/src/php-src/Zend/zend_objects_API.c

Source
/*
   +----------------------------------------------------------------------+
   | Zend Engine                                                          |
   +----------------------------------------------------------------------+
   | Copyright © Zend Technologies Ltd., a subsidiary company of          |
   |     Perforce Software, Inc., and Contributors.                       |
   +----------------------------------------------------------------------+
   | This source file is subject to the Modified BSD License that is      |
   | bundled with this package in the file LICENSE, and is available      |
   | through the World Wide Web at <https://www.php.net/license/>.        |
   |                                                                      |
   | SPDX-License-Identifier: BSD-3-Clause                                |
   +----------------------------------------------------------------------+
   | Authors: Andi Gutmans <andi@php.net>                                 |
   |          Zeev Suraski <zeev@php.net>                                 |
   |          Dmitry Stogov <dmitry@php.net>                              |
   +----------------------------------------------------------------------+
*/

#include "zend.h"
#include "zend_globals.h"
#include "zend_variables.h"
#include "zend_API.h"
#include "zend_objects_API.h"
#include "zend_fibers.h"

ZEND_API void ZEND_FASTCALL zend_objects_store_init(zend_objects_store *objects, uint32_t init_size)
{
  objects->object_buckets = (zend_object **) emalloc(init_size * sizeof(zend_object*));
  objects->top = 1; /* Skip 0 so that handles are true */
  objects->size = init_size;
  objects->free_list_head = -1;
  memset(&objects->object_buckets[0], 0, sizeof(zend_object*));
}

ZEND_API void ZEND_FASTCALL zend_objects_store_destroy(zend_objects_store *objects)
{
  efree(objects->object_buckets);
  objects->object_buckets = NULL;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_call_destructors(zend_objects_store *objects)
{
  EG(flags) |= EG_FLAGS_OBJECT_STORE_NO_REUSE;
  if (objects->top > 1) {
    for (uint32_t i = 1; i < objects->top; i++) {
      zend_object *obj = objects->object_buckets[i];
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_DESTRUCTOR_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);

          if (obj->handlers->dtor_obj != zend_objects_destroy_object
              || obj->ce->destructor) {
            GC_ADDREF(obj);
            obj->handlers->dtor_obj(obj);
            GC_DELREF(obj);
          }
        }
      }
    }
  }
}

ZEND_API void ZEND_FASTCALL zend_objects_store_mark_destructed(zend_objects_store *objects)
{
  if (objects->object_buckets && objects->top > 1) {
    zend_object **obj_ptr = objects->object_buckets + 1;
    zend_object **end = objects->object_buckets + objects->top;

    do {
      zend_object *obj = *obj_ptr;

      if (IS_OBJ_VALID(obj)) {
        GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
      }
      obj_ptr++;
    } while (obj_ptr != end);
  }
}

ZEND_API void ZEND_FASTCALL zend_objects_store_free_object_storage(zend_objects_store *objects, bool fast_shutdown)
{
  zend_object **obj_ptr, **end, *obj;

  if (objects->top <= 1) {
    return;
  }

  /* Free object contents, but don't free objects themselves, so they show up as leaks.
   * Also add a ref to all objects, so the object can't be freed by something else later. */
  end = objects->object_buckets + 1;
  obj_ptr = objects->object_buckets + objects->top;

  if (fast_shutdown) {
    do {
      obj_ptr--;
      obj = *obj_ptr;
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
          if (obj->handlers->free_obj != zend_object_std_dtor
           || (OBJ_FLAGS(obj) & IS_OBJ_WEAKLY_REFERENCED)
          ) {
            GC_ADDREF(obj);
            obj->handlers->free_obj(obj);
          }
        }
      }
    } while (obj_ptr != end);
  } else {
    do {
      obj_ptr--;
      obj = *obj_ptr;
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
          GC_ADDREF(obj);
          obj->handlers->free_obj(obj);
        }
      }
    } while (obj_ptr != end);
  }
}


/* Store objects API */
static ZEND_COLD zend_never_inline void ZEND_FASTCALL zend_objects_store_put_cold(zend_object *object)
{
  uint32_t new_size = 2 * EG(objects_store).size;

  EG(objects_store).object_buckets = (zend_object **) erealloc(EG(objects_store).object_buckets, new_size * sizeof(zend_object*));
  /* Assign size after realloc, in case it fails */
  EG(objects_store).size = new_size;
  uint32_t handle = EG(objects_store).top++;
  object->handle = handle;
  EG(objects_store).object_buckets[handle] = object;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_put(zend_object *object)
{
  uint32_t handle;

  /* When in shutdown sequence - do not reuse previously freed handles, to make sure
   * the dtors for newly created objects are called in zend_objects_store_call_destructors() loop
   */
  if (EG(objects_store).free_list_head != -1 && EXPECTED(!(EG(flags) & EG_FLAGS_OBJECT_STORE_NO_REUSE))) {
    handle = EG(objects_store).free_list_head;
    EG(objects_store).free_list_head = GET_OBJ_BUCKET_NUMBER(EG(objects_store).object_buckets[handle]);
  } else if (UNEXPECTED(EG(objects_store).top == EG(objects_store).size)) {
    zend_objects_store_put_cold(object);
    return;
  } else {
    handle = EG(objects_store).top++;
  }
  object->handle = handle;
  EG(objects_store).object_buckets[handle] = object;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_del(zend_object *object) /* {{{ */
{
  ZEND_ASSERT(GC_REFCOUNT(object) == 0);

  /* GC might have released this object already. */
  if (UNEXPECTED(GC_TYPE(object) == IS_NULL)) {
    return;
  }

  /*  Make sure we hold a reference count during the destructor call
    otherwise, when the destructor ends the storage might be freed
    when the refcount reaches 0 a second time
   */
  if (!(OBJ_FLAGS(object) & IS_OBJ_DESTRUCTOR_CALLED)) {
    GC_ADD_FLAGS(object, IS_OBJ_DESTRUCTOR_CALLED);

    if (object->handlers->dtor_obj != zend_objects_destroy_object
        || object->ce->destructor) {
      GC_SET_REFCOUNT(object, 1);
      object->handlers->dtor_obj(object);
      GC_DELREF(object);
    }
  }

  if (GC_REFCOUNT(object) == 0) {
    uint32_t handle = object->handle;
    void *ptr;

    ZEND_ASSERT(EG(objects_store).object_buckets != NULL);
    ZEND_ASSERT(IS_OBJ_VALID(EG(objects_store).object_buckets[handle]));
    EG(objects_store).object_buckets[handle] = SET_OBJ_INVALID(object);
    if (!(OBJ_FLAGS(object) & IS_OBJ_FREE_CALLED)) {
      GC_ADD_FLAGS(object, IS_OBJ_FREE_CALLED);
      GC_SET_REFCOUNT(object, 1);
      object->handlers->free_obj(object);
    }
    ptr = ((char*)object) - object->handlers->offset;
    GC_REMOVE_FROM_BUFFER(object);
    efree(ptr);
    ZEND_OBJECTS_STORE_ADD_TO_FREE_LIST(handle);
  }
}
/* }}} */

ZEND_API ZEND_COLD zend_property_info *zend_get_property_info_for_slot_slow(zend_object *obj, zval *slot)
{
  uintptr_t offset = OBJ_PROP_SLOT_TO_OFFSET(obj, slot);
  zend_property_info *prop_info;
  ZEND_HASH_MAP_FOREACH_PTR(&obj->ce->properties_info, prop_info) {
    if (prop_info->offset == offset) {
      return prop_info;
    }
  } ZEND_HASH_FOREACH_END();
  return NULL;
}

Coverage Report

Created: 2026-06-02 06:36

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Zend Engine \|
4		+----------------------------------------------------------------------+
5		\| Copyright © Zend Technologies Ltd., a subsidiary company of \|
6		\| Perforce Software, Inc., and Contributors. \|
7		+----------------------------------------------------------------------+
8		\| This source file is subject to the Modified BSD License that is \|
9		\| bundled with this package in the file LICENSE, and is available \|
10		\| through the World Wide Web at <https://www.php.net/license/>. \|
11		\| \|
12		\| SPDX-License-Identifier: BSD-3-Clause \|
13		+----------------------------------------------------------------------+
14		\| Authors: Andi Gutmans <andi@php.net> \|
15		\| Zeev Suraski <zeev@php.net> \|
16		\| Dmitry Stogov <dmitry@php.net> \|
17		+----------------------------------------------------------------------+
18		*/
19
20		#include "zend.h"
21		#include "zend_globals.h"
22		#include "zend_variables.h"
23		#include "zend_API.h"
24		#include "zend_objects_API.h"
25		#include "zend_fibers.h"
26
27		ZEND_API void ZEND_FASTCALL zend_objects_store_init(zend_objects_store *objects, uint32_t init_size)
28	1.99k	{
29	1.99k	objects->object_buckets = (zend_object *) emalloc(init_size sizeof(zend_object*));
30	1.99k	objects->top = 1; /* Skip 0 so that handles are true */
31	1.99k	objects->size = init_size;
32	1.99k	objects->free_list_head = -1;
33	1.99k	memset(&objects->object_buckets[0], 0, sizeof(zend_object*));
34	1.99k	}
35
36		ZEND_API void ZEND_FASTCALL zend_objects_store_destroy(zend_objects_store *objects)
37	1.99k	{
38	1.99k	efree(objects->object_buckets);
39	1.99k	objects->object_buckets = NULL;
40	1.99k	}
41
42		ZEND_API void ZEND_FASTCALL zend_objects_store_call_destructors(zend_objects_store *objects)
43	1.99k	{
44	1.99k	EG(flags) \|= EG_FLAGS_OBJECT_STORE_NO_REUSE;
45	1.99k	if (objects->top > 1) {
46	0	for (uint32_t i = 1; i < objects->top; i++) {
47	0	zend_object *obj = objects->object_buckets[i];
48	0	if (IS_OBJ_VALID(obj)) {
49	0	if (!(OBJ_FLAGS(obj) & IS_OBJ_DESTRUCTOR_CALLED)) {
50	0	GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
51
52	0	if (obj->handlers->dtor_obj != zend_objects_destroy_object
53	0	\|\| obj->ce->destructor) {
54	0	GC_ADDREF(obj);
55	0	obj->handlers->dtor_obj(obj);
56	0	GC_DELREF(obj);
57	0	}
58	0	}
59	0	}
60	0	}
61	0	}
62	1.99k	}
63
64		ZEND_API void ZEND_FASTCALL zend_objects_store_mark_destructed(zend_objects_store *objects)
65	0	{
66	0	if (objects->object_buckets && objects->top > 1) {
67	0	zend_object **obj_ptr = objects->object_buckets + 1;
68	0	zend_object **end = objects->object_buckets + objects->top;
69
70	0	do {
71	0	zend_object obj = obj_ptr;
72
73	0	if (IS_OBJ_VALID(obj)) {
74	0	GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
75	0	}
76	0	obj_ptr++;
77	0	} while (obj_ptr != end);
78	0	}
79	0	}
80
81		ZEND_API void ZEND_FASTCALL zend_objects_store_free_object_storage(zend_objects_store *objects, bool fast_shutdown)
82	1.99k	{
83	1.99k	zend_object obj_ptr, end, *obj;
84
85	1.99k	if (objects->top <= 1) {
86	1.99k	return;
87	1.99k	}
88
89		/* Free object contents, but don't free objects themselves, so they show up as leaks.
90		* Also add a ref to all objects, so the object can't be freed by something else later. */
91	0	end = objects->object_buckets + 1;
92	0	obj_ptr = objects->object_buckets + objects->top;
93
94	0	if (fast_shutdown) {
95	0	do {
96	0	obj_ptr--;
97	0	obj = *obj_ptr;
98	0	if (IS_OBJ_VALID(obj)) {
99	0	if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
100	0	GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
101	0	if (obj->handlers->free_obj != zend_object_std_dtor
102	0	\|\| (OBJ_FLAGS(obj) & IS_OBJ_WEAKLY_REFERENCED)
103	0	) {
104	0	GC_ADDREF(obj);
105	0	obj->handlers->free_obj(obj);
106	0	}
107	0	}
108	0	}
109	0	} while (obj_ptr != end);
110	0	} else {
111	0	do {
112	0	obj_ptr--;
113	0	obj = *obj_ptr;
114	0	if (IS_OBJ_VALID(obj)) {
115	0	if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
116	0	GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
117	0	GC_ADDREF(obj);
118	0	obj->handlers->free_obj(obj);
119	0	}
120	0	}
121	0	} while (obj_ptr != end);
122	0	}
123	0	}
124
125
126		/* Store objects API */
127		static ZEND_COLD zend_never_inline void ZEND_FASTCALL zend_objects_store_put_cold(zend_object *object)
128	0	{
129	0	uint32_t new_size = 2 * EG(objects_store).size;
130
131	0	EG(objects_store).object_buckets = (zend_object *) erealloc(EG(objects_store).object_buckets, new_size sizeof(zend_object*));
132		/* Assign size after realloc, in case it fails */
133	0	EG(objects_store).size = new_size;
134	0	uint32_t handle = EG(objects_store).top++;
135	0	object->handle = handle;
136	0	EG(objects_store).object_buckets[handle] = object;
137	0	}
138
139		ZEND_API void ZEND_FASTCALL zend_objects_store_put(zend_object *object)
140	0	{
141	0	uint32_t handle;
142
143		/* When in shutdown sequence - do not reuse previously freed handles, to make sure
144		* the dtors for newly created objects are called in zend_objects_store_call_destructors() loop
145		*/
146	0	if (EG(objects_store).free_list_head != -1 && EXPECTED(!(EG(flags) & EG_FLAGS_OBJECT_STORE_NO_REUSE))) {
147	0	handle = EG(objects_store).free_list_head;
148	0	EG(objects_store).free_list_head = GET_OBJ_BUCKET_NUMBER(EG(objects_store).object_buckets[handle]);
149	0	} else if (UNEXPECTED(EG(objects_store).top == EG(objects_store).size)) {
150	0	zend_objects_store_put_cold(object);
151	0	return;
152	0	} else {
153	0	handle = EG(objects_store).top++;
154	0	}
155	0	object->handle = handle;
156	0	EG(objects_store).object_buckets[handle] = object;
157	0	}
158
159		ZEND_API void ZEND_FASTCALL zend_objects_store_del(zend_object object) / {{{ */
160	0	{
161	0	ZEND_ASSERT(GC_REFCOUNT(object) == 0);
162
163		/* GC might have released this object already. */
164	0	if (UNEXPECTED(GC_TYPE(object) == IS_NULL)) {
165	0	return;
166	0	}
167
168		/* Make sure we hold a reference count during the destructor call
169		otherwise, when the destructor ends the storage might be freed
170		when the refcount reaches 0 a second time
171		*/
172	0	if (!(OBJ_FLAGS(object) & IS_OBJ_DESTRUCTOR_CALLED)) {
173	0	GC_ADD_FLAGS(object, IS_OBJ_DESTRUCTOR_CALLED);
174
175	0	if (object->handlers->dtor_obj != zend_objects_destroy_object
176	0	\|\| object->ce->destructor) {
177	0	GC_SET_REFCOUNT(object, 1);
178	0	object->handlers->dtor_obj(object);
179	0	GC_DELREF(object);
180	0	}
181	0	}
182
183	0	if (GC_REFCOUNT(object) == 0) {
184	0	uint32_t handle = object->handle;
185	0	void *ptr;
186
187	0	ZEND_ASSERT(EG(objects_store).object_buckets != NULL);
188	0	ZEND_ASSERT(IS_OBJ_VALID(EG(objects_store).object_buckets[handle]));
189	0	EG(objects_store).object_buckets[handle] = SET_OBJ_INVALID(object);
190	0	if (!(OBJ_FLAGS(object) & IS_OBJ_FREE_CALLED)) {
191	0	GC_ADD_FLAGS(object, IS_OBJ_FREE_CALLED);
192	0	GC_SET_REFCOUNT(object, 1);
193	0	object->handlers->free_obj(object);
194	0	}
195	0	ptr = ((char*)object) - object->handlers->offset;
196	0	GC_REMOVE_FROM_BUFFER(object);
197	0	efree(ptr);
198	0	ZEND_OBJECTS_STORE_ADD_TO_FREE_LIST(handle);
199	0	}
200	0	}
201		/* }}} */
202
203		ZEND_API ZEND_COLD zend_property_info zend_get_property_info_for_slot_slow(zend_object obj, zval *slot)
204	0	{
205	0	uintptr_t offset = OBJ_PROP_SLOT_TO_OFFSET(obj, slot);
206	0	zend_property_info *prop_info;
207	0	ZEND_HASH_MAP_FOREACH_PTR(&obj->ce->properties_info, prop_info) {
208	0	if (prop_info->offset == offset) {
209	0	return prop_info;
210	0	}
211	0	} ZEND_HASH_FOREACH_END();
212	0	return NULL;
213	0	}