/src/php-src/Zend/Optimizer/zend_cfg.c

Source
/*
   +----------------------------------------------------------------------+
   | Zend Engine, CFG - Control Flow Graph                                |
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | https://www.php.net/license/3_01.txt                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Dmitry Stogov <dmitry@php.net>                              |
   +----------------------------------------------------------------------+
*/

#include "zend_compile.h"
#include "zend_cfg.h"
#include "zend_func_info.h"
#include "zend_worklist.h"
#include "zend_optimizer.h"
#include "zend_optimizer_internal.h"
#include "zend_sort.h"

static void zend_mark_reachable(zend_op *opcodes, zend_cfg *cfg, zend_basic_block *b) /* {{{ */
{
  zend_basic_block *blocks = cfg->blocks;

  zend_worklist work;
  ALLOCA_FLAG(list_use_heap)
  ZEND_WORKLIST_ALLOCA(&work, cfg->blocks_count, list_use_heap);

  zend_worklist_push(&work, b - cfg->blocks);

  while (zend_worklist_len(&work)) {
    b = cfg->blocks + zend_worklist_pop(&work);

    b->flags |= ZEND_BB_REACHABLE;
    if (b->successors_count == 0) {
      b->flags |= ZEND_BB_EXIT;
      continue;
    }

    for (uint32_t i = 0; i < b->successors_count; i++) {
      zend_basic_block *succ = blocks + b->successors[i];

      if (b->len != 0) {
        uint8_t opcode = opcodes[b->start + b->len - 1].opcode;
        if (opcode == ZEND_MATCH) {
          succ->flags |= ZEND_BB_TARGET;
        } else if (opcode == ZEND_SWITCH_LONG || opcode == ZEND_SWITCH_STRING) {
          if (i == b->successors_count - 1) {
            succ->flags |= ZEND_BB_FOLLOW | ZEND_BB_TARGET;
          } else {
            succ->flags |= ZEND_BB_TARGET;
          }
        } else if (b->successors_count == 1) {
          if (opcode == ZEND_JMP) {
            succ->flags |= ZEND_BB_TARGET;
          } else {
            succ->flags |= ZEND_BB_FOLLOW;

            if ((cfg->flags & ZEND_CFG_STACKLESS)) {
              if (opcode == ZEND_INCLUDE_OR_EVAL ||
                opcode == ZEND_GENERATOR_CREATE ||
                opcode == ZEND_YIELD ||
                opcode == ZEND_YIELD_FROM ||
                opcode == ZEND_DO_FCALL ||
                opcode == ZEND_DO_UCALL ||
                opcode == ZEND_DO_FCALL_BY_NAME) {
                succ->flags |= ZEND_BB_ENTRY;
              }
            }
            if ((cfg->flags & ZEND_CFG_RECV_ENTRY)) {
              if (opcode == ZEND_RECV ||
                opcode == ZEND_RECV_INIT) {
                succ->flags |= ZEND_BB_RECV_ENTRY;
              }
            }
          }
        } else {
          ZEND_ASSERT(b->successors_count == 2);
          if (i == 0) {
            succ->flags |= ZEND_BB_TARGET;
          } else {
            succ->flags |= ZEND_BB_FOLLOW;
          }
        }
      } else {
        succ->flags |= ZEND_BB_FOLLOW;
      }

      /* Check reachability of successor */
      if (!(succ->flags & ZEND_BB_REACHABLE)) {
        zend_worklist_push(&work, succ - cfg->blocks);
      }
    }
  }

  ZEND_WORKLIST_FREE_ALLOCA(&work, list_use_heap);
}
/* }}} */

static void zend_mark_reachable_blocks(const zend_op_array *op_array, zend_cfg *cfg, uint32_t start) /* {{{ */
{
  zend_basic_block *blocks = cfg->blocks;

  blocks[start].flags = ZEND_BB_START;
  zend_mark_reachable(op_array->opcodes, cfg, blocks + start);

  if (op_array->last_try_catch) {
    zend_basic_block *b;
    int changed;
    uint32_t *block_map = cfg->map;

    do {
      changed = 0;

      /* Add exception paths */
      for (uint32_t j = 0; j < op_array->last_try_catch; j++) {

        /* check for jumps into the middle of try block */
        b = blocks + block_map[op_array->try_catch_array[j].try_op];
        if (!(b->flags & ZEND_BB_REACHABLE)) {
          zend_basic_block *end;

          if (op_array->try_catch_array[j].catch_op) {
            end = blocks + block_map[op_array->try_catch_array[j].catch_op];
            while (b != end) {
              if (b->flags & ZEND_BB_REACHABLE) {
                op_array->try_catch_array[j].try_op = b->start;
                break;
              }
              b++;
            }
          }
          b = blocks + block_map[op_array->try_catch_array[j].try_op];
          if (!(b->flags & ZEND_BB_REACHABLE)) {
            if (op_array->try_catch_array[j].finally_op) {
              end = blocks + block_map[op_array->try_catch_array[j].finally_op];
              while (b != end) {
                if (b->flags & ZEND_BB_REACHABLE) {
                  /* In case we get here, there is no live try block but there is a live finally block.
                   * If we do have catch_op set, we need to set it to the first catch block to satisfy
                   * the constraint try_op <= catch_op <= finally_op */
                  op_array->try_catch_array[j].try_op =
                    op_array->try_catch_array[j].catch_op ? op_array->try_catch_array[j].catch_op : b->start;
                  changed = 1;
                  zend_mark_reachable(op_array->opcodes, cfg, blocks + block_map[op_array->try_catch_array[j].try_op]);
                  break;
                }
                b++;
              }
            }
          }
        }

        b = blocks + block_map[op_array->try_catch_array[j].try_op];
        if (b->flags & ZEND_BB_REACHABLE) {
          b->flags |= ZEND_BB_TRY;
          if (op_array->try_catch_array[j].catch_op) {
            b = blocks + block_map[op_array->try_catch_array[j].catch_op];
            b->flags |= ZEND_BB_CATCH;
            if (!(b->flags & ZEND_BB_REACHABLE)) {
              changed = 1;
              zend_mark_reachable(op_array->opcodes, cfg, b);
            }
          }
          if (op_array->try_catch_array[j].finally_op) {
            b = blocks + block_map[op_array->try_catch_array[j].finally_op];
            b->flags |= ZEND_BB_FINALLY;
            if (!(b->flags & ZEND_BB_REACHABLE)) {
              changed = 1;
              zend_mark_reachable(op_array->opcodes, cfg, b);
            }
          }
          if (op_array->try_catch_array[j].finally_end) {
            b = blocks + block_map[op_array->try_catch_array[j].finally_end];
            b->flags |= ZEND_BB_FINALLY_END;
            if (!(b->flags & ZEND_BB_REACHABLE)) {
              changed = 1;
              zend_mark_reachable(op_array->opcodes, cfg, b);
            }
          }
        } else {
          if (op_array->try_catch_array[j].catch_op) {
            ZEND_ASSERT(!(blocks[block_map[op_array->try_catch_array[j].catch_op]].flags & ZEND_BB_REACHABLE));
          }
          if (op_array->try_catch_array[j].finally_op) {
            ZEND_ASSERT(!(blocks[block_map[op_array->try_catch_array[j].finally_op]].flags & ZEND_BB_REACHABLE));
          }
          if (op_array->try_catch_array[j].finally_end) {
            ZEND_ASSERT(!(blocks[block_map[op_array->try_catch_array[j].finally_end]].flags & ZEND_BB_REACHABLE));
          }
        }
      }
    } while (changed);
  }

  if (cfg->flags & ZEND_FUNC_FREE_LOOP_VAR) {
    zend_basic_block *b;
    uint32_t *block_map = cfg->map;

    /* Mark blocks that are unreachable, but free a loop var created in a reachable block. */
    for (b = blocks; b < blocks + cfg->blocks_count; b++) {
      if (b->flags & ZEND_BB_REACHABLE) {
        continue;
      }

      for (uint32_t j = b->start; j < b->start + b->len; j++) {
        zend_op *opline = &op_array->opcodes[j];
        if (zend_optimizer_is_loop_var_free(opline)) {
          zend_op *def_opline = zend_optimizer_get_loop_var_def(op_array, opline);
          if (def_opline) {
            uint32_t def_block = block_map[def_opline - op_array->opcodes];
            if (blocks[def_block].flags & ZEND_BB_REACHABLE) {
              b->flags |= ZEND_BB_UNREACHABLE_FREE;
              break;
            }
          }
        }
      }
    }
  }
}
/* }}} */

void zend_cfg_remark_reachable_blocks(const zend_op_array *op_array, zend_cfg *cfg) /* {{{ */
{
  zend_basic_block *blocks = cfg->blocks;
  uint32_t i;
  uint32_t start = 0;

  for (i = 0; i < cfg->blocks_count; i++) {
    if (blocks[i].flags & ZEND_BB_REACHABLE) {
      start = i;
      i++;
      break;
    }
  }

  /* clear all flags */
  for (i = 0; i < cfg->blocks_count; i++) {
    blocks[i].flags = 0;
  }

  zend_mark_reachable_blocks(op_array, cfg, start);
}
/* }}} */

static void initialize_block(zend_basic_block *block) {
  block->flags = 0;
  block->successors = block->successors_storage;
  block->successors_count = 0;
  block->predecessors_count = 0;
  block->predecessor_offset = -1;
  block->idom = -1;
  block->loop_header = -1;
  block->level = -1;
  block->children = -1;
  block->next_child = -1;
}

#define BB_START(i) do { \
    if (!block_map[i]) { blocks_count++;} \
    block_map[i]++; \
  } while (0)

ZEND_API void zend_build_cfg(zend_arena **arena, const zend_op_array *op_array, uint32_t build_flags, zend_cfg *cfg) /* {{{ */
{
  uint32_t flags = 0;
  uint32_t i;
  uint32_t *block_map;
  zend_function *fn;
  int blocks_count = 0;
  zend_basic_block *blocks;
  zval *zv;
  bool extra_entry_block = false;

  cfg->flags = build_flags & (ZEND_CFG_STACKLESS|ZEND_CFG_RECV_ENTRY);

  cfg->map = block_map = zend_arena_calloc(arena, op_array->last, sizeof(uint32_t));

  /* Build CFG, Step 1: Find basic blocks starts, calculate number of blocks */
  BB_START(0);
  for (i = 0; i < op_array->last; i++) {
    zend_op *opline = op_array->opcodes + i;
    switch (opline->opcode) {
      case ZEND_RECV:
      case ZEND_RECV_INIT:
        if (build_flags & ZEND_CFG_RECV_ENTRY) {
          BB_START(i + 1);
        }
        break;
      case ZEND_RETURN:
      case ZEND_RETURN_BY_REF:
      case ZEND_GENERATOR_RETURN:
      case ZEND_VERIFY_NEVER_TYPE:
        if (i + 1 < op_array->last) {
          BB_START(i + 1);
        }
        break;
      case ZEND_MATCH_ERROR:
      case ZEND_THROW:
        /* Don't treat THROW as terminator if it's used in expression context,
         * as we may lose live ranges when eliminating unreachable code. */
        if (opline->extended_value != ZEND_THROW_IS_EXPR && i + 1 < op_array->last) {
          BB_START(i + 1);
        }
        break;
      case ZEND_INCLUDE_OR_EVAL:
        flags |= ZEND_FUNC_INDIRECT_VAR_ACCESS;
        ZEND_FALLTHROUGH;
      case ZEND_GENERATOR_CREATE:
      case ZEND_YIELD:
      case ZEND_YIELD_FROM:
        if (build_flags & ZEND_CFG_STACKLESS) {
          BB_START(i + 1);
        }
        break;
      case ZEND_DO_FCALL:
      case ZEND_DO_UCALL:
      case ZEND_DO_FCALL_BY_NAME:
        flags |= ZEND_FUNC_HAS_CALLS;
        if (build_flags & ZEND_CFG_STACKLESS) {
          BB_START(i + 1);
        }
        break;
      case ZEND_DO_ICALL:
        flags |= ZEND_FUNC_HAS_CALLS;
        break;
      case ZEND_INIT_FCALL:
      case ZEND_INIT_NS_FCALL_BY_NAME:
        zv = CRT_CONSTANT(opline->op2);
        if (opline->opcode == ZEND_INIT_NS_FCALL_BY_NAME) {
          /* The third literal is the lowercased unqualified name */
          zv += 2;
        }
        if ((fn = zend_hash_find_ptr(EG(function_table), Z_STR_P(zv))) != NULL) {
          if (fn->type == ZEND_INTERNAL_FUNCTION) {
            flags |= zend_optimizer_classify_function(
              Z_STR_P(zv), opline->extended_value);
          }
        }
        break;
      case ZEND_FAST_CALL:
        BB_START(OP_JMP_ADDR(opline, opline->op1) - op_array->opcodes);
        BB_START(i + 1);
        break;
      case ZEND_FAST_RET:
        if (i + 1 < op_array->last) {
          BB_START(i + 1);
        }
        break;
      case ZEND_JMP:
        BB_START(OP_JMP_ADDR(opline, opline->op1) - op_array->opcodes);
        if (i + 1 < op_array->last) {
          BB_START(i + 1);
        }
        break;
      case ZEND_JMPZ:
      case ZEND_JMPNZ:
      case ZEND_JMPZ_EX:
      case ZEND_JMPNZ_EX:
      case ZEND_JMP_SET:
      case ZEND_COALESCE:
      case ZEND_ASSERT_CHECK:
      case ZEND_JMP_NULL:
      case ZEND_BIND_INIT_STATIC_OR_JMP:
      case ZEND_JMP_FRAMELESS:
        BB_START(OP_JMP_ADDR(opline, opline->op2) - op_array->opcodes);
        BB_START(i + 1);
        break;
      case ZEND_CATCH:
        if (!(opline->extended_value & ZEND_LAST_CATCH)) {
          BB_START(OP_JMP_ADDR(opline, opline->op2) - op_array->opcodes);
        }
        BB_START(i + 1);
        break;
      case ZEND_FE_FETCH_R:
      case ZEND_FE_FETCH_RW:
        BB_START(ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value));
        BB_START(i + 1);
        break;
      case ZEND_FE_RESET_R:
      case ZEND_FE_RESET_RW:
        BB_START(OP_JMP_ADDR(opline, opline->op2) - op_array->opcodes);
        BB_START(i + 1);
        break;
      case ZEND_SWITCH_LONG:
      case ZEND_SWITCH_STRING:
      case ZEND_MATCH:
      {
        HashTable *jumptable = Z_ARRVAL_P(CRT_CONSTANT(opline->op2));
        zval *zv;
        ZEND_HASH_FOREACH_VAL(jumptable, zv) {
          BB_START(ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv)));
        } ZEND_HASH_FOREACH_END();
        BB_START(ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value));
        BB_START(i + 1);
        break;
      }
      case ZEND_FETCH_R:
      case ZEND_FETCH_W:
      case ZEND_FETCH_RW:
      case ZEND_FETCH_FUNC_ARG:
      case ZEND_FETCH_IS:
      case ZEND_FETCH_UNSET:
      case ZEND_UNSET_VAR:
      case ZEND_ISSET_ISEMPTY_VAR:
        if (opline->extended_value & ZEND_FETCH_LOCAL) {
          flags |= ZEND_FUNC_INDIRECT_VAR_ACCESS;
        } else if ((opline->extended_value & (ZEND_FETCH_GLOBAL | ZEND_FETCH_GLOBAL_LOCK)) &&
                   !op_array->function_name) {
          flags |= ZEND_FUNC_INDIRECT_VAR_ACCESS;
        }
        break;
      case ZEND_FUNC_GET_ARGS:
        flags |= ZEND_FUNC_VARARG;
        break;
      case ZEND_EXT_STMT:
        flags |= ZEND_FUNC_HAS_EXTENDED_STMT;
        break;
      case ZEND_EXT_FCALL_BEGIN:
      case ZEND_EXT_FCALL_END:
        flags |= ZEND_FUNC_HAS_EXTENDED_FCALL;
        break;
      case ZEND_FREE:
      case ZEND_FE_FREE:
        if (zend_optimizer_is_loop_var_free(opline)
         && ((opline-1)->opcode != ZEND_MATCH_ERROR
          || (opline-1)->extended_value != ZEND_THROW_IS_EXPR)) {
          BB_START(i);
          flags |= ZEND_FUNC_FREE_LOOP_VAR;
        }
        break;
    }
  }

  /* If the entry block has predecessors, we may need to split it */
  if ((build_flags & ZEND_CFG_NO_ENTRY_PREDECESSORS)
      && op_array->last > 0 && block_map[0] > 1) {
    extra_entry_block = true;
  }

  if (op_array->last_try_catch) {
    for (uint32_t j = 0; j < op_array->last_try_catch; j++) {
      BB_START(op_array->try_catch_array[j].try_op);
      if (op_array->try_catch_array[j].catch_op) {
        BB_START(op_array->try_catch_array[j].catch_op);
      }
      if (op_array->try_catch_array[j].finally_op) {
        BB_START(op_array->try_catch_array[j].finally_op);
      }
      if (op_array->try_catch_array[j].finally_end) {
        BB_START(op_array->try_catch_array[j].finally_end);
      }
    }
  }

  blocks_count += extra_entry_block;
  cfg->blocks_count = blocks_count;

  /* Build CFG, Step 2: Build Array of Basic Blocks */
  cfg->blocks = blocks = zend_arena_calloc(arena, sizeof(zend_basic_block), blocks_count);

  blocks_count = -1;

  if (extra_entry_block) {
    initialize_block(&blocks[0]);
    blocks[0].start = 0;
    blocks[0].len = 0;
    blocks_count++;
  }

  for (i = 0; i < op_array->last; i++) {
    if (block_map[i]) {
      if (blocks_count >= 0) {
        blocks[blocks_count].len = i - blocks[blocks_count].start;
      }
      blocks_count++;
      initialize_block(&blocks[blocks_count]);
      blocks[blocks_count].start = i;
    }
    block_map[i] = blocks_count;
  }

  blocks[blocks_count].len = i - blocks[blocks_count].start;
  blocks_count++;

  /* Build CFG, Step 3: Calculate successors */
  for (int j = 0; j < blocks_count; j++) {
    zend_basic_block *block = &blocks[j];
    zend_op *opline;
    if (block->len == 0) {
      block->successors_count = 1;
      block->successors[0] = j + 1;
      continue;
    }

    opline = op_array->opcodes + block->start + block->len - 1;
    switch (opline->opcode) {
      case ZEND_FAST_RET:
      case ZEND_RETURN:
      case ZEND_RETURN_BY_REF:
      case ZEND_GENERATOR_RETURN:
      case ZEND_THROW:
      case ZEND_MATCH_ERROR:
      case ZEND_VERIFY_NEVER_TYPE:
        break;
      case ZEND_JMP:
        block->successors_count = 1;
        block->successors[0] = block_map[OP_JMP_ADDR(opline, opline->op1) - op_array->opcodes];
        break;
      case ZEND_JMPZ:
      case ZEND_JMPNZ:
      case ZEND_JMPZ_EX:
      case ZEND_JMPNZ_EX:
      case ZEND_JMP_SET:
      case ZEND_COALESCE:
      case ZEND_ASSERT_CHECK:
      case ZEND_JMP_NULL:
      case ZEND_BIND_INIT_STATIC_OR_JMP:
      case ZEND_JMP_FRAMELESS:
        block->successors_count = 2;
        block->successors[0] = block_map[OP_JMP_ADDR(opline, opline->op2) - op_array->opcodes];
        block->successors[1] = j + 1;
        break;
      case ZEND_CATCH:
        if (!(opline->extended_value & ZEND_LAST_CATCH)) {
          block->successors_count = 2;
          block->successors[0] = block_map[OP_JMP_ADDR(opline, opline->op2) - op_array->opcodes];
          block->successors[1] = j + 1;
        } else {
          block->successors_count = 1;
          block->successors[0] = j + 1;
        }
        break;
      case ZEND_FE_FETCH_R:
      case ZEND_FE_FETCH_RW:
        block->successors_count = 2;
        block->successors[0] = block_map[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value)];
        block->successors[1] = j + 1;
        break;
      case ZEND_FE_RESET_R:
      case ZEND_FE_RESET_RW:
        block->successors_count = 2;
        block->successors[0] = block_map[OP_JMP_ADDR(opline, opline->op2) - op_array->opcodes];
        block->successors[1] = j + 1;
        break;
      case ZEND_FAST_CALL:
        block->successors_count = 2;
        block->successors[0] = block_map[OP_JMP_ADDR(opline, opline->op1) - op_array->opcodes];
        block->successors[1] = j + 1;
        break;
      case ZEND_SWITCH_LONG:
      case ZEND_SWITCH_STRING:
      case ZEND_MATCH:
      {
        HashTable *jumptable = Z_ARRVAL_P(CRT_CONSTANT(opline->op2));
        zval *zv;
        uint32_t s = 0;

        block->successors_count = (opline->opcode == ZEND_MATCH ? 1 : 2) + zend_hash_num_elements(jumptable);
        block->successors = zend_arena_calloc(arena, block->successors_count, sizeof(int));

        ZEND_HASH_FOREACH_VAL(jumptable, zv) {
          block->successors[s++] = block_map[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, Z_LVAL_P(zv))];
        } ZEND_HASH_FOREACH_END();

        block->successors[s++] = block_map[ZEND_OFFSET_TO_OPLINE_NUM(op_array, opline, opline->extended_value)];
        if (opline->opcode != ZEND_MATCH) {
          block->successors[s++] = j + 1;
        }
        break;
      }
      default:
        block->successors_count = 1;
        block->successors[0] = j + 1;
        break;
    }
  }

  /* Build CFG, Step 4, Mark Reachable Basic Blocks */
  cfg->flags |= flags;
  zend_mark_reachable_blocks(op_array, cfg, 0);
}
/* }}} */

ZEND_API void zend_cfg_build_predecessors(zend_arena **arena, zend_cfg *cfg) /* {{{ */
{
  zend_basic_block *b;
  zend_basic_block *blocks = cfg->blocks;
  zend_basic_block *end = blocks + cfg->blocks_count;
  uint32_t edges = 0;
  int *predecessors;

  for (b = blocks; b < end; b++) {
    b->predecessors_count = 0;
  }
  for (b = blocks; b < end; b++) {
    if (!(b->flags & ZEND_BB_REACHABLE)) {
      b->successors_count = 0;
      b->predecessors_count = 0;
    } else {
      for (uint32_t s = 0; s < b->successors_count; s++) {
        edges++;
        blocks[b->successors[s]].predecessors_count++;
      }
    }
  }

  cfg->edges_count = edges;
  cfg->predecessors = predecessors = (int*)zend_arena_calloc(arena, sizeof(int), edges);

  edges = 0;
  for (b = blocks; b < end; b++) {
    if (b->flags & ZEND_BB_REACHABLE) {
      b->predecessor_offset = edges;
      edges += b->predecessors_count;
      b->predecessors_count = 0;
    }
  }

  for (uint32_t j = 0; j < cfg->blocks_count; j++) {
    if (blocks[j].flags & ZEND_BB_REACHABLE) {
      /* SWITCH_STRING/LONG may have few identical successors */
      for (uint32_t s = 0; s < blocks[j].successors_count; s++) {
        int duplicate = 0;

        for (uint32_t p = 0; p < s; p++) {
          if (blocks[j].successors[p] == blocks[j].successors[s]) {
            duplicate = 1;
            break;
          }
        }
        if (!duplicate) {
          zend_basic_block *b = blocks + blocks[j].successors[s];

          predecessors[b->predecessor_offset + b->predecessors_count] = j;
          b->predecessors_count++;
        }
      }
    }
  }
}
/* }}} */

/* Computes a postorder numbering of the CFG */
static void compute_postnum_recursive(
    int *postnum, uint32_t *cur, const zend_cfg *cfg, int block_num) /* {{{ */
{
  zend_basic_block *block = &cfg->blocks[block_num];
  if (postnum[block_num] != -1) {
    return;
  }

  postnum[block_num] = -2; /* Marker for "currently visiting" */
  for (uint32_t s = 0; s < block->successors_count; s++) {
    compute_postnum_recursive(postnum, cur, cfg, block->successors[s]);
  }
  postnum[block_num] = (*cur)++;
}
/* }}} */

/* Computes dominator tree using algorithm from "A Simple, Fast Dominance Algorithm" by
 * Cooper, Harvey and Kennedy. */
ZEND_API void zend_cfg_compute_dominators_tree(const zend_op_array *op_array, zend_cfg *cfg) /* {{{ */
{
  zend_basic_block *blocks = cfg->blocks;
  uint32_t blocks_count = cfg->blocks_count;
  uint32_t j;
  int changed;

  if (cfg->blocks_count == 1) {
    blocks[0].level = 0;
    return;
  }

  ALLOCA_FLAG(use_heap)
  int *postnum = do_alloca(sizeof(int) * cfg->blocks_count, use_heap);
  memset(postnum, -1, sizeof(int) * cfg->blocks_count);
  j = 0;
  compute_postnum_recursive(postnum, &j, cfg, 0);

  /* FIXME: move declarations */
  blocks[0].idom = 0;
  do {
    changed = 0;
    /* Iterating in RPO here would converge faster */
    for (j = 1; j < blocks_count; j++) {
      int idom = -1;

      if ((blocks[j].flags & ZEND_BB_REACHABLE) == 0) {
        continue;
      }
      for (uint32_t k = 0; k < blocks[j].predecessors_count; k++) {
        int pred = cfg->predecessors[blocks[j].predecessor_offset + k];

        if (blocks[pred].idom >= 0) {
          if (idom < 0) {
            idom = pred;
          } else {
            while (idom != pred) {
              while (postnum[pred] < postnum[idom]) pred = blocks[pred].idom;
              while (postnum[idom] < postnum[pred]) idom = blocks[idom].idom;
            }
          }
        }
      }

      if (idom >= 0 && blocks[j].idom != idom) {
        blocks[j].idom = idom;
        changed = 1;
      }
    }
  } while (changed);
  blocks[0].idom = -1;

  for (j = 1; j < blocks_count; j++) {
    if ((blocks[j].flags & ZEND_BB_REACHABLE) == 0) {
      continue;
    }
    if (blocks[j].idom >= 0) {
      /* Sort by block number to traverse children in pre-order */
      if (blocks[blocks[j].idom].children < 0 ||
          j < blocks[blocks[j].idom].children) {
        blocks[j].next_child = blocks[blocks[j].idom].children;
        blocks[blocks[j].idom].children = j;
      } else {
        int k = blocks[blocks[j].idom].children;
        while (blocks[k].next_child >=0 && j > blocks[k].next_child) {
          k = blocks[k].next_child;
        }
        blocks[j].next_child = blocks[k].next_child;
        blocks[k].next_child = j;
      }
    }
  }

  for (j = 0; j < blocks_count; j++) {
    int idom = blocks[j].idom, level = 0;
    if ((blocks[j].flags & ZEND_BB_REACHABLE) == 0) {
      continue;
    }
    while (idom >= 0) {
      level++;
      if (blocks[idom].level >= 0) {
        level += blocks[idom].level;
        break;
      } else {
        idom = blocks[idom].idom;
      }
    }
    blocks[j].level = level;
  }

  free_alloca(postnum, use_heap);
}
/* }}} */

static bool dominates(zend_basic_block *blocks, int a, int b) /* {{{ */
{
  while (blocks[b].level > blocks[a].level) {
    b = blocks[b].idom;
  }
  return a == b;
}
/* }}} */

ZEND_API void zend_cfg_identify_loops(const zend_op_array *op_array, zend_cfg *cfg) /* {{{ */
{
  int i, j, n;
  int time;
  zend_basic_block *blocks = cfg->blocks;
  int *entry_times, *exit_times;
  zend_worklist work;
  int flag = ZEND_FUNC_NO_LOOPS;
  int *sorted_blocks;
  ALLOCA_FLAG(list_use_heap)
  ALLOCA_FLAG(tree_use_heap)

  if (cfg->blocks_count == 1) {
    cfg->flags |= flag;
    return;
  }

  ZEND_WORKLIST_ALLOCA(&work, cfg->blocks_count, list_use_heap);

  /* We don't materialize the DJ spanning tree explicitly, as we are only interested in ancestor
   * queries. These are implemented by checking entry/exit times of the DFS search. */
  entry_times = do_alloca(3 * sizeof(int) * cfg->blocks_count, tree_use_heap);
  exit_times = entry_times + cfg->blocks_count;
  sorted_blocks = exit_times + cfg->blocks_count;
  memset(entry_times, -1, 2 * sizeof(int) * cfg->blocks_count);

  zend_worklist_push(&work, 0);
  time = 0;
  while (zend_worklist_len(&work)) {
  next:
    i = zend_worklist_peek(&work);
    if (entry_times[i] == -1) {
      entry_times[i] = time++;
    }
    /* Visit blocks immediately dominated by i. */
    for (j = blocks[i].children; j >= 0; j = blocks[j].next_child) {
      if (zend_worklist_push(&work, j)) {
        goto next;
      }
    }
    /* Visit join edges.  */
    for (j = 0; j < blocks[i].successors_count; j++) {
      int succ = blocks[i].successors[j];
      if (blocks[succ].idom == i) {
        continue;
      } else if (zend_worklist_push(&work, succ)) {
        goto next;
      }
    }
    exit_times[i] = time++;
    zend_worklist_pop(&work);
  }

  /* Sort blocks by level, which is the opposite order in which we want to process them */
  sorted_blocks[0] = 0;
  j = 0;
  n = 1;
  while (j != n) {
    i = j;
    j = n;
    for (; i < j; i++) {
      int child;
      for (child = blocks[sorted_blocks[i]].children; child >= 0; child = blocks[child].next_child) {
        sorted_blocks[n++] = child;
      }
    }
  }

  /* Identify loops. See Sreedhar et al, "Identifying Loops Using DJ Graphs". */
  while (n > 0) {
    i = sorted_blocks[--n];

    if (blocks[i].predecessors_count < 2) {
        /* loop header has at least two input edges */
      continue;
    }

    for (j = 0; j < blocks[i].predecessors_count; j++) {
      int pred = cfg->predecessors[blocks[i].predecessor_offset + j];

      /* A join edge is one for which the predecessor does not
         immediately dominate the successor. */
      if (blocks[i].idom == pred) {
        continue;
      }

      /* In a loop back-edge (back-join edge), the successor dominates
         the predecessor.  */
      if (dominates(blocks, i, pred)) {
        blocks[i].flags |= ZEND_BB_LOOP_HEADER;
        flag &= ~ZEND_FUNC_NO_LOOPS;
        if (!zend_worklist_len(&work)) {
          zend_bitset_clear(work.visited, zend_bitset_len(cfg->blocks_count));
        }
        zend_worklist_push(&work, pred);
      } else {
        /* Otherwise it's a cross-join edge.  See if it's a branch
           to an ancestor on the DJ spanning tree.  */
        if (entry_times[pred] > entry_times[i] && exit_times[pred] < exit_times[i]) {
          blocks[i].flags |= ZEND_BB_IRREDUCIBLE_LOOP;
          flag |= ZEND_FUNC_IRREDUCIBLE;
          flag &= ~ZEND_FUNC_NO_LOOPS;
        }
      }
    }
    while (zend_worklist_len(&work)) {
      j = zend_worklist_pop(&work);
      while (blocks[j].loop_header >= 0) {
        j = blocks[j].loop_header;
      }
      if (j != i) {
        if (blocks[j].idom < 0 && j != 0) {
          /* Ignore blocks that are unreachable or only abnormally reachable. */
          continue;
        }
        blocks[j].loop_header = i;
        for (uint32_t k = 0; k < blocks[j].predecessors_count; k++) {
          zend_worklist_push(&work, cfg->predecessors[blocks[j].predecessor_offset + k]);
        }
      }
    }
  }

  free_alloca(entry_times, tree_use_heap);
  ZEND_WORKLIST_FREE_ALLOCA(&work, list_use_heap);

  cfg->flags |= flag;
}
/* }}} */

Coverage Report

Created: 2026-04-01 06:49