/src/php-src/Zend/zend_objects_API.c

Source
/*
   +----------------------------------------------------------------------+
   | Zend Engine                                                          |
   +----------------------------------------------------------------------+
   | Copyright (c) Zend Technologies Ltd. (http://www.zend.com)           |
   +----------------------------------------------------------------------+
   | This source file is subject to version 2.00 of the Zend license,     |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | http://www.zend.com/license/2_00.txt.                                |
   | If you did not receive a copy of the Zend license and are unable to  |
   | obtain it through the world-wide-web, please send a note to          |
   | license@zend.com so we can mail you a copy immediately.              |
   +----------------------------------------------------------------------+
   | Authors: Andi Gutmans <andi@php.net>                                 |
   |          Zeev Suraski <zeev@php.net>                                 |
   |          Dmitry Stogov <dmitry@php.net>                              |
   +----------------------------------------------------------------------+
*/

#include "zend.h"
#include "zend_globals.h"
#include "zend_variables.h"
#include "zend_API.h"
#include "zend_objects_API.h"
#include "zend_fibers.h"

ZEND_API void ZEND_FASTCALL zend_objects_store_init(zend_objects_store *objects, uint32_t init_size)
{
  objects->object_buckets = (zend_object **) emalloc(init_size * sizeof(zend_object*));
  objects->top = 1; /* Skip 0 so that handles are true */
  objects->size = init_size;
  objects->free_list_head = -1;
  memset(&objects->object_buckets[0], 0, sizeof(zend_object*));
}

ZEND_API void ZEND_FASTCALL zend_objects_store_destroy(zend_objects_store *objects)
{
  efree(objects->object_buckets);
  objects->object_buckets = NULL;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_call_destructors(zend_objects_store *objects)
{
  EG(flags) |= EG_FLAGS_OBJECT_STORE_NO_REUSE;
  if (objects->top > 1) {
    uint32_t i;
    for (i = 1; i < objects->top; i++) {
      zend_object *obj = objects->object_buckets[i];
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_DESTRUCTOR_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);

          if (obj->handlers->dtor_obj != zend_objects_destroy_object
              || obj->ce->destructor) {
            GC_ADDREF(obj);
            obj->handlers->dtor_obj(obj);
            GC_DELREF(obj);
          }
        }
      }
    }
  }
}

ZEND_API void ZEND_FASTCALL zend_objects_store_mark_destructed(zend_objects_store *objects)
{
  if (objects->object_buckets && objects->top > 1) {
    zend_object **obj_ptr = objects->object_buckets + 1;
    zend_object **end = objects->object_buckets + objects->top;

    do {
      zend_object *obj = *obj_ptr;

      if (IS_OBJ_VALID(obj)) {
        GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
      }
      obj_ptr++;
    } while (obj_ptr != end);
  }
}

ZEND_API void ZEND_FASTCALL zend_objects_store_free_object_storage(zend_objects_store *objects, bool fast_shutdown)
{
  zend_object **obj_ptr, **end, *obj;

  if (objects->top <= 1) {
    return;
  }

  /* Free object contents, but don't free objects themselves, so they show up as leaks.
   * Also add a ref to all objects, so the object can't be freed by something else later. */
  end = objects->object_buckets + 1;
  obj_ptr = objects->object_buckets + objects->top;

  if (fast_shutdown) {
    do {
      obj_ptr--;
      obj = *obj_ptr;
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
          if (obj->handlers->free_obj != zend_object_std_dtor
           || (OBJ_FLAGS(obj) & IS_OBJ_WEAKLY_REFERENCED)
          ) {
            GC_ADDREF(obj);
            obj->handlers->free_obj(obj);
          }
        }
      }
    } while (obj_ptr != end);
  } else {
    do {
      obj_ptr--;
      obj = *obj_ptr;
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
          GC_ADDREF(obj);
          obj->handlers->free_obj(obj);
        }
      }
    } while (obj_ptr != end);
  }
}


/* Store objects API */
static ZEND_COLD zend_never_inline void ZEND_FASTCALL zend_objects_store_put_cold(zend_object *object)
{
  int handle;
  uint32_t new_size = 2 * EG(objects_store).size;

  EG(objects_store).object_buckets = (zend_object **) erealloc(EG(objects_store).object_buckets, new_size * sizeof(zend_object*));
  /* Assign size after realloc, in case it fails */
  EG(objects_store).size = new_size;
  handle = EG(objects_store).top++;
  object->handle = handle;
  EG(objects_store).object_buckets[handle] = object;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_put(zend_object *object)
{
  int handle;

  /* When in shutdown sequence - do not reuse previously freed handles, to make sure
   * the dtors for newly created objects are called in zend_objects_store_call_destructors() loop
   */
  if (EG(objects_store).free_list_head != -1 && EXPECTED(!(EG(flags) & EG_FLAGS_OBJECT_STORE_NO_REUSE))) {
    handle = EG(objects_store).free_list_head;
    EG(objects_store).free_list_head = GET_OBJ_BUCKET_NUMBER(EG(objects_store).object_buckets[handle]);
  } else if (UNEXPECTED(EG(objects_store).top == EG(objects_store).size)) {
    zend_objects_store_put_cold(object);
    return;
  } else {
    handle = EG(objects_store).top++;
  }
  object->handle = handle;
  EG(objects_store).object_buckets[handle] = object;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_del(zend_object *object) /* {{{ */
{
  ZEND_ASSERT(GC_REFCOUNT(object) == 0);

  /* GC might have released this object already. */
  if (UNEXPECTED(GC_TYPE(object) == IS_NULL)) {
    return;
  }

  /*  Make sure we hold a reference count during the destructor call
    otherwise, when the destructor ends the storage might be freed
    when the refcount reaches 0 a second time
   */
  if (!(OBJ_FLAGS(object) & IS_OBJ_DESTRUCTOR_CALLED)) {
    GC_ADD_FLAGS(object, IS_OBJ_DESTRUCTOR_CALLED);

    if (object->handlers->dtor_obj != zend_objects_destroy_object
        || object->ce->destructor) {
      GC_SET_REFCOUNT(object, 1);
      object->handlers->dtor_obj(object);
      GC_DELREF(object);
    }
  }

  if (GC_REFCOUNT(object) == 0) {
    uint32_t handle = object->handle;
    void *ptr;

    ZEND_ASSERT(EG(objects_store).object_buckets != NULL);
    ZEND_ASSERT(IS_OBJ_VALID(EG(objects_store).object_buckets[handle]));
    EG(objects_store).object_buckets[handle] = SET_OBJ_INVALID(object);
    if (!(OBJ_FLAGS(object) & IS_OBJ_FREE_CALLED)) {
      GC_ADD_FLAGS(object, IS_OBJ_FREE_CALLED);
      GC_SET_REFCOUNT(object, 1);
      object->handlers->free_obj(object);
    }
    ptr = ((char*)object) - object->handlers->offset;
    GC_REMOVE_FROM_BUFFER(object);
    efree(ptr);
    ZEND_OBJECTS_STORE_ADD_TO_FREE_LIST(handle);
  }
}
/* }}} */

ZEND_API ZEND_COLD zend_property_info *zend_get_property_info_for_slot_slow(zend_object *obj, zval *slot)
{
  uintptr_t offset = OBJ_PROP_SLOT_TO_OFFSET(obj, slot);
  zend_property_info *prop_info;
  ZEND_HASH_MAP_FOREACH_PTR(&obj->ce->properties_info, prop_info) {
    if (prop_info->offset == offset) {
      return prop_info;
    }
  } ZEND_HASH_FOREACH_END();
  return NULL;
}

Coverage Report

Created: 2025-12-14 06:05

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Zend Engine \|
4		+----------------------------------------------------------------------+
5		\| Copyright (c) Zend Technologies Ltd. (http://www.zend.com) \|
6		+----------------------------------------------------------------------+
7		\| This source file is subject to version 2.00 of the Zend license, \|
8		\| that is bundled with this package in the file LICENSE, and is \|
9		\| available through the world-wide-web at the following url: \|
10		\| http://www.zend.com/license/2_00.txt. \|
11		\| If you did not receive a copy of the Zend license and are unable to \|
12		\| obtain it through the world-wide-web, please send a note to \|
13		\| license@zend.com so we can mail you a copy immediately. \|
14		+----------------------------------------------------------------------+
15		\| Authors: Andi Gutmans <andi@php.net> \|
16		\| Zeev Suraski <zeev@php.net> \|
17		\| Dmitry Stogov <dmitry@php.net> \|
18		+----------------------------------------------------------------------+
19		*/
20
21		#include "zend.h"
22		#include "zend_globals.h"
23		#include "zend_variables.h"
24		#include "zend_API.h"
25		#include "zend_objects_API.h"
26		#include "zend_fibers.h"
27
28		ZEND_API void ZEND_FASTCALL zend_objects_store_init(zend_objects_store *objects, uint32_t init_size)
29	50.4k	{
30	50.4k	objects->object_buckets = (zend_object *) emalloc(init_size sizeof(zend_object*));
31	50.4k	objects->top = 1; /* Skip 0 so that handles are true */
32	50.4k	objects->size = init_size;
33	50.4k	objects->free_list_head = -1;
34	50.4k	memset(&objects->object_buckets[0], 0, sizeof(zend_object*));
35	50.4k	}
36
37		ZEND_API void ZEND_FASTCALL zend_objects_store_destroy(zend_objects_store *objects)
38	50.4k	{
39	50.4k	efree(objects->object_buckets);
40	50.4k	objects->object_buckets = NULL;
41	50.4k	}
42
43		ZEND_API void ZEND_FASTCALL zend_objects_store_call_destructors(zend_objects_store *objects)
44	50.3k	{
45	50.3k	EG(flags) \|= EG_FLAGS_OBJECT_STORE_NO_REUSE;
46	50.3k	if (objects->top > 1) {
47	5.69k	uint32_t i;
48	21.6k	for (i = 1; i < objects->top; i++) {
49	15.9k	zend_object *obj = objects->object_buckets[i];
50	15.9k	if (IS_OBJ_VALID(obj)) {
51	7.54k	if (!(OBJ_FLAGS(obj) & IS_OBJ_DESTRUCTOR_CALLED)) {
52	6.62k	GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
53
54	6.62k	if (obj->handlers->dtor_obj != zend_objects_destroy_object
55	6.34k	\|\| obj->ce->destructor) {
56	292	GC_ADDREF(obj);
57	292	obj->handlers->dtor_obj(obj);
58	292	GC_DELREF(obj);
59	292	}
60	6.62k	}
61	7.54k	}
62	15.9k	}
63	5.69k	}
64	50.3k	}
65
66		ZEND_API void ZEND_FASTCALL zend_objects_store_mark_destructed(zend_objects_store *objects)
67	684	{
68	684	if (objects->object_buckets && objects->top > 1) {
69	19	zend_object **obj_ptr = objects->object_buckets + 1;
70	19	zend_object **end = objects->object_buckets + objects->top;
71
72	2.03k	do {
73	2.03k	zend_object obj = obj_ptr;
74
75	2.03k	if (IS_OBJ_VALID(obj)) {
76	2.01k	GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
77	2.01k	}
78	2.03k	obj_ptr++;
79	2.03k	} while (obj_ptr != end);
80	19	}
81	684	}
82
83		ZEND_API void ZEND_FASTCALL zend_objects_store_free_object_storage(zend_objects_store *objects, bool fast_shutdown)
84	50.4k	{
85	50.4k	zend_object obj_ptr, end, *obj;
86
87	50.4k	if (objects->top <= 1) {
88	44.7k	return;
89	44.7k	}
90
91		/* Free object contents, but don't free objects themselves, so they show up as leaks.
92		* Also add a ref to all objects, so the object can't be freed by something else later. */
93	5.69k	end = objects->object_buckets + 1;
94	5.69k	obj_ptr = objects->object_buckets + objects->top;
95
96	5.69k	if (fast_shutdown) {
97	0	do {
98	0	obj_ptr--;
99	0	obj = *obj_ptr;
100	0	if (IS_OBJ_VALID(obj)) {
101	0	if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
102	0	GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
103	0	if (obj->handlers->free_obj != zend_object_std_dtor
104	0	\|\| (OBJ_FLAGS(obj) & IS_OBJ_WEAKLY_REFERENCED)
105	0	) {
106	0	GC_ADDREF(obj);
107	0	obj->handlers->free_obj(obj);
108	0	}
109	0	}
110	0	}
111	0	} while (obj_ptr != end);
112	5.69k	} else {
113	17.5k	do {
114	17.5k	obj_ptr--;
115	17.5k	obj = *obj_ptr;
116	17.5k	if (IS_OBJ_VALID(obj)) {
117	6.98k	if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
118	6.98k	GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
119	6.98k	GC_ADDREF(obj);
120	6.98k	obj->handlers->free_obj(obj);
121	6.98k	}
122	6.98k	}
123	17.5k	} while (obj_ptr != end);
124	5.69k	}
125	5.69k	}
126
127
128		/* Store objects API */
129		static ZEND_COLD zend_never_inline void ZEND_FASTCALL zend_objects_store_put_cold(zend_object *object)
130	0	{
131	0	int handle;
132	0	uint32_t new_size = 2 * EG(objects_store).size;
133
134	0	EG(objects_store).object_buckets = (zend_object *) erealloc(EG(objects_store).object_buckets, new_size sizeof(zend_object*));
135		/* Assign size after realloc, in case it fails */
136	0	EG(objects_store).size = new_size;
137	0	handle = EG(objects_store).top++;
138	0	object->handle = handle;
139	0	EG(objects_store).object_buckets[handle] = object;
140	0	}
141
142		ZEND_API void ZEND_FASTCALL zend_objects_store_put(zend_object *object)
143	31.0k	{
144	31.0k	int handle;
145
146		/* When in shutdown sequence - do not reuse previously freed handles, to make sure
147		* the dtors for newly created objects are called in zend_objects_store_call_destructors() loop
148		*/
149	31.0k	if (EG(objects_store).free_list_head != -1 && EXPECTED(!(EG(flags) & EG_FLAGS_OBJECT_STORE_NO_REUSE))) {
150	13.4k	handle = EG(objects_store).free_list_head;
151	13.4k	EG(objects_store).free_list_head = GET_OBJ_BUCKET_NUMBER(EG(objects_store).object_buckets[handle]);
152	17.5k	} else if (UNEXPECTED(EG(objects_store).top == EG(objects_store).size)) {
153	0	zend_objects_store_put_cold(object);
154	0	return;
155	17.5k	} else {
156	17.5k	handle = EG(objects_store).top++;
157	17.5k	}
158	31.0k	object->handle = handle;
159	31.0k	EG(objects_store).object_buckets[handle] = object;
160	31.0k	}
161
162		ZEND_API void ZEND_FASTCALL zend_objects_store_del(zend_object object) / {{{ */
163	25.6k	{
164	25.6k	ZEND_ASSERT(GC_REFCOUNT(object) == 0);
165
166		/* GC might have released this object already. */
167	25.6k	if (UNEXPECTED(GC_TYPE(object) == IS_NULL)) {
168	3	return;
169	3	}
170
171		/* Make sure we hold a reference count during the destructor call
172		otherwise, when the destructor ends the storage might be freed
173		when the refcount reaches 0 a second time
174		*/
175	25.6k	if (!(OBJ_FLAGS(object) & IS_OBJ_DESTRUCTOR_CALLED)) {
176	22.7k	GC_ADD_FLAGS(object, IS_OBJ_DESTRUCTOR_CALLED);
177
178	22.7k	if (object->handlers->dtor_obj != zend_objects_destroy_object
179	22.5k	\|\| object->ce->destructor) {
180	2.02k	GC_SET_REFCOUNT(object, 1);
181	2.02k	object->handlers->dtor_obj(object);
182	2.02k	GC_DELREF(object);
183	2.02k	}
184	22.7k	}
185
186	25.6k	if (GC_REFCOUNT(object) == 0) {
187	24.0k	uint32_t handle = object->handle;
188	24.0k	void *ptr;
189
190	24.0k	ZEND_ASSERT(EG(objects_store).object_buckets != NULL);
191	24.0k	ZEND_ASSERT(IS_OBJ_VALID(EG(objects_store).object_buckets[handle]));
192	24.0k	EG(objects_store).object_buckets[handle] = SET_OBJ_INVALID(object);
193	24.0k	if (!(OBJ_FLAGS(object) & IS_OBJ_FREE_CALLED)) {
194	24.0k	GC_ADD_FLAGS(object, IS_OBJ_FREE_CALLED);
195	24.0k	GC_SET_REFCOUNT(object, 1);
196	24.0k	object->handlers->free_obj(object);
197	24.0k	}
198	24.0k	ptr = ((char*)object) - object->handlers->offset;
199	24.0k	GC_REMOVE_FROM_BUFFER(object);
200	24.0k	efree(ptr);
201	24.0k	ZEND_OBJECTS_STORE_ADD_TO_FREE_LIST(handle);
202	24.0k	}
203	25.6k	}
204		/* }}} */
205
206		ZEND_API ZEND_COLD zend_property_info zend_get_property_info_for_slot_slow(zend_object obj, zval *slot)
207	3	{
208	3	uintptr_t offset = OBJ_PROP_SLOT_TO_OFFSET(obj, slot);
209	3	zend_property_info *prop_info;
210	12	ZEND_HASH_MAP_FOREACH_PTR(&obj->ce->properties_info, prop_info) {
211	12	if (prop_info->offset == offset) {
212	3	return prop_info;
213	3	}
214	12	} ZEND_HASH_FOREACH_END();
215	0	return NULL;
216	3	}