/src/php-src/Zend/zend_objects_API.c

Source
/*
   +----------------------------------------------------------------------+
   | Zend Engine                                                          |
   +----------------------------------------------------------------------+
   | Copyright © Zend Technologies Ltd., a subsidiary company of          |
   |     Perforce Software, Inc., and Contributors.                       |
   +----------------------------------------------------------------------+
   | This source file is subject to the Modified BSD License that is      |
   | bundled with this package in the file LICENSE, and is available      |
   | through the World Wide Web at <https://www.php.net/license/>.        |
   |                                                                      |
   | SPDX-License-Identifier: BSD-3-Clause                                |
   +----------------------------------------------------------------------+
   | Authors: Andi Gutmans <andi@php.net>                                 |
   |          Zeev Suraski <zeev@php.net>                                 |
   |          Dmitry Stogov <dmitry@php.net>                              |
   +----------------------------------------------------------------------+
*/

#include "zend.h"
#include "zend_globals.h"
#include "zend_variables.h"
#include "zend_API.h"
#include "zend_objects_API.h"
#include "zend_fibers.h"

ZEND_API void ZEND_FASTCALL zend_objects_store_init(zend_objects_store *objects, uint32_t init_size)
{
  objects->object_buckets = (zend_object **) emalloc(init_size * sizeof(zend_object*));
  objects->top = 1; /* Skip 0 so that handles are true */
  objects->size = init_size;
  objects->free_list_head = -1;
  memset(&objects->object_buckets[0], 0, sizeof(zend_object*));
}

ZEND_API void ZEND_FASTCALL zend_objects_store_destroy(zend_objects_store *objects)
{
  efree(objects->object_buckets);
  objects->object_buckets = NULL;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_call_destructors(zend_objects_store *objects)
{
  EG(flags) |= EG_FLAGS_OBJECT_STORE_NO_REUSE;
  if (objects->top > 1) {
    for (uint32_t i = 1; i < objects->top; i++) {
      zend_object *obj = objects->object_buckets[i];
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_DESTRUCTOR_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);

          if (obj->handlers->dtor_obj != zend_objects_destroy_object
              || obj->ce->destructor) {
            GC_ADDREF(obj);
            obj->handlers->dtor_obj(obj);
            GC_DELREF(obj);
          }
        }
      }
    }
  }
}

ZEND_API void ZEND_FASTCALL zend_objects_store_mark_destructed(zend_objects_store *objects)
{
  if (objects->object_buckets && objects->top > 1) {
    zend_object **obj_ptr = objects->object_buckets + 1;
    zend_object **end = objects->object_buckets + objects->top;

    do {
      zend_object *obj = *obj_ptr;

      if (IS_OBJ_VALID(obj)) {
        GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
      }
      obj_ptr++;
    } while (obj_ptr != end);
  }
}

ZEND_API void ZEND_FASTCALL zend_objects_store_free_object_storage(zend_objects_store *objects, bool fast_shutdown)
{
  zend_object **obj_ptr, **end, *obj;

  if (objects->top <= 1) {
    return;
  }

  /* Free object contents, but don't free objects themselves, so they show up as leaks.
   * Also add a ref to all objects, so the object can't be freed by something else later. */
  end = objects->object_buckets + 1;
  obj_ptr = objects->object_buckets + objects->top;

  if (fast_shutdown) {
    do {
      obj_ptr--;
      obj = *obj_ptr;
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
          if (obj->handlers->free_obj != zend_object_std_dtor
           || (OBJ_FLAGS(obj) & IS_OBJ_WEAKLY_REFERENCED)
          ) {
            GC_ADDREF(obj);
            obj->handlers->free_obj(obj);
          }
        }
      }
    } while (obj_ptr != end);
  } else {
    do {
      obj_ptr--;
      obj = *obj_ptr;
      if (IS_OBJ_VALID(obj)) {
        if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
          GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
          GC_ADDREF(obj);
          obj->handlers->free_obj(obj);
        }
      }
    } while (obj_ptr != end);
  }
}


/* Store objects API */
static ZEND_COLD zend_never_inline void ZEND_FASTCALL zend_objects_store_put_cold(zend_object *object)
{
  uint32_t new_size = 2 * EG(objects_store).size;

  EG(objects_store).object_buckets = (zend_object **) erealloc(EG(objects_store).object_buckets, new_size * sizeof(zend_object*));
  /* Assign size after realloc, in case it fails */
  EG(objects_store).size = new_size;
  uint32_t handle = EG(objects_store).top++;
  object->handle = handle;
  EG(objects_store).object_buckets[handle] = object;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_put(zend_object *object)
{
  uint32_t handle;

  /* When in shutdown sequence - do not reuse previously freed handles, to make sure
   * the dtors for newly created objects are called in zend_objects_store_call_destructors() loop
   */
  if (EG(objects_store).free_list_head != -1 && EXPECTED(!(EG(flags) & EG_FLAGS_OBJECT_STORE_NO_REUSE))) {
    handle = EG(objects_store).free_list_head;
    EG(objects_store).free_list_head = GET_OBJ_BUCKET_NUMBER(EG(objects_store).object_buckets[handle]);
  } else if (UNEXPECTED(EG(objects_store).top == EG(objects_store).size)) {
    zend_objects_store_put_cold(object);
    return;
  } else {
    handle = EG(objects_store).top++;
  }
  object->handle = handle;
  EG(objects_store).object_buckets[handle] = object;
}

ZEND_API void ZEND_FASTCALL zend_objects_store_del(zend_object *object) /* {{{ */
{
  ZEND_ASSERT(GC_REFCOUNT(object) == 0);

  /* GC might have released this object already. */
  if (UNEXPECTED(GC_TYPE(object) == IS_NULL)) {
    return;
  }

  /*  Make sure we hold a reference count during the destructor call
    otherwise, when the destructor ends the storage might be freed
    when the refcount reaches 0 a second time
   */
  if (!(OBJ_FLAGS(object) & IS_OBJ_DESTRUCTOR_CALLED)) {
    GC_ADD_FLAGS(object, IS_OBJ_DESTRUCTOR_CALLED);

    if (object->handlers->dtor_obj != zend_objects_destroy_object
        || object->ce->destructor) {
      GC_SET_REFCOUNT(object, 1);
      object->handlers->dtor_obj(object);
      GC_DELREF(object);
    }
  }

  if (GC_REFCOUNT(object) == 0) {
    uint32_t handle = object->handle;
    void *ptr;

    ZEND_ASSERT(EG(objects_store).object_buckets != NULL);
    ZEND_ASSERT(IS_OBJ_VALID(EG(objects_store).object_buckets[handle]));
    EG(objects_store).object_buckets[handle] = SET_OBJ_INVALID(object);
    if (!(OBJ_FLAGS(object) & IS_OBJ_FREE_CALLED)) {
      GC_ADD_FLAGS(object, IS_OBJ_FREE_CALLED);
      GC_SET_REFCOUNT(object, 1);
      object->handlers->free_obj(object);
    }
    ptr = ((char*)object) - object->handlers->offset;
    GC_REMOVE_FROM_BUFFER(object);
    efree(ptr);
    ZEND_OBJECTS_STORE_ADD_TO_FREE_LIST(handle);
  }
}
/* }}} */

ZEND_API ZEND_COLD zend_property_info *zend_get_property_info_for_slot_slow(zend_object *obj, zval *slot)
{
  uintptr_t offset = OBJ_PROP_SLOT_TO_OFFSET(obj, slot);
  zend_property_info *prop_info;
  ZEND_HASH_MAP_FOREACH_PTR(&obj->ce->properties_info, prop_info) {
    if (prop_info->offset == offset) {
      return prop_info;
    }
  } ZEND_HASH_FOREACH_END();
  return NULL;
}

Coverage Report

Created: 2026-06-02 06:39

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Zend Engine \|
4		+----------------------------------------------------------------------+
5		\| Copyright © Zend Technologies Ltd., a subsidiary company of \|
6		\| Perforce Software, Inc., and Contributors. \|
7		+----------------------------------------------------------------------+
8		\| This source file is subject to the Modified BSD License that is \|
9		\| bundled with this package in the file LICENSE, and is available \|
10		\| through the World Wide Web at <https://www.php.net/license/>. \|
11		\| \|
12		\| SPDX-License-Identifier: BSD-3-Clause \|
13		+----------------------------------------------------------------------+
14		\| Authors: Andi Gutmans <andi@php.net> \|
15		\| Zeev Suraski <zeev@php.net> \|
16		\| Dmitry Stogov <dmitry@php.net> \|
17		+----------------------------------------------------------------------+
18		*/
19
20		#include "zend.h"
21		#include "zend_globals.h"
22		#include "zend_variables.h"
23		#include "zend_API.h"
24		#include "zend_objects_API.h"
25		#include "zend_fibers.h"
26
27		ZEND_API void ZEND_FASTCALL zend_objects_store_init(zend_objects_store *objects, uint32_t init_size)
28	44.4k	{
29	44.4k	objects->object_buckets = (zend_object *) emalloc(init_size sizeof(zend_object*));
30	44.4k	objects->top = 1; /* Skip 0 so that handles are true */
31	44.4k	objects->size = init_size;
32	44.4k	objects->free_list_head = -1;
33	44.4k	memset(&objects->object_buckets[0], 0, sizeof(zend_object*));
34	44.4k	}
35
36		ZEND_API void ZEND_FASTCALL zend_objects_store_destroy(zend_objects_store *objects)
37	44.4k	{
38	44.4k	efree(objects->object_buckets);
39	44.4k	objects->object_buckets = NULL;
40	44.4k	}
41
42		ZEND_API void ZEND_FASTCALL zend_objects_store_call_destructors(zend_objects_store *objects)
43	44.2k	{
44	44.2k	EG(flags) \|= EG_FLAGS_OBJECT_STORE_NO_REUSE;
45	44.2k	if (objects->top > 1) {
46	109k	for (uint32_t i = 1; i < objects->top; i++) {
47	79.9k	zend_object *obj = objects->object_buckets[i];
48	79.9k	if (IS_OBJ_VALID(obj)) {
49	14.5k	if (!(OBJ_FLAGS(obj) & IS_OBJ_DESTRUCTOR_CALLED)) {
50	11.5k	GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
51
52	11.5k	if (obj->handlers->dtor_obj != zend_objects_destroy_object
53	10.3k	\|\| obj->ce->destructor) {
54	1.77k	GC_ADDREF(obj);
55	1.77k	obj->handlers->dtor_obj(obj);
56	1.77k	GC_DELREF(obj);
57	1.77k	}
58	11.5k	}
59	14.5k	}
60	79.9k	}
61	29.8k	}
62	44.2k	}
63
64		ZEND_API void ZEND_FASTCALL zend_objects_store_mark_destructed(zend_objects_store *objects)
65	3.71k	{
66	3.71k	if (objects->object_buckets && objects->top > 1) {
67	661	zend_object **obj_ptr = objects->object_buckets + 1;
68	661	zend_object **end = objects->object_buckets + objects->top;
69
70	39.4k	do {
71	39.4k	zend_object obj = obj_ptr;
72
73	39.4k	if (IS_OBJ_VALID(obj)) {
74	38.1k	GC_ADD_FLAGS(obj, IS_OBJ_DESTRUCTOR_CALLED);
75	38.1k	}
76	39.4k	obj_ptr++;
77	39.4k	} while (obj_ptr != end);
78	661	}
79	3.71k	}
80
81		ZEND_API void ZEND_FASTCALL zend_objects_store_free_object_storage(zend_objects_store *objects, bool fast_shutdown)
82	44.4k	{
83	44.4k	zend_object obj_ptr, end, *obj;
84
85	44.4k	if (objects->top <= 1) {
86	14.4k	return;
87	14.4k	}
88
89		/* Free object contents, but don't free objects themselves, so they show up as leaks.
90		* Also add a ref to all objects, so the object can't be freed by something else later. */
91	30.0k	end = objects->object_buckets + 1;
92	30.0k	obj_ptr = objects->object_buckets + objects->top;
93
94	30.0k	if (fast_shutdown) {
95	0	do {
96	0	obj_ptr--;
97	0	obj = *obj_ptr;
98	0	if (IS_OBJ_VALID(obj)) {
99	0	if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
100	0	GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
101	0	if (obj->handlers->free_obj != zend_object_std_dtor
102	0	\|\| (OBJ_FLAGS(obj) & IS_OBJ_WEAKLY_REFERENCED)
103	0	) {
104	0	GC_ADDREF(obj);
105	0	obj->handlers->free_obj(obj);
106	0	}
107	0	}
108	0	}
109	0	} while (obj_ptr != end);
110	30.0k	} else {
111	115k	do {
112	115k	obj_ptr--;
113	115k	obj = *obj_ptr;
114	115k	if (IS_OBJ_VALID(obj)) {
115	42.7k	if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
116	42.7k	GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
117	42.7k	GC_ADDREF(obj);
118	42.7k	obj->handlers->free_obj(obj);
119	42.7k	}
120	42.7k	}
121	115k	} while (obj_ptr != end);
122	30.0k	}
123	30.0k	}
124
125
126		/* Store objects API */
127		static ZEND_COLD zend_never_inline void ZEND_FASTCALL zend_objects_store_put_cold(zend_object *object)
128	1	{
129	1	uint32_t new_size = 2 * EG(objects_store).size;
130
131	1	EG(objects_store).object_buckets = (zend_object *) erealloc(EG(objects_store).object_buckets, new_size sizeof(zend_object*));
132		/* Assign size after realloc, in case it fails */
133	1	EG(objects_store).size = new_size;
134	1	uint32_t handle = EG(objects_store).top++;
135	1	object->handle = handle;
136	1	EG(objects_store).object_buckets[handle] = object;
137	1	}
138
139		ZEND_API void ZEND_FASTCALL zend_objects_store_put(zend_object *object)
140	473k	{
141	473k	uint32_t handle;
142
143		/* When in shutdown sequence - do not reuse previously freed handles, to make sure
144		* the dtors for newly created objects are called in zend_objects_store_call_destructors() loop
145		*/
146	473k	if (EG(objects_store).free_list_head != -1 && EXPECTED(!(EG(flags) & EG_FLAGS_OBJECT_STORE_NO_REUSE))) {
147	357k	handle = EG(objects_store).free_list_head;
148	357k	EG(objects_store).free_list_head = GET_OBJ_BUCKET_NUMBER(EG(objects_store).object_buckets[handle]);
149	357k	} else if (UNEXPECTED(EG(objects_store).top == EG(objects_store).size)) {
150	1	zend_objects_store_put_cold(object);
151	1	return;
152	115k	} else {
153	115k	handle = EG(objects_store).top++;
154	115k	}
155	473k	object->handle = handle;
156	473k	EG(objects_store).object_buckets[handle] = object;
157	473k	}
158
159		ZEND_API void ZEND_FASTCALL zend_objects_store_del(zend_object object) / {{{ */
160	447k	{
161	447k	ZEND_ASSERT(GC_REFCOUNT(object) == 0);
162
163		/* GC might have released this object already. */
164	447k	if (UNEXPECTED(GC_TYPE(object) == IS_NULL)) {
165	9	return;
166	9	}
167
168		/* Make sure we hold a reference count during the destructor call
169		otherwise, when the destructor ends the storage might be freed
170		when the refcount reaches 0 a second time
171		*/
172	447k	if (!(OBJ_FLAGS(object) & IS_OBJ_DESTRUCTOR_CALLED)) {
173	300k	GC_ADD_FLAGS(object, IS_OBJ_DESTRUCTOR_CALLED);
174
175	300k	if (object->handlers->dtor_obj != zend_objects_destroy_object
176	296k	\|\| object->ce->destructor) {
177	23.2k	GC_SET_REFCOUNT(object, 1);
178	23.2k	object->handlers->dtor_obj(object);
179	23.2k	GC_DELREF(object);
180	23.2k	}
181	300k	}
182
183	447k	if (GC_REFCOUNT(object) == 0) {
184	428k	uint32_t handle = object->handle;
185	428k	void *ptr;
186
187	428k	ZEND_ASSERT(EG(objects_store).object_buckets != NULL);
188	428k	ZEND_ASSERT(IS_OBJ_VALID(EG(objects_store).object_buckets[handle]));
189	428k	EG(objects_store).object_buckets[handle] = SET_OBJ_INVALID(object);
190	428k	if (!(OBJ_FLAGS(object) & IS_OBJ_FREE_CALLED)) {
191	428k	GC_ADD_FLAGS(object, IS_OBJ_FREE_CALLED);
192	428k	GC_SET_REFCOUNT(object, 1);
193	428k	object->handlers->free_obj(object);
194	428k	}
195	428k	ptr = ((char*)object) - object->handlers->offset;
196	428k	GC_REMOVE_FROM_BUFFER(object);
197	428k	efree(ptr);
198	428k	ZEND_OBJECTS_STORE_ADD_TO_FREE_LIST(handle);
199	428k	}
200	447k	}
201		/* }}} */
202
203		ZEND_API ZEND_COLD zend_property_info zend_get_property_info_for_slot_slow(zend_object obj, zval *slot)
204	108	{
205	108	uintptr_t offset = OBJ_PROP_SLOT_TO_OFFSET(obj, slot);
206	108	zend_property_info *prop_info;
207	432	ZEND_HASH_MAP_FOREACH_PTR(&obj->ce->properties_info, prop_info) {
208	432	if (prop_info->offset == offset) {
209	108	return prop_info;
210	108	}
211	432	} ZEND_HASH_FOREACH_END();
212	0	return NULL;
213	108	}