/src/php-src/Zend/Optimizer/pass3.c

Source
/*
   +----------------------------------------------------------------------+
   | Zend OPcache                                                         |
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | https://www.php.net/license/3_01.txt                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Andi Gutmans <andi@php.net>                                 |
   |          Zeev Suraski <zeev@php.net>                                 |
   |          Stanislav Malyshev <stas@zend.com>                          |
   |          Dmitry Stogov <dmitry@php.net>                              |
   +----------------------------------------------------------------------+
*/

/* pass 3: (Jump optimization)
 * - optimize series of JMPs
 */

#include "Optimizer/zend_optimizer.h"
#include "Optimizer/zend_optimizer_internal.h"
#include "zend_API.h"
#include "zend_constants.h"
#include "zend_execute.h"
#include "zend_vm.h"

/* we use "jmp_hitlist" to avoid infinity loops during jmp optimization */
static zend_always_inline bool in_hitlist(zend_op *target, zend_op **jmp_hitlist, int jmp_hitlist_count)
{
  int i;

  for (i = 0; i < jmp_hitlist_count; i++) {
    if (jmp_hitlist[i] == target) {
      return true;
    }
  }
  return false;
}

#define CHECK_LOOP(target) \
  if (EXPECTED(!in_hitlist(target, jmp_hitlist, jmp_hitlist_count))) { \
    jmp_hitlist[jmp_hitlist_count++] = target;  \
  } else { \
    break; \
  }

void zend_optimizer_pass3(zend_op_array *op_array, zend_optimizer_ctx *ctx)
{
  zend_op *opline;
  zend_op *end;
  zend_op *target;
  zend_op **jmp_hitlist;
  int jmp_hitlist_count;
  ALLOCA_FLAG(use_heap);

  jmp_hitlist = (zend_op**)do_alloca(sizeof(zend_op*)*op_array->last, use_heap);
  opline = op_array->opcodes;
  end =  opline + op_array->last;

  while (opline < end) {

    switch (opline->opcode) {
      case ZEND_JMP:
        jmp_hitlist_count = 0;

        target = ZEND_OP1_JMP_ADDR(opline);
        while (1) {
          if (target->opcode == ZEND_JMP) {
            /* convert JMP L1 ... L1: JMP L2 to JMP L2 .. L1: JMP L2 */
            target = ZEND_OP1_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == ZEND_NOP) {
            target = target + 1;
          } else {
            break;
          }
          ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target);
        }

        if (target == opline + 1) {
          /* convert L: JMP L+1 to NOP */
          MAKE_NOP(opline);
        } else if ((target->opcode == ZEND_RETURN ||
                    target->opcode == ZEND_RETURN_BY_REF ||
                    target->opcode == ZEND_GENERATOR_RETURN) &&
                   !(op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK)) {
          /* JMP L, L: RETURN to immediate RETURN */
          *opline = *target;
          if (opline->op1_type == IS_CONST) {
            zval zv;
            ZVAL_COPY(&zv, &ZEND_OP1_LITERAL(opline));
            opline->op1.constant = zend_optimizer_add_literal(op_array, &zv);
          }
        } else if (opline > op_array->opcodes &&
                   ((opline-1)->opcode == ZEND_JMPZ ||
                    (opline-1)->opcode == ZEND_JMPNZ)) {
            if (ZEND_OP2_JMP_ADDR(opline-1) == target) {
            /* JMPZ(X,L1), JMP(L1) -> NOP, JMP(L1) */
            zend_optimizer_convert_to_free_op1(op_array, opline - 1);
            }
        }
        break;

      case ZEND_JMP_SET:
      case ZEND_COALESCE:
        jmp_hitlist_count = 0;

        target = ZEND_OP2_JMP_ADDR(opline);
        while (1) {
          if (target->opcode == ZEND_JMP) {
            target = ZEND_OP1_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == ZEND_NOP) {
            target = target + 1;
          } else {
            break;
          }
          ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
        }
        break;

      case ZEND_JMPZ:
      case ZEND_JMPNZ:
        jmp_hitlist_count = 0;

        target = ZEND_OP2_JMP_ADDR(opline);
        while (1) {
          if (target->opcode == ZEND_JMP) {
            /* plain JMP */
            /* JMPZ(X,L1), L1: JMP(L2) => JMPZ(X,L2), L1: JMP(L2) */
            target = ZEND_OP1_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == opline->opcode &&
                     SAME_VAR(opline->op1, target->op1)) {
            /* same opcode and same var as this opcode */
            /* JMPZ(X,L1), L1: JMPZ(X,L2) => JMPZ(X,L2), L1: JMPZ(X,L2) */
            target = ZEND_OP2_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == INV_COND(opline->opcode) &&
                     SAME_VAR(opline->op1, target->op1)) {
            /* convert JMPZ(X,L1), L1: JMPNZ(X,L2) to
               JMPZ(X,L1+1) */
            target = target + 1;
          } else if (target->opcode == ZEND_NOP) {
            target = target + 1;
          } else {
            break;
          }
          ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
        }

        /* convert L: JMPZ L+1 to NOP */
        if (target == opline + 1) {
          zend_optimizer_convert_to_free_op1(op_array, opline);
        }
        break;

      case ZEND_JMPZ_EX:
      case ZEND_JMPNZ_EX:
        jmp_hitlist_count = 0;

        target = ZEND_OP2_JMP_ADDR(opline);
        while (1) {
          if (target->opcode == ZEND_JMP) {
            /* plain JMP */
            /* JMPZ_EX(X,L1), L1: JMP(L2) => JMPZ_EX(X,L2), L1: JMP(L2) */
            target = ZEND_OP1_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == opline->opcode-3 &&
                     (SAME_VAR(target->op1, opline->result) ||
                      SAME_VAR(target->op1, opline->op1))) {
            /* convert T=JMPZ_EX(X,L1), L1: JMPZ(T,L2) to
               JMPZ_EX(X,L2) */
            target = ZEND_OP2_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == opline->opcode &&
                     target->result.var == opline->result.var &&
                     (SAME_VAR(target->op1, opline->result) ||
                      SAME_VAR(target->op1, opline->op1))) {
            /* convert T=JMPZ_EX(X,L1), L1: T=JMPZ_EX(T,L2) to
               JMPZ_EX(X,L2) */
            target = ZEND_OP2_JMP_ADDR(target);
            CHECK_LOOP(target);
          } else if (target->opcode == INV_EX_COND(opline->opcode) &&
                     (SAME_VAR(target->op1, opline->result) ||
                      SAME_VAR(target->op1, opline->op1))) {
             /* convert T=JMPZ_EX(X,L1), L1: JMPNZ(T,L2) to
              JMPZ_EX(X,L1+1) */
            target = target + 1;
          } else if (target->opcode == INV_EX_COND_EX(opline->opcode) &&
                     target->result.var == opline->result.var &&
                     (SAME_VAR(target->op1, opline->result) ||
                      SAME_VAR(target->op1, opline->op1))) {
             /* convert T=JMPZ_EX(X,L1), L1: T=JMPNZ_EX(T,L2) to
              JMPZ_EX(X,L1+1) */
            target = target + 1;
          } else if (target->opcode == ZEND_BOOL &&
                     (SAME_VAR(target->op1, opline->result) ||
                      SAME_VAR(target->op1, opline->op1))) {
            /* convert Y = JMPZ_EX(X,L1), L1: Z = BOOL(Y) to
               Z = JMPZ_EX(X,L1+1) */

            /* NOTE: This optimization pattern is not safe, but works, */
            /*       because result of JMPZ_EX instruction             */
            /*       is not used on the following path and             */
            /*       should be used once on the branch path.           */
            /*                                                         */
            /*       The pattern works well only if jumps processed in */
            /*       direct order, otherwise it breaks JMPZ_EX         */
            /*       sequences too early.                              */
            opline->result.var = target->result.var;
            target = target + 1;
            CHECK_LOOP(target);
          } else if (target->opcode == ZEND_NOP) {
            target = target + 1;
          } else {
            break;
          }
          ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
        }

        /* convert L: T = JMPZ_EX X,L+1 to T = BOOL(X) */
        if (target == opline + 1) {
          opline->opcode = ZEND_BOOL;
          opline->op2.num = 0;
        }
        break;
    }
    opline++;
  }
  free_alloca(jmp_hitlist, use_heap);
}

Coverage Report

Created: 2025-11-16 06:23

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Zend OPcache \|
4		+----------------------------------------------------------------------+
5		\| Copyright (c) The PHP Group \|
6		+----------------------------------------------------------------------+
7		\| This source file is subject to version 3.01 of the PHP license, \|
8		\| that is bundled with this package in the file LICENSE, and is \|
9		\| available through the world-wide-web at the following url: \|
10		\| https://www.php.net/license/3_01.txt \|
11		\| If you did not receive a copy of the PHP license and are unable to \|
12		\| obtain it through the world-wide-web, please send a note to \|
13		\| license@php.net so we can mail you a copy immediately. \|
14		+----------------------------------------------------------------------+
15		\| Authors: Andi Gutmans <andi@php.net> \|
16		\| Zeev Suraski <zeev@php.net> \|
17		\| Stanislav Malyshev <stas@zend.com> \|
18		\| Dmitry Stogov <dmitry@php.net> \|
19		+----------------------------------------------------------------------+
20		*/
21
22		/* pass 3: (Jump optimization)
23		* - optimize series of JMPs
24		*/
25
26		#include "Optimizer/zend_optimizer.h"
27		#include "Optimizer/zend_optimizer_internal.h"
28		#include "zend_API.h"
29		#include "zend_constants.h"
30		#include "zend_execute.h"
31		#include "zend_vm.h"
32
33		/* we use "jmp_hitlist" to avoid infinity loops during jmp optimization */
34		static zend_always_inline bool in_hitlist(zend_op target, zend_op *jmp_hitlist, int jmp_hitlist_count)
35	39.4k	{
36	39.4k	int i;
37
38	169k	for (i = 0; i < jmp_hitlist_count; i++) {
39	130k	if (jmp_hitlist[i] == target) {
40	78	return true;
41	78	}
42	130k	}
43	39.3k	return false;
44	39.4k	}
45
46		#define CHECK_LOOP(target) \
47	39.4k	if (EXPECTED(!in_hitlist(target, jmp_hitlist, jmp_hitlist_count))) { \
48	39.3k	jmp_hitlist[jmp_hitlist_count++] = target; \
49	39.3k	} else { \
50	78	break; \
51	78	}
52
53		void zend_optimizer_pass3(zend_op_array op_array, zend_optimizer_ctx ctx)
54	98.6k	{
55	98.6k	zend_op *opline;
56	98.6k	zend_op *end;
57	98.6k	zend_op *target;
58	98.6k	zend_op **jmp_hitlist;
59	98.6k	int jmp_hitlist_count;
60	98.6k	ALLOCA_FLAG(use_heap);
61
62	98.6k	jmp_hitlist = (zend_op*)do_alloca(sizeof(zend_op)*op_array->last, use_heap);
63	98.6k	opline = op_array->opcodes;
64	98.6k	end = opline + op_array->last;
65
66	2.59M	while (opline < end) {
67
68	2.49M	switch (opline->opcode) {
69	62.5k	case ZEND_JMP:
70	62.5k	jmp_hitlist_count = 0;
71
72	62.5k	target = ZEND_OP1_JMP_ADDR(opline);
73	73.2k	while (1) {
74	73.2k	if (target->opcode == ZEND_JMP) {
75		/* convert JMP L1 ... L1: JMP L2 to JMP L2 .. L1: JMP L2 */
76	10.5k	target = ZEND_OP1_JMP_ADDR(target);
77	10.5k	CHECK_LOOP(target);
78	62.7k	} else if (target->opcode == ZEND_NOP) {
79	218	target = target + 1;
80	62.5k	} else {
81	62.5k	break;
82	62.5k	}
83	10.7k	ZEND_SET_OP_JMP_ADDR(opline, opline->op1, target);
84	10.7k	}
85
86	62.5k	if (target == opline + 1) {
87		/* convert L: JMP L+1 to NOP */
88	1.76k	MAKE_NOP(opline);
89	60.7k	} else if ((target->opcode == ZEND_RETURN \|\|
90	50.2k	target->opcode == ZEND_RETURN_BY_REF \|\|
91	50.1k	target->opcode == ZEND_GENERATOR_RETURN) &&
92	10.7k	!(op_array->fn_flags & ZEND_ACC_HAS_FINALLY_BLOCK)) {
93		/* JMP L, L: RETURN to immediate RETURN */
94	10.4k	opline = target;
95	10.4k	if (opline->op1_type == IS_CONST) {
96	10.1k	zval zv;
97	10.1k	ZVAL_COPY(&zv, &ZEND_OP1_LITERAL(opline));
98	10.1k	opline->op1.constant = zend_optimizer_add_literal(op_array, &zv);
99	10.1k	}
100	50.3k	} else if (opline > op_array->opcodes &&
101	50.1k	((opline-1)->opcode == ZEND_JMPZ \|\|
102	49.8k	(opline-1)->opcode == ZEND_JMPNZ)) {
103	705	if (ZEND_OP2_JMP_ADDR(opline-1) == target) {
104		/* JMPZ(X,L1), JMP(L1) -> NOP, JMP(L1) */
105	44	zend_optimizer_convert_to_free_op1(op_array, opline - 1);
106	44	}
107	705	}
108	62.5k	break;
109
110	1.35k	case ZEND_JMP_SET:
111	5.64k	case ZEND_COALESCE:
112	5.64k	jmp_hitlist_count = 0;
113
114	5.64k	target = ZEND_OP2_JMP_ADDR(opline);
115	5.64k	while (1) {
116	5.64k	if (target->opcode == ZEND_JMP) {
117	0	target = ZEND_OP1_JMP_ADDR(target);
118	0	CHECK_LOOP(target);
119	5.64k	} else if (target->opcode == ZEND_NOP) {
120	0	target = target + 1;
121	5.64k	} else {
122	5.64k	break;
123	5.64k	}
124	0	ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
125	0	}
126	5.64k	break;
127
128	15.9k	case ZEND_JMPZ:
129	23.0k	case ZEND_JMPNZ:
130	23.0k	jmp_hitlist_count = 0;
131
132	23.0k	target = ZEND_OP2_JMP_ADDR(opline);
133	33.2k	while (1) {
134	33.2k	if (target->opcode == ZEND_JMP) {
135		/* plain JMP */
136		/* JMPZ(X,L1), L1: JMP(L2) => JMPZ(X,L2), L1: JMP(L2) */
137	10.0k	target = ZEND_OP1_JMP_ADDR(target);
138	10.0k	CHECK_LOOP(target);
139	23.1k	} else if (target->opcode == opline->opcode &&
140	290	SAME_VAR(opline->op1, target->op1)) {
141		/* same opcode and same var as this opcode */
142		/* JMPZ(X,L1), L1: JMPZ(X,L2) => JMPZ(X,L2), L1: JMPZ(X,L2) */
143	116	target = ZEND_OP2_JMP_ADDR(target);
144	116	CHECK_LOOP(target);
145	23.0k	} else if (target->opcode == INV_COND(opline->opcode) &&
146	61	SAME_VAR(opline->op1, target->op1)) {
147		/* convert JMPZ(X,L1), L1: JMPNZ(X,L2) to
148		JMPZ(X,L1+1) */
149	0	target = target + 1;
150	23.0k	} else if (target->opcode == ZEND_NOP) {
151	120	target = target + 1;
152	22.9k	} else {
153	22.9k	break;
154	22.9k	}
155	10.1k	ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
156	10.1k	}
157
158		/* convert L: JMPZ L+1 to NOP */
159	23.0k	if (target == opline + 1) {
160	81	zend_optimizer_convert_to_free_op1(op_array, opline);
161	81	}
162	23.0k	break;
163
164	3.30k	case ZEND_JMPZ_EX:
165	6.74k	case ZEND_JMPNZ_EX:
166	6.74k	jmp_hitlist_count = 0;
167
168	6.74k	target = ZEND_OP2_JMP_ADDR(opline);
169	26.7k	while (1) {
170	26.7k	if (target->opcode == ZEND_JMP) {
171		/* plain JMP */
172		/* JMPZ_EX(X,L1), L1: JMP(L2) => JMPZ_EX(X,L2), L1: JMP(L2) */
173	216	target = ZEND_OP1_JMP_ADDR(target);
174	216	CHECK_LOOP(target);
175	26.5k	} else if (target->opcode == opline->opcode-3 &&
176	493	(SAME_VAR(target->op1, opline->result) \|\|
177	485	SAME_VAR(target->op1, opline->op1))) {
178		/* convert T=JMPZ_EX(X,L1), L1: JMPZ(T,L2) to
179		JMPZ_EX(X,L2) */
180	485	target = ZEND_OP2_JMP_ADDR(target);
181	485	CHECK_LOOP(target);
182	26.0k	} else if (target->opcode == opline->opcode &&
183	17.3k	target->result.var == opline->result.var &&
184	17.3k	(SAME_VAR(target->op1, opline->result) \|\|
185	17.3k	SAME_VAR(target->op1, opline->op1))) {
186		/* convert T=JMPZ_EX(X,L1), L1: T=JMPZ_EX(T,L2) to
187		JMPZ_EX(X,L2) */
188	17.3k	target = ZEND_OP2_JMP_ADDR(target);
189	17.3k	CHECK_LOOP(target);
190	17.3k	} else if (target->opcode == INV_EX_COND(opline->opcode) &&
191	199	(SAME_VAR(target->op1, opline->result) \|\|
192	199	SAME_VAR(target->op1, opline->op1))) {
193		/* convert T=JMPZ_EX(X,L1), L1: JMPNZ(T,L2) to
194		JMPZ_EX(X,L1+1) */
195	199	target = target + 1;
196	8.50k	} else if (target->opcode == INV_EX_COND_EX(opline->opcode) &&
197	1.00k	target->result.var == opline->result.var &&
198	1.00k	(SAME_VAR(target->op1, opline->result) \|\|
199	1.00k	SAME_VAR(target->op1, opline->op1))) {
200		/* convert T=JMPZ_EX(X,L1), L1: T=JMPNZ_EX(T,L2) to
201		JMPZ_EX(X,L1+1) */
202	1.00k	target = target + 1;
203	7.49k	} else if (target->opcode == ZEND_BOOL &&
204	1.28k	(SAME_VAR(target->op1, opline->result) \|\|
205	749	SAME_VAR(target->op1, opline->op1))) {
206		/* convert Y = JMPZ_EX(X,L1), L1: Z = BOOL(Y) to
207		Z = JMPZ_EX(X,L1+1) */
208
209		/* NOTE: This optimization pattern is not safe, but works, */
210		/* because result of JMPZ_EX instruction */
211		/* is not used on the following path and */
212		/* should be used once on the branch path. */
213		/* */
214		/* The pattern works well only if jumps processed in */
215		/* direct order, otherwise it breaks JMPZ_EX */
216		/* sequences too early. */
217	749	opline->result.var = target->result.var;
218	749	target = target + 1;
219	749	CHECK_LOOP(target);
220	6.75k	} else if (target->opcode == ZEND_NOP) {
221	4	target = target + 1;
222	6.74k	} else {
223	6.74k	break;
224	6.74k	}
225	19.9k	ZEND_SET_OP_JMP_ADDR(opline, opline->op2, target);
226	19.9k	}
227
228		/* convert L: T = JMPZ_EX X,L+1 to T = BOOL(X) */
229	6.74k	if (target == opline + 1) {
230	0	opline->opcode = ZEND_BOOL;
231	0	opline->op2.num = 0;
232	0	}
233	6.74k	break;
234	2.49M	}
235	2.49M	opline++;
236	2.49M	}
237	98.6k	free_alloca(jmp_hitlist, use_heap);
238	98.6k	}