/src/php-src/Zend/zend_objects_API.c

Source
/*
   +----------------------------------------------------------------------+
   | Zend Engine                                                          |
   +----------------------------------------------------------------------+
   | Copyright © Zend Technologies Ltd., a subsidiary company of          |
   |     Perforce Software, Inc., and Contributors.                       |
   +----------------------------------------------------------------------+
   | This source file is subject to the Modified BSD License that is      |
   | bundled with this package in the file LICENSE, and is available      |
   | through the World Wide Web at <https://www.php.net/license/>.        |
   |                                                                      |
   | SPDX-License-Identifier: BSD-3-Clause                                |
   +----------------------------------------------------------------------+
   | Authors: Andi Gutmans <andi@php.net>                                 |
   |          Zeev Suraski <zeev@php.net>                                 |
   |          Dmitry Stogov <dmitry@php.net>                              |
   +----------------------------------------------------------------------+
*/

#include "zend.h"
#include "zend_globals.h"
#include "zend_variables.h"
#include "zend_API.h"
#include "zend_objects_API.h"
#include "zend_fibers.h"

ZEND_API void ZEND_FASTCALL zend_objects_store_init(zend_objects_store *objects, uint32_t init_size)
{
  objects->object_buckets = (zend_object **) emalloc(init_size * sizeof(zend_object*));
  objects->top = 1; /* Skip 0 so that handles are true */
  objects->size = init_size;
  objects->free_list_head = -1;
  memset(&objects->object_buckets[0], 0, sizeof(zend_object*));
}

ZEND_API void ZEND_FASTCALL zend_objects_store_destroy(zend_objects_store *objects)
{
  efree(objects->object_buckets);
  objects->object_buckets = NULL;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_call_destructors(zend_objects_store *objects)
{
  EG(flags) |= EG_FLAGS_OBJECT_STORE_NO_REUSE;
  if (objects->top > 1) {
    for (uint32_t i = 1; i < objects->top; i++) {
      zend_object *obj = objects->object_buckets[i];
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_DESTRUCTOR_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);

          if (obj->handlers->dtor_obj != zend_objects_destroy_object
              || obj->ce->destructor) {
            GC_ADDREF(obj);
            obj->handlers->dtor_obj(obj);
            GC_DELREF(obj);
          }
        }
      }
    }
  }
}

ZEND_API void ZEND_FASTCALL zend_objects_store_mark_destructed(zend_objects_store *objects)
{
  if (objects->object_buckets && objects->top > 1) {
    zend_object **obj_ptr = objects->object_buckets + 1;
    zend_object **end = objects->object_buckets + objects->top;

    do {
      zend_object *obj = *obj_ptr;

      if (IS_OBJ_VALID(obj)) {
        GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
      }
      obj_ptr++;
    } while (obj_ptr != end);
  }
}

ZEND_API void ZEND_FASTCALL zend_objects_store_free_object_storage(zend_objects_store *objects, bool fast_shutdown)
{
  zend_object **obj_ptr, **end, *obj;

  if (objects->top <= 1) {
    return;
  }

  /* Free object contents, but don't free objects themselves, so they show up as leaks.
   * Also add a ref to all objects, so the object can't be freed by something else later. */
  end = objects->object_buckets + 1;
  obj_ptr = objects->object_buckets + objects->top;

  if (fast_shutdown) {
    do {
      obj_ptr--;
      obj = *obj_ptr;
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
          if (obj->handlers->free_obj != zend_object_std_dtor
           || (OBJ_FLAGS(obj) & IS_OBJ_WEAKLY_REFERENCED)
          ) {
            GC_ADDREF(obj);
            obj->handlers->free_obj(obj);
          }
        }
      }
    } while (obj_ptr != end);
  } else {
    do {
      obj_ptr--;
      obj = *obj_ptr;
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
          GC_ADDREF(obj);
          obj->handlers->free_obj(obj);
        }
      }
    } while (obj_ptr != end);
  }
}


/* Store objects API */
static ZEND_COLD zend_never_inline void ZEND_FASTCALL zend_objects_store_put_cold(zend_object *object)
{
  uint32_t new_size = 2 * EG(objects_store).size;

  EG(objects_store).object_buckets = (zend_object **) erealloc(EG(objects_store).object_buckets, new_size * sizeof(zend_object*));
  /* Assign size after realloc, in case it fails */
  EG(objects_store).size = new_size;
  uint32_t handle = EG(objects_store).top++;
  object->handle = handle;
  EG(objects_store).object_buckets[handle] = object;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_put(zend_object *object)
{
  uint32_t handle;

  /* When in shutdown sequence - do not reuse previously freed handles, to make sure
   * the dtors for newly created objects are called in zend_objects_store_call_destructors() loop
   */
  if (EG(objects_store).free_list_head != -1 && EXPECTED(!(EG(flags) & EG_FLAGS_OBJECT_STORE_NO_REUSE))) {
    handle = EG(objects_store).free_list_head;
    EG(objects_store).free_list_head = GET_OBJ_BUCKET_NUMBER(EG(objects_store).object_buckets[handle]);
  } else if (UNEXPECTED(EG(objects_store).top == EG(objects_store).size)) {
    zend_objects_store_put_cold(object);
    return;
  } else {
    handle = EG(objects_store).top++;
  }
  object->handle = handle;
  EG(objects_store).object_buckets[handle] = object;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_del(zend_object *object) /* {{{ */
{
  ZEND_ASSERT(GC_REFCOUNT(object) == 0);

  /* GC might have released this object already. */
  if (UNEXPECTED(GC_TYPE(object) == IS_NULL)) {
    return;
  }

  /*  Make sure we hold a reference count during the destructor call
    otherwise, when the destructor ends the storage might be freed
    when the refcount reaches 0 a second time
   */
  if (!(OBJ_FLAGS(object) & IS_OBJ_DESTRUCTOR_CALLED)) {
    GC_ADD_FLAGS(object, IS_OBJ_DESTRUCTOR_CALLED);

    if (object->handlers->dtor_obj != zend_objects_destroy_object
        || object->ce->destructor) {
      GC_SET_REFCOUNT(object, 1);
      object->handlers->dtor_obj(object);
      GC_DELREF(object);
    }
  }

  if (GC_REFCOUNT(object) == 0) {
    uint32_t handle = object->handle;
    void *ptr;

    ZEND_ASSERT(EG(objects_store).object_buckets != NULL);
    ZEND_ASSERT(IS_OBJ_VALID(EG(objects_store).object_buckets[handle]));
    EG(objects_store).object_buckets[handle] = SET_OBJ_INVALID(object);
    if (!(OBJ_FLAGS(object) & IS_OBJ_FREE_CALLED)) {
      GC_ADD_FLAGS(object, IS_OBJ_FREE_CALLED);
      GC_SET_REFCOUNT(object, 1);
      object->handlers->free_obj(object);
    }
    ptr = ((char*)object) - object->handlers->offset;
    GC_REMOVE_FROM_BUFFER(object);
    efree(ptr);
    ZEND_OBJECTS_STORE_ADD_TO_FREE_LIST(handle);
  }
}
/* }}} */

ZEND_API ZEND_COLD zend_property_info *zend_get_property_info_for_slot_slow(zend_object *obj, zval *slot)
{
  uintptr_t offset = OBJ_PROP_SLOT_TO_OFFSET(obj, slot);
  zend_property_info *prop_info;
  ZEND_HASH_MAP_FOREACH_PTR(&obj->ce->properties_info, prop_info) {
    if (prop_info->offset == offset) {
      return prop_info;
    }
  } ZEND_HASH_FOREACH_END();
  return NULL;
}

Coverage Report

Created: 2026-06-02 06:40

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Zend Engine \|
4		+----------------------------------------------------------------------+
5		\| Copyright © Zend Technologies Ltd., a subsidiary company of \|
6		\| Perforce Software, Inc., and Contributors. \|
7		+----------------------------------------------------------------------+
8		\| This source file is subject to the Modified BSD License that is \|
9		\| bundled with this package in the file LICENSE, and is available \|
10		\| through the World Wide Web at <https://www.php.net/license/>. \|
11		\| \|
12		\| SPDX-License-Identifier: BSD-3-Clause \|
13		+----------------------------------------------------------------------+
14		\| Authors: Andi Gutmans <andi@php.net> \|
15		\| Zeev Suraski <zeev@php.net> \|
16		\| Dmitry Stogov <dmitry@php.net> \|
17		+----------------------------------------------------------------------+
18		*/
19
20		#include "zend.h"
21		#include "zend_globals.h"
22		#include "zend_variables.h"
23		#include "zend_API.h"
24		#include "zend_objects_API.h"
25		#include "zend_fibers.h"
26
27		ZEND_API void ZEND_FASTCALL zend_objects_store_init(zend_objects_store *objects, uint32_t init_size)
28	25.7k	{
29	25.7k	objects->object_buckets = (zend_object *) emalloc(init_size sizeof(zend_object*));
30	25.7k	objects->top = 1; /* Skip 0 so that handles are true */
31	25.7k	objects->size = init_size;
32	25.7k	objects->free_list_head = -1;
33	25.7k	memset(&objects->object_buckets[0], 0, sizeof(zend_object*));
34	25.7k	}
35
36		ZEND_API void ZEND_FASTCALL zend_objects_store_destroy(zend_objects_store *objects)
37	25.7k	{
38	25.7k	efree(objects->object_buckets);
39	25.7k	objects->object_buckets = NULL;
40	25.7k	}
41
42		ZEND_API void ZEND_FASTCALL zend_objects_store_call_destructors(zend_objects_store *objects)
43	25.5k	{
44	25.5k	EG(flags) \|= EG_FLAGS_OBJECT_STORE_NO_REUSE;
45	25.5k	if (objects->top > 1) {
46	85.6k	for (uint32_t i = 1; i < objects->top; i++) {
47	66.4k	zend_object *obj = objects->object_buckets[i];
48	66.4k	if (IS_OBJ_VALID(obj)) {
49	12.6k	if (!(OBJ_FLAGS(obj) & IS_OBJ_DESTRUCTOR_CALLED)) {
50	11.1k	GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
51
52	11.1k	if (obj->handlers->dtor_obj != zend_objects_destroy_object
53	10.4k	\|\| obj->ce->destructor) {
54	1.05k	GC_ADDREF(obj);
55	1.05k	obj->handlers->dtor_obj(obj);
56	1.05k	GC_DELREF(obj);
57	1.05k	}
58	11.1k	}
59	12.6k	}
60	66.4k	}
61	19.2k	}
62	25.5k	}
63
64		ZEND_API void ZEND_FASTCALL zend_objects_store_mark_destructed(zend_objects_store *objects)
65	896	{
66	896	if (objects->object_buckets && objects->top > 1) {
67	426	zend_object **obj_ptr = objects->object_buckets + 1;
68	426	zend_object **end = objects->object_buckets + objects->top;
69
70	112k	do {
71	112k	zend_object obj = obj_ptr;
72
73	112k	if (IS_OBJ_VALID(obj)) {
74	111k	GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
75	111k	}
76	112k	obj_ptr++;
77	112k	} while (obj_ptr != end);
78	426	}
79	896	}
80
81		ZEND_API void ZEND_FASTCALL zend_objects_store_free_object_storage(zend_objects_store *objects, bool fast_shutdown)
82	25.7k	{
83	25.7k	zend_object obj_ptr, end, *obj;
84
85	25.7k	if (objects->top <= 1) {
86	6.35k	return;
87	6.35k	}
88
89		/* Free object contents, but don't free objects themselves, so they show up as leaks.
90		* Also add a ref to all objects, so the object can't be freed by something else later. */
91	19.3k	end = objects->object_buckets + 1;
92	19.3k	obj_ptr = objects->object_buckets + objects->top;
93
94	19.3k	if (fast_shutdown) {
95	0	do {
96	0	obj_ptr--;
97	0	obj = *obj_ptr;
98	0	if (IS_OBJ_VALID(obj)) {
99	0	if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
100	0	GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
101	0	if (obj->handlers->free_obj != zend_object_std_dtor
102	0	\|\| (OBJ_FLAGS(obj) & IS_OBJ_WEAKLY_REFERENCED)
103	0	) {
104	0	GC_ADDREF(obj);
105	0	obj->handlers->free_obj(obj);
106	0	}
107	0	}
108	0	}
109	0	} while (obj_ptr != end);
110	19.3k	} else {
111	178k	do {
112	178k	obj_ptr--;
113	178k	obj = *obj_ptr;
114	178k	if (IS_OBJ_VALID(obj)) {
115	118k	if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
116	118k	GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
117	118k	GC_ADDREF(obj);
118	118k	obj->handlers->free_obj(obj);
119	118k	}
120	118k	}
121	178k	} while (obj_ptr != end);
122	19.3k	}
123	19.3k	}
124
125
126		/* Store objects API */
127		static ZEND_COLD zend_never_inline void ZEND_FASTCALL zend_objects_store_put_cold(zend_object *object)
128	16	{
129	16	uint32_t new_size = 2 * EG(objects_store).size;
130
131	16	EG(objects_store).object_buckets = (zend_object *) erealloc(EG(objects_store).object_buckets, new_size sizeof(zend_object*));
132		/* Assign size after realloc, in case it fails */
133	16	EG(objects_store).size = new_size;
134	16	uint32_t handle = EG(objects_store).top++;
135	16	object->handle = handle;
136	16	EG(objects_store).object_buckets[handle] = object;
137	16	}
138
139		ZEND_API void ZEND_FASTCALL zend_objects_store_put(zend_object *object)
140	580k	{
141	580k	uint32_t handle;
142
143		/* When in shutdown sequence - do not reuse previously freed handles, to make sure
144		* the dtors for newly created objects are called in zend_objects_store_call_destructors() loop
145		*/
146	580k	if (EG(objects_store).free_list_head != -1 && EXPECTED(!(EG(flags) & EG_FLAGS_OBJECT_STORE_NO_REUSE))) {
147	402k	handle = EG(objects_store).free_list_head;
148	402k	EG(objects_store).free_list_head = GET_OBJ_BUCKET_NUMBER(EG(objects_store).object_buckets[handle]);
149	402k	} else if (UNEXPECTED(EG(objects_store).top == EG(objects_store).size)) {
150	16	zend_objects_store_put_cold(object);
151	16	return;
152	178k	} else {
153	178k	handle = EG(objects_store).top++;
154	178k	}
155	580k	object->handle = handle;
156	580k	EG(objects_store).object_buckets[handle] = object;
157	580k	}
158
159		ZEND_API void ZEND_FASTCALL zend_objects_store_del(zend_object object) / {{{ */
160	514k	{
161	514k	ZEND_ASSERT(GC_REFCOUNT(object) == 0);
162
163		/* GC might have released this object already. */
164	514k	if (UNEXPECTED(GC_TYPE(object) == IS_NULL)) {
165	8	return;
166	8	}
167
168		/* Make sure we hold a reference count during the destructor call
169		otherwise, when the destructor ends the storage might be freed
170		when the refcount reaches 0 a second time
171		*/
172	514k	if (!(OBJ_FLAGS(object) & IS_OBJ_DESTRUCTOR_CALLED)) {
173	372k	GC_ADD_FLAGS(object, IS_OBJ_DESTRUCTOR_CALLED);
174
175	372k	if (object->handlers->dtor_obj != zend_objects_destroy_object
176	369k	\|\| object->ce->destructor) {
177	58.5k	GC_SET_REFCOUNT(object, 1);
178	58.5k	object->handlers->dtor_obj(object);
179	58.5k	GC_DELREF(object);
180	58.5k	}
181	372k	}
182
183	514k	if (GC_REFCOUNT(object) == 0) {
184	459k	uint32_t handle = object->handle;
185	459k	void *ptr;
186
187	459k	ZEND_ASSERT(EG(objects_store).object_buckets != NULL);
188	459k	ZEND_ASSERT(IS_OBJ_VALID(EG(objects_store).object_buckets[handle]));
189	459k	EG(objects_store).object_buckets[handle] = SET_OBJ_INVALID(object);
190	459k	if (!(OBJ_FLAGS(object) & IS_OBJ_FREE_CALLED)) {
191	459k	GC_ADD_FLAGS(object, IS_OBJ_FREE_CALLED);
192	459k	GC_SET_REFCOUNT(object, 1);
193	459k	object->handlers->free_obj(object);
194	459k	}
195	459k	ptr = ((char*)object) - object->handlers->offset;
196	459k	GC_REMOVE_FROM_BUFFER(object);
197	459k	efree(ptr);
198	459k	ZEND_OBJECTS_STORE_ADD_TO_FREE_LIST(handle);
199	459k	}
200	514k	}
201		/* }}} */
202
203		ZEND_API ZEND_COLD zend_property_info zend_get_property_info_for_slot_slow(zend_object obj, zval *slot)
204	56	{
205	56	uintptr_t offset = OBJ_PROP_SLOT_TO_OFFSET(obj, slot);
206	56	zend_property_info *prop_info;
207	224	ZEND_HASH_MAP_FOREACH_PTR(&obj->ce->properties_info, prop_info) {
208	224	if (prop_info->offset == offset) {
209	56	return prop_info;
210	56	}
211	224	} ZEND_HASH_FOREACH_END();
212	0	return NULL;
213	56	}