITERAL(opline));
230 MAKE_NOP(opline);
231 }
232 }
233
zend_optimizer_add_literal(zend_op_array * op_array,const zval * zv)234 int zend_optimizer_add_literal(zend_op_array *op_array, const zval *zv)
235 {
236 int i = op_array->last_literal;
237 op_array->last_literal++;
238 op_array->literals = (zval*)erealloc(op_array->literals, op_array->last_literal * sizeof(zval));
239 ZVAL_COPY_VALUE(&op_array->literals[i], zv);
240 Z_EXTRA(op_array->literals[i]) = 0;
241 return i;
242 }
243
zend_optimizer_add_literal_string(zend_op_array * op_array,zend_string * str)244 static inline int zend_optimizer_add_literal_string(zend_op_array *op_array, zend_string *str) {
245 zval zv;
246 ZVAL_STR(&zv, str);
247 zend_string_hash_val(str);
248 return zend_optimizer_add_literal(op_array, &zv);
249 }
250
drop_leading_backslash(zval * val)251 static inline void drop_leading_backslash(zval *val) {
252 if (Z_STRVAL_P(val)[0] == '\\') {
253 zend_string *str = zend_string_init(Z_STRVAL_P(val) + 1, Z_STRLEN_P(val) - 1, 0);
254 zval_ptr_dtor_nogc(val);
255 ZVAL_STR(val, str);
256 }
257 }
258
alloc_cache_slots(zend_op_array * op_array,uint32_t num)259 static inline uint32_t alloc_cache_slots(zend_op_array *op_array, uint32_t num) {
260 uint32_t ret = op_array->cache_size;
261 op_array->cache_size += num * sizeof(void *);
262 return ret;
263 }
264
265 #define REQUIRES_STRING(val) do { \
266 if (Z_TYPE_P(val) != IS_STRING) { \
267 return 0; \
268 } \
269 } while (0)
270
271 #define TO_STRING_NOWARN(val) do { \
272 if (Z_TYPE_P(val) >= IS_ARRAY) { \
273 return 0; \
274 } \
275 convert_to_string(val); \
276 } while (0)
277
zend_optimizer_update_op1_const(zend_op_array * op_array,zend_op * opline,zval * val)278 bool zend_optimizer_update_op1_const(zend_op_array *op_array,
279 zend_op *opline,
280 zval *val)
281 {
282 switch (opline->opcode) {
283 case ZEND_OP_DATA:
284 switch ((opline-1)->opcode) {
285 case ZEND_ASSIGN_OBJ_REF:
286 case ZEND_ASSIGN_STATIC_PROP_REF:
287 return 0;
288 }
289 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
290 break;
291 case ZEND_FREE:
292 case ZEND_CHECK_VAR:
293 MAKE_NOP(opline);
294 zval_ptr_dtor_nogc(val);
295 return 1;
296 case ZEND_SEND_VAR_EX:
297 case ZEND_SEND_FUNC_ARG:
298 case ZEND_FETCH_DIM_W:
299 case ZEND_FETCH_DIM_RW:
300 case ZEND_FETCH_DIM_FUNC_ARG:
301 case ZEND_FETCH_DIM_UNSET:
302 case ZEND_FETCH_LIST_W:
303 case ZEND_ASSIGN_DIM:
304 case ZEND_RETURN_BY_REF:
305 case ZEND_INSTANCEOF:
306 case ZEND_MAKE_REF:
307 case ZEND_SEPARATE:
308 case ZEND_SEND_VAR_NO_REF:
309 case ZEND_SEND_VAR_NO_REF_EX:
310 return 0;
311 case ZEND_CATCH:
312 REQUIRES_STRING(val);
313 drop_leading_backslash(val);
314 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
315 opline->extended_value = alloc_cache_slots(op_array, 1) | (opline->extended_value & ZEND_LAST_CATCH);
316 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
317 break;
318 case ZEND_DEFINED:
319 REQUIRES_STRING(val);
320 drop_leading_backslash(val);
321 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
322 opline->extended_value = alloc_cache_slots(op_array, 1);
323 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
324 break;
325 case ZEND_NEW:
326 REQUIRES_STRING(val);
327 drop_leading_backslash(val);
328 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
329 opline->op2.num = alloc_cache_slots(op_array, 1);
330 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
331 break;
332 case ZEND_INIT_STATIC_METHOD_CALL:
333 REQUIRES_STRING(val);
334 drop_leading_backslash(val);
335 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
336 if (opline->op2_type != IS_CONST) {
337 opline->result.num = alloc_cache_slots(op_array, 1);
338 }
339 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
340 break;
341 case ZEND_FETCH_CLASS_CONSTANT:
342 REQUIRES_STRING(val);
343 drop_leading_backslash(val);
344 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
345 if (opline->op2_type != IS_CONST) {
346 opline->extended_value = alloc_cache_slots(op_array, 1);
347 }
348 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
349 break;
350 case ZEND_ASSIGN_OP:
351 case ZEND_ASSIGN_DIM_OP:
352 case ZEND_ASSIGN_OBJ_OP:
353 break;
354 case ZEND_ASSIGN_STATIC_PROP_OP:
355 case ZEND_ASSIGN_STATIC_PROP:
356 case ZEND_ASSIGN_STATIC_PROP_REF:
357 case ZEND_FETCH_STATIC_PROP_R:
358 case ZEND_FETCH_STATIC_PROP_W:
359 case ZEND_FETCH_STATIC_PROP_RW:
360 case ZEND_FETCH_STATIC_PROP_IS:
361 case ZEND_FETCH_STATIC_PROP_UNSET:
362 case ZEND_FETCH_STATIC_PROP_FUNC_ARG:
363 case ZEND_UNSET_STATIC_PROP:
364 case ZEND_ISSET_ISEMPTY_STATIC_PROP:
365 case ZEND_PRE_INC_STATIC_PROP:
366 case ZEND_PRE_DEC_STATIC_PROP:
367 case ZEND_POST_INC_STATIC_PROP:
368 case ZEND_POST_DEC_STATIC_PROP:
369 TO_STRING_NOWARN(val);
370 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
371 if (opline->op2_type == IS_CONST && (opline->extended_value & ~ZEND_FETCH_OBJ_FLAGS) + sizeof(void*) == op_array->cache_size) {
372 op_array->cache_size += sizeof(void *);
373 } else {
374 opline->extended_value = alloc_cache_slots(op_array, 3) | (opline->extended_value & ZEND_FETCH_OBJ_FLAGS);
375 }
376 break;
377 case ZEND_SEND_VAR:
378 opline->opcode = ZEND_SEND_VAL;
379 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
380 break;
381 case ZEND_CASE:
382 opline->opcode = ZEND_IS_EQUAL;
383 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
384 break;
385 case ZEND_CASE_STRICT:
386 opline->opcode = ZEND_IS_IDENTICAL;
387 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
388 break;
389 case ZEND_VERIFY_RETURN_TYPE:
390 /* This would require a non-local change.
391 * zend_optimizer_replace_by_const() supports this. */
392 return 0;
393 case ZEND_COPY_TMP:
394 case ZEND_FETCH_CLASS_NAME:
395 return 0;
396 case ZEND_ECHO:
397 {
398 zval zv;
399 if (Z_TYPE_P(val) != IS_STRING && zend_optimizer_eval_cast(&zv, IS_STRING, val) == SUCCESS) {
400 zval_ptr_dtor_nogc(val);
401 val = &zv;
402 }
403 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
404 if (Z_TYPE_P(val) == IS_STRING && Z_STRLEN_P(val) == 0) {
405 MAKE_NOP(opline);
406 return 1;
407 }
408 /* TODO: In a subsequent pass, *after* this step and compacting nops, combine consecutive ZEND_ECHOs using the block information from ssa->cfg */
409 /* (e.g. for ext/opcache/tests/opt/sccp_010.phpt) */
410 break;
411 }
412 case ZEND_CONCAT:
413 case ZEND_FAST_CONCAT:
414 case ZEND_FETCH_R:
415 case ZEND_FETCH_W:
416 case ZEND_FETCH_RW:
417 case ZEND_FETCH_IS:
418 case ZEND_FETCH_UNSET:
419 case ZEND_FETCH_FUNC_ARG:
420 case ZEND_ISSET_ISEMPTY_VAR:
421 case ZEND_UNSET_VAR:
422 TO_STRING_NOWARN(val);
423 if (opline->opcode == ZEND_CONCAT && opline->op2_type == IS_CONST) {
424 opline->opcode = ZEND_FAST_CONCAT;
425 }
426 ZEND_FALLTHROUGH;
427 default:
428 opline->op1.constant = zend_optimizer_add_literal(op_array, val);
429 break;
430 }
431
432 opline->op1_type = IS_CONST;
433 if (Z_TYPE(ZEND_OP1_LITERAL(opline)) == IS_STRING) {
434 zend_string_hash_val(Z_STR(ZEND_OP1_LITERAL(opline)));
435 }
436 return 1;
437 }
438
zend_optimizer_update_op2_const(zend_op_array * op_array,zend_op * opline,zval * val)439 bool zend_optimizer_update_op2_const(zend_op_array *op_array,
440 zend_op *opline,
441 zval *val)
442 {
443 zval tmp;
444
445 switch (opline->opcode) {
446 case ZEND_ASSIGN_REF:
447 case ZEND_FAST_CALL:
448 return 0;
449 case ZEND_FETCH_CLASS:
450 case ZEND_INSTANCEOF:
451 REQUIRES_STRING(val);
452 drop_leading_backslash(val);
453 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
454 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
455 opline->extended_value = alloc_cache_slots(op_array, 1);
456 break;
457 case ZEND_INIT_FCALL_BY_NAME:
458 REQUIRES_STRING(val);
459 drop_leading_backslash(val);
460 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
461 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
462 opline->result.num = alloc_cache_slots(op_array, 1);
463 break;
464 case ZEND_ASSIGN_STATIC_PROP:
465 case ZEND_ASSIGN_STATIC_PROP_REF:
466 case ZEND_FETCH_STATIC_PROP_R:
467 case ZEND_FETCH_STATIC_PROP_W:
468 case ZEND_FETCH_STATIC_PROP_RW:
469 case ZEND_FETCH_STATIC_PROP_IS:
470 case ZEND_FETCH_STATIC_PROP_UNSET:
471 case ZEND_FETCH_STATIC_PROP_FUNC_ARG:
472 case ZEND_UNSET_STATIC_PROP:
473 case ZEND_ISSET_ISEMPTY_STATIC_PROP:
474 case ZEND_PRE_INC_STATIC_PROP:
475 case ZEND_PRE_DEC_STATIC_PROP:
476 case ZEND_POST_INC_STATIC_PROP:
477 case ZEND_POST_DEC_STATIC_PROP:
478 case ZEND_ASSIGN_STATIC_PROP_OP:
479 REQUIRES_STRING(val);
480 drop_leading_backslash(val);
481 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
482 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
483 if (opline->op1_type != IS_CONST) {
484 opline->extended_value = alloc_cache_slots(op_array, 1) | (opline->extended_value & (ZEND_RETURNS_FUNCTION|ZEND_ISEMPTY|ZEND_FETCH_OBJ_FLAGS));
485 }
486 break;
487 case ZEND_INIT_FCALL:
488 REQUIRES_STRING(val);
489 if (Z_REFCOUNT_P(val) == 1) {
490 zend_str_tolower(Z_STRVAL_P(val), Z_STRLEN_P(val));
491 } else {
492 ZVAL_STR(&tmp, zend_string_tolower(Z_STR_P(val)));
493 zval_ptr_dtor_nogc(val);
494 val = &tmp;
495 }
496 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
497 opline->result.num = alloc_cache_slots(op_array, 1);
498 break;
499 case ZEND_INIT_DYNAMIC_CALL:
500 if (Z_TYPE_P(val) == IS_STRING) {
501 if (zend_memrchr(Z_STRVAL_P(val), ':', Z_STRLEN_P(val))) {
502 return 0;
503 }
504
505 if (zend_optimizer_classify_function(Z_STR_P(val), opline->extended_value)) {
506 /* Dynamic call to various special functions must stay dynamic,
507 * otherwise would drop a warning */
508 return 0;
509 }
510
511 opline->opcode = ZEND_INIT_FCALL_BY_NAME;
512 drop_leading_backslash(val);
513 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
514 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
515 opline->result.num = alloc_cache_slots(op_array, 1);
516 } else {
517 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
518 }
519 break;
520 case ZEND_INIT_METHOD_CALL:
521 REQUIRES_STRING(val);
522 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
523 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
524 opline->result.num = alloc_cache_slots(op_array, 2);
525 break;
526 case ZEND_INIT_STATIC_METHOD_CALL:
527 REQUIRES_STRING(val);
528 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
529 zend_optimizer_add_literal_string(op_array, zend_string_tolower(Z_STR_P(val)));
530 if (opline->op1_type != IS_CONST) {
531 opline->result.num = alloc_cache_slots(op_array, 2);
532 }
533 break;
534 case ZEND_ASSIGN_OBJ:
535 case ZEND_ASSIGN_OBJ_REF:
536 case ZEND_FETCH_OBJ_R:
537 case ZEND_FETCH_OBJ_W:
538 case ZEND_FETCH_OBJ_RW:
539 case ZEND_FETCH_OBJ_IS:
540 case ZEND_FETCH_OBJ_UNSET:
541 case ZEND_FETCH_OBJ_FUNC_ARG:
542 case ZEND_UNSET_OBJ:
543 case ZEND_PRE_INC_OBJ:
544 case ZEND_PRE_DEC_OBJ:
545 case ZEND_POST_INC_OBJ:
546 case ZEND_POST_DEC_OBJ:
547 TO_STRING_NOWARN(val);
548 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
549 opline->extended_value = alloc_cache_slots(op_array, 3);
550 break;
551 case ZEND_ASSIGN_OBJ_OP:
552 TO_STRING_NOWARN(val);
553 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
554 ZEND_ASSERT((opline + 1)->opcode == ZEND_OP_DATA);
555 (opline + 1)->extended_value = alloc_cache_slots(op_array, 3);
556 break;
557 case ZEND_ISSET_ISEMPTY_PROP_OBJ:
558 TO_STRING_NOWARN(val);
559 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
560 opline->extended_value = alloc_cache_slots(op_array, 3) | (opline->extended_value & ZEND_ISEMPTY);
561 break;
562 case ZEND_ASSIGN_DIM_OP:
563 case ZEND_ISSET_ISEMPTY_DIM_OBJ:
564 case ZEND_ASSIGN_DIM:
565 case ZEND_UNSET_DIM:
566 case ZEND_FETCH_DIM_R:
567 case ZEND_FETCH_DIM_W:
568 case ZEND_FETCH_DIM_RW:
569 case ZEND_FETCH_DIM_IS:
570 case ZEND_FETCH_DIM_FUNC_ARG:
571 case ZEND_FETCH_DIM_UNSET:
572 case ZEND_FETCH_LIST_R:
573 case ZEND_FETCH_LIST_W:
574 if (Z_TYPE_P(val) == IS_STRING) {
575 zend_ulong index;
576
577 if (ZEND_HANDLE_NUMERIC(Z_STR_P(val), index)) {
578 ZVAL_LONG(&tmp, index);
579 opline->op2.constant = zend_optimizer_add_literal(op_array, &tmp);
580 zend_string_hash_val(Z_STR_P(val));
581 zend_optimizer_add_literal(op_array, val);
582 Z_EXTRA(op_array->literals[opline->op2.constant]) = ZEND_EXTRA_VALUE;
583 break;
584 }
585 }
586 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
587 break;
588 case ZEND_ADD_ARRAY_ELEMENT:
589 case ZEND_INIT_ARRAY:
590 if (Z_TYPE_P(val) == IS_STRING) {
591 zend_ulong index;
592 if (ZEND_HANDLE_NUMERIC(Z_STR_P(val), index)) {
593 zval_ptr_dtor_nogc(val);
594 ZVAL_LONG(val, index);
595 }
596 }
597 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
598 break;
599 case ZEND_ROPE_INIT:
600 case ZEND_ROPE_ADD:
601 case ZEND_ROPE_END:
602 case ZEND_CONCAT:
603 case ZEND_FAST_CONCAT:
604 TO_STRING_NOWARN(val);
605 if (opline->opcode == ZEND_CONCAT && opline->op1_type == IS_CONST) {
606 opline->opcode = ZEND_FAST_CONCAT;
607 }
608 ZEND_FALLTHROUGH;
609 default:
610 opline->op2.constant = zend_optimizer_add_literal(op_array, val);
611 break;
612 }
613
614 opline->op2_type = IS_CONST;
615 if (Z_TYPE(ZEND_OP2_LITERAL(opline)) == IS_STRING) {
616 zend_string_hash_val(Z_STR(ZEND_OP2_LITERAL(opline)));
617 }
618 return 1;
619 }
620
zend_optimizer_replace_by_const(zend_op_array * op_array,zend_op * opline,uint8_t type,uint32_t var,zval * val)621 bool zend_optimizer_replace_by_const(zend_op_array *op_array,
622 zend_op *opline,
623 uint8_t type,
624 uint32_t var,
625 zval *val)
626 {
627 zend_op *end = op_array->opcodes + op_array->last;
628
629 while (opline < end) {
630 if (opline->op1_type == type &&
631 opline->op1.var == var) {
632 switch (opline->opcode) {
633 /* In most cases IS_TMP_VAR operand may be used only once.
634 * The operands are usually destroyed by the opcode handler.
635 * However, there are some exception which keep the operand alive. In that case
636 * we want to try to replace all uses of the temporary.
637 */
638 case ZEND_FETCH_LIST_R:
639 case ZEND_CASE:
640 case ZEND_CASE_STRICT:
641 case ZEND_SWITCH_LONG:
642 case ZEND_SWITCH_STRING:
643 case ZEND_MATCH:
644 case ZEND_JMP_NULL: {
645 zend_op *end = op_array->opcodes + op_array->last;
646 while (opline < end) {
647 if (opline->op1_type == type && opline->op1.var == var) {
648 /* If this opcode doesn't keep the operand alive, we're done. Check
649 * this early, because op replacement may modify the opline. */
650 bool is_last = opline->opcode != ZEND_FETCH_LIST_R
651 && opline->opcode != ZEND_CASE
652 && opline->opcode != ZEND_CASE_STRICT
653 && opline->opcode != ZEND_SWITCH_LONG
654 && opline->opcode != ZEND_SWITCH_STRING
655 && opline->opcode != ZEND_MATCH
656 && opline->opcode != ZEND_JMP_NULL
657 && (opline->opcode != ZEND_FREE
658 || opline->extended_value != ZEND_FREE_ON_RETURN);
659
660 Z_TRY_ADDREF_P(val);
661 if (!zend_optimizer_update_op1_const(op_array, opline, val)) {
662 zval_ptr_dtor(val);
663 return 0;
664 }
665 if (is_last) {
666 break;
667 }
668 }
669 opline++;
670 }
671 zval_ptr_dtor_nogc(val);
672 return 1;
673 }
674 case ZEND_VERIFY_RETURN_TYPE: {
675 zend_arg_info *ret_info = op_array->arg_info - 1;
676 if (!ZEND_TYPE_CONTAINS_CODE(ret_info->type, Z_TYPE_P(val))
677 || (op_array->fn_flags & ZEND_ACC_RETURN_REFERENCE)) {
678 return 0;
679 }
680 MAKE_NOP(opline);
681
682 /* zend_handle_loops_and_finally may inserts other oplines */
683 do {
684 ++opline;
685 } while (opline->opcode != ZEND_RETURN && opline->opcode != ZEND_RETURN_BY_REF);
686 ZEND_ASSERT(opline->op1.var == var);
687
688 break;
689 }
690 default:
691 break;
692 }
693 return zend_optimizer_update_op1_const(op_array, opline, val);
694 }
695
696 if (opline->op2_type == type &&
697 opline->op2.var == var) {
698 return zend_optimizer_update_op2_const(op_array, opline, val);
699 }
700 opline++;
701 }
702
703 return 1;
704 }
705
706 /* Update jump offsets after a jump was migrated to another opline */
zend_optimizer_migrate_jump(zend_op_array * op_array,zend_op * new_opline,zend_op * opline)707 void zend_optimizer_migrate_jump(zend_op_array *op_array, zend_op *new_opline, zend_op *opline) {
708 switch (new_opline->opcode) {
709 case ZEND_JMP:
710 case ZEND_FAST_CALL:
711 ZEND_SET_OP_JMP_ADDR(new_opline, new_opline->op1, ZEND_OP1_JMP_ADDR(opline));
712 break;
713 case ZEND_JMPZ:
714 case ZEND_JMPNZ:
715 case ZEND_JMPZ_EX:
716 case ZEND_JMPNZ_EX:
717 case ZEND_FE_RESET_R:
718 case ZEND_FE_RESET_RW:
719 case ZEND_JMP_SET:
720 case ZEND_COALESCE:
721 case ZEND_ASSERT_CHECK:
722 case ZEND_JMP_NULL:
723 case ZEND_BIND_INIT_STATIC_OR_JMP:
724 case ZEND_JMP_FRAMELESS:
725 ZEND_SET_OP_JMP_ADDR(new_opline, new_opline->op2, ZEND_OP2_JMP_ADDR(opline));
726 break;
727 case ZEND_FE_FETCH_R:
728 case ZEND_FE_FETCH_RW:
729 new_opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, new_opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value));
730 break;
731 case ZEND_CATCH:
732 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
733 ZEND_SET_OP_JMP_ADDR(new_opline, new_opline->op2, ZEND_OP2_JMP_ADDR(opline));
734 }
735 break;
736 case ZEND_SWITCH_LONG:
737 case ZEND_SWITCH_STRING:
738 case ZEND_MATCH:
739 {
740 HashTable *jumptable = Z_ARRVAL(ZEND_OP2_LITERAL(opline));
741 zval *zv;
742 ZEND_HASH_FOREACH_VAL(jumptable, zv) {
743 Z_LVAL_P(zv) = ZEND_OPLINE_NUM_TO_OFFSET(op_array, new_opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv)));
744 } ZEND_HASH_FOREACH_END();
745 new_opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, new_opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value));
746 break;
747 }
748 }
749 }
750
751 /* Shift jump offsets based on shiftlist */
zend_optimizer_shift_jump(zend_op_array * op_array,zend_op * opline,uint32_t * shiftlist)752 void zend_optimizer_shift_jump(zend_op_array *op_array, zend_op *opline, uint32_t *shiftlist) {
753 switch (opline->opcode) {
754 case ZEND_JMP:
755 case ZEND_FAST_CALL:
756 ZEND_SET_OP_JMP_ADDR(opline, opline->op1, ZEND_OP1_JMP_ADDR(opline) - shiftlist[ZEND_OP1_JMP_ADDR(opline) - op_array->opcodes]);
757 break;
758 case ZEND_JMPZ:
759 case ZEND_JMPNZ:
760 case ZEND_JMPZ_EX:
761 case ZEND_JMPNZ_EX:
762 case ZEND_FE_RESET_R:
763 case ZEND_FE_RESET_RW:
764 case ZEND_JMP_SET:
765 case ZEND_COALESCE:
766 case ZEND_ASSERT_CHECK:
767 case ZEND_JMP_NULL:
768 case ZEND_BIND_INIT_STATIC_OR_JMP:
769 case ZEND_JMP_FRAMELESS:
770 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP2_JMP_ADDR(opline) - shiftlist[ZEND_OP2_JMP_ADDR(opline) - op_array->opcodes]);
771 break;
772 case ZEND_CATCH:
773 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
774 ZEND_SET_OP_JMP_ADDR(opline, opline->op2, ZEND_OP2_JMP_ADDR(opline) - shiftlist[ZEND_OP2_JMP_ADDR(opline) - op_array->opcodes]);
775 }
776 break;
777 case ZEND_FE_FETCH_R:
778 case ZEND_FE_FETCH_RW:
779 opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) - shiftlist[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value)]);
780 break;
781 case ZEND_SWITCH_LONG:
782 case ZEND_SWITCH_STRING:
783 case ZEND_MATCH:
784 {
785 HashTable *jumptable = Z_ARRVAL(ZEND_OP2_LITERAL(opline));
786 zval *zv;
787 ZEND_HASH_FOREACH_VAL(jumptable, zv) {
788 Z_LVAL_P(zv) = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv)) - shiftlist[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv))]);
789 } ZEND_HASH_FOREACH_END();
790 opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value) - shiftlist[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value)]);
791 break;
792 }
793 }
794 }
795
zend_optimizer_get_class_entry(const zend_script * script,const zend_op_array * op_array,zend_string * lcname)796 zend_class_entry *zend_optimizer_get_class_entry(
797 const zend_script *script, const zend_op_array *op_array, zend_string *lcname) {
798 zend_class_entry *ce = script ? zend_hash_find_ptr(&script->class_table, lcname) : NULL;
799 if (ce) {
800 return ce;
801 }
802
803 ce = zend_hash_find_ptr(CG(class_table), lcname);
804 if (ce
805 && (ce->type == ZEND_INTERNAL_CLASS
806 || (op_array && ce->info.user.filename == op_array->filename))) {
807 return ce;
808 }
809
810 if (op_array && op_array->scope && zend_string_equals_ci(op_array->scope->name, lcname)) {
811 return op_array->scope;
812 }
813
814 return NULL;
815 }
816
zend_optimizer_get_class_entry_from_op1(const zend_script * script,const zend_op_array * op_array,const zend_op * opline)817 zend_class_entry *zend_optimizer_get_class_entry_from_op1(
818 const zend_script *script, const zend_op_array *op_array, const zend_op *opline) {
819 if (opline->op1_type == IS_CONST) {
820 zval *op1 = CRT_CONSTANT(opline->op1);
821 if (Z_TYPE_P(op1) == IS_STRING) {
822 return zend_optimizer_get_class_entry(script, op_array, Z_STR_P(op1 + 1));
823 }
824 } else if (opline->op1_type == IS_UNUSED && op_array->scope
825 && !(op_array->scope->ce_flags & ZEND_ACC_TRAIT)
826 && ((opline->op1.num & ZEND_FETCH_CLASS_MASK) == ZEND_FETCH_CLASS_SELF
827 || ((opline->op1.num & ZEND_FETCH_CLASS_MASK) == ZEND_FETCH_CLASS_STATIC
828 && (op_array->scope->ce_flags & ZEND_ACC_FINAL)))) {
829 return op_array->scope;
830 }
831 return NULL;
832 }
833
zend_fetch_class_const_info(const zend_script * script,const zend_op_array * op_array,const zend_op * opline,bool * is_prototype)834 const zend_class_constant *zend_fetch_class_const_info(
835 const zend_script *script, const zend_op_array *op_array, const zend_op *opline, bool *is_prototype) {
836 const zend_class_entry *ce = NULL;
837 bool is_static_reference = false;
838
839 if (!opline || !op_array || opline->op2_type != IS_CONST || Z_TYPE_P(CRT_CONSTANT(opline->op2)) != IS_STRING) {
840 return NULL;
841 }
842 if (opline->op1_type == IS_CONST) {
843 zval *op1 = CRT_CONSTANT(opline->op1);
844 if (Z_TYPE_P(op1) == IS_STRING) {
845 if (script) {
846 ce = zend_optimizer_get_class_entry(script, op_array, Z_STR_P(op1 + 1));
847 } else {
848 zend_class_entry *tmp = zend_hash_find_ptr(EG(class_table), Z_STR_P(op1 + 1));
849 if (tmp != NULL) {
850 if (tmp->type == ZEND_INTERNAL_CLASS) {
851 ce = tmp;
852 } else if (tmp->type == ZEND_USER_CLASS
853 && tmp->info.user.filename
854 && tmp->info.user.filename == op_array->filename) {
855 ce = tmp;
856 }
857 }
858 }
859 }
860 } else if (opline->op1_type == IS_UNUSED
861 && op_array->scope && !(op_array->scope->ce_flags & ZEND_ACC_TRAIT)
862 && !(op_array->fn_flags & ZEND_ACC_TRAIT_CLONE)) {
863 int fetch_type = opline->op1.num & ZEND_FETCH_CLASS_MASK;
864 if (fetch_type == ZEND_FETCH_CLASS_SELF) {
865 ce = op_array->scope;
866 } else if (fetch_type == ZEND_FETCH_CLASS_STATIC) {
867 ce = op_array->scope;
868 is_static_reference = true;
869 } else if (fetch_type == ZEND_FETCH_CLASS_PARENT) {
870 if (op_array->scope->ce_flags & ZEND_ACC_LINKED) {
871 ce = op_array->scope->parent;
872 }
873 }
874 }
875 if (!ce || (ce->ce_flags & ZEND_ACC_TRAIT)) {
876 return NULL;
877 }
878 zend_class_constant *const_info = zend_hash_find_ptr(&ce->constants_table, Z_STR_P(CRT_CONSTANT(opline->op2)));
879 if (!const_info) {
880 return NULL;
881 }
882 if ((ZEND_CLASS_CONST_FLAGS(const_info) & ZEND_ACC_DEPRECATED)
883 || ((ZEND_CLASS_CONST_FLAGS(const_info) & ZEND_ACC_PPP_MASK) != ZEND_ACC_PUBLIC && const_info->ce != op_array->scope)) {
884 return NULL;
885 }
886 *is_prototype = is_static_reference
887 && !(const_info->ce->ce_flags & ZEND_ACC_FINAL) && !(ZEND_CLASS_CONST_FLAGS(const_info) & ZEND_ACC_FINAL);
888
889 return const_info;
890 }
891
zend_optimizer_get_called_func(zend_script * script,zend_op_array * op_array,zend_op * opline,bool * is_prototype)892 zend_function *zend_optimizer_get_called_func(
893 zend_script *script, zend_op_array *op_array, zend_op *opline, bool *is_prototype)
894 {
895 *is_prototype = 0;
896 switch (opline->opcode) {
897 case ZEND_INIT_FCALL:
898 {
899 zend_string *function_name = Z_STR_P(CRT_CONSTANT(opline->op2));
900 zend_function *func;
901 if (script && (func = zend_hash_find_ptr(&script->function_table, function_name)) != NULL) {
902 return func;
903 } else if ((func = zend_hash_find_ptr(EG(function_table), function_name)) != NULL) {
904 if (func->type == ZEND_INTERNAL_FUNCTION) {
905 return func;
906 } else if (func->type == ZEND_USER_FUNCTION &&
907 func->op_array.filename &&
908 func->op_array.filename == op_array->filename) {
909 return func;
910 }
911 }
912 break;
913 }
914 case ZEND_INIT_FCALL_BY_NAME:
915 case ZEND_INIT_NS_FCALL_BY_NAME:
916 if (opline->op2_type == IS_CONST && Z_TYPE_P(CRT_CONSTANT(opline->op2)) == IS_STRING) {
917 zval *function_name = CRT_CONSTANT(opline->op2) + 1;
918 zend_function *func;
919 if (script && (func = zend_hash_find_ptr(&script->function_table, Z_STR_P(function_name)))) {
920 return func;
921 } else if ((func = zend_hash_find_ptr(EG(function_table), Z_STR_P(function_name))) != NULL) {
922 if (func->type == ZEND_INTERNAL_FUNCTION) {
923 return func;
924 } else if (func->type == ZEND_USER_FUNCTION &&
925 func->op_array.filename &&
926 func->op_array.filename == op_array->filename) {
927 return func;
928 }
929 }
930 }
931 break;
932 case ZEND_INIT_STATIC_METHOD_CALL:
933 if (opline->op2_type == IS_CONST && Z_TYPE_P(CRT_CONSTANT(opline->op2)) == IS_STRING) {
934 zend_class_entry *ce = zend_optimizer_get_class_entry_from_op1(
935 script, op_array, opline);
936 if (ce) {
937 zend_string *func_name = Z_STR_P(CRT_CONSTANT(opline->op2) + 1);
938 zend_function *fbc = zend_hash_find_ptr(&ce->function_table, func_name);
939 if (fbc) {
940 bool is_public = (fbc->common.fn_flags & ZEND_ACC_PUBLIC) != 0;
941 bool same_scope = fbc->common.scope == op_array->scope;
942 if (is_public || same_scope) {
943 return fbc;
944 }
945 }
946 }
947 }
948 break;
949 case ZEND_INIT_METHOD_CALL:
950 if (opline->op1_type == IS_UNUSED
951 && opline->op2_type == IS_CONST && Z_TYPE_P(CRT_CONSTANT(opline->op2)) == IS_STRING
952 && op_array->scope
953 && !(op_array->fn_flags & ZEND_ACC_TRAIT_CLONE)
954 && !(op_array->scope->ce_flags & ZEND_ACC_TRAIT)) {
955 zend_string *method_name = Z_STR_P(CRT_CONSTANT(opline->op2) + 1);
956 zend_function *fbc = zend_hash_find_ptr(
957 &op_array->scope->function_table, method_name);
958 if (fbc) {
959 bool is_private = (fbc->common.fn_flags & ZEND_ACC_PRIVATE) != 0;
960 if (is_private) {
961 /* Only use private method if in the same scope. We can't even use it
962 * as a prototype, as it may be overridden with changed signature. */
963 bool same_scope = fbc->common.scope == op_array->scope;
964 return same_scope ? fbc : NULL;
965 }
966 /* Prototype methods are potentially overridden. fbc still contains useful type information.
967 * Some optimizations may not be applied, like inlining or inferring the send-mode of superfluous args.
968 * A method cannot be overridden if the class or method is final. */
969 if ((fbc->common.fn_flags & ZEND_ACC_FINAL) == 0 &&
970 (fbc->common.scope->ce_flags & ZEND_ACC_FINAL) == 0) {
971 *is_prototype = true;
972 }
973 return fbc;
974 }
975 }
976 break;
977 case ZEND_NEW:
978 {
979 zend_class_entry *ce = zend_optimizer_get_class_entry_from_op1(
980 script, op_array, opline);
981 if (ce && ce->type == ZEND_USER_CLASS) {
982 return ce->constructor;
983 }
984 break;
985 }
986 }
987 return NULL;
988 }
989
zend_optimizer_classify_function(zend_string * name,uint32_t num_args)990 uint32_t zend_optimizer_classify_function(zend_string *name, uint32_t num_args) {
991 if (zend_string_equals_literal(name, "extract")) {
992 return ZEND_FUNC_INDIRECT_VAR_ACCESS;
993 } else if (zend_string_equals_literal(name, "compact")) {
994 return ZEND_FUNC_INDIRECT_VAR_ACCESS;
995 } else if (zend_string_equals_literal(name, "get_defined_vars")) {
996 return ZEND_FUNC_INDIRECT_VAR_ACCESS;
997 } else if (zend_string_equals_literal(name, "db2_execute")) {
998 return ZEND_FUNC_INDIRECT_VAR_ACCESS;
999 } else if (zend_string_equals_literal(name, "func_num_args")) {
1000 return ZEND_FUNC_VARARG;
1001 } else if (zend_string_equals_literal(name, "func_get_arg")) {
1002 return ZEND_FUNC_VARARG;
1003 } else if (zend_string_equals_literal(name, "func_get_args")) {
1004 return ZEND_FUNC_VARARG;
1005 } else {
1006 return 0;
1007 }
1008 }
1009
zend_optimizer_get_loop_var_def(const zend_op_array * op_array,zend_op * free_opline)1010 zend_op *zend_optimizer_get_loop_var_def(const zend_op_array *op_array, zend_op *free_opline) {
1011 uint32_t var = free_opline->op1.var;
1012 ZEND_ASSERT(zend_optimizer_is_loop_var_free(free_opline));
1013
1014 while (--free_opline >= op_array->opcodes) {
1015 if ((free_opline->result_type & (IS_TMP_VAR|IS_VAR)) && free_opline->result.var == var) {
1016 return free_opline;
1017 }
1018 }
1019 return NULL;
1020 }
1021
zend_optimize(zend_op_array * op_array,zend_optimizer_ctx * ctx)1022 static void zend_optimize(zend_op_array *op_array,
1023 zend_optimizer_ctx *ctx)
1024 {
1025 if (op_array->type == ZEND_EVAL_CODE) {
1026 return;
1027 }
1028
1029 if (ctx->debug_level & ZEND_DUMP_BEFORE_OPTIMIZER) {
1030 zend_dump_op_array(op_array, ZEND_DUMP_LIVE_RANGES, "before optimizer", NULL);
1031 }
1032
1033 /* pass 1 (Simple local optimizations)
1034 * - persistent constant substitution (true, false, null, etc)
1035 * - constant casting (ADD expects numbers, CONCAT strings, etc)
1036 * - constant expression evaluation
1037 * - optimize constant conditional JMPs
1038 * - pre-evaluate constant function calls
1039 * - eliminate FETCH $GLOBALS followed by FETCH_DIM/UNSET_DIM/ISSET_ISEMPTY_DIM
1040 */
1041 if (ZEND_OPTIMIZER_PASS_1 & ctx->optimization_level) {
1042 zend_optimizer_pass1(op_array, ctx);
1043 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_1) {
1044 zend_dump_op_array(op_array, 0, "after pass 1", NULL);
1045 }
1046 }
1047
1048 /* pass 3: (Jump optimization)
1049 * - optimize series of JMPs
1050 */
1051 if (ZEND_OPTIMIZER_PASS_3 & ctx->optimization_level) {
1052 zend_optimizer_pass3(op_array, ctx);
1053 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_3) {
1054 zend_dump_op_array(op_array, 0, "after pass 3", NULL);
1055 }
1056 }
1057
1058 /* pass 4:
1059 * - INIT_FCALL_BY_NAME -> DO_FCALL
1060 */
1061 if (ZEND_OPTIMIZER_PASS_4 & ctx->optimization_level) {
1062 zend_optimize_func_calls(op_array, ctx);
1063 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_4) {
1064 zend_dump_op_array(op_array, 0, "after pass 4", NULL);
1065 }
1066 }
1067
1068 /* pass 5:
1069 * - CFG optimization
1070 */
1071 if (ZEND_OPTIMIZER_PASS_5 & ctx->optimization_level) {
1072 zend_optimize_cfg(op_array, ctx);
1073 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_5) {
1074 zend_dump_op_array(op_array, 0, "after pass 5", NULL);
1075 }
1076 }
1077
1078 /* pass 6:
1079 * - DFA optimization
1080 */
1081 if ((ZEND_OPTIMIZER_PASS_6 & ctx->optimization_level) &&
1082 !(ZEND_OPTIMIZER_PASS_7 & ctx->optimization_level)) {
1083 zend_optimize_dfa(op_array, ctx);
1084 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_6) {
1085 zend_dump_op_array(op_array, 0, "after pass 6", NULL);
1086 }
1087 }
1088
1089 /* pass 9:
1090 * - Optimize temp variables usage
1091 */
1092 if ((ZEND_OPTIMIZER_PASS_9 & ctx->optimization_level) &&
1093 !(ZEND_OPTIMIZER_PASS_7 & ctx->optimization_level)) {
1094 zend_optimize_temporary_variables(op_array, ctx);
1095 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_9) {
1096 zend_dump_op_array(op_array, 0, "after pass 9", NULL);
1097 }
1098 }
1099
1100 /* pass 10:
1101 * - remove NOPs
1102 */
1103 if (((ZEND_OPTIMIZER_PASS_10|ZEND_OPTIMIZER_PASS_5) & ctx->optimization_level) == ZEND_OPTIMIZER_PASS_10) {
1104 zend_optimizer_nop_removal(op_array, ctx);
1105 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_10) {
1106 zend_dump_op_array(op_array, 0, "after pass 10", NULL);
1107 }
1108 }
1109
1110 /* pass 11:
1111 * - Compact literals table
1112 */
1113 if ((ZEND_OPTIMIZER_PASS_11 & ctx->optimization_level) &&
1114 (!(ZEND_OPTIMIZER_PASS_6 & ctx->optimization_level) ||
1115 !(ZEND_OPTIMIZER_PASS_7 & ctx->optimization_level))) {
1116 zend_optimizer_compact_literals(op_array, ctx);
1117 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_11) {
1118 zend_dump_op_array(op_array, 0, "after pass 11", NULL);
1119 }
1120 }
1121
1122 if ((ZEND_OPTIMIZER_PASS_13 & ctx->optimization_level) &&
1123 (!(ZEND_OPTIMIZER_PASS_6 & ctx->optimization_level) ||
1124 !(ZEND_OPTIMIZER_PASS_7 & ctx->optimization_level))) {
1125 zend_optimizer_compact_vars(op_array);
1126 if (ctx->debug_level & ZEND_DUMP_AFTER_PASS_13) {
1127 zend_dump_op_array(op_array, 0, "after pass 13", NULL);
1128 }
1129 }
1130
1131 if (ZEND_OPTIMIZER_PASS_7 & ctx->optimization_level) {
1132 return;
1133 }
1134
1135 if (ctx->debug_level & ZEND_DUMP_AFTER_OPTIMIZER) {
1136 zend_dump_op_array(op_array, 0, "after optimizer", NULL);
1137 }
1138 }
1139
zend_revert_pass_two(zend_op_array * op_array)1140 static void zend_revert_pass_two(zend_op_array *op_array)
1141 {
1142 zend_op *opline, *end;
1143
1144 ZEND_ASSERT((op_array->fn_flags & ZEND_ACC_DONE_PASS_TWO) != 0);
1145
1146 opline = op_array->opcodes;
1147 end = opline + op_array->last;
1148 while (opline < end) {
1149 if (opline->op1_type == IS_CONST) {
1150 ZEND_PASS_TWO_UNDO_CONSTANT(op_array, opline, opline->op1);
1151 }
1152 if (opline->op2_type == IS_CONST) {
1153 ZEND_PASS_TWO_UNDO_CONSTANT(op_array, opline, opline->op2);
1154 }
1155 /* reset smart branch flags IS_SMART_BRANCH_JMP[N]Z */
1156 opline->result_type &= (IS_TMP_VAR|IS_VAR|IS_CV|IS_CONST);
1157 opline++;
1158 }
1159 #if !ZEND_USE_ABS_CONST_ADDR
1160 if (op_array->literals) {
1161 zval *literals = emalloc(sizeof(zval) * op_array->last_literal);
1162 memcpy(literals, op_array->literals, sizeof(zval) * op_array->last_literal);
1163 op_array->literals = literals;
1164 }
1165 #endif
1166
1167 op_array->T -= ZEND_OBSERVER_ENABLED;
1168
1169 op_array->fn_flags &= ~ZEND_ACC_DONE_PASS_TWO;
1170 }
1171
zend_redo_pass_two(zend_op_array * op_array)1172 static void zend_redo_pass_two(zend_op_array *op_array)
1173 {
1174 zend_op *opline, *end;
1175 #if ZEND_USE_ABS_JMP_ADDR && !ZEND_USE_ABS_CONST_ADDR
1176 zend_op *old_opcodes = op_array->opcodes;
1177 #endif
1178
1179 ZEND_ASSERT((op_array->fn_flags & ZEND_ACC_DONE_PASS_TWO) == 0);
1180
1181 #if !ZEND_USE_ABS_CONST_ADDR
1182 if (op_array->last_literal) {
1183 op_array->opcodes = (zend_op *) erealloc(op_array->opcodes,
1184 ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16) +
1185 sizeof(zval) * op_array->last_literal);
1186 memcpy(((char*)op_array->opcodes) + ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16),
1187 op_array->literals, sizeof(zval) * op_array->last_literal);
1188 efree(op_array->literals);
1189 op_array->literals = (zval*)(((char*)op_array->opcodes) + ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16));
1190 } else {
1191 if (op_array->literals) {
1192 efree(op_array->literals);
1193 }
1194 op_array->literals = NULL;
1195 }
1196 #endif
1197
1198 op_array->T += ZEND_OBSERVER_ENABLED; // reserve last temporary for observers if enabled
1199
1200 opline = op_array->opcodes;
1201 end = opline + op_array->last;
1202 while (opline < end) {
1203 if (opline->op1_type == IS_CONST) {
1204 ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op1);
1205 }
1206 if (opline->op2_type == IS_CONST) {
1207 ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op2);
1208 }
1209 /* fix jumps to point to new array */
1210 switch (opline->opcode) {
1211 #if ZEND_USE_ABS_JMP_ADDR && !ZEND_USE_ABS_CONST_ADDR
1212 case ZEND_JMP:
1213 case ZEND_FAST_CALL:
1214 opline->op1.jmp_addr = &op_array->opcodes[opline->op1.jmp_addr - old_opcodes];
1215 break;
1216 case ZEND_JMPZ:
1217 case ZEND_JMPNZ:
1218 case ZEND_JMPZ_EX:
1219 case ZEND_JMPNZ_EX:
1220 case ZEND_JMP_SET:
1221 case ZEND_COALESCE:
1222 case ZEND_FE_RESET_R:
1223 case ZEND_FE_RESET_RW:
1224 case ZEND_ASSERT_CHECK:
1225 case ZEND_JMP_NULL:
1226 case ZEND_BIND_INIT_STATIC_OR_JMP:
1227 case ZEND_JMP_FRAMELESS:
1228 opline->op2.jmp_addr = &op_array->opcodes[opline->op2.jmp_addr - old_opcodes];
1229 break;
1230 case ZEND_CATCH:
1231 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
1232 opline->op2.jmp_addr = &op_array->opcodes[opline->op2.jmp_addr - old_opcodes];
1233 }
1234 break;
1235 case ZEND_FE_FETCH_R:
1236 case ZEND_FE_FETCH_RW:
1237 case ZEND_SWITCH_LONG:
1238 case ZEND_SWITCH_STRING:
1239 case ZEND_MATCH:
1240 /* relative extended_value don't have to be changed */
1241 break;
1242 #endif
1243 case ZEND_IS_IDENTICAL:
1244 case ZEND_IS_NOT_IDENTICAL:
1245 case ZEND_IS_EQUAL:
1246 case ZEND_IS_NOT_EQUAL:
1247 case ZEND_IS_SMALLER:
1248 case ZEND_IS_SMALLER_OR_EQUAL:
1249 case ZEND_CASE:
1250 case ZEND_CASE_STRICT:
1251 case ZEND_ISSET_ISEMPTY_CV:
1252 case ZEND_ISSET_ISEMPTY_VAR:
1253 case ZEND_ISSET_ISEMPTY_DIM_OBJ:
1254 case ZEND_ISSET_ISEMPTY_PROP_OBJ:
1255 case ZEND_ISSET_ISEMPTY_STATIC_PROP:
1256 case ZEND_INSTANCEOF:
1257 case ZEND_TYPE_CHECK:
1258 case ZEND_DEFINED:
1259 case ZEND_IN_ARRAY:
1260 case ZEND_ARRAY_KEY_EXISTS:
1261 if (opline->result_type & IS_TMP_VAR) {
1262 /* reinitialize result_type of smart branch instructions */
1263 if (opline + 1 < end) {
1264 if ((opline+1)->opcode == ZEND_JMPZ
1265 && (opline+1)->op1_type == IS_TMP_VAR
1266 && (opline+1)->op1.var == opline->result.var) {
1267 opline->result_type = IS_SMART_BRANCH_JMPZ | IS_TMP_VAR;
1268 } else if ((opline+1)->opcode == ZEND_JMPNZ
1269 && (opline+1)->op1_type == IS_TMP_VAR
1270 && (opline+1)->op1.var == opline->result.var) {
1271 opline->result_type = IS_SMART_BRANCH_JMPNZ | IS_TMP_VAR;
1272 }
1273 }
1274 }
1275 break;
1276 }
1277 ZEND_VM_SET_OPCODE_HANDLER(opline);
1278 opline++;
1279 }
1280
1281 op_array->fn_flags |= ZEND_ACC_DONE_PASS_TWO;
1282 }
1283
zend_redo_pass_two_ex(zend_op_array * op_array,zend_ssa * ssa)1284 static void zend_redo_pass_two_ex(zend_op_array *op_array, zend_ssa *ssa)
1285 {
1286 zend_op *opline, *end;
1287 #if ZEND_USE_ABS_JMP_ADDR && !ZEND_USE_ABS_CONST_ADDR
1288 zend_op *old_opcodes = op_array->opcodes;
1289 #endif
1290
1291 ZEND_ASSERT((op_array->fn_flags & ZEND_ACC_DONE_PASS_TWO) == 0);
1292
1293 #if !ZEND_USE_ABS_CONST_ADDR
1294 if (op_array->last_literal) {
1295 op_array->opcodes = (zend_op *) erealloc(op_array->opcodes,
1296 ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16) +
1297 sizeof(zval) * op_array->last_literal);
1298 memcpy(((char*)op_array->opcodes) + ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16),
1299 op_array->literals, sizeof(zval) * op_array->last_literal);
1300 efree(op_array->literals);
1301 op_array->literals = (zval*)(((char*)op_array->opcodes) + ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16));
1302 } else {
1303 if (op_array->literals) {
1304 efree(op_array->literals);
1305 }
1306 op_array->literals = NULL;
1307 }
1308 #endif
1309
1310 opline = op_array->opcodes;
1311 end = opline + op_array->last;
1312 while (opline < end) {
1313 zend_ssa_op *ssa_op = &ssa->ops[opline - op_array->opcodes];
1314 uint32_t op1_info = opline->op1_type == IS_UNUSED ? 0 : (OP1_INFO() & (MAY_BE_UNDEF|MAY_BE_ANY|MAY_BE_REF|MAY_BE_ARRAY_OF_ANY|MAY_BE_ARRAY_KEY_ANY));
1315 uint32_t op2_info = opline->op1_type == IS_UNUSED ? 0 : (OP2_INFO() & (MAY_BE_UNDEF|MAY_BE_ANY|MAY_BE_REF|MAY_BE_ARRAY_OF_ANY|MAY_BE_ARRAY_KEY_ANY));
1316 uint32_t res_info =
1317 (opline->opcode == ZEND_PRE_INC ||
1318 opline->opcode == ZEND_PRE_DEC ||
1319 opline->opcode == ZEND_POST_INC ||
1320 opline->opcode == ZEND_POST_DEC) ?
1321 ((ssa->ops[opline - op_array->opcodes].op1_def >= 0) ? (OP1_DEF_INFO() & (MAY_BE_UNDEF|MAY_BE_ANY|MAY_BE_REF|MAY_BE_ARRAY_OF_ANY|MAY_BE_ARRAY_KEY_ANY)) : MAY_BE_ANY) :
1322 (opline->result_type == IS_UNUSED ? 0 : (RES_INFO() & (MAY_BE_UNDEF|MAY_BE_ANY|MAY_BE_REF|MAY_BE_ARRAY_OF_ANY|MAY_BE_ARRAY_KEY_ANY)));
1323
1324 if (opline->op1_type == IS_CONST) {
1325 ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op1);
1326 }
1327 if (opline->op2_type == IS_CONST) {
1328 ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op2);
1329 }
1330
1331 /* fix jumps to point to new array */
1332 switch (opline->opcode) {
1333 #if ZEND_USE_ABS_JMP_ADDR && !ZEND_USE_ABS_CONST_ADDR
1334 case ZEND_JMP:
1335 case ZEND_FAST_CALL:
1336 opline->op1.jmp_addr = &op_array->opcodes[opline->op1.jmp_addr - old_opcodes];
1337 break;
1338 case ZEND_JMPZ:
1339 case ZEND_JMPNZ:
1340 case ZEND_JMPZ_EX:
1341 case ZEND_JMPNZ_EX:
1342 case ZEND_JMP_SET:
1343 case ZEND_COALESCE:
1344 case ZEND_FE_RESET_R:
1345 case ZEND_FE_RESET_RW:
1346 case ZEND_ASSERT_CHECK:
1347 case ZEND_JMP_NULL:
1348 case ZEND_BIND_INIT_STATIC_OR_JMP:
1349 case ZEND_JMP_FRAMELESS:
1350 opline->op2.jmp_addr = &op_array->opcodes[opline->op2.jmp_addr - old_opcodes];
1351 break;
1352 case ZEND_CATCH:
1353 if (!(opline->extended_value & ZEND_LAST_CATCH)) {
1354 opline->op2.jmp_addr = &op_array->opcodes[opline->op2.jmp_addr - old_opcodes];
1355 }
1356 break;
1357 case ZEND_FE_FETCH_R:
1358 case ZEND_FE_FETCH_RW:
1359 case ZEND_SWITCH_LONG:
1360 case ZEND_SWITCH_STRING:
1361 case ZEND_MATCH:
1362 /* relative extended_value don't have to be changed */
1363 break;
1364 #endif
1365 case ZEND_IS_IDENTICAL:
1366 case ZEND_IS_NOT_IDENTICAL:
1367 case ZEND_IS_EQUAL:
1368 case ZEND_IS_NOT_EQUAL:
1369 case ZEND_IS_SMALLER:
1370 case ZEND_IS_SMALLER_OR_EQUAL:
1371 case ZEND_CASE:
1372 case ZEND_CASE_STRICT:
1373 case ZEND_ISSET_ISEMPTY_CV:
1374 case ZEND_ISSET_ISEMPTY_VAR:
1375 case ZEND_ISSET_ISEMPTY_DIM_OBJ:
1376 case ZEND_ISSET_ISEMPTY_PROP_OBJ:
1377 case ZEND_ISSET_ISEMPTY_STATIC_PROP:
1378 case ZEND_INSTANCEOF:
1379 case ZEND_TYPE_CHECK:
1380 case ZEND_DEFINED:
1381 case ZEND_IN_ARRAY:
1382 case ZEND_ARRAY_KEY_EXISTS:
1383 if (opline->result_type & IS_TMP_VAR) {
1384 /* reinitialize result_type of smart branch instructions */
1385 if (opline + 1 < end) {
1386 if ((opline+1)->opcode == ZEND_JMPZ
1387 && (opline+1)->op1_type == IS_TMP_VAR
1388 && (opline+1)->op1.var == opline->result.var) {
1389 opline->result_type = IS_SMART_BRANCH_JMPZ | IS_TMP_VAR;
1390 } else if ((opline+1)->opcode == ZEND_JMPNZ
1391 && (opline+1)->op1_type == IS_TMP_VAR
1392 && (opline+1)->op1.var == opline->result.var) {
1393 opline->result_type = IS_SMART_BRANCH_JMPNZ | IS_TMP_VAR;
1394 }
1395 }
1396 }
1397 break;
1398 }
1399 #ifdef ZEND_VERIFY_TYPE_INFERENCE
1400 if (ssa_op->op1_use >= 0) {
1401 opline->op1_use_type = ssa->var_info[ssa_op->op1_use].type;
1402 }
1403 if (ssa_op->op2_use >= 0) {
1404 opline->op2_use_type = ssa->var_info[ssa_op->op2_use].type;
1405 }
1406 if (ssa_op->result_use >= 0) {
1407 opline->result_use_type = ssa->var_info[ssa_op->result_use].type;
1408 }
1409 if (ssa_op->op1_def >= 0) {
1410 opline->op1_def_type = ssa->var_info[ssa_op->op1_def].type;
1411 }
1412 if (ssa_op->op2_def >= 0) {
1413 opline->op2_def_type = ssa->var_info[ssa_op->op2_def].type;
1414 }
1415 if (ssa_op->result_def >= 0) {
1416 opline->result_def_type = ssa->var_info[ssa_op->result_def].type;
1417 }
1418 #endif
1419 zend_vm_set_opcode_handler_ex(opline, op1_info, op2_info, res_info);
1420 opline++;
1421 }
1422
1423 op_array->fn_flags |= ZEND_ACC_DONE_PASS_TWO;
1424 }
1425
zend_optimize_op_array(zend_op_array * op_array,zend_optimizer_ctx * ctx)1426 static void zend_optimize_op_array(zend_op_array *op_array,
1427 zend_optimizer_ctx *ctx)
1428 {
1429 /* Revert pass_two() */
1430 zend_revert_pass_two(op_array);
1431
1432 /* Do actual optimizations */
1433 zend_optimize(op_array, ctx);
1434
1435 /* Redo pass_two() */
1436 zend_redo_pass_two(op_array);
1437
1438 if (op_array->live_range) {
1439 zend_recalc_live_ranges(op_array, NULL);
1440 }
1441 }
1442
zend_adjust_fcall_stack_size(zend_op_array * op_array,zend_optimizer_ctx * ctx)1443 static void zend_adjust_fcall_stack_size(zend_op_array *op_array, zend_optimizer_ctx *ctx)
1444 {
1445 zend_function *func;
1446 zend_op *opline, *end;
1447
1448 opline = op_array->opcodes;
1449 end = opline + op_array->last;
1450 while (opline < end) {
1451 if (opline->opcode == ZEND_INIT_FCALL) {
1452 func = zend_hash_find_ptr(
1453 &ctx->script->function_table,
1454 Z_STR_P(RT_CONSTANT(opline, opline->op2)));
1455 if (func) {
1456 opline->op1.num = zend_vm_calc_used_stack(opline->extended_value, func);
1457 }
1458 }
1459 opline++;
1460 }
1461 }
1462
zend_adjust_fcall_stack_size_graph(zend_op_array * op_array)1463 static void zend_adjust_fcall_stack_size_graph(zend_op_array *op_array)
1464 {
1465 zend_func_info *func_info = ZEND_FUNC_INFO(op_array);
1466
1467 if (func_info) {
1468 zend_call_info *call_info =func_info->callee_info;
1469
1470 while (call_info) {
1471 zend_op *opline = call_info->caller_init_opline;
1472
1473 if (opline && call_info->callee_func && opline->opcode == ZEND_INIT_FCALL) {
1474 ZEND_ASSERT(!call_info->is_prototype);
1475 opline->op1.num = zend_vm_calc_used_stack(opline->extended_value, call_info->callee_func);
1476 }
1477 call_info = call_info->next_callee;
1478 }
1479 }
1480 }
1481
needs_live_range(zend_op_array * op_array,zend_op * def_opline)1482 static bool needs_live_range(zend_op_array *op_array, zend_op *def_opline) {
1483 zend_func_info *func_info = ZEND_FUNC_INFO(op_array);
1484 zend_ssa_op *ssa_op = &func_info->ssa.ops[def_opline - op_array->opcodes];
1485 int ssa_var = ssa_op->result_def;
1486 if (ssa_var < 0) {
1487 /* Be conservative. */
1488 return 1;
1489 }
1490
1491 /* If the variable is used by a PHI, this may be the assignment of the final branch of a
1492 * ternary/etc structure. While this is where the live range starts, the value from the other
1493 * branch may also be used. As such, use the type of the PHI node for the following check. */
1494 if (func_info->ssa.vars[ssa_var].phi_use_chain) {
1495 ssa_var = func_info->ssa.vars[ssa_var].phi_use_chain->ssa_var;
1496 }
1497
1498 uint32_t type = func_info->ssa.var_info[ssa_var].type;
1499 return (type & (MAY_BE_STRING|MAY_BE_ARRAY|MAY_BE_OBJECT|MAY_BE_RESOURCE|MAY_BE_REF)) != 0;
1500 }
1501
zend_foreach_op_array_helper(zend_op_array * op_array,zend_op_array_func_t func,void * context)1502 static void zend_foreach_op_array_helper(
1503 zend_op_array *op_array, zend_op_array_func_t func, void *context) {
1504 func(op_array, context);
1505 for (uint32_t i = 0; i < op_array->num_dynamic_func_defs; i++) {
1506 zend_foreach_op_array_helper(op_array->dynamic_func_defs[i], func, context);
1507 }
1508 }
1509
zend_foreach_op_array(zend_script * script,zend_op_array_func_t func,void * context)1510 void zend_foreach_op_array(zend_script *script, zend_op_array_func_t func, void *context)
1511 {
1512 zval *zv;
1513 zend_op_array *op_array;
1514
1515 zend_foreach_op_array_helper(&script->main_op_array, func, context);
1516
1517 ZEND_HASH_MAP_FOREACH_PTR(&script->function_table, op_array) {
1518 zend_foreach_op_array_helper(op_array, func, context);
1519 } ZEND_HASH_FOREACH_END();
1520
1521 ZEND_HASH_MAP_FOREACH_VAL(&script->class_table, zv) {
1522 if (Z_TYPE_P(zv) == IS_ALIAS_PTR) {
1523 continue;
1524 }
1525 zend_class_entry *ce = Z_CE_P(zv);
1526 ZEND_HASH_MAP_FOREACH_PTR(&ce->function_table, op_array) {
1527 if (op_array->scope == ce
1528 && op_array->type == ZEND_USER_FUNCTION
1529 && !(op_array->fn_flags & ZEND_ACC_ABSTRACT)
1530 && !(op_array->fn_flags & ZEND_ACC_TRAIT_CLONE)) {
1531 zend_foreach_op_array_helper(op_array, func, context);
1532 }
1533 } ZEND_HASH_FOREACH_END();
1534 } ZEND_HASH_FOREACH_END();
1535 }
1536
step_optimize_op_array(zend_op_array * op_array,void * context)1537 static void step_optimize_op_array(zend_op_array *op_array, void *context) {
1538 zend_optimize_op_array(op_array, (zend_optimizer_ctx *) context);
1539 }
1540
step_adjust_fcall_stack_size(zend_op_array * op_array,void * context)1541 static void step_adjust_fcall_stack_size(zend_op_array *op_array, void *context) {
1542 zend_adjust_fcall_stack_size(op_array, (zend_optimizer_ctx *) context);
1543 }
1544
step_dump_after_optimizer(zend_op_array * op_array,void * context)1545 static void step_dump_after_optimizer(zend_op_array *op_array, void *context) {
1546 zend_dump_op_array(op_array, ZEND_DUMP_LIVE_RANGES, "after optimizer", NULL);
1547 }
1548
zend_optimizer_call_registered_passes(zend_script * script,void * ctx)1549 static void zend_optimizer_call_registered_passes(zend_script *script, void *ctx) {
1550 for (int i = 0; i < zend_optimizer_registered_passes.last; i++) {
1551 if (!zend_optimizer_registered_passes.pass[i]) {
1552 continue;
1553 }
1554
1555 zend_optimizer_registered_passes.pass[i](script, ctx);
1556 }
1557 }
1558
zend_optimize_script(zend_script * script,zend_long optimization_level,zend_long debug_level)1559 ZEND_API void zend_optimize_script(zend_script *script, zend_long optimization_level, zend_long debug_level)
1560 {
1561 zend_op_array *op_array;
1562 zend_string *name;
1563 zend_optimizer_ctx ctx;
1564 zval *zv;
1565
1566 ctx.arena = zend_arena_create(64 * 1024);
1567 ctx.script = script;
1568 ctx.constants = NULL;
1569 ctx.optimization_level = optimization_level;
1570 ctx.debug_level = debug_level;
1571
1572 if ((ZEND_OPTIMIZER_PASS_6 & optimization_level) &&
1573 (ZEND_OPTIMIZER_PASS_7 & optimization_level)) {
1574 /* Optimize using call-graph */
1575 zend_call_graph call_graph;
1576 zend_build_call_graph(&ctx.arena, script, &call_graph);
1577
1578 int i;
1579 zend_func_info *func_info;
1580
1581 for (i = 0; i < call_graph.op_arrays_count; i++) {
1582 zend_revert_pass_two(call_graph.op_arrays[i]);
1583 zend_optimize(call_graph.op_arrays[i], &ctx);
1584 }
1585
1586 zend_analyze_call_graph(&ctx.arena, script, &call_graph);
1587
1588 for (i = 0; i < call_graph.op_arrays_count; i++) {
1589 func_info = ZEND_FUNC_INFO(call_graph.op_arrays[i]);
1590 if (func_info) {
1591 func_info->call_map = zend_build_call_map(&ctx.arena, func_info, call_graph.op_arrays[i]);
1592 if (call_graph.op_arrays[i]->fn_flags & ZEND_ACC_HAS_RETURN_TYPE) {
1593 zend_init_func_return_info(call_graph.op_arrays[i], script, &func_info->return_info);
1594 }
1595 }
1596 }
1597
1598 for (i = 0; i < call_graph.op_arrays_count; i++) {
1599 func_info = ZEND_FUNC_INFO(call_graph.op_arrays[i]);
1600 if (func_info) {
1601 if (zend_dfa_analyze_op_array(call_graph.op_arrays[i], &ctx, &func_info->ssa) == SUCCESS) {
1602 func_info->flags = func_info->ssa.cfg.flags;
1603 } else {
1604 ZEND_SET_FUNC_INFO(call_graph.op_arrays[i], NULL);
1605 }
1606 }
1607 }
1608
1609 //TODO: perform inner-script inference???
1610 for (i = 0; i < call_graph.op_arrays_count; i++) {
1611 func_info = ZEND_FUNC_INFO(call_graph.op_arrays[i]);
1612 if (func_info) {
1613 zend_dfa_optimize_op_array(call_graph.op_arrays[i], &ctx, &func_info->ssa, func_info->call_map);
1614 }
1615 }
1616
1617 if (debug_level & ZEND_DUMP_AFTER_PASS_7) {
1618 for (i = 0; i < call_graph.op_arrays_count; i++) {
1619 zend_dump_op_array(call_graph.op_arrays[i], 0, "after pass 7", NULL);
1620 }
1621 }
1622
1623 if (ZEND_OPTIMIZER_PASS_9 & optimization_level) {
1624 for (i = 0; i < call_graph.op_arrays_count; i++) {
1625 zend_optimize_temporary_variables(call_graph.op_arrays[i], &ctx);
1626 if (debug_level & ZEND_DUMP_AFTER_PASS_9) {
1627 zend_dump_op_array(call_graph.op_arrays[i], 0, "after pass 9", NULL);
1628 }
1629 }
1630 }
1631
1632 if (ZEND_OPTIMIZER_PASS_11 & optimization_level) {
1633 for (i = 0; i < call_graph.op_arrays_count; i++) {
1634 zend_optimizer_compact_literals(call_graph.op_arrays[i], &ctx);
1635 if (debug_level & ZEND_DUMP_AFTER_PASS_11) {
1636 zend_dump_op_array(call_graph.op_arrays[i], 0, "after pass 11", NULL);
1637 }
1638 }
1639 }
1640
1641 if (ZEND_OPTIMIZER_PASS_13 & optimization_level) {
1642 for (i = 0; i < call_graph.op_arrays_count; i++) {
1643 zend_optimizer_compact_vars(call_graph.op_arrays[i]);
1644 if (debug_level & ZEND_DUMP_AFTER_PASS_13) {
1645 zend_dump_op_array(call_graph.op_arrays[i], 0, "after pass 13", NULL);
1646 }
1647 }
1648 }
1649
1650 if (ZEND_OBSERVER_ENABLED) {
1651 for (i = 0; i < call_graph.op_arrays_count; i++) {
1652 ++call_graph.op_arrays[i]->T; // ensure accurate temporary count for stack size precalculation
1653 }
1654 }
1655
1656 if (ZEND_OPTIMIZER_PASS_12 & optimization_level) {
1657 for (i = 0; i < call_graph.op_arrays_count; i++) {
1658 zend_adjust_fcall_stack_size_graph(call_graph.op_arrays[i]);
1659 }
1660 }
1661
1662 for (i = 0; i < call_graph.op_arrays_count; i++) {
1663 op_array = call_graph.op_arrays[i];
1664 func_info = ZEND_FUNC_INFO(op_array);
1665 if (func_info && func_info->ssa.var_info) {
1666 zend_redo_pass_two_ex(op_array, &func_info->ssa);
1667 if (op_array->live_range) {
1668 zend_recalc_live_ranges(op_array, needs_live_range);
1669 }
1670 } else {
1671 op_array->T -= ZEND_OBSERVER_ENABLED; // redo_pass_two will re-increment it
1672
1673 zend_redo_pass_two(op_array);
1674 if (op_array->live_range) {
1675 zend_recalc_live_ranges(op_array, NULL);
1676 }
1677 }
1678 }
1679
1680 for (i = 0; i < call_graph.op_arrays_count; i++) {
1681 ZEND_SET_FUNC_INFO(call_graph.op_arrays[i], NULL);
1682 }
1683 } else {
1684 zend_foreach_op_array(script, step_optimize_op_array, &ctx);
1685
1686 if (ZEND_OPTIMIZER_PASS_12 & optimization_level) {
1687 zend_foreach_op_array(script, step_adjust_fcall_stack_size, &ctx);
1688 }
1689 }
1690
1691 ZEND_HASH_MAP_FOREACH_VAL(&script->class_table, zv) {
1692 if (Z_TYPE_P(zv) == IS_ALIAS_PTR) {
1693 continue;
1694 }
1695 zend_class_entry *ce = Z_CE_P(zv);
1696 ZEND_HASH_MAP_FOREACH_STR_KEY_PTR(&ce->function_table, name, op_array) {
1697 if (op_array->scope != ce && op_array->type == ZEND_USER_FUNCTION) {
1698 zend_op_array *orig_op_array =
1699 zend_hash_find_ptr(&op_array->scope->function_table, name);
1700
1701 ZEND_ASSERT(orig_op_array != NULL);
1702 if (orig_op_array != op_array) {
1703 uint32_t fn_flags = op_array->fn_flags;
1704 zend_function *prototype = op_array->prototype;
1705 HashTable *ht = op_array->static_variables;
1706
1707 *op_array = *orig_op_array;
1708 op_array->fn_flags = fn_flags;
1709 op_array->prototype = prototype;
1710 op_array->static_variables = ht;
1711 }
1712 }
1713 } ZEND_HASH_FOREACH_END();
1714 } ZEND_HASH_FOREACH_END();
1715
1716 zend_optimizer_call_registered_passes(script, &ctx);
1717
1718 if ((debug_level & ZEND_DUMP_AFTER_OPTIMIZER) &&
1719 (ZEND_OPTIMIZER_PASS_7 & optimization_level)) {
1720 zend_foreach_op_array(script, step_dump_after_optimizer, NULL);
1721 }
1722
1723 if (ctx.constants) {
1724 zend_hash_destroy(ctx.constants);
1725 }
1726 zend_arena_destroy(ctx.arena);
1727 }
1728
zend_optimizer_register_pass(zend_optimizer_pass_t pass)1729 ZEND_API int zend_optimizer_register_pass(zend_optimizer_pass_t pass)
1730 {
1731 if (!pass) {
1732 return -1;
1733 }
1734
1735 if (zend_optimizer_registered_passes.last == ZEND_OPTIMIZER_MAX_REGISTERED_PASSES) {
1736 return -1;
1737 }
1738
1739 zend_optimizer_registered_passes.pass[
1740 zend_optimizer_registered_passes.last++] = pass;
1741
1742 return zend_optimizer_registered_passes.last;
1743 }
1744
zend_optimizer_unregister_pass(int idx)1745 ZEND_API void zend_optimizer_unregister_pass(int idx)
1746 {
1747 zend_optimizer_registered_passes.pass[idx-1] = NULL;
1748 }
1749
zend_optimizer_startup(void)1750 zend_result zend_optimizer_startup(void)
1751 {
1752 return zend_func_info_startup();
1753 }
1754
zend_optimizer_shutdown(void)1755 zend_result zend_optimizer_shutdown(void)
1756 {
1757 return zend_func_info_shutdown();
1758 }
1759
