/src/php-src/Zend/zend_opcode.c
Line | Count | Source |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Zend Engine | |
4 | | +----------------------------------------------------------------------+ |
5 | | | Copyright © Zend Technologies Ltd., a subsidiary company of | |
6 | | | Perforce Software, Inc., and Contributors. | |
7 | | +----------------------------------------------------------------------+ |
8 | | | This source file is subject to the Modified BSD License that is | |
9 | | | bundled with this package in the file LICENSE, and is available | |
10 | | | through the World Wide Web at <https://www.php.net/license/>. | |
11 | | | | |
12 | | | SPDX-License-Identifier: BSD-3-Clause | |
13 | | +----------------------------------------------------------------------+ |
14 | | | Authors: Andi Gutmans <andi@php.net> | |
15 | | | Zeev Suraski <zeev@php.net> | |
16 | | | Dmitry Stogov <dmitry@php.net> | |
17 | | +----------------------------------------------------------------------+ |
18 | | */ |
19 | | |
20 | | #include <stdio.h> |
21 | | |
22 | | #include "zend.h" |
23 | | #include "zend_alloc.h" |
24 | | #include "zend_compile.h" |
25 | | #include "zend_extensions.h" |
26 | | #include "zend_API.h" |
27 | | #include "zend_sort.h" |
28 | | #include "zend_constants.h" |
29 | | #include "zend_observer.h" |
30 | | |
31 | | #include "zend_vm.h" |
32 | | |
33 | | static void zend_extension_op_array_ctor_handler(zend_extension *extension, zend_op_array *op_array) |
34 | 0 | { |
35 | 0 | if (extension->op_array_ctor) { |
36 | 0 | extension->op_array_ctor(op_array); |
37 | 0 | } |
38 | 0 | } |
39 | | |
40 | | static void zend_extension_op_array_dtor_handler(zend_extension *extension, zend_op_array *op_array) |
41 | 0 | { |
42 | 0 | if (extension->op_array_dtor) { |
43 | 0 | extension->op_array_dtor(op_array); |
44 | 0 | } |
45 | 0 | } |
46 | | |
47 | | void init_op_array(zend_op_array *op_array, zend_function_type type, int initial_ops_size) |
48 | 48.3k | { |
49 | 48.3k | op_array->type = type; |
50 | 48.3k | op_array->arg_flags[0] = 0; |
51 | 48.3k | op_array->arg_flags[1] = 0; |
52 | 48.3k | op_array->arg_flags[2] = 0; |
53 | | |
54 | 48.3k | op_array->refcount = (uint32_t *) emalloc(sizeof(uint32_t)); |
55 | 48.3k | *op_array->refcount = 1; |
56 | 48.3k | op_array->last = 0; |
57 | 48.3k | op_array->opcodes = emalloc(initial_ops_size * sizeof(zend_op)); |
58 | | |
59 | 48.3k | op_array->last_var = 0; |
60 | 48.3k | op_array->vars = NULL; |
61 | | |
62 | 48.3k | op_array->T = 0; |
63 | | |
64 | 48.3k | op_array->function_name = NULL; |
65 | 48.3k | op_array->filename = zend_string_copy(zend_get_compiled_filename()); |
66 | 48.3k | op_array->doc_comment = NULL; |
67 | 48.3k | op_array->attributes = NULL; |
68 | | |
69 | 48.3k | op_array->arg_info = NULL; |
70 | 48.3k | op_array->num_args = 0; |
71 | 48.3k | op_array->required_num_args = 0; |
72 | | |
73 | 48.3k | op_array->scope = NULL; |
74 | 48.3k | op_array->prototype = NULL; |
75 | 48.3k | op_array->prop_info = NULL; |
76 | | |
77 | 48.3k | op_array->live_range = NULL; |
78 | 48.3k | op_array->try_catch_array = NULL; |
79 | 48.3k | op_array->last_live_range = 0; |
80 | | |
81 | 48.3k | op_array->static_variables = NULL; |
82 | 48.3k | ZEND_MAP_PTR_INIT(op_array->static_variables_ptr, NULL); |
83 | 48.3k | op_array->last_try_catch = 0; |
84 | | |
85 | 48.3k | op_array->fn_flags = 0; |
86 | 48.3k | op_array->fn_flags2 = 0; |
87 | | |
88 | 48.3k | op_array->last_literal = 0; |
89 | 48.3k | op_array->literals = NULL; |
90 | | |
91 | 48.3k | op_array->num_dynamic_func_defs = 0; |
92 | 48.3k | op_array->dynamic_func_defs = NULL; |
93 | | |
94 | 48.3k | ZEND_MAP_PTR_INIT(op_array->run_time_cache, NULL); |
95 | 48.3k | op_array->cache_size = zend_op_array_extension_handles * sizeof(void*); |
96 | | |
97 | 48.3k | memset(op_array->reserved, 0, ZEND_MAX_RESERVED_RESOURCES * sizeof(void*)); |
98 | | |
99 | 48.3k | if (zend_extension_flags & ZEND_EXTENSIONS_HAVE_OP_ARRAY_CTOR) { |
100 | 0 | zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_op_array_ctor_handler, op_array); |
101 | 0 | } |
102 | 48.3k | } |
103 | | |
104 | | ZEND_API void destroy_zend_function(zend_function *function) |
105 | 0 | { |
106 | 0 | zval tmp; |
107 | |
|
108 | 0 | ZVAL_PTR(&tmp, function); |
109 | 0 | zend_function_dtor(&tmp); |
110 | 0 | } |
111 | | |
112 | 2.12k | ZEND_API void zend_type_release(zend_type type, bool persistent) { |
113 | 2.12k | if (ZEND_TYPE_HAS_LIST(type)) { |
114 | 66 | zend_type *list_type; |
115 | 204 | ZEND_TYPE_LIST_FOREACH_MUTABLE(ZEND_TYPE_LIST(type), list_type) { |
116 | 204 | zend_type_release(*list_type, persistent); |
117 | 204 | } ZEND_TYPE_LIST_FOREACH_END(); |
118 | 66 | if (!ZEND_TYPE_USES_ARENA(type)) { |
119 | 0 | pefree(ZEND_TYPE_LIST(type), persistent); |
120 | 0 | } |
121 | 2.06k | } else if (ZEND_TYPE_HAS_NAME(type)) { |
122 | 336 | zend_string_release(ZEND_TYPE_NAME(type)); |
123 | 336 | } |
124 | 2.12k | } |
125 | | |
126 | | ZEND_API void zend_free_internal_arg_info(zend_internal_function *function, |
127 | 64 | bool persistent) { |
128 | 64 | if (function->arg_info) { |
129 | 64 | ZEND_ASSERT((persistent || (function->fn_flags & ZEND_ACC_NEVER_CACHE)) |
130 | 64 | && "Functions with non-persistent arg_info must be flagged ZEND_ACC_NEVER_CACHE"); |
131 | | |
132 | 64 | uint32_t i; |
133 | 64 | uint32_t num_args = function->num_args + 1; |
134 | 64 | zend_arg_info *arg_info = function->arg_info - 1; |
135 | | |
136 | 64 | if (function->fn_flags & ZEND_ACC_VARIADIC) { |
137 | 0 | num_args++; |
138 | 0 | } |
139 | 318 | for (i = 0 ; i < num_args; i++) { |
140 | 254 | bool is_return_info = i == 0; |
141 | 254 | if (!is_return_info) { |
142 | 190 | zend_string_release_ex(arg_info[i].name, persistent); |
143 | 190 | if (arg_info[i].default_value) { |
144 | 82 | zend_string_release_ex(arg_info[i].default_value, |
145 | 82 | persistent); |
146 | 82 | } |
147 | 190 | } |
148 | 254 | zend_type_release(arg_info[i].type, persistent); |
149 | 254 | } |
150 | | |
151 | 64 | pefree(arg_info, persistent); |
152 | 64 | } |
153 | 64 | } |
154 | | |
155 | | ZEND_API void zend_function_dtor(zval *zv) |
156 | 1.72k | { |
157 | 1.72k | zend_function *function = Z_PTR_P(zv); |
158 | | |
159 | 1.72k | if (function->type == ZEND_USER_FUNCTION) { |
160 | 812 | ZEND_ASSERT(function->common.function_name); |
161 | 812 | destroy_op_array(&function->op_array); |
162 | | /* op_arrays are allocated on arena, so we don't have to free them */ |
163 | 910 | } else { |
164 | 910 | ZEND_ASSERT(function->type == ZEND_INTERNAL_FUNCTION); |
165 | 910 | ZEND_ASSERT(function->common.function_name); |
166 | 910 | zend_string_release_ex(function->common.function_name, 1); |
167 | | |
168 | | /* For methods this will be called explicitly. */ |
169 | 910 | if (!function->common.scope) { |
170 | 64 | zend_free_internal_arg_info(&function->internal_function, true); |
171 | | |
172 | 64 | if (function->common.attributes) { |
173 | 2 | zend_hash_release(function->common.attributes); |
174 | 2 | function->common.attributes = NULL; |
175 | 2 | } |
176 | 64 | } |
177 | | |
178 | 910 | if (function->common.doc_comment) { |
179 | 0 | zend_string_release_ex(function->common.doc_comment, 1); |
180 | 0 | function->common.doc_comment = NULL; |
181 | 0 | } |
182 | | |
183 | 910 | if (!(function->common.fn_flags & ZEND_ACC_ARENA_ALLOCATED)) { |
184 | 64 | pefree(function, 1); |
185 | 64 | } |
186 | 910 | } |
187 | 1.72k | } |
188 | | |
189 | | ZEND_API void zend_cleanup_internal_class_data(zend_class_entry *ce) |
190 | 787 | { |
191 | 787 | if (ZEND_MAP_PTR(ce->static_members_table) && CE_STATIC_MEMBERS(ce)) { |
192 | 504 | zval *static_members = CE_STATIC_MEMBERS(ce); |
193 | 504 | zval *p = static_members; |
194 | 504 | zval *end = p + ce->default_static_members_count; |
195 | 504 | ZEND_MAP_PTR_SET(ce->static_members_table, NULL); |
196 | 1.46k | while (p != end) { |
197 | 958 | if (UNEXPECTED(Z_ISREF_P(p))) { |
198 | 102 | zend_property_info *prop_info; |
199 | 262 | ZEND_REF_FOREACH_TYPE_SOURCES(Z_REF_P(p), prop_info) { |
200 | 262 | if (prop_info->ce == ce && p - static_members == prop_info->offset) { |
201 | 74 | ZEND_REF_DEL_TYPE_SOURCE(Z_REF_P(p), prop_info); |
202 | 74 | break; /* stop iteration here, the array might be realloc()'ed */ |
203 | 74 | } |
204 | 262 | } ZEND_REF_FOREACH_TYPE_SOURCES_END(); |
205 | 102 | } |
206 | 958 | i_zval_ptr_dtor(p); |
207 | 958 | p++; |
208 | 958 | } |
209 | 504 | efree(static_members); |
210 | 504 | } |
211 | 787 | } |
212 | | |
213 | | static void _destroy_zend_class_traits_info(zend_class_entry *ce) |
214 | 18 | { |
215 | 18 | uint32_t i; |
216 | | |
217 | 36 | for (i = 0; i < ce->num_traits; i++) { |
218 | 18 | zend_string_release_ex(ce->trait_names[i].name, 0); |
219 | 18 | zend_string_release_ex(ce->trait_names[i].lc_name, 0); |
220 | 18 | } |
221 | 18 | efree(ce->trait_names); |
222 | | |
223 | 18 | if (ce->trait_aliases) { |
224 | 4 | i = 0; |
225 | 8 | while (ce->trait_aliases[i]) { |
226 | 4 | if (ce->trait_aliases[i]->trait_method.method_name) { |
227 | 4 | zend_string_release_ex(ce->trait_aliases[i]->trait_method.method_name, 0); |
228 | 4 | } |
229 | 4 | if (ce->trait_aliases[i]->trait_method.class_name) { |
230 | 4 | zend_string_release_ex(ce->trait_aliases[i]->trait_method.class_name, 0); |
231 | 4 | } |
232 | | |
233 | 4 | if (ce->trait_aliases[i]->alias) { |
234 | 4 | zend_string_release_ex(ce->trait_aliases[i]->alias, 0); |
235 | 4 | } |
236 | | |
237 | 4 | efree(ce->trait_aliases[i]); |
238 | 4 | i++; |
239 | 4 | } |
240 | | |
241 | 4 | efree(ce->trait_aliases); |
242 | 4 | } |
243 | | |
244 | 18 | if (ce->trait_precedences) { |
245 | 0 | uint32_t j; |
246 | |
|
247 | 0 | i = 0; |
248 | 0 | while (ce->trait_precedences[i]) { |
249 | 0 | zend_string_release_ex(ce->trait_precedences[i]->trait_method.method_name, 0); |
250 | 0 | zend_string_release_ex(ce->trait_precedences[i]->trait_method.class_name, 0); |
251 | |
|
252 | 0 | for (j = 0; j < ce->trait_precedences[i]->num_excludes; j++) { |
253 | 0 | zend_string_release_ex(ce->trait_precedences[i]->exclude_class_names[j], 0); |
254 | 0 | } |
255 | 0 | efree(ce->trait_precedences[i]); |
256 | 0 | i++; |
257 | 0 | } |
258 | 0 | efree(ce->trait_precedences); |
259 | 0 | } |
260 | 18 | } |
261 | | |
262 | | ZEND_API void zend_cleanup_mutable_class_data(zend_class_entry *ce) |
263 | 250 | { |
264 | 250 | zend_class_mutable_data *mutable_data = ZEND_MAP_PTR_GET_IMM(ce->mutable_data); |
265 | | |
266 | 250 | if (mutable_data) { |
267 | 250 | HashTable *constants_table; |
268 | 250 | zval *p; |
269 | | |
270 | 250 | constants_table = mutable_data->constants_table; |
271 | 250 | if (constants_table && constants_table != &ce->constants_table) { |
272 | 146 | zend_class_constant *c; |
273 | | |
274 | 1.00k | ZEND_HASH_MAP_FOREACH_PTR(constants_table, c) { |
275 | 1.00k | if (c->ce == ce || (Z_CONSTANT_FLAGS(c->value) & CONST_OWNED)) { |
276 | 330 | zval_ptr_dtor_nogc(&c->value); |
277 | 330 | } |
278 | 1.00k | } ZEND_HASH_FOREACH_END(); |
279 | 146 | zend_hash_destroy(constants_table); |
280 | 146 | mutable_data->constants_table = NULL; |
281 | 146 | } |
282 | | |
283 | 250 | p = mutable_data->default_properties_table; |
284 | 250 | if (p && p != ce->default_properties_table) { |
285 | 68 | zval *end = p + ce->default_properties_count; |
286 | | |
287 | 202 | while (p < end) { |
288 | 134 | zval_ptr_dtor_nogc(p); |
289 | 134 | p++; |
290 | 134 | } |
291 | 68 | mutable_data->default_properties_table = NULL; |
292 | 68 | } |
293 | | |
294 | 250 | if (mutable_data->backed_enum_table) { |
295 | 0 | zend_hash_release(mutable_data->backed_enum_table); |
296 | 0 | mutable_data->backed_enum_table = NULL; |
297 | 0 | } |
298 | | |
299 | 250 | ZEND_MAP_PTR_SET_IMM(ce->mutable_data, NULL); |
300 | 250 | } |
301 | 250 | } |
302 | | |
303 | | ZEND_API void destroy_zend_class(zval *zv) |
304 | 11.4k | { |
305 | 11.4k | zend_property_info *prop_info; |
306 | 11.4k | zend_class_entry *ce = Z_PTR_P(zv); |
307 | 11.4k | zend_function *fn; |
308 | | |
309 | 11.4k | if (ce->ce_flags & ZEND_ACC_IMMUTABLE) { |
310 | 10.0k | return; |
311 | 10.0k | } |
312 | | |
313 | | /* We don't increase the refcount for class aliases, |
314 | | * skip the destruction of aliases entirely. */ |
315 | 1.39k | if (UNEXPECTED(Z_TYPE_INFO_P(zv) == IS_ALIAS_PTR)) { |
316 | 2 | return; |
317 | 2 | } |
318 | | |
319 | 1.39k | if (ce->ce_flags & ZEND_ACC_FILE_CACHED) { |
320 | 0 | zend_class_constant *c; |
321 | 0 | zval *p, *end; |
322 | |
|
323 | 0 | ZEND_HASH_MAP_FOREACH_PTR(&ce->constants_table, c) { |
324 | 0 | if (c->ce == ce) { |
325 | 0 | zval_ptr_dtor_nogc(&c->value); |
326 | 0 | } |
327 | 0 | } ZEND_HASH_FOREACH_END(); |
328 | |
|
329 | 0 | if (ce->default_properties_table) { |
330 | 0 | p = ce->default_properties_table; |
331 | 0 | end = p + ce->default_properties_count; |
332 | |
|
333 | 0 | while (p < end) { |
334 | 0 | zval_ptr_dtor_nogc(p); |
335 | 0 | p++; |
336 | 0 | } |
337 | 0 | } |
338 | 0 | return; |
339 | 0 | } |
340 | | |
341 | 1.39k | ZEND_ASSERT(ce->refcount > 0); |
342 | | |
343 | 1.39k | if (--ce->refcount > 0) { |
344 | 0 | return; |
345 | 0 | } |
346 | | |
347 | 1.39k | switch (ce->type) { |
348 | 1.39k | case ZEND_USER_CLASS: |
349 | 1.39k | if (!(ce->ce_flags & ZEND_ACC_CACHED)) { |
350 | 828 | if (ce->parent_name && !(ce->ce_flags & ZEND_ACC_RESOLVED_PARENT)) { |
351 | 14 | zend_string_release_ex(ce->parent_name, 0); |
352 | 14 | } |
353 | | |
354 | 828 | zend_string_release_ex(ce->name, 0); |
355 | 828 | zend_string_release_ex(ce->info.user.filename, 0); |
356 | | |
357 | 828 | if (ce->doc_comment) { |
358 | 0 | zend_string_release_ex(ce->doc_comment, 0); |
359 | 0 | } |
360 | | |
361 | 828 | if (ce->attributes) { |
362 | 14 | zend_hash_release(ce->attributes); |
363 | 14 | } |
364 | | |
365 | 828 | if (ce->num_interfaces > 0 && !(ce->ce_flags & ZEND_ACC_RESOLVED_INTERFACES)) { |
366 | 34 | uint32_t i; |
367 | | |
368 | 82 | for (i = 0; i < ce->num_interfaces; i++) { |
369 | 48 | zend_string_release_ex(ce->interface_names[i].name, 0); |
370 | 48 | zend_string_release_ex(ce->interface_names[i].lc_name, 0); |
371 | 48 | } |
372 | 34 | efree(ce->interface_names); |
373 | 34 | } |
374 | | |
375 | 828 | if (ce->num_traits > 0) { |
376 | 18 | _destroy_zend_class_traits_info(ce); |
377 | 18 | } |
378 | 828 | } |
379 | | |
380 | 1.39k | if (ce->default_properties_table) { |
381 | 490 | zval *p = ce->default_properties_table; |
382 | 490 | zval *end = p + ce->default_properties_count; |
383 | | |
384 | 1.30k | while (p != end) { |
385 | 810 | i_zval_ptr_dtor(p); |
386 | 810 | p++; |
387 | 810 | } |
388 | 490 | efree(ce->default_properties_table); |
389 | 490 | } |
390 | 1.39k | if (ce->default_static_members_table) { |
391 | 20 | zval *p = ce->default_static_members_table; |
392 | 20 | zval *end = p + ce->default_static_members_count; |
393 | | |
394 | 86 | while (p != end) { |
395 | 66 | ZEND_ASSERT(!Z_ISREF_P(p)); |
396 | 66 | i_zval_ptr_dtor(p); |
397 | 66 | p++; |
398 | 66 | } |
399 | 20 | efree(ce->default_static_members_table); |
400 | 20 | } |
401 | 4.47k | ZEND_HASH_MAP_FOREACH_PTR(&ce->properties_info, prop_info) { |
402 | 4.47k | if (prop_info->ce == ce) { |
403 | 782 | zend_string_release_ex(prop_info->name, 0); |
404 | 782 | if (prop_info->doc_comment) { |
405 | 6 | zend_string_release_ex(prop_info->doc_comment, 0); |
406 | 6 | } |
407 | 782 | if (prop_info->attributes) { |
408 | 8 | zend_hash_release(prop_info->attributes); |
409 | 8 | } |
410 | 782 | zend_type_release(prop_info->type, /* persistent */ false); |
411 | 782 | if (prop_info->hooks) { |
412 | 156 | for (uint32_t i = 0; i < ZEND_PROPERTY_HOOK_COUNT; i++) { |
413 | 104 | if (prop_info->hooks[i]) { |
414 | 72 | destroy_op_array(&prop_info->hooks[i]->op_array); |
415 | 72 | } |
416 | 104 | } |
417 | 52 | } |
418 | 782 | } |
419 | 4.47k | } ZEND_HASH_FOREACH_END(); |
420 | 1.39k | zend_hash_destroy(&ce->properties_info); |
421 | 1.39k | zend_hash_destroy(&ce->function_table); |
422 | 1.39k | if (zend_hash_num_elements(&ce->constants_table)) { |
423 | 410 | zend_class_constant *c; |
424 | | |
425 | 2.44k | ZEND_HASH_MAP_FOREACH_PTR(&ce->constants_table, c) { |
426 | 2.44k | if (c->ce == ce || (Z_CONSTANT_FLAGS(c->value) & CONST_OWNED)) { |
427 | 702 | zval_ptr_dtor_nogc(&c->value); |
428 | 702 | if (c->doc_comment) { |
429 | 2 | zend_string_release_ex(c->doc_comment, 0); |
430 | 2 | } |
431 | 702 | if (c->attributes) { |
432 | 10 | zend_hash_release(c->attributes); |
433 | 10 | } |
434 | 702 | } |
435 | 2.44k | } ZEND_HASH_FOREACH_END(); |
436 | 410 | } |
437 | 1.39k | zend_hash_destroy(&ce->constants_table); |
438 | 1.39k | if (ce->num_interfaces > 0 && (ce->ce_flags & ZEND_ACC_RESOLVED_INTERFACES)) { |
439 | 426 | efree(ce->interfaces); |
440 | 426 | } |
441 | 1.39k | if (ce->backed_enum_table) { |
442 | 0 | zend_hash_release(ce->backed_enum_table); |
443 | 0 | } |
444 | 1.39k | break; |
445 | 0 | case ZEND_INTERNAL_CLASS: |
446 | 0 | if (ce->doc_comment) { |
447 | 0 | zend_string_release_ex(ce->doc_comment, 1); |
448 | 0 | } |
449 | |
|
450 | 0 | if (ce->backed_enum_table) { |
451 | 0 | zend_hash_release(ce->backed_enum_table); |
452 | 0 | } |
453 | 0 | if (ce->default_properties_table) { |
454 | 0 | zval *p = ce->default_properties_table; |
455 | 0 | zval *end = p + ce->default_properties_count; |
456 | |
|
457 | 0 | while (p != end) { |
458 | 0 | zval_internal_ptr_dtor(p); |
459 | 0 | p++; |
460 | 0 | } |
461 | 0 | free(ce->default_properties_table); |
462 | 0 | } |
463 | 0 | if (ce->default_static_members_table) { |
464 | 0 | zval *p = ce->default_static_members_table; |
465 | 0 | zval *end = p + ce->default_static_members_count; |
466 | |
|
467 | 0 | while (p != end) { |
468 | 0 | zval_internal_ptr_dtor(p); |
469 | 0 | p++; |
470 | 0 | } |
471 | 0 | free(ce->default_static_members_table); |
472 | 0 | } |
473 | |
|
474 | 0 | ZEND_HASH_MAP_FOREACH_PTR(&ce->properties_info, prop_info) { |
475 | 0 | if (prop_info->ce == ce) { |
476 | 0 | zend_string_release(prop_info->name); |
477 | 0 | zend_type_release(prop_info->type, /* persistent */ true); |
478 | 0 | if (prop_info->attributes) { |
479 | 0 | zend_hash_release(prop_info->attributes); |
480 | 0 | } |
481 | 0 | free(prop_info); |
482 | 0 | } |
483 | 0 | } ZEND_HASH_FOREACH_END(); |
484 | 0 | zend_hash_destroy(&ce->properties_info); |
485 | 0 | zend_string_release_ex(ce->name, 1); |
486 | |
|
487 | 0 | ZEND_HASH_MAP_FOREACH_PTR(&ce->function_table, fn) { |
488 | 0 | if (fn->common.scope == ce) { |
489 | 0 | zend_free_internal_arg_info(&fn->internal_function, true); |
490 | |
|
491 | 0 | if (fn->common.attributes) { |
492 | 0 | zend_hash_release(fn->common.attributes); |
493 | 0 | fn->common.attributes = NULL; |
494 | 0 | } |
495 | 0 | } |
496 | 0 | } ZEND_HASH_FOREACH_END(); |
497 | |
|
498 | 0 | zend_hash_destroy(&ce->function_table); |
499 | 0 | if (zend_hash_num_elements(&ce->constants_table)) { |
500 | 0 | zend_class_constant *c; |
501 | |
|
502 | 0 | ZEND_HASH_MAP_FOREACH_PTR(&ce->constants_table, c) { |
503 | 0 | if (c->ce == ce) { |
504 | 0 | if (Z_TYPE(c->value) == IS_CONSTANT_AST) { |
505 | | /* We marked this as IMMUTABLE, but do need to free it when the |
506 | | * class is destroyed. */ |
507 | 0 | ZEND_ASSERT(Z_ASTVAL(c->value)->kind == ZEND_AST_CONST_ENUM_INIT); |
508 | 0 | free(Z_AST(c->value)); |
509 | 0 | } else { |
510 | 0 | zval_internal_ptr_dtor(&c->value); |
511 | 0 | } |
512 | 0 | if (c->doc_comment) { |
513 | 0 | zend_string_release_ex(c->doc_comment, 1); |
514 | 0 | } |
515 | 0 | if (c->attributes) { |
516 | 0 | zend_hash_release(c->attributes); |
517 | 0 | } |
518 | 0 | } |
519 | 0 | free(c); |
520 | 0 | } ZEND_HASH_FOREACH_END(); |
521 | 0 | zend_hash_destroy(&ce->constants_table); |
522 | 0 | } |
523 | 0 | if (ce->iterator_funcs_ptr) { |
524 | 0 | free(ce->iterator_funcs_ptr); |
525 | 0 | } |
526 | 0 | if (ce->arrayaccess_funcs_ptr) { |
527 | 0 | free(ce->arrayaccess_funcs_ptr); |
528 | 0 | } |
529 | 0 | if (ce->num_interfaces > 0) { |
530 | 0 | free(ce->interfaces); |
531 | 0 | } |
532 | 0 | if (ce->properties_info_table) { |
533 | 0 | free(ce->properties_info_table); |
534 | 0 | } |
535 | 0 | if (ce->attributes) { |
536 | 0 | zend_hash_release(ce->attributes); |
537 | 0 | } |
538 | 0 | free(ce); |
539 | 0 | break; |
540 | 1.39k | } |
541 | 1.39k | } |
542 | | |
543 | | void zend_class_add_ref(zval *zv) |
544 | 0 | { |
545 | 0 | zend_class_entry *ce = Z_PTR_P(zv); |
546 | |
|
547 | 0 | if (Z_TYPE_P(zv) != IS_ALIAS_PTR && !(ce->ce_flags & ZEND_ACC_IMMUTABLE)) { |
548 | 0 | ce->refcount++; |
549 | 0 | } |
550 | 0 | } |
551 | | |
552 | | ZEND_API void zend_destroy_static_vars(zend_op_array *op_array) |
553 | 67.5k | { |
554 | 67.5k | if (ZEND_MAP_PTR(op_array->static_variables_ptr)) { |
555 | 1.17k | HashTable *ht = ZEND_MAP_PTR_GET(op_array->static_variables_ptr); |
556 | 1.17k | if (ht) { |
557 | 1.16k | zend_array_destroy(ht); |
558 | 1.16k | ZEND_MAP_PTR_SET(op_array->static_variables_ptr, NULL); |
559 | 1.16k | } |
560 | 1.17k | } |
561 | 67.5k | } |
562 | | |
563 | | ZEND_API void destroy_op_array(zend_op_array *op_array) |
564 | 75.5k | { |
565 | 75.5k | uint32_t i; |
566 | | |
567 | 75.5k | if ((op_array->fn_flags & ZEND_ACC_HEAP_RT_CACHE) |
568 | 64.4k | && ZEND_MAP_PTR(op_array->run_time_cache)) { |
569 | 19.5k | efree(ZEND_MAP_PTR(op_array->run_time_cache)); |
570 | 19.5k | } |
571 | | |
572 | 75.5k | if (op_array->function_name) { |
573 | 12.1k | zend_string_release_ex(op_array->function_name, 0); |
574 | 12.1k | } |
575 | | |
576 | 75.5k | if (!op_array->refcount || --(*op_array->refcount) > 0) { |
577 | 73.3k | return; |
578 | 73.3k | } |
579 | | |
580 | 2.23k | efree_size(op_array->refcount, sizeof(*(op_array->refcount))); |
581 | | |
582 | 2.23k | if (op_array->vars) { |
583 | 895 | i = op_array->last_var; |
584 | 2.25k | while (i > 0) { |
585 | 1.35k | i--; |
586 | 1.35k | zend_string_release_ex(op_array->vars[i], 0); |
587 | 1.35k | } |
588 | 895 | efree(op_array->vars); |
589 | 895 | } |
590 | | |
591 | | /* ZEND_ACC_PTR_OPS and ZEND_ACC_OVERRIDE use the same value */ |
592 | 2.23k | if ((op_array->fn_flags & ZEND_ACC_PTR_OPS) && !op_array->function_name) { |
593 | 0 | zend_op *op = op_array->opcodes; |
594 | 0 | zend_op *end = op + op_array->last; |
595 | 0 | while (op < end) { |
596 | 0 | if (op->opcode == ZEND_DECLARE_ATTRIBUTED_CONST) { |
597 | 0 | HashTable *attributes = Z_PTR_P(RT_CONSTANT(op+1, (op+1)->op1)); |
598 | 0 | zend_hash_release(attributes); |
599 | 0 | } |
600 | 0 | op++; |
601 | 0 | } |
602 | 0 | } |
603 | 2.23k | if (op_array->literals) { |
604 | 2.23k | zval *literal = op_array->literals; |
605 | 2.23k | zval *end = literal + op_array->last_literal; |
606 | 9.52k | while (literal < end) { |
607 | 7.29k | zval_ptr_dtor_nogc(literal); |
608 | 7.29k | literal++; |
609 | 7.29k | } |
610 | 2.23k | if (ZEND_USE_ABS_CONST_ADDR |
611 | 2.23k | || !(op_array->fn_flags & ZEND_ACC_DONE_PASS_TWO)) { |
612 | 0 | efree(op_array->literals); |
613 | 0 | } |
614 | 2.23k | } |
615 | 2.23k | efree(op_array->opcodes); |
616 | | |
617 | 2.23k | zend_string_release_ex(op_array->filename, 0); |
618 | 2.23k | if (op_array->doc_comment) { |
619 | 4 | zend_string_release_ex(op_array->doc_comment, 0); |
620 | 4 | } |
621 | 2.23k | if (op_array->attributes) { |
622 | 34 | zend_hash_release(op_array->attributes); |
623 | 34 | } |
624 | 2.23k | if (op_array->live_range) { |
625 | 143 | efree(op_array->live_range); |
626 | 143 | } |
627 | 2.23k | if (op_array->try_catch_array) { |
628 | 9 | efree(op_array->try_catch_array); |
629 | 9 | } |
630 | 2.23k | if (zend_extension_flags & ZEND_EXTENSIONS_HAVE_OP_ARRAY_DTOR) { |
631 | 0 | if (op_array->fn_flags & ZEND_ACC_DONE_PASS_TWO) { |
632 | 0 | zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_op_array_dtor_handler, op_array); |
633 | 0 | } |
634 | 0 | } |
635 | 2.23k | if (op_array->arg_info) { |
636 | 501 | uint32_t num_args = op_array->num_args; |
637 | 501 | zend_arg_info *arg_info = op_array->arg_info; |
638 | | |
639 | 501 | if (op_array->fn_flags & ZEND_ACC_HAS_RETURN_TYPE) { |
640 | 251 | arg_info--; |
641 | 251 | num_args++; |
642 | 251 | } |
643 | 501 | if (op_array->fn_flags & ZEND_ACC_VARIADIC) { |
644 | 10 | num_args++; |
645 | 10 | } |
646 | 1.30k | for (i = 0 ; i < num_args; i++) { |
647 | 803 | if (arg_info[i].name) { |
648 | 552 | zend_string_release_ex(arg_info[i].name, 0); |
649 | 552 | } |
650 | 803 | if (arg_info[i].doc_comment) { |
651 | 0 | zend_string_release_ex(arg_info[i].doc_comment, 0); |
652 | 0 | } |
653 | 803 | zend_type_release(arg_info[i].type, /* persistent */ false); |
654 | 803 | } |
655 | 501 | efree(arg_info); |
656 | 501 | } |
657 | 2.23k | if (op_array->static_variables) { |
658 | 30 | zend_array_destroy(op_array->static_variables); |
659 | 30 | } |
660 | 2.23k | if (op_array->num_dynamic_func_defs) { |
661 | 100 | for (i = 0; i < op_array->num_dynamic_func_defs; i++) { |
662 | 51 | destroy_op_array(op_array->dynamic_func_defs[i]); |
663 | 51 | } |
664 | 49 | efree(op_array->dynamic_func_defs); |
665 | 49 | } |
666 | 2.23k | } |
667 | | |
668 | | static void zend_update_extended_stmts(zend_op_array *op_array) |
669 | 0 | { |
670 | 0 | zend_op *opline = op_array->opcodes, *end=opline+op_array->last; |
671 | |
|
672 | 0 | while (opline<end) { |
673 | 0 | if (opline->opcode == ZEND_EXT_STMT) { |
674 | 0 | if (opline+1<end) { |
675 | 0 | if ((opline+1)->opcode == ZEND_EXT_STMT) { |
676 | 0 | opline->opcode = ZEND_NOP; |
677 | 0 | opline++; |
678 | 0 | continue; |
679 | 0 | } |
680 | 0 | if (opline+1<end) { |
681 | 0 | opline->lineno = (opline+1)->lineno; |
682 | 0 | } |
683 | 0 | } else { |
684 | 0 | opline->opcode = ZEND_NOP; |
685 | 0 | } |
686 | 0 | } |
687 | 0 | opline++; |
688 | 0 | } |
689 | 0 | } |
690 | | |
691 | | static void zend_extension_op_array_handler(zend_extension *extension, zend_op_array *op_array) |
692 | 0 | { |
693 | 0 | if (extension->op_array_handler) { |
694 | 0 | extension->op_array_handler(op_array); |
695 | 0 | } |
696 | 0 | } |
697 | | |
698 | | static void zend_check_finally_breakout(zend_op_array *op_array, uint32_t op_num, uint32_t dst_num) |
699 | 54 | { |
700 | 176 | for (uint32_t i = 0; i < op_array->last_try_catch; i++) { |
701 | 126 | if ((op_num < op_array->try_catch_array[i].finally_op || |
702 | 56 | op_num >= op_array->try_catch_array[i].finally_end) |
703 | 106 | && (dst_num >= op_array->try_catch_array[i].finally_op && |
704 | 72 | dst_num <= op_array->try_catch_array[i].finally_end)) { |
705 | 0 | CG(in_compilation) = 1; |
706 | 0 | CG(active_op_array) = op_array; |
707 | 0 | CG(zend_lineno) = op_array->opcodes[op_num].lineno; |
708 | 0 | zend_error_noreturn(E_COMPILE_ERROR, "jump into a finally block is disallowed"); |
709 | 126 | } else if ((op_num >= op_array->try_catch_array[i].finally_op |
710 | 56 | && op_num <= op_array->try_catch_array[i].finally_end) |
711 | 20 | && (dst_num > op_array->try_catch_array[i].finally_end |
712 | 18 | || dst_num < op_array->try_catch_array[i].finally_op)) { |
713 | 4 | CG(in_compilation) = 1; |
714 | 4 | CG(active_op_array) = op_array; |
715 | 4 | CG(zend_lineno) = op_array->opcodes[op_num].lineno; |
716 | 4 | zend_error_noreturn(E_COMPILE_ERROR, "jump out of a finally block is disallowed"); |
717 | 4 | } |
718 | 126 | } |
719 | 54 | } |
720 | | |
721 | 473 | static uint32_t zend_get_brk_cont_target(const zend_op *opline) { |
722 | 473 | int nest_levels = opline->op2.num; |
723 | 473 | int array_offset = opline->op1.num; |
724 | 473 | zend_brk_cont_element *jmp_to; |
725 | 531 | do { |
726 | 531 | jmp_to = &CG(context).brk_cont_array[array_offset]; |
727 | 531 | if (nest_levels > 1) { |
728 | 58 | array_offset = jmp_to->parent; |
729 | 58 | } |
730 | 531 | } while (--nest_levels > 0); |
731 | | |
732 | 473 | return opline->opcode == ZEND_BRK ? jmp_to->brk : jmp_to->cont; |
733 | 473 | } |
734 | | |
735 | | static void emit_live_range_raw( |
736 | 230k | zend_op_array *op_array, uint32_t var_num, uint32_t kind, uint32_t start, uint32_t end) { |
737 | 230k | zend_live_range *range; |
738 | | |
739 | 230k | op_array->last_live_range++; |
740 | 230k | op_array->live_range = erealloc(op_array->live_range, |
741 | 230k | sizeof(zend_live_range) * op_array->last_live_range); |
742 | | |
743 | 230k | ZEND_ASSERT(start < end); |
744 | 230k | range = &op_array->live_range[op_array->last_live_range - 1]; |
745 | 230k | range->var = EX_NUM_TO_VAR(op_array->last_var + var_num); |
746 | 230k | range->var |= kind; |
747 | 230k | range->start = start; |
748 | 230k | range->end = end; |
749 | 230k | } |
750 | | |
751 | | static void emit_live_range( |
752 | | zend_op_array *op_array, uint32_t var_num, uint32_t start, uint32_t end, |
753 | 233k | zend_needs_live_range_cb needs_live_range) { |
754 | 233k | zend_op *def_opline = &op_array->opcodes[start], *orig_def_opline = def_opline; |
755 | 233k | zend_op *use_opline = &op_array->opcodes[end]; |
756 | 233k | uint32_t kind; |
757 | | |
758 | 233k | switch (def_opline->opcode) { |
759 | | /* These should never be the first def. */ |
760 | 0 | case ZEND_ADD_ARRAY_ELEMENT: |
761 | 0 | case ZEND_ADD_ARRAY_UNPACK: |
762 | 0 | case ZEND_ROPE_ADD: |
763 | 0 | ZEND_UNREACHABLE(); |
764 | 0 | return; |
765 | | /* Result is boolean, it doesn't have to be destroyed. */ |
766 | 2 | case ZEND_JMPZ_EX: |
767 | 2 | case ZEND_JMPNZ_EX: |
768 | 49 | case ZEND_BOOL: |
769 | 1.40k | case ZEND_BOOL_NOT: |
770 | | /* Classes don't have to be destroyed. */ |
771 | 1.49k | case ZEND_FETCH_CLASS: |
772 | 1.49k | case ZEND_DECLARE_ANON_CLASS: |
773 | | /* FAST_CALLs don't have to be destroyed. */ |
774 | 2.06k | case ZEND_FAST_CALL: |
775 | 2.06k | return; |
776 | 90.0k | case ZEND_BEGIN_SILENCE: |
777 | 90.0k | kind = ZEND_LIVE_SILENCE; |
778 | 90.0k | start++; |
779 | 90.0k | break; |
780 | 26.5k | case ZEND_ROPE_INIT: |
781 | 26.5k | kind = ZEND_LIVE_ROPE; |
782 | | /* ROPE live ranges include the generating opcode. */ |
783 | 26.5k | def_opline--; |
784 | 26.5k | break; |
785 | 13.3k | case ZEND_FE_RESET_R: |
786 | 14.1k | case ZEND_FE_RESET_RW: |
787 | 14.1k | kind = ZEND_LIVE_LOOP; |
788 | 14.1k | start++; |
789 | 14.1k | break; |
790 | | /* Objects created via ZEND_NEW are only fully initialized |
791 | | * after the DO_FCALL (constructor call). |
792 | | * We are creating two live-ranges: ZEND_LINE_NEW for uninitialized |
793 | | * part, and ZEND_LIVE_TMPVAR for initialized. |
794 | | */ |
795 | 50.2k | case ZEND_NEW: |
796 | 50.2k | { |
797 | 50.2k | int level = 0; |
798 | 50.2k | uint32_t orig_start = start; |
799 | | |
800 | 105k | while (def_opline + 1 < use_opline) { |
801 | 105k | def_opline++; |
802 | 105k | start++; |
803 | 105k | switch (def_opline->opcode) { |
804 | 42 | case ZEND_INIT_FCALL: |
805 | 50 | case ZEND_INIT_FCALL_BY_NAME: |
806 | 68 | case ZEND_INIT_NS_FCALL_BY_NAME: |
807 | 84 | case ZEND_INIT_DYNAMIC_CALL: |
808 | 84 | case ZEND_INIT_USER_CALL: |
809 | 116 | case ZEND_INIT_METHOD_CALL: |
810 | 152 | case ZEND_INIT_STATIC_METHOD_CALL: |
811 | 152 | case ZEND_INIT_PARENT_PROPERTY_HOOK_CALL: |
812 | 572 | case ZEND_NEW: |
813 | 572 | level++; |
814 | 572 | break; |
815 | 50.7k | case ZEND_DO_FCALL: |
816 | 50.7k | case ZEND_DO_FCALL_BY_NAME: |
817 | 50.7k | case ZEND_DO_ICALL: |
818 | 50.7k | case ZEND_DO_UCALL: |
819 | 50.7k | if (level == 0) { |
820 | 50.1k | goto done; |
821 | 50.1k | } |
822 | 572 | level--; |
823 | 572 | break; |
824 | 105k | } |
825 | 105k | } |
826 | 50.2k | done: |
827 | 50.2k | emit_live_range_raw(op_array, var_num, ZEND_LIVE_NEW, orig_start + 1, start + 1); |
828 | 50.2k | if (start + 1 == end) { |
829 | | /* Trivial live-range, no need to store it. */ |
830 | 49.4k | return; |
831 | 49.4k | } |
832 | 50.2k | } |
833 | 704 | ZEND_FALLTHROUGH; |
834 | 49.3k | default: |
835 | 49.3k | start++; |
836 | 49.3k | kind = ZEND_LIVE_TMPVAR; |
837 | | |
838 | | /* Check hook to determine whether a live range is necessary, |
839 | | * e.g. based on type info. */ |
840 | 49.3k | if (needs_live_range && !needs_live_range(op_array, orig_def_opline)) { |
841 | 2.16k | return; |
842 | 2.16k | } |
843 | 47.2k | break; |
844 | 47.2k | case ZEND_COPY_TMP: |
845 | 2.15k | { |
846 | | /* COPY_TMP has a split live-range: One from the definition until the use in |
847 | | * "null" branch, and another from the start of the "non-null" branch to the |
848 | | * FREE opcode. */ |
849 | 2.15k | uint32_t rt_var_num = EX_NUM_TO_VAR(op_array->last_var + var_num); |
850 | 2.15k | if (needs_live_range && !needs_live_range(op_array, orig_def_opline)) { |
851 | 91 | return; |
852 | 91 | } |
853 | | |
854 | 2.06k | kind = ZEND_LIVE_TMPVAR; |
855 | 2.06k | if (use_opline->opcode != ZEND_FREE) { |
856 | | /* This can happen if one branch of the coalesce has been optimized away. |
857 | | * In this case we should emit a normal live-range instead. */ |
858 | 1.20k | start++; |
859 | 1.20k | break; |
860 | 1.20k | } |
861 | | |
862 | 860 | zend_op *block_start_op = use_opline; |
863 | 904 | while ((block_start_op-1)->opcode == ZEND_FREE) { |
864 | 44 | block_start_op--; |
865 | 44 | } |
866 | | |
867 | 860 | start = block_start_op - op_array->opcodes; |
868 | 860 | if (start != end) { |
869 | 44 | emit_live_range_raw(op_array, var_num, kind, start, end); |
870 | 44 | } |
871 | | |
872 | 3.15k | do { |
873 | 3.15k | use_opline--; |
874 | | |
875 | | /* The use might have been optimized away, in which case we will hit the def |
876 | | * instead. */ |
877 | 3.15k | if (use_opline->opcode == ZEND_COPY_TMP && use_opline->result.var == rt_var_num) { |
878 | 0 | start = def_opline + 1 - op_array->opcodes; |
879 | 0 | emit_live_range_raw(op_array, var_num, kind, start, end); |
880 | 0 | return; |
881 | 0 | } |
882 | 3.15k | } while (!( |
883 | 3.15k | ((use_opline->op1_type & (IS_TMP_VAR|IS_VAR)) && use_opline->op1.var == rt_var_num) || |
884 | 2.96k | ((use_opline->op2_type & (IS_TMP_VAR|IS_VAR)) && use_opline->op2.var == rt_var_num) |
885 | 3.15k | )); |
886 | | |
887 | 860 | start = def_opline + 1 - op_array->opcodes; |
888 | 860 | end = use_opline - op_array->opcodes; |
889 | 860 | emit_live_range_raw(op_array, var_num, kind, start, end); |
890 | 860 | return; |
891 | 860 | } |
892 | 233k | } |
893 | | |
894 | 179k | emit_live_range_raw(op_array, var_num, kind, start, end); |
895 | 179k | } |
896 | | |
897 | 1.03M | static bool is_fake_def(zend_op *opline) { |
898 | | /* These opcodes only modify the result, not create it. */ |
899 | 1.03M | return opline->opcode == ZEND_ROPE_ADD |
900 | 761k | || opline->opcode == ZEND_ADD_ARRAY_ELEMENT |
901 | 730k | || opline->opcode == ZEND_ADD_ARRAY_UNPACK; |
902 | 1.03M | } |
903 | | |
904 | 395k | static bool keeps_op1_alive(zend_op *opline) { |
905 | | /* These opcodes don't consume their OP1 operand, |
906 | | * it is later freed by something else. */ |
907 | 395k | if (opline->opcode == ZEND_CASE |
908 | 395k | || opline->opcode == ZEND_CASE_STRICT |
909 | 395k | || opline->opcode == ZEND_SWITCH_LONG |
910 | 395k | || opline->opcode == ZEND_SWITCH_STRING |
911 | 395k | || opline->opcode == ZEND_MATCH |
912 | 395k | || opline->opcode == ZEND_MATCH_ERROR |
913 | 395k | || opline->opcode == ZEND_FETCH_LIST_R |
914 | 395k | || opline->opcode == ZEND_FETCH_LIST_W |
915 | 395k | || opline->opcode == ZEND_COPY_TMP |
916 | 395k | || opline->opcode == ZEND_EXT_STMT) { |
917 | 37 | return true; |
918 | 37 | } |
919 | 395k | ZEND_ASSERT(opline->opcode != ZEND_FE_FETCH_R |
920 | 395k | && opline->opcode != ZEND_FE_FETCH_RW |
921 | 395k | && opline->opcode != ZEND_VERIFY_RETURN_TYPE |
922 | 395k | && opline->opcode != ZEND_BIND_LEXICAL |
923 | 395k | && opline->opcode != ZEND_ROPE_ADD); |
924 | 395k | return false; |
925 | 395k | } |
926 | | |
927 | | /* Live ranges must be sorted by increasing start opline */ |
928 | 2.25k | static int cmp_live_range(const zend_live_range *a, const zend_live_range *b) { |
929 | 2.25k | return a->start - b->start; |
930 | 2.25k | } |
931 | 101k | static void swap_live_range(zend_live_range *a, zend_live_range *b) { |
932 | 101k | uint32_t tmp; |
933 | 101k | tmp = a->var; |
934 | 101k | a->var = b->var; |
935 | 101k | b->var = tmp; |
936 | 101k | tmp = a->start; |
937 | 101k | a->start = b->start; |
938 | 101k | b->start = tmp; |
939 | 101k | tmp = a->end; |
940 | 101k | a->end = b->end; |
941 | 101k | b->end = tmp; |
942 | 101k | } |
943 | | |
944 | | static void zend_calc_live_ranges( |
945 | 72.3k | zend_op_array *op_array, zend_needs_live_range_cb needs_live_range) { |
946 | 72.3k | uint32_t opnum = op_array->last; |
947 | 72.3k | zend_op *opline = &op_array->opcodes[opnum]; |
948 | 72.3k | ALLOCA_FLAG(use_heap) |
949 | 72.3k | uint32_t var_offset = op_array->last_var; |
950 | 72.3k | uint32_t *last_use = do_alloca(sizeof(uint32_t) * op_array->T, use_heap); |
951 | 72.3k | memset(last_use, -1, sizeof(uint32_t) * op_array->T); |
952 | | |
953 | 72.3k | ZEND_ASSERT(!op_array->live_range); |
954 | 2.19M | while (opnum > 0) { |
955 | 2.12M | opnum--; |
956 | 2.12M | opline--; |
957 | | |
958 | | /* SEPARATE always redeclares its op1. For the purposes of live-ranges, |
959 | | * its declaration is irrelevant. Don't terminate the current live-range |
960 | | * to avoid breaking special handling of COPY_TMP. */ |
961 | 2.12M | if (opline->opcode == ZEND_SEPARATE) { |
962 | 518 | ZEND_ASSERT(opline->op1.var == opline->result.var); |
963 | 518 | continue; |
964 | 518 | } |
965 | | |
966 | 2.12M | if ((opline->result_type & (IS_TMP_VAR|IS_VAR)) && !is_fake_def(opline)) { |
967 | 730k | uint32_t var_num = EX_VAR_TO_NUM(opline->result.var) - var_offset; |
968 | | /* Defs without uses can occur for two reasons: Either because the result is |
969 | | * genuinely unused (e.g. omitted FREE opcode for an unused boolean result), or |
970 | | * because there are multiple defining opcodes (e.g. JMPZ_EX and QM_ASSIGN), in |
971 | | * which case the last one starts the live range. As such, we can simply ignore |
972 | | * missing uses here. */ |
973 | 730k | if (EXPECTED(last_use[var_num] != (uint32_t) -1)) { |
974 | | /* Skip trivial live-range */ |
975 | 690k | if (opnum + 1 != last_use[var_num]) { |
976 | 233k | uint32_t num; |
977 | | |
978 | 233k | #if 1 |
979 | | /* OP_DATA uses only op1 operand */ |
980 | 233k | ZEND_ASSERT(opline->opcode != ZEND_OP_DATA); |
981 | 233k | num = opnum; |
982 | | #else |
983 | | /* OP_DATA is really part of the previous opcode. */ |
984 | | num = opnum - (opline->opcode == ZEND_OP_DATA); |
985 | | #endif |
986 | 233k | emit_live_range(op_array, var_num, num, last_use[var_num], needs_live_range); |
987 | 233k | } |
988 | 690k | last_use[var_num] = (uint32_t) -1; |
989 | 690k | } |
990 | 730k | } |
991 | | |
992 | 2.12M | if ((opline->op1_type & (IS_TMP_VAR|IS_VAR))) { |
993 | 696k | uint32_t var_num = EX_VAR_TO_NUM(opline->op1.var) - var_offset; |
994 | 696k | if (EXPECTED(last_use[var_num] == (uint32_t) -1)) { |
995 | 395k | if (EXPECTED(!keeps_op1_alive(opline))) { |
996 | | /* OP_DATA is really part of the previous opcode. */ |
997 | 395k | last_use[var_num] = opnum - (opline->opcode == ZEND_OP_DATA); |
998 | 395k | } |
999 | 395k | } else if ((opline->opcode == ZEND_FREE || opline->opcode == ZEND_FE_FREE) && opline->extended_value & ZEND_FREE_ON_RETURN) { |
1000 | 342 | int jump_offset = 1; |
1001 | 366 | while (((opline + jump_offset)->opcode == ZEND_FREE || (opline + jump_offset)->opcode == ZEND_FE_FREE) |
1002 | 24 | && (opline + jump_offset)->extended_value & ZEND_FREE_ON_RETURN) { |
1003 | 24 | ++jump_offset; |
1004 | 24 | } |
1005 | | // loop var frees directly precede the jump (or return) operand, except that ZEND_VERIFY_RETURN_TYPE may happen first. |
1006 | 342 | if ((opline + jump_offset)->opcode == ZEND_VERIFY_RETURN_TYPE) { |
1007 | 0 | ++jump_offset; |
1008 | 0 | } |
1009 | | /* FREE with ZEND_FREE_ON_RETURN immediately followed by RETURN frees |
1010 | | * the loop variable on early return. We need to split the live range |
1011 | | * so GC doesn't access the freed variable after this FREE. */ |
1012 | 342 | uint32_t opnum_last_use = last_use[var_num]; |
1013 | 342 | zend_op *opline_last_use = op_array->opcodes + opnum_last_use; |
1014 | 342 | ZEND_ASSERT(opline_last_use->opcode == opline->opcode); // any ZEND_FREE_ON_RETURN must be followed by a FREE without |
1015 | 342 | if (opnum + jump_offset + 1 != opnum_last_use) { |
1016 | 260 | emit_live_range_raw(op_array, var_num, opline->opcode == ZEND_FE_FREE ? ZEND_LIVE_LOOP : ZEND_LIVE_TMPVAR, |
1017 | 260 | opnum + jump_offset + 1, opnum_last_use); |
1018 | 260 | } |
1019 | | |
1020 | | /* Update last_use so next range includes this FREE */ |
1021 | 342 | last_use[var_num] = opnum; |
1022 | | |
1023 | | /* Store opline offset to loop end */ |
1024 | 342 | opline->op2.opline_num = opnum_last_use - opnum; |
1025 | 342 | if (opline_last_use->extended_value & ZEND_FREE_ON_RETURN) { |
1026 | 82 | opline->op2.opline_num += opline_last_use->op2.opline_num; |
1027 | 82 | } |
1028 | 342 | } |
1029 | 696k | } |
1030 | 2.12M | if (opline->op2_type & (IS_TMP_VAR|IS_VAR)) { |
1031 | 296k | uint32_t var_num = EX_VAR_TO_NUM(opline->op2.var) - var_offset; |
1032 | 296k | if (UNEXPECTED(opline->opcode == ZEND_FE_FETCH_R |
1033 | 296k | || opline->opcode == ZEND_FE_FETCH_RW)) { |
1034 | | /* OP2 of FE_FETCH is actually a def, not a use. */ |
1035 | 322 | if (last_use[var_num] != (uint32_t) -1) { |
1036 | 322 | if (opnum + 1 != last_use[var_num]) { |
1037 | 234 | emit_live_range( |
1038 | 234 | op_array, var_num, opnum, last_use[var_num], needs_live_range); |
1039 | 234 | } |
1040 | 322 | last_use[var_num] = (uint32_t) -1; |
1041 | 322 | } |
1042 | 295k | } else if (EXPECTED(last_use[var_num] == (uint32_t) -1)) { |
1043 | 295k | #if 1 |
1044 | | /* OP_DATA uses only op1 operand */ |
1045 | 295k | ZEND_ASSERT(opline->opcode != ZEND_OP_DATA); |
1046 | 295k | last_use[var_num] = opnum; |
1047 | | #else |
1048 | | /* OP_DATA is really part of the previous opcode. */ |
1049 | | last_use[var_num] = opnum - (opline->opcode == ZEND_OP_DATA); |
1050 | | #endif |
1051 | 295k | } |
1052 | 296k | } |
1053 | 2.12M | } |
1054 | | |
1055 | 72.3k | if (op_array->last_live_range > 1) { |
1056 | 26.9k | zend_live_range *r1 = op_array->live_range; |
1057 | 26.9k | zend_live_range *r2 = r1 + op_array->last_live_range - 1; |
1058 | | |
1059 | | /* In most cases we need just revert the array */ |
1060 | 127k | while (r1 < r2) { |
1061 | 100k | swap_live_range(r1, r2); |
1062 | 100k | r1++; |
1063 | 100k | r2--; |
1064 | 100k | } |
1065 | | |
1066 | 26.9k | r1 = op_array->live_range; |
1067 | 26.9k | r2 = r1 + op_array->last_live_range - 1; |
1068 | 207k | while (r1 < r2) { |
1069 | 181k | if (r1->start > (r1+1)->start) { |
1070 | 624 | zend_sort(r1, r2 - r1 + 1, sizeof(zend_live_range), |
1071 | 624 | (compare_func_t) cmp_live_range, (swap_func_t) swap_live_range); |
1072 | 624 | break; |
1073 | 624 | } |
1074 | 180k | r1++; |
1075 | 180k | } |
1076 | 26.9k | } |
1077 | | |
1078 | 72.3k | free_alloca(last_use, use_heap); |
1079 | 72.3k | } |
1080 | | |
1081 | | ZEND_API void zend_recalc_live_ranges( |
1082 | 24.4k | zend_op_array *op_array, zend_needs_live_range_cb needs_live_range) { |
1083 | | /* We assume that we never create live-ranges where there were none before. */ |
1084 | 24.4k | ZEND_ASSERT(op_array->live_range); |
1085 | 24.4k | efree(op_array->live_range); |
1086 | 24.4k | op_array->live_range = NULL; |
1087 | 24.4k | op_array->last_live_range = 0; |
1088 | 24.4k | zend_calc_live_ranges(op_array, needs_live_range); |
1089 | 24.4k | } |
1090 | | |
1091 | | ZEND_API void pass_two(zend_op_array *op_array) |
1092 | 47.9k | { |
1093 | 47.9k | zend_op *opline, *end; |
1094 | | |
1095 | 47.9k | if (!ZEND_USER_CODE(op_array->type)) { |
1096 | 0 | return; |
1097 | 0 | } |
1098 | 47.9k | if (CG(compiler_options) & ZEND_COMPILE_EXTENDED_STMT) { |
1099 | 0 | zend_update_extended_stmts(op_array); |
1100 | 0 | } |
1101 | 47.9k | if (CG(compiler_options) & ZEND_COMPILE_HANDLE_OP_ARRAY) { |
1102 | 46.2k | if (zend_extension_flags & ZEND_EXTENSIONS_HAVE_OP_ARRAY_HANDLER) { |
1103 | 0 | zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_op_array_handler, op_array); |
1104 | 0 | } |
1105 | 46.2k | } |
1106 | | |
1107 | 47.9k | if (CG(context).vars_size != op_array->last_var) { |
1108 | 31.8k | op_array->vars = (zend_string**) erealloc(op_array->vars, sizeof(zend_string*)*op_array->last_var); |
1109 | 31.8k | CG(context).vars_size = op_array->last_var; |
1110 | 31.8k | } |
1111 | | |
1112 | | #if ZEND_USE_ABS_CONST_ADDR |
1113 | | if (CG(context).opcodes_size != op_array->last) { |
1114 | | op_array->opcodes = (zend_op *) erealloc(op_array->opcodes, sizeof(zend_op)*op_array->last); |
1115 | | CG(context).opcodes_size = op_array->last; |
1116 | | } |
1117 | | if (CG(context).literals_size != op_array->last_literal) { |
1118 | | op_array->literals = (zval*)erealloc(op_array->literals, sizeof(zval) * op_array->last_literal); |
1119 | | CG(context).literals_size = op_array->last_literal; |
1120 | | } |
1121 | | #else |
1122 | 47.9k | op_array->opcodes = (zend_op *) erealloc(op_array->opcodes, |
1123 | 47.9k | ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16) + |
1124 | 47.9k | sizeof(zval) * op_array->last_literal); |
1125 | 47.9k | if (op_array->literals) { |
1126 | 47.9k | memcpy(((char*)op_array->opcodes) + ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16), |
1127 | 47.9k | op_array->literals, sizeof(zval) * op_array->last_literal); |
1128 | 47.9k | efree(op_array->literals); |
1129 | 47.9k | op_array->literals = (zval*)(((char*)op_array->opcodes) + ZEND_MM_ALIGNED_SIZE_EX(sizeof(zend_op) * op_array->last, 16)); |
1130 | 47.9k | } |
1131 | 47.9k | CG(context).opcodes_size = op_array->last; |
1132 | 47.9k | CG(context).literals_size = op_array->last_literal; |
1133 | 47.9k | #endif |
1134 | | |
1135 | 47.9k | op_array->T += ZEND_OBSERVER_ENABLED; // reserve last temporary for observers if enabled |
1136 | | |
1137 | | /* Needs to be set directly after the opcode/literal reallocation, to ensure destruction |
1138 | | * happens correctly if any of the following fixups generate a fatal error. */ |
1139 | 47.9k | op_array->fn_flags |= ZEND_ACC_DONE_PASS_TWO; |
1140 | | |
1141 | 47.9k | opline = op_array->opcodes; |
1142 | 47.9k | end = opline + op_array->last; |
1143 | 1.23M | while (opline < end) { |
1144 | 1.19M | switch (opline->opcode) { |
1145 | 1.56k | case ZEND_RECV_INIT: |
1146 | 1.56k | { |
1147 | 1.56k | zval *val = CT_CONSTANT(opline->op2); |
1148 | 1.56k | if (Z_TYPE_P(val) == IS_CONSTANT_AST) { |
1149 | 514 | uint32_t slot = ZEND_MM_ALIGNED_SIZE_EX(op_array->cache_size, 8); |
1150 | 514 | Z_CACHE_SLOT_P(val) = slot; |
1151 | 514 | op_array->cache_size += sizeof(zval); |
1152 | 514 | } |
1153 | 1.56k | } |
1154 | 1.56k | break; |
1155 | 519 | case ZEND_FAST_CALL: |
1156 | 519 | opline->op1.opline_num = op_array->try_catch_array[opline->op1.num].finally_op; |
1157 | 519 | ZEND_PASS_TWO_UPDATE_JMP_TARGET(op_array, opline, opline->op1); |
1158 | 519 | break; |
1159 | 399 | case ZEND_BRK: |
1160 | 473 | case ZEND_CONT: |
1161 | 473 | { |
1162 | 473 | uint32_t jmp_target = zend_get_brk_cont_target(opline); |
1163 | | |
1164 | 473 | if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) { |
1165 | 26 | zend_check_finally_breakout(op_array, opline - op_array->opcodes, jmp_target); |
1166 | 26 | } |
1167 | 473 | opline->opcode = ZEND_JMP; |
1168 | 473 | opline->op1.opline_num = jmp_target; |
1169 | 473 | opline->op2.num = 0; |
1170 | 473 | ZEND_PASS_TWO_UPDATE_JMP_TARGET(op_array, opline, opline->op1); |
1171 | 473 | } |
1172 | 473 | break; |
1173 | 70 | case ZEND_GOTO: |
1174 | 70 | zend_resolve_goto_label(op_array, opline); |
1175 | 70 | if (op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK) { |
1176 | 28 | zend_check_finally_breakout(op_array, opline - op_array->opcodes, opline->op1.opline_num); |
1177 | 28 | } |
1178 | 70 | ZEND_FALLTHROUGH; |
1179 | 30.5k | case ZEND_JMP: |
1180 | 30.5k | ZEND_PASS_TWO_UPDATE_JMP_TARGET(op_array, opline, opline->op1); |
1181 | 30.5k | break; |
1182 | 9.44k | case ZEND_JMPZ: |
1183 | 14.9k | case ZEND_JMPNZ: |
1184 | 16.2k | case ZEND_JMPZ_EX: |
1185 | 17.9k | case ZEND_JMPNZ_EX: |
1186 | 18.8k | case ZEND_JMP_SET: |
1187 | 21.0k | case ZEND_COALESCE: |
1188 | 27.7k | case ZEND_FE_RESET_R: |
1189 | 28.1k | case ZEND_FE_RESET_RW: |
1190 | 39.4k | case ZEND_JMP_NULL: |
1191 | 39.5k | case ZEND_BIND_INIT_STATIC_OR_JMP: |
1192 | 39.5k | case ZEND_JMP_FRAMELESS: |
1193 | 39.5k | ZEND_PASS_TWO_UPDATE_JMP_TARGET(op_array, opline, opline->op2); |
1194 | 39.5k | break; |
1195 | 752 | case ZEND_ASSERT_CHECK: |
1196 | 752 | { |
1197 | | /* If result of assert is unused, result of check is unused as well */ |
1198 | 752 | zend_op *call = &op_array->opcodes[opline->op2.opline_num - 1]; |
1199 | 752 | if (call->opcode == ZEND_EXT_FCALL_END) { |
1200 | 0 | call--; |
1201 | 0 | } |
1202 | 752 | if (call->result_type == IS_UNUSED) { |
1203 | 646 | opline->result_type = IS_UNUSED; |
1204 | 646 | } |
1205 | 752 | ZEND_PASS_TWO_UPDATE_JMP_TARGET(op_array, opline, opline->op2); |
1206 | 752 | break; |
1207 | 39.5k | } |
1208 | 6.69k | case ZEND_FE_FETCH_R: |
1209 | 7.09k | case ZEND_FE_FETCH_RW: |
1210 | | /* absolute index to relative offset */ |
1211 | 7.09k | opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, opline->extended_value); |
1212 | 7.09k | break; |
1213 | 14.6k | case ZEND_CATCH: |
1214 | 14.6k | if (!(opline->extended_value & ZEND_LAST_CATCH)) { |
1215 | 2.22k | ZEND_PASS_TWO_UPDATE_JMP_TARGET(op_array, opline, opline->op2); |
1216 | 2.22k | } |
1217 | 14.6k | break; |
1218 | 55.0k | case ZEND_RETURN: |
1219 | 56.1k | case ZEND_RETURN_BY_REF: |
1220 | 56.1k | if (op_array->fn_flags & ZEND_ACC_GENERATOR) { |
1221 | 1.01k | opline->opcode = ZEND_GENERATOR_RETURN; |
1222 | 1.01k | } |
1223 | 56.1k | break; |
1224 | 6 | case ZEND_SWITCH_LONG: |
1225 | 34 | case ZEND_SWITCH_STRING: |
1226 | 128 | case ZEND_MATCH: |
1227 | 128 | { |
1228 | | /* absolute indexes to relative offsets */ |
1229 | 128 | HashTable *jumptable = Z_ARRVAL_P(CT_CONSTANT(opline->op2)); |
1230 | 128 | zval *zv; |
1231 | 1.31k | ZEND_HASH_FOREACH_VAL(jumptable, zv) { |
1232 | 1.31k | Z_LVAL_P(zv) = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, Z_LVAL_P(zv)); |
1233 | 1.31k | } ZEND_HASH_FOREACH_END(); |
1234 | | |
1235 | 128 | opline->extended_value = ZEND_OPLINE_NUM_TO_OFFSET(op_array, opline, opline->extended_value); |
1236 | 128 | break; |
1237 | 34 | } |
1238 | 1.19M | } |
1239 | 1.19M | if (opline->op1_type == IS_CONST) { |
1240 | 213k | ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op1); |
1241 | 978k | } else if (opline->op1_type & (IS_VAR|IS_TMP_VAR)) { |
1242 | 375k | opline->op1.var = EX_NUM_TO_VAR(op_array->last_var + opline->op1.var); |
1243 | 375k | } |
1244 | 1.19M | if (opline->op2_type == IS_CONST) { |
1245 | 294k | ZEND_PASS_TWO_UPDATE_CONSTANT(op_array, opline, opline->op2); |
1246 | 897k | } else if (opline->op2_type & (IS_VAR|IS_TMP_VAR)) { |
1247 | 155k | opline->op2.var = EX_NUM_TO_VAR(op_array->last_var + opline->op2.var); |
1248 | 155k | } |
1249 | 1.19M | if (opline->result_type & (IS_VAR|IS_TMP_VAR)) { |
1250 | 550k | opline->result.var = EX_NUM_TO_VAR(op_array->last_var + opline->result.var); |
1251 | 550k | } |
1252 | 1.19M | ZEND_VM_SET_OPCODE_HANDLER(opline); |
1253 | 1.19M | opline++; |
1254 | 1.19M | } |
1255 | | |
1256 | 47.9k | zend_calc_live_ranges(op_array, NULL); |
1257 | | |
1258 | 47.9k | return; |
1259 | 47.9k | } |
1260 | | |
1261 | | ZEND_API unary_op_type get_unary_op(int opcode) |
1262 | 1.98k | { |
1263 | 1.98k | switch (opcode) { |
1264 | 347 | case ZEND_BW_NOT: |
1265 | 347 | return (unary_op_type) bitwise_not_function; |
1266 | 857 | case ZEND_BOOL_NOT: |
1267 | 857 | return (unary_op_type) boolean_not_function; |
1268 | 779 | default: |
1269 | 779 | return (unary_op_type) NULL; |
1270 | 1.98k | } |
1271 | 1.98k | } |
1272 | | |
1273 | | ZEND_API binary_op_type get_binary_op(int opcode) |
1274 | 23.8k | { |
1275 | 23.8k | switch (opcode) { |
1276 | 687 | case ZEND_ADD: |
1277 | 687 | return (binary_op_type) add_function; |
1278 | 2.38k | case ZEND_SUB: |
1279 | 2.38k | return (binary_op_type) sub_function; |
1280 | 7.83k | case ZEND_MUL: |
1281 | 7.83k | return (binary_op_type) mul_function; |
1282 | 57 | case ZEND_POW: |
1283 | 57 | return (binary_op_type) pow_function; |
1284 | 1.22k | case ZEND_DIV: |
1285 | 1.22k | return (binary_op_type) div_function; |
1286 | 600 | case ZEND_MOD: |
1287 | 600 | return (binary_op_type) mod_function; |
1288 | 93 | case ZEND_SL: |
1289 | 93 | return (binary_op_type) shift_left_function; |
1290 | 92 | case ZEND_SR: |
1291 | 92 | return (binary_op_type) shift_right_function; |
1292 | 73 | case ZEND_FAST_CONCAT: |
1293 | 1.12k | case ZEND_CONCAT: |
1294 | 1.12k | return (binary_op_type) concat_function; |
1295 | 260 | case ZEND_IS_IDENTICAL: |
1296 | 280 | case ZEND_CASE_STRICT: |
1297 | 280 | return (binary_op_type) is_identical_function; |
1298 | 6 | case ZEND_IS_NOT_IDENTICAL: |
1299 | 6 | return (binary_op_type) is_not_identical_function; |
1300 | 252 | case ZEND_IS_EQUAL: |
1301 | 252 | case ZEND_CASE: |
1302 | 252 | return (binary_op_type) is_equal_function; |
1303 | 112 | case ZEND_IS_NOT_EQUAL: |
1304 | 112 | return (binary_op_type) is_not_equal_function; |
1305 | 2.25k | case ZEND_IS_SMALLER: |
1306 | 2.25k | return (binary_op_type) is_smaller_function; |
1307 | 485 | case ZEND_IS_SMALLER_OR_EQUAL: |
1308 | 485 | return (binary_op_type) is_smaller_or_equal_function; |
1309 | 0 | case ZEND_SPACESHIP: |
1310 | 0 | return (binary_op_type) compare_function; |
1311 | 4.98k | case ZEND_BW_OR: |
1312 | 4.98k | return (binary_op_type) bitwise_or_function; |
1313 | 831 | case ZEND_BW_AND: |
1314 | 831 | return (binary_op_type) bitwise_and_function; |
1315 | 396 | case ZEND_BW_XOR: |
1316 | 396 | return (binary_op_type) bitwise_xor_function; |
1317 | 136 | case ZEND_BOOL_XOR: |
1318 | 136 | return (binary_op_type) boolean_xor_function; |
1319 | 0 | default: |
1320 | 0 | ZEND_UNREACHABLE(); |
1321 | 0 | return (binary_op_type) NULL; |
1322 | 23.8k | } |
1323 | 23.8k | } |