/src/php-src/Zend/Optimizer/optimize_func_calls.c

Source
/*
   +----------------------------------------------------------------------+
   | Zend OPcache                                                         |
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | https://www.php.net/license/3_01.txt                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Dmitry Stogov <dmitry@php.net>                              |
   |          Xinchen Hui <laruence@php.net>                              |
   +----------------------------------------------------------------------+
*/

/* pass 4
 * - optimize INIT_FCALL_BY_NAME to DO_FCALL
 */

#include "Optimizer/zend_optimizer.h"
#include "Optimizer/zend_optimizer_internal.h"
#include "zend_API.h"
#include "zend_constants.h"
#include "zend_execute.h"
#include "zend_vm.h"

typedef struct _optimizer_call_info {
  zend_function *func;
  zend_op       *opline;
  zend_op       *last_check_func_arg_opline;
  bool      is_prototype;
  bool      try_inline;
  uint32_t       func_arg_num;
} optimizer_call_info;

static void zend_delete_call_instructions(zend_op_array *op_array, zend_op *opline)
{
  int call = 0;

  while (1) {
    switch (opline->opcode) {
      case ZEND_INIT_FCALL_BY_NAME:
      case ZEND_INIT_NS_FCALL_BY_NAME:
      case ZEND_INIT_STATIC_METHOD_CALL:
      case ZEND_INIT_METHOD_CALL:
      case ZEND_INIT_FCALL:
      case ZEND_INIT_PARENT_PROPERTY_HOOK_CALL:
        if (call == 0) {
          MAKE_NOP(opline);
          return;
        }
        ZEND_FALLTHROUGH;
      case ZEND_NEW:
      case ZEND_INIT_DYNAMIC_CALL:
      case ZEND_INIT_USER_CALL:
        call--;
        break;
      case ZEND_DO_FCALL:
      case ZEND_DO_ICALL:
      case ZEND_DO_UCALL:
      case ZEND_DO_FCALL_BY_NAME:
        call++;
        break;
      case ZEND_SEND_VAL:
      case ZEND_SEND_VAR:
        if (call == 0) {
          zend_optimizer_convert_to_free_op1(op_array, opline);
        }
        break;
    }
    opline--;
  }
}

static void zend_try_inline_call(zend_op_array *op_array, zend_op *fcall, zend_op *opline, zend_function *func)
{
  const uint32_t no_discard = RETURN_VALUE_USED(opline) ? 0 : ZEND_ACC_NODISCARD;

  if (func->type == ZEND_USER_FUNCTION
   && !(func->op_array.fn_flags & (ZEND_ACC_ABSTRACT|ZEND_ACC_HAS_TYPE_HINTS|ZEND_ACC_DEPRECATED|no_discard))
    /* TODO: function copied from trait may be inconsistent ??? */
   && !(func->op_array.fn_flags & (ZEND_ACC_TRAIT_CLONE))
   && fcall->extended_value >= func->op_array.required_num_args
   && func->op_array.opcodes[func->op_array.num_args].opcode == ZEND_RETURN) {

    zend_op *ret_opline = func->op_array.opcodes + func->op_array.num_args;

    if (ret_opline->op1_type == IS_CONST) {
      uint32_t i, num_args = func->op_array.num_args;
      num_args += (func->op_array.fn_flags & ZEND_ACC_VARIADIC) != 0;

      if (fcall->opcode == ZEND_INIT_STATIC_METHOD_CALL
          && !(func->op_array.fn_flags & ZEND_ACC_STATIC)) {
        /* Don't inline static call to instance method. */
        return;
      }

      for (i = 0; i < num_args; i++) {
        /* Don't inline functions with by-reference arguments. This would require
         * correct handling of INDIRECT arguments. */
        if (ZEND_ARG_SEND_MODE(&func->op_array.arg_info[i])) {
          return;
        }
      }

      if (fcall->extended_value < func->op_array.num_args) {
        /* don't inline functions with named constants in default arguments */
        i = fcall->extended_value;

        do {
          if (Z_TYPE_P(CRT_CONSTANT_EX(&func->op_array, &func->op_array.opcodes[i], func->op_array.opcodes[i].op2)) == IS_CONSTANT_AST) {
            return;
          }
          i++;
        } while (i < func->op_array.num_args);
      }

      if (RETURN_VALUE_USED(opline)) {
        zval zv;

        ZVAL_COPY(&zv, CRT_CONSTANT_EX(&func->op_array, ret_opline, ret_opline->op1));
        opline->opcode = ZEND_QM_ASSIGN;
        opline->op1_type = IS_CONST;
        opline->op1.constant = zend_optimizer_add_literal(op_array, &zv);
        SET_UNUSED(opline->op2);
      } else {
        MAKE_NOP(opline);
      }

      zend_delete_call_instructions(op_array, opline-1);
    }
  }
}

/* arg_num is 1-based here, to match SEND encoding. */
static bool has_known_send_mode(const optimizer_call_info *info, uint32_t arg_num)
{
  if (!info->func) {
    return false;
  }

  /* For prototype functions we should not make assumptions about arguments that are not part of
   * the signature: And inheriting method can add an optional by-ref argument. */
  return !info->is_prototype
    || arg_num <= info->func->common.num_args
    || (info->func->common.fn_flags & ZEND_ACC_VARIADIC);
}

void zend_optimize_func_calls(zend_op_array *op_array, zend_optimizer_ctx *ctx)
{
  zend_op *opline = op_array->opcodes;
  zend_op *end = opline + op_array->last;
  int call = 0;
  void *checkpoint;
  optimizer_call_info *call_stack;

  if (op_array->last < 2) {
    return;
  }

  checkpoint = zend_arena_checkpoint(ctx->arena);
  call_stack = zend_arena_calloc(&ctx->arena, op_array->last / 2, sizeof(optimizer_call_info));
  while (opline < end) {
    switch (opline->opcode) {
      case ZEND_INIT_FCALL_BY_NAME:
      case ZEND_INIT_NS_FCALL_BY_NAME:
      case ZEND_INIT_STATIC_METHOD_CALL:
      case ZEND_INIT_METHOD_CALL:
      case ZEND_INIT_FCALL:
      case ZEND_NEW:
      case ZEND_INIT_PARENT_PROPERTY_HOOK_CALL:
        /* The argument passing optimizations are valid for prototypes as well,
         * as inheritance cannot change between ref <-> non-ref arguments. */
        call_stack[call].func = zend_optimizer_get_called_func(
          ctx->script, op_array, opline, &call_stack[call].is_prototype);
        call_stack[call].try_inline =
          !call_stack[call].is_prototype
          && opline->opcode != ZEND_NEW
          && opline->opcode != ZEND_INIT_PARENT_PROPERTY_HOOK_CALL;
        ZEND_FALLTHROUGH;
      case ZEND_INIT_DYNAMIC_CALL:
      case ZEND_INIT_USER_CALL:
        call_stack[call].opline = opline;
        call_stack[call].func_arg_num = (uint32_t)-1;
        call++;
        break;
      case ZEND_DO_FCALL:
      case ZEND_DO_ICALL:
      case ZEND_DO_UCALL:
      case ZEND_DO_FCALL_BY_NAME:
      case ZEND_CALLABLE_CONVERT:
        call--;
        if (call_stack[call].func && call_stack[call].opline) {
          zend_op *fcall = call_stack[call].opline;

          if (fcall->opcode == ZEND_INIT_FCALL) {
            /* nothing to do */
          } else if (fcall->opcode == ZEND_INIT_FCALL_BY_NAME) {
            fcall->opcode = ZEND_INIT_FCALL;
            fcall->op1.num = zend_vm_calc_used_stack(fcall->extended_value, call_stack[call].func);
            literal_dtor(&ZEND_OP2_LITERAL(fcall));
            fcall->op2.constant = fcall->op2.constant + 1;
          } else if (fcall->opcode == ZEND_INIT_NS_FCALL_BY_NAME) {
            fcall->opcode = ZEND_INIT_FCALL;
            fcall->op1.num = zend_vm_calc_used_stack(fcall->extended_value, call_stack[call].func);
            literal_dtor(&op_array->literals[fcall->op2.constant]);
            literal_dtor(&op_array->literals[fcall->op2.constant + 2]);
            fcall->op2.constant = fcall->op2.constant + 1;
          } else if (fcall->opcode == ZEND_INIT_STATIC_METHOD_CALL
              || fcall->opcode == ZEND_INIT_METHOD_CALL
              || fcall->opcode == ZEND_INIT_PARENT_PROPERTY_HOOK_CALL
              || fcall->opcode == ZEND_NEW) {
            /* We don't have specialized opcodes for this, do nothing */
          } else {
            ZEND_UNREACHABLE();
          }

          /* If the INIT opcode changed the DO opcode can also change to
           * a more optimized one.
           *
           * At this point we also know whether or not the result of
           * the DO opcode is used, allowing to optimize calls to
           * ZEND_ACC_NODISCARD functions. */
          if (opline->opcode != ZEND_CALLABLE_CONVERT) {
            opline->opcode = zend_get_call_op(fcall, call_stack[call].func, !RESULT_UNUSED(opline));
          }

          if ((ZEND_OPTIMIZER_PASS_16 & ctx->optimization_level)
              && call_stack[call].try_inline
              && opline->opcode != ZEND_CALLABLE_CONVERT) {
            zend_try_inline_call(op_array, fcall, opline, call_stack[call].func);
          }
        }
        call_stack[call].func = NULL;
        call_stack[call].opline = NULL;
        call_stack[call].try_inline = false;
        call_stack[call].func_arg_num = (uint32_t)-1;
        break;
      case ZEND_FETCH_FUNC_ARG:
      case ZEND_FETCH_STATIC_PROP_FUNC_ARG:
      case ZEND_FETCH_OBJ_FUNC_ARG:
      case ZEND_FETCH_DIM_FUNC_ARG:
        if (call_stack[call - 1].func_arg_num != (uint32_t)-1
            && has_known_send_mode(&call_stack[call - 1], call_stack[call - 1].func_arg_num)) {
          if (ARG_SHOULD_BE_SENT_BY_REF(call_stack[call - 1].func, call_stack[call - 1].func_arg_num)) {
            /* There's no TMP specialization for FETCH_OBJ_W/FETCH_DIM_W. Avoid
             * converting it and error at runtime in the FUNC_ARG variant. */
            if ((opline->opcode == ZEND_FETCH_OBJ_FUNC_ARG || opline->opcode == ZEND_FETCH_DIM_FUNC_ARG)
             && (opline->op1_type == IS_TMP_VAR || call_stack[call - 1].last_check_func_arg_opline == NULL)) {
              /* Don't remove the associated CHECK_FUNC_ARG opcode. */
              call_stack[call - 1].last_check_func_arg_opline = NULL;
              break;
            }
            if (opline->opcode != ZEND_FETCH_STATIC_PROP_FUNC_ARG) {
              opline->opcode -= 9;
            } else {
              opline->opcode = ZEND_FETCH_STATIC_PROP_W;
            }
          } else {
            if (opline->opcode == ZEND_FETCH_DIM_FUNC_ARG
                && opline->op2_type == IS_UNUSED) {
              /* FETCH_DIM_FUNC_ARG supports UNUSED op2, while FETCH_DIM_R does not.
               * Performing the replacement would create an invalid opcode. */
              call_stack[call - 1].try_inline = false;
              break;
            }

            if (opline->opcode != ZEND_FETCH_STATIC_PROP_FUNC_ARG) {
              opline->opcode -= 12;
            } else {
              opline->opcode = ZEND_FETCH_STATIC_PROP_R;
            }
          }
        }
        break;
      case ZEND_SEND_VAL_EX:
        if (opline->op2_type == IS_CONST) {
          call_stack[call - 1].try_inline = false;
          break;
        }

        if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
          if (!ARG_MUST_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
            opline->opcode = ZEND_SEND_VAL;
          }
        }
        break;
      case ZEND_CHECK_FUNC_ARG:
        if (opline->op2_type == IS_CONST) {
          call_stack[call - 1].try_inline = false;
          call_stack[call - 1].func_arg_num = (uint32_t)-1;
          break;
        }

        if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
          call_stack[call - 1].func_arg_num = opline->op2.num;
          call_stack[call - 1].last_check_func_arg_opline = opline;
        }
        break;
      case ZEND_SEND_FUNC_ARG:
        /* Don't transform SEND_FUNC_ARG if any FETCH opcodes weren't transformed. */
        if (call_stack[call - 1].last_check_func_arg_opline == NULL) {
          if (opline->op2_type == IS_CONST) {
            call_stack[call - 1].try_inline = false;
          }
          break;
        }
        MAKE_NOP(call_stack[call - 1].last_check_func_arg_opline);
        call_stack[call - 1].last_check_func_arg_opline = NULL;
        ZEND_FALLTHROUGH;
      case ZEND_SEND_VAR_EX:
        if (opline->op2_type == IS_CONST) {
          call_stack[call - 1].try_inline = false;
          break;
        }

        if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
          call_stack[call - 1].func_arg_num = (uint32_t)-1;
          if (ARG_SHOULD_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
            opline->opcode = ZEND_SEND_REF;
          } else {
            opline->opcode = ZEND_SEND_VAR;
          }
        }
        break;
      case ZEND_SEND_VAR_NO_REF_EX:
        if (opline->op2_type == IS_CONST) {
          call_stack[call - 1].try_inline = false;
          break;
        }

        if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
          if (ARG_MUST_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
            opline->opcode = ZEND_SEND_VAR_NO_REF;
          } else if (ARG_MAY_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
            opline->opcode = ZEND_SEND_VAL;
          } else {
            opline->opcode = ZEND_SEND_VAR;
          }
        }
        break;
      case ZEND_SEND_VAL:
      case ZEND_SEND_VAR:
      case ZEND_SEND_REF:
        if (opline->op2_type == IS_CONST) {
          call_stack[call - 1].try_inline = false;
          break;
        }
        break;
      case ZEND_SEND_UNPACK:
      case ZEND_SEND_USER:
      case ZEND_SEND_ARRAY:
        call_stack[call - 1].try_inline = false;
        break;
      default:
        break;
    }
    opline++;
  }

  zend_arena_release(&ctx->arena, checkpoint);
}

Coverage Report

Created: 2025-09-27 06:26

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Zend OPcache \|
4		+----------------------------------------------------------------------+
5		\| Copyright (c) The PHP Group \|
6		+----------------------------------------------------------------------+
7		\| This source file is subject to version 3.01 of the PHP license, \|
8		\| that is bundled with this package in the file LICENSE, and is \|
9		\| available through the world-wide-web at the following url: \|
10		\| https://www.php.net/license/3_01.txt \|
11		\| If you did not receive a copy of the PHP license and are unable to \|
12		\| obtain it through the world-wide-web, please send a note to \|
13		\| license@php.net so we can mail you a copy immediately. \|
14		+----------------------------------------------------------------------+
15		\| Authors: Dmitry Stogov <dmitry@php.net> \|
16		\| Xinchen Hui <laruence@php.net> \|
17		+----------------------------------------------------------------------+
18		*/
19
20		/* pass 4
21		* - optimize INIT_FCALL_BY_NAME to DO_FCALL
22		*/
23
24		#include "Optimizer/zend_optimizer.h"
25		#include "Optimizer/zend_optimizer_internal.h"
26		#include "zend_API.h"
27		#include "zend_constants.h"
28		#include "zend_execute.h"
29		#include "zend_vm.h"
30
31		typedef struct _optimizer_call_info {
32		zend_function *func;
33		zend_op *opline;
34		zend_op *last_check_func_arg_opline;
35		bool is_prototype;
36		bool try_inline;
37		uint32_t func_arg_num;
38		} optimizer_call_info;
39
40		static void zend_delete_call_instructions(zend_op_array op_array, zend_op opline)
41	567	{
42	567	int call = 0;
43
44	1.24k	while (1) {
45	1.24k	switch (opline->opcode) {
46	8	case ZEND_INIT_FCALL_BY_NAME:
47	8	case ZEND_INIT_NS_FCALL_BY_NAME:
48	58	case ZEND_INIT_STATIC_METHOD_CALL:
49	58	case ZEND_INIT_METHOD_CALL:
50	625	case ZEND_INIT_FCALL:
51	625	case ZEND_INIT_PARENT_PROPERTY_HOOK_CALL:
52	625	if (call == 0) {
53	567	MAKE_NOP(opline);
54	567	return;
55	567	}
56	58	ZEND_FALLTHROUGH;
57	70	case ZEND_NEW:
58	70	case ZEND_INIT_DYNAMIC_CALL:
59	70	case ZEND_INIT_USER_CALL:
60	70	call--;
61	70	break;
62	49	case ZEND_DO_FCALL:
63	49	case ZEND_DO_ICALL:
64	70	case ZEND_DO_UCALL:
65	70	case ZEND_DO_FCALL_BY_NAME:
66	70	call++;
67	70	break;
68	42	case ZEND_SEND_VAL:
69	208	case ZEND_SEND_VAR:
70	208	if (call == 0) {
71	208	zend_optimizer_convert_to_free_op1(op_array, opline);
72	208	}
73	208	break;
74	1.24k	}
75	682	opline--;
76	682	}
77	567	}
78
79		static void zend_try_inline_call(zend_op_array op_array, zend_op fcall, zend_op opline, zend_function func)
80	108k	{
81	108k	const uint32_t no_discard = RETURN_VALUE_USED(opline) ? 0 : ZEND_ACC_NODISCARD;
82
83	108k	if (func->type == ZEND_USER_FUNCTION
84	21.3k	&& !(func->op_array.fn_flags & (ZEND_ACC_ABSTRACT\|ZEND_ACC_HAS_TYPE_HINTS\|ZEND_ACC_DEPRECATED\|no_discard))
85		/* TODO: function copied from trait may be inconsistent ??? */
86	16.8k	&& !(func->op_array.fn_flags & (ZEND_ACC_TRAIT_CLONE))
87	16.8k	&& fcall->extended_value >= func->op_array.required_num_args
88	16.5k	&& func->op_array.opcodes[func->op_array.num_args].opcode == ZEND_RETURN) {
89
90	1.10k	zend_op *ret_opline = func->op_array.opcodes + func->op_array.num_args;
91
92	1.10k	if (ret_opline->op1_type == IS_CONST) {
93	654	uint32_t i, num_args = func->op_array.num_args;
94	654	num_args += (func->op_array.fn_flags & ZEND_ACC_VARIADIC) != 0;
95
96	654	if (fcall->opcode == ZEND_INIT_STATIC_METHOD_CALL
97	48	&& !(func->op_array.fn_flags & ZEND_ACC_STATIC)) {
98		/* Don't inline static call to instance method. */
99	2	return;
100	2	}
101
102	836	for (i = 0; i < num_args; i++) {
103		/* Don't inline functions with by-reference arguments. This would require
104		* correct handling of INDIRECT arguments. */
105	211	if (ZEND_ARG_SEND_MODE(&func->op_array.arg_info[i])) {
106	27	return;
107	27	}
108	211	}
109
110	625	if (fcall->extended_value < func->op_array.num_args) {
111		/* don't inline functions with named constants in default arguments */
112	60	i = fcall->extended_value;
113
114	64	do {
115	64	if (Z_TYPE_P(CRT_CONSTANT_EX(&func->op_array, &func->op_array.opcodes[i], func->op_array.opcodes[i].op2)) == IS_CONSTANT_AST) {
116	58	return;
117	58	}
118	6	i++;
119	6	} while (i < func->op_array.num_args);
120	60	}
121
122	567	if (RETURN_VALUE_USED(opline)) {
123	430	zval zv;
124
125	430	ZVAL_COPY(&zv, CRT_CONSTANT_EX(&func->op_array, ret_opline, ret_opline->op1));
126	430	opline->opcode = ZEND_QM_ASSIGN;
127	430	opline->op1_type = IS_CONST;
128	430	opline->op1.constant = zend_optimizer_add_literal(op_array, &zv);
129	430	SET_UNUSED(opline->op2);
130	430	} else {
131	137	MAKE_NOP(opline);
132	137	}
133
134	567	zend_delete_call_instructions(op_array, opline-1);
135	567	}
136	1.10k	}
137	108k	}
138
139		/* arg_num is 1-based here, to match SEND encoding. */
140		static bool has_known_send_mode(const optimizer_call_info *info, uint32_t arg_num)
141	97.3k	{
142	97.3k	if (!info->func) {
143	94.1k	return false;
144	94.1k	}
145
146		/* For prototype functions we should not make assumptions about arguments that are not part of
147		* the signature: And inheriting method can add an optional by-ref argument. */
148	3.21k	return !info->is_prototype
149	280	\|\| arg_num <= info->func->common.num_args
150	9	\|\| (info->func->common.fn_flags & ZEND_ACC_VARIADIC);
151	97.3k	}
152
153		void zend_optimize_func_calls(zend_op_array op_array, zend_optimizer_ctx ctx)
154	102k	{
155	102k	zend_op *opline = op_array->opcodes;
156	102k	zend_op *end = opline + op_array->last;
157	102k	int call = 0;
158	102k	void *checkpoint;
159	102k	optimizer_call_info *call_stack;
160
161	102k	if (op_array->last < 2) {
162	2.96k	return;
163	2.96k	}
164
165	99.9k	checkpoint = zend_arena_checkpoint(ctx->arena);
166	99.9k	call_stack = zend_arena_calloc(&ctx->arena, op_array->last / 2, sizeof(optimizer_call_info));
167	2.70M	while (opline < end) {
168	2.60M	switch (opline->opcode) {
169	8.84k	case ZEND_INIT_FCALL_BY_NAME:
170	11.7k	case ZEND_INIT_NS_FCALL_BY_NAME:
171	18.1k	case ZEND_INIT_STATIC_METHOD_CALL:
172	60.9k	case ZEND_INIT_METHOD_CALL:
173	166k	case ZEND_INIT_FCALL:
174	227k	case ZEND_NEW:
175	227k	case ZEND_INIT_PARENT_PROPERTY_HOOK_CALL:
176		/* The argument passing optimizations are valid for prototypes as well,
177		* as inheritance cannot change between ref <-> non-ref arguments. */
178	227k	call_stack[call].func = zend_optimizer_get_called_func(
179	227k	ctx->script, op_array, opline, &call_stack[call].is_prototype);
180	227k	call_stack[call].try_inline =
181	227k	!call_stack[call].is_prototype
182	227k	&& opline->opcode != ZEND_NEW
183	165k	&& opline->opcode != ZEND_INIT_PARENT_PROPERTY_HOOK_CALL;
184	227k	ZEND_FALLTHROUGH;
185	232k	case ZEND_INIT_DYNAMIC_CALL:
186	233k	case ZEND_INIT_USER_CALL:
187	233k	call_stack[call].opline = opline;
188	233k	call_stack[call].func_arg_num = (uint32_t)-1;
189	233k	call++;
190	233k	break;
191	223k	case ZEND_DO_FCALL:
192	223k	case ZEND_DO_ICALL:
193	232k	case ZEND_DO_UCALL:
194	233k	case ZEND_DO_FCALL_BY_NAME:
195	233k	case ZEND_CALLABLE_CONVERT:
196	233k	call--;
197	233k	if (call_stack[call].func && call_stack[call].opline) {
198	113k	zend_op *fcall = call_stack[call].opline;
199
200	113k	if (fcall->opcode == ZEND_INIT_FCALL) {
201		/* nothing to do */
202	105k	} else if (fcall->opcode == ZEND_INIT_FCALL_BY_NAME) {
203	1.06k	fcall->opcode = ZEND_INIT_FCALL;
204	1.06k	fcall->op1.num = zend_vm_calc_used_stack(fcall->extended_value, call_stack[call].func);
205	1.06k	literal_dtor(&ZEND_OP2_LITERAL(fcall));
206	1.06k	fcall->op2.constant = fcall->op2.constant + 1;
207	7.44k	} else if (fcall->opcode == ZEND_INIT_NS_FCALL_BY_NAME) {
208	354	fcall->opcode = ZEND_INIT_FCALL;
209	354	fcall->op1.num = zend_vm_calc_used_stack(fcall->extended_value, call_stack[call].func);
210	354	literal_dtor(&op_array->literals[fcall->op2.constant]);
211	354	literal_dtor(&op_array->literals[fcall->op2.constant + 2]);
212	354	fcall->op2.constant = fcall->op2.constant + 1;
213	7.08k	} else if (fcall->opcode == ZEND_INIT_STATIC_METHOD_CALL
214	3.31k	\|\| fcall->opcode == ZEND_INIT_METHOD_CALL
215	2.90k	\|\| fcall->opcode == ZEND_INIT_PARENT_PROPERTY_HOOK_CALL
216	7.08k	\|\| fcall->opcode == ZEND_NEW) {
217		/* We don't have specialized opcodes for this, do nothing */
218	7.08k	} else {
219	0	ZEND_UNREACHABLE();
220	0	}
221
222		/* If the INIT opcode changed the DO opcode can also change to
223		* a more optimized one.
224		*
225		* At this point we also know whether or not the result of
226		* the DO opcode is used, allowing to optimize calls to
227		* ZEND_ACC_NODISCARD functions. */
228	113k	if (opline->opcode != ZEND_CALLABLE_CONVERT) {
229	113k	opline->opcode = zend_get_call_op(fcall, call_stack[call].func, !RESULT_UNUSED(opline));
230	113k	}
231
232	113k	if ((ZEND_OPTIMIZER_PASS_16 & ctx->optimization_level)
233	113k	&& call_stack[call].try_inline
234	108k	&& opline->opcode != ZEND_CALLABLE_CONVERT) {
235	108k	zend_try_inline_call(op_array, fcall, opline, call_stack[call].func);
236	108k	}
237	113k	}
238	233k	call_stack[call].func = NULL;
239	233k	call_stack[call].opline = NULL;
240	233k	call_stack[call].try_inline = false;
241	233k	call_stack[call].func_arg_num = (uint32_t)-1;
242	233k	break;
243	65	case ZEND_FETCH_FUNC_ARG:
244	427	case ZEND_FETCH_STATIC_PROP_FUNC_ARG:
245	942	case ZEND_FETCH_OBJ_FUNC_ARG:
246	1.71k	case ZEND_FETCH_DIM_FUNC_ARG:
247	1.71k	if (call_stack[call - 1].func_arg_num != (uint32_t)-1
248	129	&& has_known_send_mode(&call_stack[call - 1], call_stack[call - 1].func_arg_num)) {
249	129	if (ARG_SHOULD_BE_SENT_BY_REF(call_stack[call - 1].func, call_stack[call - 1].func_arg_num)) {
250		/* There's no TMP specialization for FETCH_OBJ_W/FETCH_DIM_W. Avoid
251		* converting it and error at runtime in the FUNC_ARG variant. */
252	38	if ((opline->opcode == ZEND_FETCH_OBJ_FUNC_ARG \|\| opline->opcode == ZEND_FETCH_DIM_FUNC_ARG)
253	38	&& (opline->op1_type == IS_TMP_VAR \|\| call_stack[call - 1].last_check_func_arg_opline == NULL)) {
254		/* Don't remove the associated CHECK_FUNC_ARG opcode. */
255	10	call_stack[call - 1].last_check_func_arg_opline = NULL;
256	10	break;
257	10	}
258	28	if (opline->opcode != ZEND_FETCH_STATIC_PROP_FUNC_ARG) {
259	28	opline->opcode -= 9;
260	28	} else {
261	0	opline->opcode = ZEND_FETCH_STATIC_PROP_W;
262	0	}
263	91	} else {
264	91	if (opline->opcode == ZEND_FETCH_DIM_FUNC_ARG
265	48	&& opline->op2_type == IS_UNUSED) {
266		/* FETCH_DIM_FUNC_ARG supports UNUSED op2, while FETCH_DIM_R does not.
267		* Performing the replacement would create an invalid opcode. */
268	8	call_stack[call - 1].try_inline = false;
269	8	break;
270	8	}
271
272	83	if (opline->opcode != ZEND_FETCH_STATIC_PROP_FUNC_ARG) {
273	83	opline->opcode -= 12;
274	83	} else {
275	0	opline->opcode = ZEND_FETCH_STATIC_PROP_R;
276	0	}
277	83	}
278	129	}
279	1.69k	break;
280	32.0k	case ZEND_SEND_VAL_EX:
281	32.0k	if (opline->op2_type == IS_CONST) {
282	969	call_stack[call - 1].try_inline = false;
283	969	break;
284	969	}
285
286	31.0k	if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
287	1.63k	if (!ARG_MUST_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
288	1.57k	opline->opcode = ZEND_SEND_VAL;
289	1.57k	}
290	1.63k	}
291	31.0k	break;
292	1.46k	case ZEND_CHECK_FUNC_ARG:
293	1.46k	if (opline->op2_type == IS_CONST) {
294	92	call_stack[call - 1].try_inline = false;
295	92	call_stack[call - 1].func_arg_num = (uint32_t)-1;
296	92	break;
297	92	}
298
299	1.37k	if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
300	125	call_stack[call - 1].func_arg_num = opline->op2.num;
301	125	call_stack[call - 1].last_check_func_arg_opline = opline;
302	125	}
303	1.37k	break;
304	1.46k	case ZEND_SEND_FUNC_ARG:
305		/* Don't transform SEND_FUNC_ARG if any FETCH opcodes weren't transformed. */
306	1.46k	if (call_stack[call - 1].last_check_func_arg_opline == NULL) {
307	1.34k	if (opline->op2_type == IS_CONST) {
308	92	call_stack[call - 1].try_inline = false;
309	92	}
310	1.34k	break;
311	1.34k	}
312	115	MAKE_NOP(call_stack[call - 1].last_check_func_arg_opline);
313	115	call_stack[call - 1].last_check_func_arg_opline = NULL;
314	115	ZEND_FALLTHROUGH;
315	61.5k	case ZEND_SEND_VAR_EX:
316	61.5k	if (opline->op2_type == IS_CONST) {
317	568	call_stack[call - 1].try_inline = false;
318	568	break;
319	568	}
320
321	60.9k	if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
322	869	call_stack[call - 1].func_arg_num = (uint32_t)-1;
323	869	if (ARG_SHOULD_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
324	80	opline->opcode = ZEND_SEND_REF;
325	789	} else {
326	789	opline->opcode = ZEND_SEND_VAR;
327	789	}
328	869	}
329	60.9k	break;
330	4.05k	case ZEND_SEND_VAR_NO_REF_EX:
331	4.05k	if (opline->op2_type == IS_CONST) {
332	220	call_stack[call - 1].try_inline = false;
333	220	break;
334	220	}
335
336	3.83k	if (has_known_send_mode(&call_stack[call - 1], opline->op2.num)) {
337	443	if (ARG_MUST_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
338	160	opline->opcode = ZEND_SEND_VAR_NO_REF;
339	283	} else if (ARG_MAY_BE_SENT_BY_REF(call_stack[call - 1].func, opline->op2.num)) {
340	0	opline->opcode = ZEND_SEND_VAL;
341	283	} else {
342	283	opline->opcode = ZEND_SEND_VAR;
343	283	}
344	443	}
345	3.83k	break;
346	68.1k	case ZEND_SEND_VAL:
347	116k	case ZEND_SEND_VAR:
348	118k	case ZEND_SEND_REF:
349	118k	if (opline->op2_type == IS_CONST) {
350	686	call_stack[call - 1].try_inline = false;
351	686	break;
352	686	}
353	117k	break;
354	117k	case ZEND_SEND_UNPACK:
355	2.91k	case ZEND_SEND_USER:
356	3.38k	case ZEND_SEND_ARRAY:
357	3.38k	call_stack[call - 1].try_inline = false;
358	3.38k	break;
359	1.91M	default:
360	1.91M	break;
361	2.60M	}
362	2.60M	opline++;
363	2.60M	}
364
365	99.9k	zend_arena_release(&ctx->arena, checkpoint);
366	99.9k	}